hxxp://malware download

Resubmissions

14-05-2024 17:54

240514-wg1xgahd24 10

14-05-2024 17:29

240514-v2zz8sge63 8

Analysis

max time kernel
1047s
max time network
1051s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
14-05-2024 17:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://malware download

Score

8^/10

bootkit evasion persistence

Malware Config

Signatures

Disables Task Manager via registry modification
evasion
Downloads MZ/PE file

Checks computer location settings 2 TTPs 3 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\Control Panel\International\Geo\Nation	ROTANOTEDKSID-Destructive.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\Control Panel\International\Geo\Nation	wscript.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\Control Panel\International\Geo\Nation	cmd.exe

Executes dropped EXE 7 IoCs

pid	Process
5928	ROTANOTEDKSID-Destructive.exe
3300	WipeMBR.exe
3964	MouseDraw.exe
5672	pixels.exe
4832	gl.exe
2864	TextOut.exe
5388	masher.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\P:	WScript.exe
File opened (read-only)	\??\B:	WScript.exe
File opened (read-only)	\??\G:	WScript.exe
File opened (read-only)	\??\J:	WScript.exe
File opened (read-only)	\??\K:	WScript.exe
File opened (read-only)	\??\L:	WScript.exe
File opened (read-only)	\??\M:	WScript.exe
File opened (read-only)	\??\O:	WScript.exe
File opened (read-only)	\??\S:	WScript.exe
File opened (read-only)	\??\X:	WScript.exe
File opened (read-only)	\??\Y:	WScript.exe
File opened (read-only)	\??\I:	WScript.exe
File opened (read-only)	\??\R:	WScript.exe
File opened (read-only)	\??\T:	WScript.exe
File opened (read-only)	\??\V:	WScript.exe
File opened (read-only)	\??\W:	WScript.exe
File opened (read-only)	\??\Z:	WScript.exe
File opened (read-only)	\??\E:	WScript.exe
File opened (read-only)	\??\H:	WScript.exe
File opened (read-only)	\??\A:	WScript.exe
File opened (read-only)	\??\N:	WScript.exe
File opened (read-only)	\??\Q:	WScript.exe
File opened (read-only)	\??\U:	WScript.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 1 IoCs

Web Service

T1102

flow	ioc
450	raw.githubusercontent.com

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	WipeMBR.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe

Delays execution with timeout.exe 6 IoCs

evasion

pid	Process
4564	timeout.exe
4756	timeout.exe
3956	timeout.exe
2540	timeout.exe
5704	timeout.exe
4104	timeout.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Kills process with taskkill 2 IoCs

evasion

pid	Process
5848	taskkill.exe
5868	taskkill.exe

Modifies Internet Explorer settings 1 TTPs 4 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe
Key created	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe
Key created	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe
Key created	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Modifies registry class 4 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3906287020-2915474608-1755617787-1000\{EB3ACE18-A4D4-4AB4-AE05-52DFCBC3D24B}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings	cmd.exe

Modifies registry key 1 TTPs 1 IoCs

Modify Registry

T1112

pid	Process
532	reg.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 57949.crdownload:SmartScreen	msedge.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
5552	NOTEPAD.EXE

Suspicious behavior: EnumeratesProcesses 42 IoCs

pid	Process
5348	msedge.exe
5348	msedge.exe
2136	msedge.exe
2136	msedge.exe
2008	identity_helper.exe
2008	identity_helper.exe
2980	msedge.exe
2980	msedge.exe
4576	msedge.exe
4576	msedge.exe
4576	msedge.exe
4576	msedge.exe
3908	msedge.exe
3908	msedge.exe
5944	msedge.exe
5944	msedge.exe
8	AcroRd32.exe
8	AcroRd32.exe
8	AcroRd32.exe
8	AcroRd32.exe
8	AcroRd32.exe
8	AcroRd32.exe
8	AcroRd32.exe
8	AcroRd32.exe
8	AcroRd32.exe
8	AcroRd32.exe
8	AcroRd32.exe
8	AcroRd32.exe
8	AcroRd32.exe
8	AcroRd32.exe
8	AcroRd32.exe
8	AcroRd32.exe
8	AcroRd32.exe
8	AcroRd32.exe
8	AcroRd32.exe
8	AcroRd32.exe
5160	msedge.exe
5160	msedge.exe
5924	msedge.exe
5924	msedge.exe
5320	msedge.exe
5320	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1056	OpenWith.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 39 IoCs

pid	Process
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe

Suspicious use of AdjustPrivilegeToken 10 IoCs

description	pid	Process
Token: 33	3252	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3252	AUDIODG.EXE
Token: SeDebugPrivilege	5848	taskkill.exe
Token: SeShutdownPrivilege	1508	WScript.exe
Token: SeCreatePagefilePrivilege	1508	WScript.exe
Token: SeShutdownPrivilege	1508	WScript.exe
Token: SeCreatePagefilePrivilege	1508	WScript.exe
Token: SeDebugPrivilege	5868	taskkill.exe
Token: SeShutdownPrivilege	1508	WScript.exe
Token: SeCreatePagefilePrivilege	1508	WScript.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe
2136	msedge.exe

Suspicious use of SetWindowsHookEx 35 IoCs

pid	Process
1056	OpenWith.exe
1056	OpenWith.exe
1056	OpenWith.exe
1056	OpenWith.exe
1056	OpenWith.exe
1056	OpenWith.exe
1056	OpenWith.exe
1056	OpenWith.exe
1056	OpenWith.exe
1056	OpenWith.exe
1056	OpenWith.exe
1056	OpenWith.exe
1056	OpenWith.exe
1056	OpenWith.exe
1056	OpenWith.exe
1056	OpenWith.exe
1056	OpenWith.exe
5908	AcroRd32.exe
5908	AcroRd32.exe
5908	AcroRd32.exe
5908	AcroRd32.exe
8	AcroRd32.exe
8	AcroRd32.exe
8	AcroRd32.exe
8	AcroRd32.exe
8	AcroRd32.exe
2672	AcroRd32.exe
2672	AcroRd32.exe
2672	AcroRd32.exe
2672	AcroRd32.exe
4836	AcroRd32.exe
4836	AcroRd32.exe
4836	AcroRd32.exe
4836	AcroRd32.exe
5928	ROTANOTEDKSID-Destructive.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2136 wrote to memory of 4252	2136	msedge.exe	82
PID 2136 wrote to memory of 4252	2136	msedge.exe	82
PID 2136 wrote to memory of 4948	2136	msedge.exe	83
PID 2136 wrote to memory of 4948	2136	msedge.exe	83
PID 2136 wrote to memory of 4948	2136	msedge.exe	83
PID 2136 wrote to memory of 4948	2136	msedge.exe	83
PID 2136 wrote to memory of 4948	2136	msedge.exe	83
PID 2136 wrote to memory of 4948	2136	msedge.exe	83
PID 2136 wrote to memory of 4948	2136	msedge.exe	83
PID 2136 wrote to memory of 4948	2136	msedge.exe	83
PID 2136 wrote to memory of 4948	2136	msedge.exe	83
PID 2136 wrote to memory of 4948	2136	msedge.exe	83
PID 2136 wrote to memory of 4948	2136	msedge.exe	83
PID 2136 wrote to memory of 4948	2136	msedge.exe	83
PID 2136 wrote to memory of 4948	2136	msedge.exe	83
PID 2136 wrote to memory of 4948	2136	msedge.exe	83
PID 2136 wrote to memory of 4948	2136	msedge.exe	83
PID 2136 wrote to memory of 4948	2136	msedge.exe	83
PID 2136 wrote to memory of 4948	2136	msedge.exe	83
PID 2136 wrote to memory of 4948	2136	msedge.exe	83
PID 2136 wrote to memory of 4948	2136	msedge.exe	83
PID 2136 wrote to memory of 4948	2136	msedge.exe	83
PID 2136 wrote to memory of 4948	2136	msedge.exe	83
PID 2136 wrote to memory of 4948	2136	msedge.exe	83
PID 2136 wrote to memory of 4948	2136	msedge.exe	83
PID 2136 wrote to memory of 4948	2136	msedge.exe	83
PID 2136 wrote to memory of 4948	2136	msedge.exe	83
PID 2136 wrote to memory of 4948	2136	msedge.exe	83
PID 2136 wrote to memory of 4948	2136	msedge.exe	83
PID 2136 wrote to memory of 4948	2136	msedge.exe	83
PID 2136 wrote to memory of 4948	2136	msedge.exe	83
PID 2136 wrote to memory of 4948	2136	msedge.exe	83
PID 2136 wrote to memory of 4948	2136	msedge.exe	83
PID 2136 wrote to memory of 4948	2136	msedge.exe	83
PID 2136 wrote to memory of 4948	2136	msedge.exe	83
PID 2136 wrote to memory of 4948	2136	msedge.exe	83
PID 2136 wrote to memory of 4948	2136	msedge.exe	83
PID 2136 wrote to memory of 4948	2136	msedge.exe	83
PID 2136 wrote to memory of 4948	2136	msedge.exe	83
PID 2136 wrote to memory of 4948	2136	msedge.exe	83
PID 2136 wrote to memory of 4948	2136	msedge.exe	83
PID 2136 wrote to memory of 4948	2136	msedge.exe	83
PID 2136 wrote to memory of 5348	2136	msedge.exe	84
PID 2136 wrote to memory of 5348	2136	msedge.exe	84
PID 2136 wrote to memory of 4508	2136	msedge.exe	85
PID 2136 wrote to memory of 4508	2136	msedge.exe	85
PID 2136 wrote to memory of 4508	2136	msedge.exe	85
PID 2136 wrote to memory of 4508	2136	msedge.exe	85
PID 2136 wrote to memory of 4508	2136	msedge.exe	85
PID 2136 wrote to memory of 4508	2136	msedge.exe	85
PID 2136 wrote to memory of 4508	2136	msedge.exe	85
PID 2136 wrote to memory of 4508	2136	msedge.exe	85
PID 2136 wrote to memory of 4508	2136	msedge.exe	85
PID 2136 wrote to memory of 4508	2136	msedge.exe	85
PID 2136 wrote to memory of 4508	2136	msedge.exe	85
PID 2136 wrote to memory of 4508	2136	msedge.exe	85
PID 2136 wrote to memory of 4508	2136	msedge.exe	85
PID 2136 wrote to memory of 4508	2136	msedge.exe	85
PID 2136 wrote to memory of 4508	2136	msedge.exe	85
PID 2136 wrote to memory of 4508	2136	msedge.exe	85
PID 2136 wrote to memory of 4508	2136	msedge.exe	85
PID 2136 wrote to memory of 4508	2136	msedge.exe	85
PID 2136 wrote to memory of 4508	2136	msedge.exe	85
PID 2136 wrote to memory of 4508	2136	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://malware download
1⤵
- Enumerates system info in registry
- Modifies registry class
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffab54046f8,0x7ffab5404708,0x7ffab5404718
  2⤵
  PID:4252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,11887948811897719491,17085523529136419530,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2
  2⤵
  PID:4948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,11887948811897719491,17085523529136419530,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,11887948811897719491,17085523529136419530,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2756 /prefetch:8
  2⤵
  PID:4508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11887948811897719491,17085523529136419530,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:3688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11887948811897719491,17085523529136419530,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:4680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11887948811897719491,17085523529136419530,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4032 /prefetch:1
  2⤵
  PID:5060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11887948811897719491,17085523529136419530,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4988 /prefetch:1
  2⤵
  PID:572
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,11887948811897719491,17085523529136419530,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5340 /prefetch:8
  2⤵
  PID:6036
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,11887948811897719491,17085523529136419530,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5340 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11887948811897719491,17085523529136419530,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4052 /prefetch:1
  2⤵
  PID:2836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11887948811897719491,17085523529136419530,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4136 /prefetch:1
  2⤵
  PID:5792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11887948811897719491,17085523529136419530,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3496 /prefetch:1
  2⤵
  PID:2800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11887948811897719491,17085523529136419530,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:1
  2⤵
  PID:4544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11887948811897719491,17085523529136419530,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5048 /prefetch:1
  2⤵
  PID:5708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11887948811897719491,17085523529136419530,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5808 /prefetch:1
  2⤵
  PID:4940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2088,11887948811897719491,17085523529136419530,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5596 /prefetch:8
  2⤵
  PID:1664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2088,11887948811897719491,17085523529136419530,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5376 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:2980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11887948811897719491,17085523529136419530,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5080 /prefetch:1
  2⤵
  PID:5668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11887948811897719491,17085523529136419530,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3740 /prefetch:1
  2⤵
  PID:4924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11887948811897719491,17085523529136419530,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5936 /prefetch:1
  2⤵
  PID:2648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11887948811897719491,17085523529136419530,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1744 /prefetch:1
  2⤵
  PID:4472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2088,11887948811897719491,17085523529136419530,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5076 /prefetch:8
  2⤵
  PID:4916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,11887948811897719491,17085523529136419530,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6300 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11887948811897719491,17085523529136419530,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6336 /prefetch:1
  2⤵
  PID:3964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11887948811897719491,17085523529136419530,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3540 /prefetch:1
  2⤵
  PID:2104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11887948811897719491,17085523529136419530,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4148 /prefetch:1
  2⤵
  PID:3304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11887948811897719491,17085523529136419530,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3176 /prefetch:1
  2⤵
  PID:368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11887948811897719491,17085523529136419530,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6004 /prefetch:1
  2⤵
  PID:4636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11887948811897719491,17085523529136419530,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4124 /prefetch:1
  2⤵
  PID:4628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11887948811897719491,17085523529136419530,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4812 /prefetch:1
  2⤵
  PID:3208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11887948811897719491,17085523529136419530,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4272 /prefetch:1
  2⤵
  PID:1740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11887948811897719491,17085523529136419530,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3508 /prefetch:1
  2⤵
  PID:4552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11887948811897719491,17085523529136419530,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3896 /prefetch:1
  2⤵
  PID:6100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11887948811897719491,17085523529136419530,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3048 /prefetch:1
  2⤵
  PID:2632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11887948811897719491,17085523529136419530,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6160 /prefetch:1
  2⤵
  PID:4572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11887948811897719491,17085523529136419530,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6808 /prefetch:1
  2⤵
  PID:1860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11887948811897719491,17085523529136419530,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8040 /prefetch:1
  2⤵
  PID:6120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11887948811897719491,17085523529136419530,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7276 /prefetch:1
  2⤵
  PID:2144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11887948811897719491,17085523529136419530,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8144 /prefetch:1
  2⤵
  PID:5512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11887948811897719491,17085523529136419530,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6812 /prefetch:1
  2⤵
  PID:3928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2088,11887948811897719491,17085523529136419530,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7928 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11887948811897719491,17085523529136419530,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7852 /prefetch:1
  2⤵
  PID:2648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2088,11887948811897719491,17085523529136419530,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7380 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5944
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\Downloads\Sulfoxide no window fix.7z"
  2⤵
  - Checks processor information in registry
  - Modifies Internet Explorer settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:8
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
    3⤵
    PID:5768
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=7DAB8C85F09433217099748192F108A1 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=7DAB8C85F09433217099748192F108A1 --renderer-client-id=2 --mojo-platform-channel-handle=1700 --allow-no-sandbox-job /prefetch:1
      4⤵
      PID:5484
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=88628CE30D73C2E122E08F85EAFAC841 --mojo-platform-channel-handle=1864 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
      4⤵
      PID:3908
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=16CE8430439541F45B650D61C5A938F9 --mojo-platform-channel-handle=2392 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
      4⤵
      PID:884
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=820031B8DDE8A902282831BFBA954F18 --mojo-platform-channel-handle=2516 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
      4⤵
      PID:5032
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=5A8C3D3E88172535FC60E5C3E1BED5EC --mojo-platform-channel-handle=1984 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
      4⤵
      PID:4016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11887948811897719491,17085523529136419530,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6640 /prefetch:1
  2⤵
  PID:5512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2088,11887948811897719491,17085523529136419530,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7884 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11887948811897719491,17085523529136419530,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8668 /prefetch:1
  2⤵
  PID:908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2088,11887948811897719491,17085523529136419530,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8500 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5924
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\Downloads\Sulfoxide 1.4.7z"
  2⤵
  - Checks processor information in registry
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:4836
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
    3⤵
    PID:4136
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=C0ECD21225D0A0399B187A63CC7B322D --mojo-platform-channel-handle=1720 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
      4⤵
      PID:1872
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=181EFB3FB304416D070812E1940DD874 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=181EFB3FB304416D070812E1940DD874 --renderer-client-id=2 --mojo-platform-channel-handle=1716 --allow-no-sandbox-job /prefetch:1
      4⤵
      PID:5668
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=061AF0432EAC697D673616A0FCF63504 --mojo-platform-channel-handle=2288 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
      4⤵
      PID:6076
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=7A36A1B54C27DB5F5B1C5AC836659892 --mojo-platform-channel-handle=1808 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
      4⤵
      PID:5792
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=78B794BACD1809416BFF1DEB62FBB1CF --mojo-platform-channel-handle=2292 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
      4⤵
      PID:4964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11887948811897719491,17085523529136419530,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6904 /prefetch:1
  2⤵
  PID:3936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11887948811897719491,17085523529136419530,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8716 /prefetch:1
  2⤵
  PID:4044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11887948811897719491,17085523529136419530,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7696 /prefetch:1
  2⤵
  PID:3880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2088,11887948811897719491,17085523529136419530,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5028 /prefetch:8
  2⤵
  PID:3056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2088,11887948811897719491,17085523529136419530,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8612 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5320
- C:\Users\Admin\Downloads\ROTANOTEDKSID-Destructive.exe
  "C:\Users\Admin\Downloads\ROTANOTEDKSID-Destructive.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:5928
- - C:\Windows\system32\wscript.exe
    "C:\Windows\sysnative\wscript.exe" C:\Users\Admin\AppData\Local\Temp\E16C.tmp\E16D.tmp\E16E.vbs //Nologo
    3⤵
    - Checks computer location settings
    PID:2504
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\E16C.tmp\s.cmd" "
      4⤵
      Checks computer location settings
      Modifies registry class
      PID:5856
    - - C:\Windows\system32\taskkill.exe
        
        taskkill /f /im taskmgr.exe
        5⤵
        Kills process with taskkill
        Suspicious use of AdjustPrivilegeToken
        
        PID:5848
    - - C:\Windows\system32\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
        5⤵
        Modifies registry key
        
        PID:532
    - - C:\Users\Admin\AppData\Local\Temp\E16C.tmp\WipeMBR.exe
        
        WipeMBR.exe
        5⤵
        Executes dropped EXE
        Writes to the Master Boot Record (MBR)
        
        PID:3300
    - - C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\E16C.tmp\snd.vbs"
        5⤵
        Enumerates connected drives
        Suspicious use of AdjustPrivilegeToken
        
        PID:1508
    - - C:\Windows\system32\NOTEPAD.EXE
        
        "C:\Windows\system32\NOTEPAD.EXE" C:\note.txt
        5⤵
        Opens file in notepad (likely ransom note)
        
        PID:5552
    - - C:\Windows\system32\timeout.exe
        
        timeout 5 /nobreak
        5⤵
        Delays execution with timeout.exe
        
        PID:4756
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.google.co.ck/search?q=help+me+my+computer+has+a+virus
        5⤵
        
        PID:5252
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffab54046f8,0x7ffab5404708,0x7ffab5404718
        6⤵
        
        PID:3156
    - - C:\Users\Admin\AppData\Local\Temp\E16C.tmp\MouseDraw.exe
        
        MouseDraw.exe
        5⤵
        Executes dropped EXE
        
        PID:3964
    - - C:\Windows\system32\timeout.exe
        
        timeout 10 /nobreak
        5⤵
        Delays execution with timeout.exe
        
        PID:3956
    - - C:\Users\Admin\AppData\Local\Temp\E16C.tmp\pixels.exe
        
        pixels.exe
        5⤵
        Executes dropped EXE
        
        PID:5672
    - - C:\Windows\system32\timeout.exe
        
        timeout 10 /nobreak
        5⤵
        Delays execution with timeout.exe
        
        PID:2540
    - - C:\Users\Admin\AppData\Local\Temp\E16C.tmp\gl.exe
        
        gl.exe
        5⤵
        Executes dropped EXE
        
        PID:4832
    - - C:\Windows\system32\timeout.exe
        
        timeout 5 /nobreak
        5⤵
        Delays execution with timeout.exe
        
        PID:5704
    - - C:\Users\Admin\AppData\Local\Temp\E16C.tmp\TextOut.exe
        
        TextOut.exe
        5⤵
        Executes dropped EXE
        
        PID:2864
    - - C:\Windows\system32\timeout.exe
        
        timeout 30 /nobreak
        5⤵
        Delays execution with timeout.exe
        
        PID:4104
    - - C:\Users\Admin\AppData\Local\Temp\E16C.tmp\masher.exe
        
        masher.exe
        5⤵
        Executes dropped EXE
        
        PID:5388
    - - C:\Windows\system32\timeout.exe
        
        timeout 15 /nobreak
        5⤵
        Delays execution with timeout.exe
        
        PID:4564
    - - C:\Windows\system32\taskkill.exe
        
        taskkill /f /im wininit.exe
        5⤵
        Kills process with taskkill
        Suspicious use of AdjustPrivilegeToken
        
        PID:5868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11887948811897719491,17085523529136419530,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9132 /prefetch:1
  2⤵
  PID:2948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11887948811897719491,17085523529136419530,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:1
  2⤵
  PID:4400

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5424

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4084

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1408

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2c8 0x418
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3252

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1056
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\Downloads\Sulfoxide.7z"
  2⤵
  - Checks processor information in registry
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:5908
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
    3⤵
    PID:5568
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=68CEE36C1FD765157CE4644001D7C59D --mojo-platform-channel-handle=1732 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
      4⤵
      PID:2540
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=C7BA08B4B3C803F6B26B8298302CBAFC --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=C7BA08B4B3C803F6B26B8298302CBAFC --renderer-client-id=2 --mojo-platform-channel-handle=1760 --allow-no-sandbox-job /prefetch:1
      4⤵
      PID:4896
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=81EC7702BB9D5642D10BCA8893EB7A7A --mojo-platform-channel-handle=2292 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
      4⤵
      PID:1620
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=F86BA81140C44F8CE1418F56C24AA2E9 --mojo-platform-channel-handle=2324 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
      4⤵
      PID:3672
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=40C87A5DCAD817183FA14B0D1C092A9C --mojo-platform-channel-handle=1840 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
      4⤵
      PID:2608

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4936

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3276

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\Downloads\Sulfoxide (1).7z"
1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2672
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
  2⤵
  PID:2280
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=F7BD3859CD7A038F3820E1BFCA390B55 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=F7BD3859CD7A038F3820E1BFCA390B55 --renderer-client-id=2 --mojo-platform-channel-handle=1712 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:5672
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=5D88DAD6205AF3F2FBAF88F7FAC48441 --mojo-platform-channel-handle=1948 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:4020
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=CB25565920C32D982D452528F706EA92 --mojo-platform-channel-handle=2068 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:3596
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=89B487C920E45355A0A672DC15A0FFB9 --mojo-platform-channel-handle=1952 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:2972
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=00D6D91E16C7265BD03BF63204FE7906 --mojo-platform-channel-handle=1948 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:3184

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_1

Filesize
264KB

MD5
9787a9a52ea4657dcbe4b933cabc3b69

SHA1
27ded81b4c8fff9d3c4df7ed4e187e85401f5705

SHA256
d5c3e1414d716695f855c89b99794913ff42b42af93a85889d702e2a372a7b56

SHA512
d206e913d646bebb42856274a692edb1aeb1fca8894700b41af06d1299dbd7d72b1bd0ed47b76c761b96a02906bf42f9a87dc5c7ac2aa8de4e8d5bb48234374b

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_1

Filesize
264KB

MD5
b53172e33ee1541ee6d2b9ee56dc217b

SHA1
cd985e8e597c552b1d2288100016025c1119846f

SHA256
1af89c9517e3ba559012145adfbb530d2643dc9855005fa79d14c3c63880cf81

SHA512
a1d296bb3591f53a4dfc0aa48685b3c4c88179addad035d69f79118c0995db373a1b3ab08a422589a5f39178a19a6cd1bea85fd8cc60f950a229fdc6ef6607a6

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_1

Filesize
264KB

MD5
968017d973ca7f5df70f46017215e3a4

SHA1
cc42ec319d7e4788862a8ee7a5cbd33a1d832594

SHA256
fae750f6109d1c15d6c54b553aa830c5782b1cb0e9563a41168af2728ff5574b

SHA512
c1e4905bc3b8ed0fc6133c5f1051023c44e95267a560a706f29d2a214f8467fb2cb3602aa90f23e317ff04dc786f9ba79f5369cbf405a26cae95278349e6e0ab

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

Filesize
292B

MD5
d76f9807ff0ae460ad35a11412d3926d

SHA1
a907ab3f593f04ff0f769c7817fe88668c3234ec

SHA256
06ce478af03eb557d53fbdc4d17ddd8d1fcafcd0616cc019e9a6989de3ee2c54

SHA512
8edbccbedd3d216100ed9f836647795ca79c6dbb4728a641413e5ee731f8b029a07d6a01c6de6a9050f28883284613b686cda8f29bb54e0d22da076276b15486

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

Filesize
292B

MD5
3d4d660e201de07e5e7a8998de308bc9

SHA1
303bf0025226ca1d831c8fb5bf97a8cc59c46b08

SHA256
f74a233b3e72681210eb796eff21d6c0a3ca9fdb9c7e8dfffcd08dddb3201847

SHA512
439adbac9e52e35fbf8307197f69e1db71ab03202cb689372b9d7444c096b6bd6dabadf4d9077aeed00e176e56f813dfd9b3af9f9e1a2c290f5a5de8d5d011ba

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Visited Links

Filesize
128KB

MD5
f5be64960a847c9cd12f2701d13684cd

SHA1
8c3973043380036f7bb6f52fdedd3451b96ca143

SHA256
96a6f96d41013e21d74017f5cbfb538fb5fab2157780ef992c67263c57b3c049

SHA512
46ed1ddc77056b538c4dfee735200683b7e98ed0299b1e92f1cd8b03831d52e87302f97b0d137b0adde78bc468cfea976596f40628601b9260fa656e241b1ec6

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
36KB

MD5
b30d3becc8731792523d599d949e63f5

SHA1
19350257e42d7aee17fb3bf139a9d3adb330fad4

SHA256
b1b77e96279ead2b460de3de70e2ea4f5ad1b853598a4e27a5caf3f1a32cc4f3

SHA512
523f54895fb07f62b9a5f72c8b62e83d4d9506bda57b183818615f6eb7286e3b9c5a50409bc5c5164867c3ccdeae88aa395ecca6bc7e36d991552f857510792e

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
56KB

MD5
752a1f26b18748311b691c7d8fc20633

SHA1
c1f8e83eebc1cc1e9b88c773338eb09ff82ab862

SHA256
111dac2948e4cecb10b0d2e10d8afaa663d78d643826b592d6414a1fd77cc131

SHA512
a2f5f262faf2c3e9756da94b2c47787ce3a9391b5bd53581578aa9a764449e114836704d6dec4aadc097fed4c818831baa11affa1eb25be2bfad9349bb090fe5

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
3dca8f2614f5126d104529a9118dfb57

SHA1
991bbf9f5782feaaddd6c8d74e2b2d4895bfad4e

SHA256
5f04d9dc2865f6f926b022ee37c9c177c69cbcabd2db6f8e1462557f947fdda1

SHA512
5623025cd0152b4426ca336f2a005fbc97a2bd38136e31c9a41da7f9e47110e609832309895524c7f25fd5c19833549dfe1abca31211e9a7a7b978516762681c

Download Submit
C:\Users\Admin\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt19.lst

Filesize
97KB

MD5
700e7d6f9cfc26cea4d04f65f02b3452

SHA1
e5580200e54edb7cd4f7c5daada5c031434cf334

SHA256
c3d8aef5d450a90e4a51335532c977515e589143be772697e666c8c9f4ab0c0e

SHA512
1cafa5bab9838052312d8a6ced7d9baa4f28ef77d48681ada4dedf29400d235b51e187a1f207cfd8e008ee6274156cb7ef2821fdf7cbcc65d697ff4f469d7a82

Download Submit
C:\Users\Admin\AppData\Local\Adobe\Acrobat\DC\IconCacheRdr65536.dat

Filesize
166KB

MD5
39d6b73e0659b8de5bc54b26f5a426cb

SHA1
754d7a09e61df9326e5004fd6862d519dbfb4a17

SHA256
0bfccffadac6bc2836549ab1456e86ba8d23b75f34e703410d484e63a25042e7

SHA512
be24c803e414f4fea2195a2afdb2ead773c3fdfcdcdd1406fc08c5c5a99e0f717b3d1042b13881c4397c9efb6d189131b9ebe70f23242ff4f1c5f6a8a96e298b

Download Submit
C:\Users\Admin\AppData\Local\Adobe\Acrobat\DC\IconCacheRdr65536.dat

Filesize
174KB

MD5
ee2d433bfa59b8dd1b1e963c40a20853

SHA1
934067cc2f12c9ee55a658bc45a7930d9864a21f

SHA256
a6e9c7b8e252b1e6cb3be72d571e0941a6537745d181d8b67975aab97484114b

SHA512
024173e0b29108c793f277e61dca8dd20e1f8bbb09eaa42f482aa4dce7ba977056f9182521d1ecf90e05e688d58c1685a9781fe67d309b1d6d73eeedef59daeb

Download Submit
C:\Users\Admin\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

Filesize
12KB

MD5
4b7d84cb91a0d800011c8576d122e7ca

SHA1
3079aa126594ed72775376b6df709bc028f035a4

SHA256
ff3be118c8eff7ec26b4138ae2a62df53564dcb6fd708bef2d2258f8b4b34e04

SHA512
74836140022bd960529e7dae758afaa0f12538151ec69644d49694758f12cb0b7ad011b9bdbf19f32f9fa5d051176078a4087e15f3e2f30f4db878f4b7bb5171

Download Submit
C:\Users\Admin\AppData\Local\Adobe\Acrobat\DC\UserCache.bin

Filesize
39KB

MD5
9dbd69c6badaf3ac49d5d93164ba5de5

SHA1
d4c89832981c5b8e145aa292660ab6cda7ad77d1

SHA256
28fefbafbeb055f5eba0a030933b0086a83b520fab3c943973ac649f9ef7b094

SHA512
e4e37242268cc2639de4a5ca41b625274b195bc9ebf128067747fa5f4c72d75bfe5e71830177dda2cfccbcd096a32c9f6e19996ccf6a6230dcf31a5a6643147b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ae54e9db2e89f2c54da8cc0bfcbd26bd

SHA1
a88af6c673609ecbc51a1a60dfbc8577830d2b5d

SHA256
5009d3c953de63cfd14a7d911156c514e179ff07d2b94382d9caac6040cb72af

SHA512
e3b70e5eb7321b9deca6f6a17424a15b9fd5c4008bd3789bd01099fd13cb2f4a2f37fe4b920fb51c50517745b576c1f94df83efd1a7e75949551163985599998

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f53207a5ca2ef5c7e976cbb3cb26d870

SHA1
49a8cc44f53da77bb3dfb36fc7676ed54675db43

SHA256
19ab4e3c9da6d9cedda7461efdba9a2085e743513ab89f1dd0fd5a8f9486ad23

SHA512
be734c7e8afda19f445912aef0d78f9941add29baebd4a812bff27f10a1d78b52aeb11c551468c8644443c86e1a2a6b2e4aead3d7f81d39925e3c20406ac1499

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
62KB

MD5
c3c0eb5e044497577bec91b5970f6d30

SHA1
d833f81cf21f68d43ba64a6c28892945adc317a6

SHA256
eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb

SHA512
83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
67KB

MD5
d2d55f8057f8b03c94a81f3839b348b9

SHA1
37c399584539734ff679e3c66309498c8b2dd4d9

SHA256
6e273f3491917d37f4dbb6c3f4d3f862cada25c20a36b245ea7c6bd860fb400c

SHA512
7bcdbb9e8d005a532ec12485a9c4b777ddec4aee66333757cdae3f84811099a574e719d45eb4487072d0162fa4654349dd73705a8d1913834535b1a3e2247dc6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
39KB

MD5
9f164fe021108103a248b76897788d57

SHA1
1f317a8d32bdcf08b1695aa364ac512470f5c2b5

SHA256
68dd24f49df6a16a293b8b5ceb34caabce8415a1fe78acc1c6c9e7d739e82bc1

SHA512
5b9c40c57f0bb6aa3dbed89fb3d9af8383c7389b1adbfc3fcc5d3ae17ed1ac175cb6ece8603c3c1f4b1d6233be2dd3eccaf84cb1314b0717b4a5666e8482bca6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
88KB

MD5
b38fbbd0b5c8e8b4452b33d6f85df7dc

SHA1
386ba241790252df01a6a028b3238de2f995a559

SHA256
b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd

SHA512
546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
1.2MB

MD5
b76a36f694fd69b229872393bd33b65c

SHA1
710ebf0e68bb65f2faa4356abe17f3d164e8b943

SHA256
1942ea4d2f0b066d0bbf102d25490e01e3843a204b2cc3cf2b721a7f7ddb9712

SHA512
8e4172f38b9b32658717de15c38f5b0c4dfcdbeb73424e6ba4f08981c868fdc240eb5776452f0a71395df2d0bc441f3f88ffaead5860fa672d992a94fb868a26

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
33KB

MD5
3cd0f2f60ab620c7be0c2c3dbf2cda97

SHA1
47fad82bfa9a32d578c0c84aed2840c55bd27bfb

SHA256
29a3b99e23b07099e1d2a3c0b4cff458a2eba2519f4654c26cf22d03f149e36b

SHA512
ef6e3bbd7e03be8e514936bcb0b5a59b4cf4e677ad24d6d2dfca8c1ec95f134ae37f2042d8bf9a0e343b68bff98a0fd748503f35d5e9d42cdaa1dc283dec89fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
75KB

MD5
cf989be758e8dab43e0a5bc0798c71e0

SHA1
97537516ffd3621ffdd0219ede2a0771a9d1e01d

SHA256
beeca69af7bea038faf8f688bf2f10fda22dee6d9d9429306d379a7a4be0c615

SHA512
f8a88edb6bcd029ad02cba25cae57fdf9bbc7fa17c26e7d03f09040eb0559bc27bd4db11025706190ae548363a1d3b3f95519b9740e562bb9531c4d51e3ca2b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
48KB

MD5
b5fc5b0b6968ae9340b5a7285f8edd3a

SHA1
efbe5d3d60642f18afdd151cc41bb88518aefc54

SHA256
6d883eeb269ae14cbd3dd15143d6834d949854568e7ae2d73f59df2651ae6d3c

SHA512
52d006f5ccfd86b8000647bbbf3777f14af65e79458c5bcc75abc630fed531579070127a9caeae052ed0aa4f9cf894d0d69d0c332f19e858047075849a879d5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
24KB

MD5
a5bb3bb3eda1301f6ac876a49d4b2f62

SHA1
1786309cdc2fb5c1d29cdac00dbdf13711f19f3a

SHA256
316ba0d916f3d3d945b42e589de9a0326836664f9a06e9680bb853c828c2bf35

SHA512
f2ab2d40d2ccd43c5e5bf2150ea79d575e0d4a41381a8fba3beb47a8944adeac0bd19dacdbe237f8dd1c06fc04403f0bda3fca1ec0fc429357dc705c6db1eea4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
44KB

MD5
5389134fa55a4c056052362dff9ba7eb

SHA1
70a963c50ee4b72b4a8f24c5469d2163e66b945e

SHA256
9ef4cdd29f7cd09dc13ecc250b1499eba83f909426242ada479f83d2f59e8209

SHA512
4eec0dbbccd0dec3cc2db4c94fb98037e9afffc703d01db94c4634feef3ba4fef81c062c8219505986bcb1c961a98d0cb41cf7420320f196443299a382f7fc21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
23KB

MD5
0a5ea4e98ae03036816f83633e2742d5

SHA1
b6dc0a09e75969233abf37594c3409eb36b72419

SHA256
e14b49f8d5dc696839de1563d06f622329880c1f097a06ccf609242fad1dd72b

SHA512
0bdafc6df036bb419a7e3c57952d1eee6687ef1de72062c608f7efe2e858de14475731033f60e2328cb81a915194e0d433d51f24ea3604258b62595a313a02c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
65KB

MD5
4aef93766ee9eb8019ff7d3669f056cd

SHA1
ba578ad3dafb2c709dc161b843ea6df3605180d2

SHA256
27c1126db7db66b417d33a2c81a19fd6d653c33a68402fcbc9c96395644d7792

SHA512
3b39db506fe4fe705653d6481548abc7e173384d959eb0e9b0f04b90324ca98a33c372d462048b31b08d2b23ed4d4ad0d066ec51eb790a4152caa97102adefee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

Filesize
20KB

MD5
0f3de113dc536643a187f641efae47f4

SHA1
729e48891d13fb7581697f5fee8175f60519615e

SHA256
9bef33945e76bc0012cdbd9941eab34f9472aca8e0ddbbaea52658423dc579f8

SHA512
8332bf7bd97ec1ebfc8e7fcf75132ca3f6dfd820863f2559ab22ac867aa882921f2b208ab76a6deb2e6fa2907bb0244851023af6c9960a77d3ad4101b314797f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

Filesize
59KB

MD5
4bc7fdb1eed64d29f27a427feea007b5

SHA1
62b5f0e1731484517796e3d512c5529d0af2666b

SHA256
05282cd78e71a5d9d14cc9676e20900a1d802016b721a48febec7b64e63775f6

SHA512
9900aecac98f2ca3d642a153dd5a53131b23ceec71dd9d3c59e83db24796a0db854f49629449a5c9fe4b7ca3afcdd294086f6b1ba724955551b622bc50e3ba1e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

Filesize
21KB

MD5
1b218c051dea4af03b0defba38041a51

SHA1
d6ac9065f829053f707016e55b0f49684e53f6f3

SHA256
d0b48661befeb3383e78c139937079b916c1f91d844309770d599f18466d0005

SHA512
0cbaef4d7e8739e331099dee1c6ee06519d3171c0fd63974ca09df491c5c8ac6a99871a010f5bd572a59dac15ed59f252a2dd353d7109b99f60c3f610a385240

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

Filesize
151KB

MD5
9925449f7f177b427f80409e607b8ca8

SHA1
6fd91d1d15b128810854bd7e128d5c3244fb1aa2

SHA256
91817b7094127130dbeec54ac02351503246a0b7d01b496dbd50006f05179003

SHA512
6a2d22b3207b68c80dfa9a3594b8cd0845162b58ccecefc4303ccba97d504900529f8e629771c0179ae87ff5a4e3f8fc9f674419ed98973c60d0149bfbdee887

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

Filesize
21KB

MD5
9d2d2b8227ca2a358c24b60b654ec5ae

SHA1
65ceb500cd1fcbddf47e0eecb9e7a181da553a97

SHA256
1d4ce49e94b0f11a89d285644968fb34efd3b949f0f5f5d8e3d649f7df800e5c

SHA512
08f106a95aac822c892425e4614e9c970a0496b10badc6f2447b9d9e16688a93adb3a18d3d9ce80e217ff56275761dbf67133692207a631d6d5bada19a134e42

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001b

Filesize
81KB

MD5
ccc636db45e075603155d64ccc8968d8

SHA1
badd2a4e800cab68da5c61de1a09ff6eafdf8b2d

SHA256
e648550259cf83700bb630f43e7bc4a289730127c1b5d35424217610c0634dfb

SHA512
6f1e8b21841db5f138458c5830557dc45bdbf2f0f61b56a9171910a919888f838b381f08fa5994340490eb1ae03d6de71054d8aa1c0b8e65e497e812690d1801

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000026

Filesize
220KB

MD5
c758a89dcfa620f9bc138930fe891ca9

SHA1
f68be6d49724806db8f0fe1305e6d573d21b47ef

SHA256
c7807a5a766842371b12966dda2640923bfce3e17b06e553c4057dd5ac7364b4

SHA512
1d0f2b06adaeedc53d8519a88d354af6f3918119ce03edc9133eb037a03beaac2f3970dae333b64abe46936a89bc66bec0ec3fe764029982f43698fdca311490

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002a

Filesize
32KB

MD5
76c646cdb274a13cd6400826efca86fe

SHA1
96ccb3f7a3cd79f6e8a8b513771e67e7743aacd1

SHA256
40b0c4b9ff9391cd27512d9195a9f51ef59d05519902d60e33e13d784374ffb3

SHA512
7543dfef728df3b81781049f53b7f11b82e0910cf43af7257d85e8c2b0ef625bc410f85d4560113ffa3c141c0f893c055169dfb96f3d98cac3c9f3ce57d22fe4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002b

Filesize
32KB

MD5
21fa9f94e6db3dc9d82763e327051778

SHA1
474d7a655ce663bf5fb8c38bcd2e1858a02716da

SHA256
b2af0c5afbb5e3506142f095fcffa34cbdb966531c3ba26c90e6967768f15223

SHA512
f96574ec8edb333b194b3cfdbbc6c07f10202da9c8b5d1de928ee894b24f2bc33d3edce14b1e21e9e9cdce3b684e0dcd675e4bb2cbed9b0d5d2d25bc6b253ad2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002f

Filesize
45KB

MD5
c2cbb38ef5d99970f0f57a980c56c52d

SHA1
96cff3fd944c87a9abfd54fa36c43a6d48dac9cc

SHA256
85369a1cf6e7ff57fe2587323c440ed24488b5ed26d82ba0cd52c86c42eec4a7

SHA512
50371320c29f0a682b9ae3703ef16c08f5c036e84d5056e658f5d9be7607e852adf72c13bf2d0b63fc492f5c26d330bdeb2ba38bfd8b0d4567f0cc6b0c0f7bd9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000031

Filesize
55KB

MD5
92817c7dffc3d1c2fb5476f433479762

SHA1
d70ba8d60d4e757a37eac1bad1728d7e0f49edf8

SHA256
33cbf025c82c6d9baee8c580f51d3a3c35cab1ef5b331018c9b69e98deefbb83

SHA512
56563b64d950517915e061f46136e25d6c4de6188e388d9a56556bf8ee7776cf1c30fd6a6110e87ce0d668a3c12ef28e25c7a7107913042839f8a4b15bcf9da2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000034

Filesize
19KB

MD5
fc47b08617b08869c9c5f5f6a5c07f53

SHA1
70366b3a8cf99a7b1c135bfdb0b2ede1fad91e6f

SHA256
fe93c85d8bd89371a90833d1402865d3c5a6866b7d6048570407c209a1b8dc9d

SHA512
b519f8a1a915bc2c7f15d9881bc2f4278ade1a274467a769e3f3ebf3239ae836649c9aec92e718c798063d5f841f5fc1305c3067fa961226c0791111bf123573

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000047

Filesize
35KB

MD5
d11696965207149009bbe0c559bbb0fa

SHA1
42f30a67a253270dcefc6a3b8349ca0efc6d332e

SHA256
82f6edb7a5dd6ce8e6276807b3bf99487e95725f233832c3de46fc43bbb6c583

SHA512
b2dda633593fca1ff66411cbf2dadc60fc56ba94e2bcf5defd3eaa694d092d2abd78744bbcb034c6c1bc75c79a5c49a6bf3d9acd979b78673b1bf596e921ab79

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00006e

Filesize
17.9MB

MD5
8b93e46a7e9e681b2124ffe7647bbba1

SHA1
dee59152e78de697f1d23b350cd0f1e14b648960

SHA256
c9b88b16d87992287ef72834bae3ac45db9eba4e32dcc8db4756bf6349d97a25

SHA512
47618d6f367b99a0b9688dd2bdfba9e2999195c556dc8c4defb4284998093d737b586911de280dfaf51fe76ca628fc6d47096dd4077ce2224c4df3272439e138

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000071

Filesize
502KB

MD5
add520996e437bff5d081315da187fbf

SHA1
2e489fe16f3712bf36df00b03a8a5af8fa8d4b42

SHA256
922b951591d52d44aa7015ebc95cab08192aa435b64f9016673ac5da1124a8b4

SHA512
2220fa232537d339784d7cd999b1f617100acdea7184073e6a64ea4e55db629f85bfa70ffda1dc2fd32bdc254f5856eeeb87d969476a2e36b5973d2f0eb86497

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
5KB

MD5
d675ea2a7a8227eb842d4d05133fca7c

SHA1
224161adf679bf190bcb8b6d6d94557a0014a43d

SHA256
f3d565c33230674f5f4b4c603a7102f8f819f2a8f48a771a168eed2a7ad67288

SHA512
9a922f1e6218db2036ed80d2649058ba2c03b9faed7de750c6c83a28f57aae74d3331e7b1fb94a810a6ad2004045007e8ae4461f741f6b05928579e7f1776a56

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
ade8624fe4ec7db5cb284f47ef2a23ac

SHA1
3b9f280091757eec3809e9264eaf268e974b83ca

SHA256
670ba9591905cb6a01798104ee4681acaadf2ed9435117e95a3251bd4c677beb

SHA512
a445c1d8671f7d2f54143185188946950ea72633d52b3c758ce97fff79aad8af6447db1be114e7897df696c130b57c77b21db3ba7f35628fd7901eea5980f06d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
75e9e9c0c1aa1189f05cc0168363f004

SHA1
dd2ec5a59382fb8617970964a2a10744e16ab38b

SHA256
ef377193cdb25af20cbf36bf06f3e6a80d669f418afefe2adb3ac1bbc73f185d

SHA512
8c27c140ae7042f28bf7b54f2d309b3bf3a3cc7ee1dd65a085aeb9d7ce212cdd90f061ae538d2ce9ef497b29085151b2af65fb809bdf6c79427f75a8f9627249

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
5316d94fbaf047086443717db6b8fa68

SHA1
cb72a09f0b6759ae5f2e8669613cd614b6155bd8

SHA256
f2a8c9db4f3ed0e12f96ec67b6ba633297354e10bdccec5418873cf19fd6899c

SHA512
21df5d19b1454d4a7f5630d0ed5d494d6c2117d9128da803bcfcde60632c11b57aa159639258ff789e795a788ce5ca99ea3e54332c2f0ea3d7aed3d1d8205d46

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
2af3cb8e90be8fd77d12632c3e7e3ed8

SHA1
aa42a6b229239824bf0f3fdf6c337120df3b2d26

SHA256
b30c57f28c18c28f80d334e012a54e3bccea8a46bd9e78abe12f24084d282e77

SHA512
752763b29d564757a6277f8fd2b5192e969342e963d91397c81c23775a3b12e15db7a7689372fa7d896524fdfce1213eba723341fa57fb22e2e16ec3e8f430a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
68728f89a29bf9964fb6493c4bde6c0e

SHA1
274d378acaa2e53ff799aeb6817de135c5f44687

SHA256
bb4ef39e26dd4769baea8b987cd225b5c792d88c7d9bab4eac6becb7e686ea5e

SHA512
20c408521c12389c15e4a9c95d95123853b147cc1e21cef54ef36df3e17ccc74e3ba46e853042584dfda8e66a90cb6bd6ce92c133438c9dd032f8bfdf1dc8144

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
cd70025bdfb37de4b982c068f0b97063

SHA1
03451f361904aec644358c8896e833c8302f52c8

SHA256
20b3793cc4c8ae98cbc552374f4db431c84eef1ac5e4583bea7f5cbe1e11f40d

SHA512
0218bb53933de3e9f2a8094e8e3dffacca8b45a026446e188a6352936490cf8ea59b28a18b4778c21eb1b56691e85190bd5ec0d82c3ad1b2239a0dcf24c66612

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
928459417d1a0d6f349203aeebbd9ed5

SHA1
4d566bd716a8a399ed9744b5370f54c733d8c2d2

SHA256
cd30f3e259af54c4d13cd41cef34dd9837bc414206f30667d29f34e955ad69f2

SHA512
a03e98c5625a7618572f8c5fa97b1707d9e3d60f5ef13c5ff4cfff3aabb7933a6a1f01215d41376150c817ce5d88aca63f757c66e758ed517b396848688c8f6e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
b1ae298fa792497bcb6c195c7803ce12

SHA1
2164174296f4b6106ed335bf0fda0f504409f9fd

SHA256
f59ab103fbb9be97508b2cb5b872e00ffe81e13468f18edf99fdb4df184fe1e2

SHA512
6033706e640f608776764919b286f46960c2f255e4b4bd3ddf62c08315879e5a2bddf2489c7f9dec8190d05938db74ee4ab486fa058bd12cf45e96011711450b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
293e4b3fe623a97f4a788380af33004a

SHA1
8553e17fefb73eaa355476120cf723b819071789

SHA256
1fd4773f6cd630132879e2982d21f49a21fc233d6f9f2c94aa1df7aa435bbc48

SHA512
4aa4b70fe01d59aacc8142a98b4a8302cf0103f0b69dda47e0c5575bc87d735861b4dea751f7027ac80f363f8421c56df5ba30b56fe0aec7f64e804aea42c707

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
b0bf0f96b4b3d9f4c3ca7bcd0d7294b4

SHA1
741ca18c6cc01b8731e706ce57ebdb88ff1552af

SHA256
ff7a778a116bd8b1e37b9a141fe9270561295bd4e433ce0a95741def10cfd4e2

SHA512
a47b2e24130c1c817fe9d5ebdcb2f07c0b2e7b855ec5baec82f68665b1c20ddf943bd2de4589885b58d83c367e2d902bc1f43c5a5bb8bba3531d4eace7d19553

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
6078b3aa2272438fb391c70aa758d08d

SHA1
b9e8d340597fe448fd7880c6715b7c1af5fddcb8

SHA256
11b2357fa7a0925c89a49a65f8c79bb7b1c6d50e699437985c866597ba8e7f58

SHA512
24397b8e5dfd9057868753596dee0f799eca27f229b62fe3ab28ea01142f93a63a06ac44acccf496c5579eba90706666f99b648d8e88ccfaa92c8cb404a8e620

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
6KB

MD5
ddc8160629ec9d3c1110e63c244d2627

SHA1
d6cdf4afa4b203dfdc6200b6bfc9f1eac0ffcdbb

SHA256
8d6cd9c55603d6090ec6894536ecb9d7ef27645ff157631562c3f246947e634f

SHA512
11d2b80ac441c50eb338e5ae4eafa03b3494ddf615c6d23fb277834445b9bb80c5212e7d16e3b614b694f071852d100575285f5c68105acbfd82f1f6f28826bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
7KB

MD5
b99240a8899b0c4f9e2230ccdf660e49

SHA1
b138c954e3f3bdb1f6aad3ede02aa2d8cfd1894a

SHA256
cfcc9283cd61ebc4b24ca2bee56a4d06dafd2be1824f90131247eb31b745c5a3

SHA512
80841103ce8c54ca249a356d4317fe23f8cc2aa9bdd384db3be211b1fd2950c8950f95195becb2f07ac4124887ceea30b1d9cd64f9553f00e39cab3afde0814a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
7KB

MD5
644bc6a449ddfede970ddfeb978c7214

SHA1
f97c8dc3d485cd50b67be91527700a429fb8d58e

SHA256
566dbcac46de6ba0fb0ad090bbfed3f9a042338019e6ee0e0853a63e6245e6d5

SHA512
8bba8747ed86fd9218e2f6c8065596f2d38d4ccfe176a0cd82270a6c49fcce3ceb46108a74107726dc81612991f6971be26d1161f08afc3f281c8278d4e7533f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
7KB

MD5
98b11945141dae9447af87b42a0ee558

SHA1
7284f218ee503486f0ada2112b3e7dd7ed5caaed

SHA256
2f4cb6371e0a433fbe6fb5eebbdf86a33e9036413478375ad2cb5d23fdabd819

SHA512
6bf26280774cc7b26fc3a9c49ea5523ee1ef2821ab72d0413edcac4b9708e96f0906cfd748b179ddd0bfcc8ed473d0261ba18ca5932dab64d2845720b99a5b5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
8KB

MD5
5e8737710529c3283a228b512a4e0a31

SHA1
4f49f559981195398d6abf8f8612852f91b2934f

SHA256
7dda9f1c9e75e5b7cb29a22f5b2b407de26a1b14e9c474532538fb12d4875e46

SHA512
336f0775821f6422499defec30b32129a8117e41e5033553325c353b15499ffd7a245b3551e12ecc5b9f0ee237e0d14a3613c30ba63a1d338f6d7081f48a5c63

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
7KB

MD5
7b5b6453b66b428bf5966a26eeeb2d42

SHA1
640d12d3cad04b5254467f6a48d65f3842ea82a2

SHA256
5e6395dc1ab6f30a519cb919e4936eecb6d6e1d778044b1b62ec3ac26852abce

SHA512
3c06b625eb73b92b85957bad600b21884c3e69e10650eaf2517b3e39e9b46f2b180c213f57329b4ec35fd166f9fb1d903e74d100468c25a0972857be5f012578

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
aaccb7d7eac9e552d7548a5b79d7a0ad

SHA1
70382ef329ae71fc6a8260a5ae4e2dd123d113ea

SHA256
84ffdb9b90789607b2ef8699fe4172ae958fe328150282b51bfc31d1366b6717

SHA512
ceb2cd9568e5a9536da14ba7112671926ac25c0a575a12dcaba31cc1077ea65d915e08af29bfb0fe27bda0aaf26bff458f1c6fe5cb086de45a76499fd1d773bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
944B

MD5
8300aa2d0390d904c1c0cd5434a370fc

SHA1
c4d6a481df45b372fc1eab4f6c55716b558997b1

SHA256
c7e43bf9c7046e1a7edc2f3425feda5d19da9673a11ee0c855576319fb8cb732

SHA512
bb99de3c485c301fecb36f56716a606333d310802a9c0c33f1da074297efbda96e9edfd68bc86f45ff5dd156659fbb4dc6eb0137672084fa295cb338b6c558a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
8KB

MD5
bb275cfee90509a80c3a1a057ae9fca1

SHA1
a4a2c8177bab83109665caf618d34d66d02f0156

SHA256
9aa627ffc47087101374efd54b356cc3529ccb1f8983f2c4548992ea9c3b6ff3

SHA512
00d376aa87b4e959ee0116ac3775fc224c7c5c604af39e782664f263e6950efa3334ac0c47a21180cdead1177484ac1ada55a77894150ab5492ff8a20d85d9a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
543fef0a3a19be56d8763db1f082a155

SHA1
cc94cd1c8eee3cee60790a98a8bab28c100e05ef

SHA256
42ea813aa44fc313946dae84613856f4119fa022020ed8bb5ee54247adb61397

SHA512
6e779b8389ba7952408c34014530733036237131f1186b2be83ac274ff10cbe43bc767879cfa402ad907f4932e865bb371976e19a86ff3e7221912a0b041142a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1e1e68ba2895ea185ef74690f74f5c49

SHA1
b36f197c6d543af8e7a147952e8792553ae93dd5

SHA256
d83d265f6fb6948db950831a643fb6bda5c71762d8f6cd5efc162fca89902335

SHA512
ea22ffd62ccfe7e1112d24e36294c46874a5f556d45cfea8f7ef61e61dd75f252099016647c6bb69a1a5c7e9415a9920a7c3b0a64a6fb999310dd1bcbf701f22

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
e0c498ddc23f7c6c1e07e15df63c3d63

SHA1
80a1de574d2072deb5b58aaf9d8203a6c757f8c8

SHA256
b6bd35a0f154c3d76a88c222b46f77dbd6d7272797ea0e717ce472d5a3503f6c

SHA512
7b9e92cf840cda502acce134145d132c59d2606e4c2e82082d6f3ba753633bf19b43fa7d25210352665dcc13efae4031ac35e3a0dcc779b896b760cd33b80507

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
8331e4b3d66e9d6053ac5d1d69bf9f51

SHA1
b027f6826ed85752e467af7871e314c1fcc6b87b

SHA256
13284eedcd2544aeed8f67a1b6f0d39b93d08d7e70b1738a447ee387fea76019

SHA512
66e7d1202f6d1f71cf62fd2746f70e82b357800ab5bfc93931fe1ccc00047098d5a57a804ae1ae99ce7bf32a2b952886bbd26bab6ac037f8e5c50339aae11871

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
8db550905848e0d541721857b00276ce

SHA1
1777e7a0d1eab0486c7fc3bf3d61c02b075c3cf4

SHA256
73e5bdde111a52ad189196236c5d10d73e584f6eb2ca2d100c149fce513f03dd

SHA512
6d92c7e28649e7ece2677c15d00ae3c1fb3f2def4b6a0af2456e9026bac818a2f3bbd8d29dbb0726b25c4e32cae4c97c0c7dd4d1911b1f5d99446bf96e46f353

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d77ff783e0d60eb84ba684684944cd9a

SHA1
c2476d9a760aaf874aeb25ead6ee2e2fb6bcd9bd

SHA256
db6af0d7d6f8e3e4e38244ba82874df28dd11e051fa0f0cd4877f5b1688d19f8

SHA512
9f9eeaab21f3431c424b679b14c3095b431cabb3ac2480b35c6bea6ed64cac4ad4414cff0d2052b708baba3b77605b7568e4cb1061102b1addf292cd09c65e1e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
6ce3295277a971f99947cd508dc6f74e

SHA1
7b208de320cc49976a4cb14615e71d4c1c68ad94

SHA256
cec987d158e55248a51b36f0582cb4cb939b92ae54e0f7d8c1d631285a4d22f8

SHA512
b7191c76c8d57844387ecf0e39d5fe6ef0a7be85b9db525aa8d6bb60f56dcb237b852c4497b2a100b18df7d2daeb3f73df8d8375aee72efef6cb44cf22aa234d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
02b8214f0b945a22b6ad238b9352bdaf

SHA1
7c62208cc9e769575f6eb1ce7f74ded919a6cfe1

SHA256
bab342e376bc91ba13c860e3b8d1d0638c66d179fafa47164645fae880562fbf

SHA512
da811cdf9f2bdfaa79cdf65526a7aa2ee6e52d12aa35580f44c9d74ab9f36856bca6140f77a29cce4c5b59e75f22ae5c5f4e2c792a97f7b8d867883b6701c604

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
347628555bf71950d905c395cd3fbb0b

SHA1
5530d9e8a1aecac15448b58e4d1ca70be34e5f0b

SHA256
e8cd87f64ace46840350634f50d3b179026e0806fbfea3e5aac49b17d1586767

SHA512
51848533af2fa60c5d18433da6b54b2df1f4e69194df05a3bcf68d49952702028e6b779f40101ab9056732073f7118f14b2aa07ac21cbd95bd363a9691cc09a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
0a19a96ef4a03f58e0c573d6edb8c6e8

SHA1
dc83dec449246aadca23b9c20c7fa0e46c9af24a

SHA256
60d7edc61abb5a5f3266c1479707c5278f4f2599d42bac793d1316d8d0ebca77

SHA512
6ec8222edbe4d45f8c08b7e68bba4cf9c0b9ae4cdccd0ccbf9a6558b4fe06bee75cb6355d7137f67a32b5636727978cfd75f5c99514646536688581e88319d1b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
7fc6bdba207d019cd20ebc33afa05890

SHA1
8244032596a8cab8d057378f18c1b60fcfce2915

SHA256
4b8cecc33a1c6467fe69aa6766c632b44e453341c2cf65a22104822ff539c34e

SHA512
3a04cf52be8f3ea1d92423862bb84166684ec029d597378b7768230abd403c9cd78e712fb2b93f000621c3ac5a24d555ae07c6f659a51ed6b6ed2aef61fec324

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
eb5354c014462dc94832e3de2bbc210d

SHA1
7f2689f1ada36371aac1f28a7620edacca2026f5

SHA256
293b00e86b4a9cb3000115a275d11d0aa937b40fd16780cd74fc232242897f5e

SHA512
20eade681a2e511ea8c126efe9b7afb84983b4365f35b4ede5fd1908561003b672b2eb9322294d345db4a5d4eab79b80347650426f101725186c288dc7949a87

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
d714d6d7460821fb80d8a0be35f72f7c

SHA1
221104a51e35a10a294019ae52e80372225470d2

SHA256
34df520e91efcacdacf8db8115dbdbbc2a09b4f0d7310cb5e3ec8bd1d148b96a

SHA512
de248d8f467766f72e764051ccb80482f600dde3563911034fcf6aa92a0723e6da5cfe5cd4e4a1b2726f1d87fe902e664b5dcdb877b584bf883c325d2e43fc44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
98aaef1ef2f7aa55f1d09b4982475ba0

SHA1
1ba0967b5c6759fdfe878005ca035354535ce456

SHA256
eda14dbb5e37826410f7a32f1a672d33c7417d5a8dd3dac3dcb52447683d6e3d

SHA512
b327402f096bcd9f03e30d9cfc4b9962cba02b757b2c39680c6ff6b9ffd3ef08f1673c6f122ee443274a4798bc70050652ed7c80775fd8c344d096896dbd730d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
0fe2c36e48378e9979c8ad32d5123aa3

SHA1
be07b1829c78c79264ef680ca533b71aefa72595

SHA256
7ef20c3c0c50c260a7423216ed142c7eb2ffeedf9d6c01a202f1920562ad3829

SHA512
2dba19c7ec930bb8a0e151c0707397dd923b22d568f2e7c13875ae4667d944f24d64bd1e050f45669f4397c0eb22e2b56e38336a303ade71cd5fca0226eab2f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
b140cd933b3cca3976d9691b7a51ac7b

SHA1
86228bf7c730ca4563718e656e2f3436653322d9

SHA256
abb6c5be7039516c6b7bb6a866d9521d5e3bc53391181f36e9de2c2ffa1b4050

SHA512
32d56aebadf62c98b01d242025230ad929b58cd9c86513448f52d8609e504891275eaaa16d30e9ae9345f5e8d6bc6711434a8ed68453440673ed3632518723b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
2eef438eee7303c10592f60ce6abbaf5

SHA1
9708f9f1986075022682f033c4b4d9bd0432f6c5

SHA256
1b76eea73c654297be4a6f2e4777d353b80b238d4adba72d9dd99fd1bd4462da

SHA512
7c1318d4183ac9498e3b23f7b4348f8ac09eaffda7fa8da59ae99689ee0df7c18eb99d775bfb7882b053b008792eae744d164edf33cec9b7c4648aa9f58addcf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
36cd596490ef4468a718b7d580982b61

SHA1
147f0d6306d3360b44c64278e61e1102fd05febf

SHA256
8d07f7f0c169ad3330d7d95b88edb374169533c8ae5543e02aeb61054e1478d9

SHA512
c3e340c8e9f2f52127274358dd6c207030d3a84add6f11fb52d6ea24595461b7c8876d789bcbe8386dd86279a1e4843b029cd23f134ce04481d9b6e4a9742b6f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\2e26c90a-aaa9-4f8c-a553-f5fee0a4dcac\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\b6eba8a4-cde8-4a1e-acae-b56051b61ed4\b3c91324ef8d55a9_0

Filesize
2KB

MD5
0c2ac1752de752943382760a3bfc15ac

SHA1
30caecf9eebecd41fba464b64e5350da1f158efb

SHA256
2309f5f759d5d0b5a3f4568d122c118b8fd2256c3e8768acd21bbcf4ad8c3edf

SHA512
50be03e4b9f9a191fee8d797d7b6cc7a3b0653c93e07dc5728e2e1f650f7a04188ef29641a2d902f2653254496dc257bd08a183a23be9c7ed7fb317c85cd93f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\b6eba8a4-cde8-4a1e-acae-b56051b61ed4\index-dir\the-real-index

Filesize
624B

MD5
71e1cced38e875f37b630eb8eb561d95

SHA1
4288b7b3198c23d23ed87384ee135ae500a49472

SHA256
d1c84e81da4bacccca3ec20ad4ac215569db31db87a6978837971aee3e904bb9

SHA512
f91e4880eab64837332f82759434fe5eb0c567df4b65c225ba4fbcd5ee3cc7ec4f1279382d0e5ad7af9d49136f1596579cc69fd17c9ecb0d59c9b9299cbb411f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\b6eba8a4-cde8-4a1e-acae-b56051b61ed4\index-dir\the-real-index~RFe5ae485.TMP

Filesize
48B

MD5
8a23454853baec6450bbccd0f50dfd48

SHA1
e2ad3ce0f1878e7e9396d488bb1e70819f1e5c32

SHA256
36869519d3d5855c423411cd5008231f04ec08db622c29b8d99d54ce9bb9ef63

SHA512
64664e187515586f1010d1ac0bf4fd8322dc794b2618e71960be1160f0f26b38936bc4c8d00d1a184f0bbb71ec96a0c19a330ea0ed6fcd8090235f8a79d47f3f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\fc9cc36e-4919-499e-96f0-58d50ee3c001\index-dir\temp-index

Filesize
2KB

MD5
62262d5a5f2d1e6f04005089bb223f69

SHA1
54db145505e041e7d7929cf2d2e09212397b441c

SHA256
0b450a1c538cbdfb844dfa15893e5ec62af89f8b99172034f96177b54586d256

SHA512
8b7efc8f3d794eb824ff7c40621371f24dc3ae99cdb96c02e6e4ab5d6bc57955efbad87ef47416380357c5b6df20a83a9cd65d5fa1c6b7451eae035af1f82f7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\fc9cc36e-4919-499e-96f0-58d50ee3c001\index-dir\the-real-index

Filesize
2KB

MD5
9e1773778afea229c1764d78457e7eba

SHA1
a319935b615e4255e25e70edade0d9a8646385c2

SHA256
39b553c12ff37b9ce060787a59479f769f4bf05796799f31b6f5b05200165f9e

SHA512
8362c910fb9102ef0f06ae2eacb00811b01fd4c7ff573a91e2c75c3fafaad31419d4665cfc885d23def583d0623bd88ccdc5834837c2041e383dcc9542997137

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\fc9cc36e-4919-499e-96f0-58d50ee3c001\index-dir\the-real-index

Filesize
2KB

MD5
579fbf170b9de0aad7e2f29f22555f08

SHA1
8e96218151b8e8e06479abf2813628bc6bde17a3

SHA256
0a4a5d102ed714857fde36bc0340aa3b7308371350e0cda5d34503bdfe8f3b7a

SHA512
0ac78c6b261525476bbaf53821b01b144116b9ecc5287cc234873f07e2fcac869ddfebf885b214b8b7f30803440d38fe1b4359dbb056ecac81fbd96edfa5c4a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\fc9cc36e-4919-499e-96f0-58d50ee3c001\index-dir\the-real-index

Filesize
2KB

MD5
0b379578ea7e6ffac93fcfe6c0610e21

SHA1
55ad21bd3a16bd23ec34a018746531d21b653e5e

SHA256
677506560382233c3d514581f174b03933d646dc81970b2ce96af7c5c6cad98b

SHA512
2dd5f15b1851dee28d3d554420977f07e39c158003998aa7c7150935d45408f63fca6157d9dd0841dcb46808245d79459290b669d9852f1311b19219abfcfb6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\fc9cc36e-4919-499e-96f0-58d50ee3c001\index-dir\the-real-index

Filesize
2KB

MD5
705dfe3e65b41298332983e9f4beebb1

SHA1
1a9b970bc304e836b59c7cbc2938216a83d1817e

SHA256
12335427990f2d44e5dcce763f6deb21bcf6fcefc2f845a6e60d25aa53ef5144

SHA512
33b626e83cbcdb3511675472a628a180a56ae974c61c7ac5e4c74fe099d862ce5f2463afa0e0391cfb9d5208f7461ea6198c58974004a1b7a92d30cd635bfdea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\fc9cc36e-4919-499e-96f0-58d50ee3c001\index-dir\the-real-index~RFe5a8118.TMP

Filesize
48B

MD5
c1b52710a500d427645a904c9c9d9252

SHA1
cfce249d6db9246b3ee7c427b1f4b4c7aad0afbe

SHA256
b41dd2a90e706e48b6906cf18fd437e47f7b22a3dd593b719633f84079b0ec4a

SHA512
c8848d9c6ac81422474dfe197dfc69b969a934a01b1e30bd71f0946804dc4766ef71875dbada0d7c6363ad9020b0369fa2b63d450507beb2f0a7a3a85b9e6add

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
89B

MD5
4c81c591caab6ee05d13bfb67f22d66b

SHA1
16ed7b31ff4e7d94ed7f4404432bb85d67fffffb

SHA256
24806c0eb960334797c0cf9d21f88b99bdd7a2b5c24ac2d2bbd3c97a08b02be9

SHA512
8b1ea1d66c6b17e16b148a598bfa4d710968bf6fe1ab539329a942a40a1a5ff89794b27981a4bd43465ae74e4f69b552eb344e2ceac52ebc2ffd5202074c2571

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
96fe04744bfe84a3d379ec02c1b312fd

SHA1
55f10264ae5b1492e03ce8bc619cf13ad75cf1c9

SHA256
edb78e749bf6bda01aaff586b8aaa6f891d1683fb1175a602385375a2665f10e

SHA512
eccf374a6e8ee5d95043e159ed9b71f2aced1488343f397ecfa986476134ed11dfb07b8e983fdd2d137abfa06d3de083c41a9f496db53067d47e48dc47787017

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
4c2dabda15a2bfbd3cc4fe026704cf1e

SHA1
989772acf918b3dab68e8ace033fa079994046e6

SHA256
7ee1558faaea9c3dbaa5ce2eb004e0a1ef9e3097e686b17b6f89aafd9d47a9e4

SHA512
babc1f90bd02bbc6a40a989d31c891bc451f1b3aa26bd5bca87e40c9fef16226645042da6b9ec0e5f8e1fee23034fee6701d5df378b54666a5e5b057e54de468

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
84B

MD5
faebc4bd095c6ce44355dc3853f3fc58

SHA1
048775456feb53ca1b9a47432407e968d24d22aa

SHA256
69f1204cf1e83a461e32c39214eaeaf9f8906f488b35517bf25e043c2c835e45

SHA512
a7a67ed8cd2aa78405013f9010dbfa9108d517eabc811421a4282f84b1e2ceebf6029d6723e54c5c8480e682e46e17fbb8d4d242f2155f3ac9ffefa9691fdbfc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
153B

MD5
8362fb2a2843d9e329b5bfaca960ceb3

SHA1
7052a696997196c515800d3f8ff59c00dc6b662a

SHA256
c291903724d1c2aab88777bb5f15e7af6ef6d28c3eb2df3a1513430f16ff2778

SHA512
62e97ee152604cfa4b0f416a4d2092b655011bc73e817d147cfe25b67047ddd17d0957a77b5e4998fb9a2f9c6d5daac11c3cdfbed7b4e8674547a882fd6ccd8f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
157B

MD5
9ed08c671765eb18e331acd2a94e1a4a

SHA1
04e9cbc593024505cf41b699c10be81b825d1f57

SHA256
0f995676392a6e55ef57c73e8f7c51407e7bb33d72b89c4012e65a7b497c69bf

SHA512
1c64cc58f4041a40f19cfb8774fa6c5317746bc1b7331f21345bc261c19563e9af9cb4449215beadaa14c9a302231eeb0f9abd25ed5c7f0c0f3db78398a61450

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
148B

MD5
6fb2bc34f5cb37dfde195f2447606cc6

SHA1
66112b788167668cf8d6e473c51c4740e22e0321

SHA256
fc66f4a40d042c3dda2a2e5aef5bcf1274082df5b4894ee28d65aec9e3b430e7

SHA512
c183bb0bdd68339ff29caa7efeddd8390ccba087523ebec235d40270df42e40af31ea5591dc505af75ce5ee5f1f8469f69ab2122a299aaa8246536eac4ca439a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
153B

MD5
432ac805d1849d0058dff8224fef37c6

SHA1
2b94a1a6cb30203d80e7bc9f16d8bd20ab54d48c

SHA256
36bbb2b70f0688e64b85bf505cd7787f715e35329045b172f2b5f2f253580858

SHA512
6b9436804e06c1411f2c43c26f302b9634c70965ccb5b8057b0d02e7138811925f8e829e7446930a305ab8ecaaadd2c2f19602c207a6e007fd274087d57aa906

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
153B

MD5
b28bb94aaf77c20a3618c9ee313c7eb8

SHA1
db9f8f2749e54d44c2cf95192d2036beea1b3a10

SHA256
f7c226744fcb3c5fda428a0793b19367ef3fb707f5c6b9052053d956cf887863

SHA512
5be09901d15f831e34fdfb0973a678feeb8cff9cb8d7192363e98089484bd4eea9767d8b1cde0418fdd20de161f63d604add66d428bb6fc5f015a12786bca59b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt.tmp

Filesize
153B

MD5
4bdea433ecd0589fcf1f7edcdb63cf1d

SHA1
29015f3393829c9afb4910168104c9c047532ad5

SHA256
192c830af7e4594eab871553001b2121e84678202dea4b66f37ea012167dd89f

SHA512
5d46e02c2cea65d5db205376b58972d95606a8601dff422f2eab731b8f92a27c244de1df625fcc6255c936591652f5bb8e7fe461c5b598e0bb4e4ae0e4272519

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\4cb013792b196a35_0

Filesize
17KB

MD5
fcc052a84bea9769055838fb19a5f43a

SHA1
f34b19417db33e316f1293b3163f0415be8e0b2b

SHA256
ccedc40a55230bccebd0ab98a08f88947de3b97dbec7489aa6a60a43c80dbd05

SHA512
ce4dbf8fc554c8fb77a1507eff97430c2fbc9e5f5489c06f45c8ccfb710b5521d01d7f6383bfb9bbfee547eec0f38df6e5207d3cd6f3c9a0e489f9ab4e362c66

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\4cb013792b196a35_1

Filesize
11KB

MD5
33e4b403f30c28e787e68abdf8d44bb7

SHA1
5cd6656227d249a96e57b8d921a9b68936e8e737

SHA256
3e95af1cd73390bf8d8b91abf5991562db61d141afa08d48f7307de6a8613d25

SHA512
5e3f9ef39c755da11b39563ad6c8aced755cf383683e1187eef7f018a3cad9eed7580e617ad8d69e8eef5b7e0d3681e651436d41161354c361370b07ad5fc55c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\f1cdccba37924bda_0

Filesize
161KB

MD5
50d36fa821642a0cb067dd680580bbaf

SHA1
5eb469775d245fb79f2395fededcc2b772e384d5

SHA256
7d1cb4a980a174f173f85a888312efaf360ef0e262c171c4abebfc5310da4fc8

SHA512
f3e2e9bc0a5a19efc922dd05a24bb7a2d763ba195e39afda8ccac2ca9a660811c0692764dad166c82199855c6e4210425175531e8cb06dda2ff427863f9f9264

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\f1cdccba37924bda_1

Filesize
392KB

MD5
22ffbb5e8854646f63338ffe48d85a81

SHA1
7c8f70d35e4856887fe4a1815e3cc4f13a474f8b

SHA256
0b96ee41f3911f6eb186ca174c5437f233cecc976a2e67e9e03243916be21681

SHA512
37d311ddcfe3829df010d841cc760d3eb219da52a9989fad0447077f01ec75fb2d78b4c236be5c24fe5554ff3742f0270e945337b216de9454df1ddc4c724a4b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
0df43ff24252b45917136b23fb453345

SHA1
d7642e30728b4256410222bda6b44244446e64e0

SHA256
f4999f094b50fe1be5fc0c73ac4c2c1c69aee496682cbe3bd5c915bb2f20396d

SHA512
e084fb80d4e53302b54008b5be5268532a460b9827df9221a63f46bb0ce2b56d7d8ce8e9ffe211c5eb7537b02faac10efb0174cb1ea2db09b955a723580b2cf3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5ad514.TMP

Filesize
48B

MD5
0758e09d1714ee96f7a33a0d9fc83087

SHA1
14d8f90e571311dd5def7aa8d1315deaedd9703a

SHA256
aaabc1d85ff6b8177557c56f06dcffeb47c46c1c816246a7374ce2fbad97563e

SHA512
6e5471a0100fd186bfdde745746c50a4b9289eb503e44bf332d764eab975d00987faf13ded4033618895c18a46ae9ab521a5b2c98fbcf9689d0c2828dc65a76a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
0030a18b6244979543874e9efabab674

SHA1
dca9be34b8134a3a634d01f314606e54a6c46cb3

SHA256
a3c5fd88fa5afc5759e5f190de9ed2ecb4dcddadbf4efcd88dc5b3cbe16cfa70

SHA512
86cd1ac38e78d4519afa477838c8020eea7acc0dd461d5a2c26a5a9e4976c76e49956b07ca903d0e3d937f93d16e4f3e43fd89c8766974ced7cc99caf4b52df6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
2fef66030d7c41812ba745b6d1373e74

SHA1
9e5912f906d17516c1889bfaa524c16a50235236

SHA256
43fd0151c3a7404f48f35759fddfe0e64a48202648e0233835fe0f3a9f0137dc

SHA512
1f17b0a4199e6178520fa50865d551b93885fb4a82f0c1e79a1d73e16b329682fcec0027aa5abe3b2b2e55fb1fbf64abe8e68bbb1f0056707f0a67f5275427eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
ddc3d208ce3f02cb4a1192deee23d67a

SHA1
226add6dcd08bff64fe9b1d908895f86fbb74bcf

SHA256
1e2d641729d87f21d792a04311826e0a26710388ad1b392a17ae6e87c65968cf

SHA512
ccce3a388b97061f900d8b8d3d46aa157b9b550afd0e43fbe123821c561e8bddcb3b32eabdff73c789ff75089d4278a5b2882235197ecb97272183dd8efd410f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
8a3dcdbbe8921fe882dbe5e5f59b9810

SHA1
5ed9a3e8ed63214a24a7201c3ac7119aa73f2a43

SHA256
96e93b7dfcda26cc128eb8b608efaed8b2c3e41de008054ae03c623967df7d6f

SHA512
f4f6d773d86ac509cf619137acc3885bf9f0cc373f08e15defa4e731454d14112f173cd596bc5a32b7f3e39d07659f9ebe27fa118dd521028ba278214c7d75c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
cd06046d87815567c47752cd1cc4118c

SHA1
fc8b55309900775ad0d3f358e28f0ed4e8480bf7

SHA256
101661152cad0774abe37320dd4fb02ce399dd106dea5fdebe665fef2b9a9670

SHA512
951661904d1e7eeb59fdaf5666c349e61daa780d8cd4ab2cf683bdb3410d74577f3c565866e8fbd2c7c6785600729978ff507533c1a7d4e8a7ce43ecc961a6ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
d5ee3fd77e5f32d2707c73d3bcc0f7ff

SHA1
5bfab525e1c35319ea682d848ab78ff801444687

SHA256
272e09b8986aeb20255f853c637476f3e90375abc2c453e28ebbb6bcea3dbea0

SHA512
55d6ca7b8056e763cdb0910003d295332b82a1d0f649965c8f1bf393fb6a6f775fb5b56adb35357deb290d03561dc5865ae8955e4cd72e2d318b60d9980fd97c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
66af656277a7a45af55b73f6049502ce

SHA1
dcc96033ee5f5b9fe87934657917f82df9137df7

SHA256
4ff9a160987fe2206a95faee22b873ff57ccb0b590d38340d4b6afec2f3aeb8d

SHA512
838a6acc1837157458521289276ba046264e01fbdade25794a0524283ffd1d6f31a072a89c050653f07165f393c9af6b4038bc28d41ccf9e56690cab532b5041

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
341c1b5881ac11702283cbe736d39b94

SHA1
a7721da9321d2c38f65bf4823f0b5a59a819f3a1

SHA256
874c10e766fcc4ee387efccf8eb131fef38993a31d171d688e16a1956e7b4fab

SHA512
607872428c88c84b38930d0ee374050b840b71c83328689d5d5c4d110a032391038520503be7df6fa944495eea3a373c701b2e82038a3628124e807bc6178658

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
ef821b11a80a4e34ad1c422d61bc78ea

SHA1
28c78b9b0d46d80b87cecbe4d0582f5090724a17

SHA256
f88fc8192582b22ad0f29f4537a75a618120e38b31d7fb73aac68d519acf58ab

SHA512
70a4bae762d8c3f5c7608a890295aacf403348fd271ae2955fe1e0829a6e0f2f9d752502b7910fe631356055162a00469dd7d93cd8de91351a5d952933392bc5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
ecf28dad47b230e8ca93b3e220af157e

SHA1
4ff160ad4edfecfd4be994b6d003c747d293d3ed

SHA256
42afc509c4517574caef021dad725d57bee14669abcaf2ef7b0215b9762a6576

SHA512
652f78a7cc8f6d0c8eeea665798bfd2011d68704653fedabebe60dc8ae15ac7ad61be3e96c1ba75f63985500c2d83992bb1052c140f5e233ec867abd2090c295

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
e76987532b9dcc84d3be7afa3f4113ba

SHA1
cb4e6bf98bee11bc2b8dd3995bdf74a6c15d62dd

SHA256
c5cf1e05010ad901bf9306df3aff75bfcc72264e19ff1e7a4758c5776e694200

SHA512
c233e74b1465c5199bcf640b368e4816cdf834e23f950f508f033e25e9564d3795dcf8058e32c2325befb70238afa7e935f14bce051c9cce247c708b3eec3174

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
c0455a32c96e37f8c9107d8d1ba4131d

SHA1
864f619f22aa3f91b18c4072fd7da4964325f269

SHA256
1413f0bc3c49e0b09d61fbb1a9376dc10fae07f9991ad552fa56a64530a4254b

SHA512
a7d146485d3831e3d5dc21b04eb436c462e2294d9d5e83a14e98897244aa07b8bb23c1d02e5047279968ff895aadd5244489fc9e3a503b03bc1e0af50c0d6be1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
f22ac64789ed98b9e6e70887ff42b94b

SHA1
a561c9026e67308b2ebf2c189060cff9603f6b8b

SHA256
4670b0d6e83aeae03c19b91bc6342377bdde425915fef42fc08a15c8664a5ac3

SHA512
a3186447069c1b24d85889b82aec2f7cd2af93e1a9d9593c0523f1c7a30693ad7f744bb4f2a93108e479335378d14b9dca74df082b42cf693369cd71197f7f81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
e50f02f171146a34fe9058adef1d1a55

SHA1
70ea8a01953ec3ca09fe3e8d600b72a786e3ae6b

SHA256
cb911535be76868c90ee3146b782776332a0cc2317271087efd5e2d6493f3949

SHA512
b4be90cc0b686e7b63a8f75f7a825e1ebec2a253e0f875a29cf072dd80c11ae66a567a419d3e77316b85ed249875f52c722b524354aa7a2738c911b0fb55eab8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
8c3e7a1b4494f36adb0949b3fd04808c

SHA1
a85be5678cd87a1d98f3046acc2bec32fab1a5d8

SHA256
59207deef4be32560122a566a39e36e5797eaa9995a5c8b6db0bb95fd8122d0a

SHA512
ca5e92cb98a58c9e9ebc622a1149b3a0f041ac4725b6a60f2f677ca4c6e4f81f8103b3151c7a077ff73f31ecf85b88bcf240719292c21697b8a7886e5e61a90b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
6b4af1a872ad2508f2ceba5d6dd65c4d

SHA1
e2d8ef36234612dc731edde8993b6900248342da

SHA256
24b013e110381ba9f5729ec47c528a545ee556f30326295b5d781dcf3eda4feb

SHA512
06fc510dda43d8d97bfd6299e5c443283a335294a21f2940be9e67b4b8e2834cfb66a93ebc18d23dc438f6b7eeb3779ffb0434d40bd79f6a9e3055b1115b57de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
c0b5d904dc808cd5df6e201978e6fc7f

SHA1
c1de878c463cd33d9b8e7997192c7bce0fae201b

SHA256
0cfa72713fcc189ad18e6cad84f694f4a0d1cc27bfa2e393bd45a595f514c349

SHA512
ac965bae08916fe800a282e3c084417f6dc9226ab6a422f514ab39bc2bad6ed590396fb8517effe657de79a9c9f4a5609e71d210267ade39a073cc3a20e4cb17

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a2eacf52225e9b0c82f741adeb03f09c

SHA1
27e64b11ceb4b43255cbdad998b7d470d1f261aa

SHA256
7404edc12cb6b7303d3cffb22b17109d84512795f383242217f1931ae6f937a6

SHA512
7110c6b286e10b8b2d6d343c04a4a292d193e0c915b87b90f30ce08247bd34d762aba1d0172c56e6d47ed6f73d9b306ce4a4b3d7bba45a6d0bdc6ce461783e8c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
421f6ef2b3adda2c8aa4db3355518abd

SHA1
06d68dacadd9a3c53bee9ea2bb5529535590a67b

SHA256
c097f5081500141bb779d76f5de706f4e09481a6b2d843e6fb60118cf5fd6fea

SHA512
8a67592652990a4fd318dd088b8192b8ddc147f2a465d7452b1f1c03d72ddc3c05597c59d9800e0510df12fc92ff9e81bc5dbf0b686b5fdeac6d41cd80cc363f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b45a3f6c5a15e183045f9ea437933dfd

SHA1
888dbdd340ff57b5f86a3e14163158023b363d21

SHA256
ed0e2c0ccc83750b33f599c5c8922d56ff485690603a5481f47863401b7e2931

SHA512
8d3a9a47fd91de4ed00486bced10ac0bf058d22879b863f8fc14d1836543e962d50dc3ef4fbd7f510da6bb9f4f8d09cdb874781733009541a5b941d9f626eba0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57e985.TMP

Filesize
538B

MD5
0daec99d9c14f69080991f09b781f3d1

SHA1
f46338cda20b57358ee906f26cb27393456d14d3

SHA256
dcc1f12429490857f16d6d72ee4ebd855498c4b055b152fd0b9169b531f444e9

SHA512
e83072f7974134a7e2cf1565ca980df95417f36566471946ef75437612c36ba4ecf01c223c30c2b7430929a3712d1554bc42c2dae1c854d4257a838098d110bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\be3aa808-b113-4530-93eb-5ace3a6807d1.tmp

Filesize
10KB

MD5
9f5b92e0cf3a5d0dd33dfc9946ef678a

SHA1
508e4390be3b59ce6e89ba6741cf74ea9cf3e7b5

SHA256
d23150a795044937a9cd912b3688940b833143dc13578999008ecd54466287b0

SHA512
c29c007401003d85935514cc33150f067760bd22f1af553cace13faa952901f6d100a5ff87f2d804f4d3824a53448f4e1f79ad7bb123d422f45fd0140385ae5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\d0324e57-2e0d-4428-9fac-288830b4074d.tmp

Filesize
1KB

MD5
9e3bb434c3ede5bbc28b84bc182ca9fb

SHA1
4962c8d345d9a460d4e2a0d57c0b2cc6077b0f9f

SHA256
599002ec3e87bd3bbe74aa31c83fa89febf9546303ce04403172f92a0c5457ca

SHA512
44036af2276287ab97c2b39da9f780e80715ebe700b7ff03ab799db9ea9373c1143208a2b2a950410fd330f9bdcf8c0f13242cbf1dde3d1264b9052ec062f967

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\f9732881-7d5f-4af0-9d0d-40f3b7cbaba9.tmp

Filesize
11KB

MD5
f5c9cb60c389c9ffa3bbaa360a21ba94

SHA1
b80634d8ac2de3a6d1b99567f516d793027427c0

SHA256
fdc74a4f1d90d2183067414cd0955008874cbd754cc4b129397fe3d3f910bf80

SHA512
9e37bc17e8c9452b7393543a75bcdf6f82c1af2c7628d2f4ca2027932c9bbe2ba558ac5b9f0ce0fed5e1b3d094177b5a4cb7faf7695ff8e07e1a09b735e17369

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb

Filesize
64KB

MD5
987a07b978cfe12e4ce45e513ef86619

SHA1
22eec9a9b2e83ad33bedc59e3205f86590b7d40c

SHA256
f1a4a978ce1c4731df1594043135cf58d084fdf129dd1c8e4507c9e06eac5ea8

SHA512
39b86540e4d35c84609ef66537b5aa02058e3d4293f902127c7d4eac8ffc65920cb5c69a77552fc085687eed66e38367f83c177046d0ecb8e6d135463cc142aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML

Filesize
9KB

MD5
7050d5ae8acfbe560fa11073fef8185d

SHA1
5bc38e77ff06785fe0aec5a345c4ccd15752560e

SHA256
cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b

SHA512
a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b

Download Submit
C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\DC\Security\ES_session_store

Filesize
10KB

MD5
a15e3cd5741cfba7d78543afb63cc624

SHA1
916d3d2e0be80e6f3766f724e81ffe266795f10c

SHA256
09e5252a20cb6e1bb2ac122fc85b5f1046296488284ba912dc5d2edf1d6bb6df

SHA512
f900f5c5fc892e61532627b8b09ee1922a8e4a66b7b73f836a19ee918cb27d603cdb577ed0ff6a8178340cd4de545ed6fd87b2be8af889bed76a78e1b1b732f7

Download Submit
C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\DC\Security\ES_session_storei

Filesize
23KB

MD5
cf71ddb19f138c6b1cdb416a148e87ec

SHA1
797d6c5eb4ea9004588ae23ea3bdd53fd5c910d2

SHA256
b32f62cccbdb3e2ab6286c3a82b3a42de0a9dc9b4e7bf313f0cae486ea47a6c2

SHA512
dff16aaa5490ae779e0f600f7ac2fc324749c01776191cff8a740065aed782502aad23c505f39a9fbbd9236d0ae2a6a1efd4c43d2714ba1c938d493ba55f2348

Download Submit
C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\DC\Security\ES_session_storei

Filesize
23KB

MD5
1ef3571d08edfa4938732ebfdbb25fd7

SHA1
7c010df4d6d1ddd06ad9dc9e18711fdac1b4169f

SHA256
7473f1fa6693b7f39d9f2bb1e02a3ed4189c7fe2d41861b771c206edc41535cc

SHA512
5318ac2bc0e3c51bbb58b98c46dd1dd74a7cd3994615c93634c036996a47d8af5dbb6141ac9440ca7ec1312a595174bf15b3c1e8006c74491f49ea10eb1f4e7f

Download Submit
C:\Users\Admin\Downloads\Sulfoxide 1.4.7z

Filesize
70KB

MD5
a06a4b9f04737742961ebfc4cbbc39de

SHA1
3c405ad06b8f160479b3170ccc0380964df86f57

SHA256
bf5130b6134c0df6086d5312d6af9b9701a8a434291fe1dc8927a58b9411df73

SHA512
b3898bc6481cce9f82857cbe16d541c26f274c54e76f706cc4246193a9725ab57e88e4d110972d304c84b177039ebfdf53e02f534f32ea41ea9bdbe494d1c6ef

Download Submit
C:\Users\Admin\Downloads\Sulfoxide no window fix.7z

Filesize
68KB

MD5
2ed859e8a7e26fc18475c8b2325782e2

SHA1
285d49db82169207c6e8f025b0f3b04e8d3bd9c6

SHA256
b39ff727cd609fab8bc772f846b9bb1cae8d6f4f1e5019f92fefdeeb932609ab

SHA512
6edf1d539ca6c4107bf9055b7c61a60ba5e55b056a1ae88f92d411e87575d91454dd10967b06f862727dcaff66d36362ea7578e42a75e575b8fa40996b3672c4

Download Submit
C:\Users\Admin\Downloads\Sulfoxide.7z

Filesize
69KB

MD5
d8ff77d8471a6203a6b290cea0552fdb

SHA1
c29001ad58f3761c904052e2dde5e0fed5ee039a

SHA256
4e7e9e1beb71ceb1f5f28020d433dd4d5ebdce0148491d0a51939b5dab99a241

SHA512
ee771b64f9408c114e46cc3a2d56b5c84cb83a2c57d8fb6017a7c4a0f33fd8a637bf98a34f2bc3a8374fb684b57dc198cd210ef2ff38dad2b253b439aad29e92

Download Submit
memory/2864-3417-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3300-3284-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3964-3373-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4832-3416-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5388-3443-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5672-3385-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download