hxxps://drive[.]google[.]com/file/d/1adfIUqwX3cVtoP7AfeD2O5HOBi2rGsQQ/view?usp=sharing

Analysis

max time kernel
383s
max time network
378s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
03-09-2024 20:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1adfIUqwX3cVtoP7AfeD2O5HOBi2rGsQQ/view?usp=sharing

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
4620	Set-up.exe
4228	Set-up.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
2	drive.google.com
6	drive.google.com

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\GetSuspend.exe	OpenWith.exe
File opened for modification	C:\Program Files\SearchInitialize.exe	OpenWith.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 2 IoCs

pid	pid_target	Process	procid_target
488	4620	WerFault.exe	121
4840	4228	WerFault.exe	125

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Set-up.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Set-up.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies Internet Explorer settings 1 TTPs 3 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	Set-up.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\Set-up.exe = "11001"	Set-up.exe
Key created	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	Set-up.exe

Modifies registry class 38 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe
Key created	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\MRUListEx = 00000000ffffffff	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1 = 19002f433a5c000000000000000000000000000000000000000000	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 0100000000000000ffffffff	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0 = 8c003100000000000259737e110050524f4752417e310000740009000400efbec5525961235940a32e0000003f0000000000010000000000000000004a00000000001e16b000500072006f006700720061006d002000460069006c0065007300000040007300680065006c006c00330032002e0064006c006c002c002d0032003100370038003100000018000000	OpenWith.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\SniffedFolderType = "Generic"	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\NodeSlot = "3"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\MRUListEx = ffffffff	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	OpenWith.exe

Modifies system certificate store 2 TTPs 3 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25	Set-up.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 040000000100000010000000d474de575c39b2d39c8583c5c065498a0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25190000000100000010000000ba4f3972e7aed9dccdc210db59da13c92000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	Set-up.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 5c000000010000000400000000080000190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc36200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8040000000100000010000000d474de575c39b2d39c8583c5c065498a2000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	Set-up.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Adobe photoshop 2021.7z:Zone.Identifier	msedge.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
3552	msedge.exe
3552	msedge.exe
232	msedge.exe
232	msedge.exe
360	msedge.exe
360	msedge.exe
4276	identity_helper.exe
4276	identity_helper.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
2440	msedge.exe
2440	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
2008	OpenWith.exe
1560	7zFM.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe

Suspicious use of AdjustPrivilegeToken 12 IoCs

description	pid	Process
Token: SeRestorePrivilege	4728	7zFM.exe
Token: 35	4728	7zFM.exe
Token: SeRestorePrivilege	1560	7zFM.exe
Token: 35	1560	7zFM.exe
Token: SeRestorePrivilege	4984	7zG.exe
Token: 35	4984	7zG.exe
Token: SeSecurityPrivilege	4984	7zG.exe
Token: SeSecurityPrivilege	4984	7zG.exe
Token: SeRestorePrivilege	956	7zG.exe
Token: 35	956	7zG.exe
Token: SeSecurityPrivilege	956	7zG.exe
Token: SeSecurityPrivilege	956	7zG.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe

Suspicious use of SetWindowsHookEx 21 IoCs

pid	Process
4256	MiniSearchHost.exe
4856	OpenWith.exe
1468	OpenWith.exe
2008	OpenWith.exe
2008	OpenWith.exe
2008	OpenWith.exe
2008	OpenWith.exe
2008	OpenWith.exe
2008	OpenWith.exe
2008	OpenWith.exe
2008	OpenWith.exe
2008	OpenWith.exe
2008	OpenWith.exe
2008	OpenWith.exe
2008	OpenWith.exe
2008	OpenWith.exe
2008	OpenWith.exe
4620	Set-up.exe
4620	Set-up.exe
4228	Set-up.exe
4228	Set-up.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 232 wrote to memory of 1764	232	msedge.exe	79
PID 232 wrote to memory of 1764	232	msedge.exe	79
PID 232 wrote to memory of 1600	232	msedge.exe	80
PID 232 wrote to memory of 1600	232	msedge.exe	80
PID 232 wrote to memory of 1600	232	msedge.exe	80
PID 232 wrote to memory of 1600	232	msedge.exe	80
PID 232 wrote to memory of 1600	232	msedge.exe	80
PID 232 wrote to memory of 1600	232	msedge.exe	80
PID 232 wrote to memory of 1600	232	msedge.exe	80
PID 232 wrote to memory of 1600	232	msedge.exe	80
PID 232 wrote to memory of 1600	232	msedge.exe	80
PID 232 wrote to memory of 1600	232	msedge.exe	80
PID 232 wrote to memory of 1600	232	msedge.exe	80
PID 232 wrote to memory of 1600	232	msedge.exe	80
PID 232 wrote to memory of 1600	232	msedge.exe	80
PID 232 wrote to memory of 1600	232	msedge.exe	80
PID 232 wrote to memory of 1600	232	msedge.exe	80
PID 232 wrote to memory of 1600	232	msedge.exe	80
PID 232 wrote to memory of 1600	232	msedge.exe	80
PID 232 wrote to memory of 1600	232	msedge.exe	80
PID 232 wrote to memory of 1600	232	msedge.exe	80
PID 232 wrote to memory of 1600	232	msedge.exe	80
PID 232 wrote to memory of 1600	232	msedge.exe	80
PID 232 wrote to memory of 1600	232	msedge.exe	80
PID 232 wrote to memory of 1600	232	msedge.exe	80
PID 232 wrote to memory of 1600	232	msedge.exe	80
PID 232 wrote to memory of 1600	232	msedge.exe	80
PID 232 wrote to memory of 1600	232	msedge.exe	80
PID 232 wrote to memory of 1600	232	msedge.exe	80
PID 232 wrote to memory of 1600	232	msedge.exe	80
PID 232 wrote to memory of 1600	232	msedge.exe	80
PID 232 wrote to memory of 1600	232	msedge.exe	80
PID 232 wrote to memory of 1600	232	msedge.exe	80
PID 232 wrote to memory of 1600	232	msedge.exe	80
PID 232 wrote to memory of 1600	232	msedge.exe	80
PID 232 wrote to memory of 1600	232	msedge.exe	80
PID 232 wrote to memory of 1600	232	msedge.exe	80
PID 232 wrote to memory of 1600	232	msedge.exe	80
PID 232 wrote to memory of 1600	232	msedge.exe	80
PID 232 wrote to memory of 1600	232	msedge.exe	80
PID 232 wrote to memory of 1600	232	msedge.exe	80
PID 232 wrote to memory of 1600	232	msedge.exe	80
PID 232 wrote to memory of 3552	232	msedge.exe	81
PID 232 wrote to memory of 3552	232	msedge.exe	81
PID 232 wrote to memory of 1472	232	msedge.exe	82
PID 232 wrote to memory of 1472	232	msedge.exe	82
PID 232 wrote to memory of 1472	232	msedge.exe	82
PID 232 wrote to memory of 1472	232	msedge.exe	82
PID 232 wrote to memory of 1472	232	msedge.exe	82
PID 232 wrote to memory of 1472	232	msedge.exe	82
PID 232 wrote to memory of 1472	232	msedge.exe	82
PID 232 wrote to memory of 1472	232	msedge.exe	82
PID 232 wrote to memory of 1472	232	msedge.exe	82
PID 232 wrote to memory of 1472	232	msedge.exe	82
PID 232 wrote to memory of 1472	232	msedge.exe	82
PID 232 wrote to memory of 1472	232	msedge.exe	82
PID 232 wrote to memory of 1472	232	msedge.exe	82
PID 232 wrote to memory of 1472	232	msedge.exe	82
PID 232 wrote to memory of 1472	232	msedge.exe	82
PID 232 wrote to memory of 1472	232	msedge.exe	82
PID 232 wrote to memory of 1472	232	msedge.exe	82
PID 232 wrote to memory of 1472	232	msedge.exe	82
PID 232 wrote to memory of 1472	232	msedge.exe	82
PID 232 wrote to memory of 1472	232	msedge.exe	82

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://drive.google.com/file/d/1adfIUqwX3cVtoP7AfeD2O5HOBi2rGsQQ/view?usp=sharing
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff956e73cb8,0x7ff956e73cc8,0x7ff956e73cd8
  2⤵
  PID:1764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1904,12540111551711425623,12591856796159492757,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1900 /prefetch:2
  2⤵
  PID:1600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1904,12540111551711425623,12591856796159492757,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2360 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1904,12540111551711425623,12591856796159492757,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2720 /prefetch:8
  2⤵
  PID:1472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,12540111551711425623,12591856796159492757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
  2⤵
  PID:1264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,12540111551711425623,12591856796159492757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:1364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,12540111551711425623,12591856796159492757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4952 /prefetch:1
  2⤵
  PID:1588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,12540111551711425623,12591856796159492757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5264 /prefetch:1
  2⤵
  PID:1440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,12540111551711425623,12591856796159492757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5904 /prefetch:1
  2⤵
  PID:4536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,12540111551711425623,12591856796159492757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5896 /prefetch:1
  2⤵
  PID:4856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,12540111551711425623,12591856796159492757,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6100 /prefetch:1
  2⤵
  PID:1160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1904,12540111551711425623,12591856796159492757,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6712 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:360
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1904,12540111551711425623,12591856796159492757,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6296 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,12540111551711425623,12591856796159492757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6756 /prefetch:1
  2⤵
  PID:3244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,12540111551711425623,12591856796159492757,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6980 /prefetch:1
  2⤵
  PID:1368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1904,12540111551711425623,12591856796159492757,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6484 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,12540111551711425623,12591856796159492757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5908 /prefetch:1
  2⤵
  PID:4208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,12540111551711425623,12591856796159492757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5568 /prefetch:1
  2⤵
  PID:836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1904,12540111551711425623,12591856796159492757,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6332 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:2440

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1728

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2100

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4256

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:1528

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4728

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4856

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3048

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1468

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Drops file in Program Files directory
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2008

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
PID:1560

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap23379:100:7zEvent30583
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4984

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap18511:100:7zEvent26285
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:956

C:\Users\Admin\Downloads\Adobe photoshop cc19\Set-up.exe
"C:\Users\Admin\Downloads\Adobe photoshop cc19\Set-up.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Modifies system certificate store
- Suspicious use of SetWindowsHookEx
PID:4620
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4620 -s 2420
  2⤵
  - Program crash
  PID:488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 4620 -ip 4620
1⤵
PID:3476

C:\Users\Admin\Downloads\Adobe photoshop cc19\Set-up.exe
"C:\Users\Admin\Downloads\Adobe photoshop cc19\Set-up.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:4228
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4228 -s 2136
  2⤵
  - Program crash
  PID:4840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 4228 -ip 4228
1⤵
PID:3456

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Adobe\Installer\Icons\PHSP_22.0_win64\appIcon.png

Filesize
1KB

MD5
930eb6f1ca2dd339b2cfaa23f3e7c4cd

SHA1
16f569b9785919d0b6a939aa4f2b3e64b0966a85

SHA256
ac5b06748aacc67f7aa9257c2f5ab1d3a81077271b4ea69d24daa3be616679b8

SHA512
7e025d0895cea47ad93dd527d7b4a6777a00879351adf176f08bb408ca5f43db348fb9217d45c44d86bb7f2e6ca4ae4fb57fe093a616c9db9f28765fb1771532

Download Submit
C:\ProgramData\Adobe\Installer\Icons\PHSP_22.0_win64\appIcon2x.png

Filesize
2KB

MD5
69d2b84603309bed326301ca60dc01ba

SHA1
700351e3f8b9e7247a78185201121c50945b42d1

SHA256
de028e7aebdb9d6a7aec2668b15ff42936da28ea73c8ffb969fe58025d63707d

SHA512
ea1b501847d28e8c0a27fadc6b64e6eabaa9aa09d30e39076d2c25e15ae20d36afe1d760da112a38a3b7c80a54304fd5f62cd9324a8d38fbf1e13e892a672a82

Download Submit
C:\ProgramData\Adobe\Installer\Icons\PHSP_22.0_win64\config.xml

Filesize
534B

MD5
2bf9f831e68bc1c40aa7ad9456f0dd64

SHA1
5f0169ed2ce46b27eeadb985c57c7ae9f80bf90a

SHA256
7c4bb24e29837f106919240be87763ff102c66c48875164cbdf263093ca91fc5

SHA512
6a53b2bb18f85f248d58f6b76d09f4a6f73433fefba719c7afa8221c1d0769e98f8b9e37d61319d030f63ae7909e987313d495fdc67de35fbfb4270beb3e7aa0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\96bf3008-0966-43d2-b148-dea4862b2977.tmp

Filesize
11KB

MD5
41cad121773b42876c4cc6664a25be47

SHA1
8352db1833904fbc9d84067ea713a7c57bc505c8

SHA256
bb3d83a2a845c3f75846d24df3cdfdb956b3b306bde473942737e37aedd7ba63

SHA512
bbbe61bf787acf72d40b1005df26fc8bb942d96d8969879ab37de9dc2ab9446238baaac4a40e536d0ef92a8bd19768052ea4ebb57a835d9b726667fe3ee4a6f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b4ae6009e2df12ce252d03722e8f4288

SHA1
44de96f65d69cbae416767040f887f68f8035928

SHA256
7778069a1493fdb62e6326ba673f03d9a8f46bc0eea949aabbbbc00dcdaddf9d

SHA512
bb810721e52c77793993470692bb2aab0466f13ed4576e4f4cfa6bc5fcfc59c13552299feb6dfd9642ea07b19a5513d90d0698d09ca1d15e0598133929c05fe1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4bf4b59c3deb1688a480f8e56aab059d

SHA1
612c83e7027b3bfb0e9d2c9efad43c5318e731bb

SHA256
867ab488aa793057395e9c10f237603cfb180689298871cdf0511132f9628c82

SHA512
2ec6c89f9653f810e9f80f532abaff2a3c0276f6d299dce1b1eadf6a59e8072ed601a4f9835db25d4d2610482a00dd5a0852d0ef828678f5c5ed33fe64dddca9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
550d76473b0e7720aca94d7bfb406be5

SHA1
39699dfa9063f55150e1ef8d77ac33b16de8145c

SHA256
a23c9275d747fafe4966b99e78593f18716eb2ca523541dc77c8942d8f1e9ba5

SHA512
6e9128dd289c024f277e1fd05d8cdf30df4ac07f63c231871bb05cb937ccfb0d92f499d947534d1047106dd502f586bf2262b8debe81d837f8bc30c3d203e918

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
1df4c44f536888da7c41074545584a81

SHA1
1a7c64eaaaac9877ed716dd6f38484f6bf1f276b

SHA256
66dafbca1a6a0b2888e0e38b6959010f26de0dfbb87e4f679a825879248a1d71

SHA512
a51af5e9d48e24cecfa5b6b8efc2615d2cded8e7e8b4b8005fff7956a7a1945dd68cf0efce15acb44c2ec181966d6332e90f31c657ecc6bf96699e646400ce92

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
e782d82787bebcf937a75d18c37f0b21

SHA1
a9cdc59b5a182f303cc31d5b20797e84d595bb8b

SHA256
6aa527c6dba85896aba3694b774f1977b020bc456950ee1c71d6fae74ba961a0

SHA512
5f641c536bd3d30c25063c6d92ca2ca80504d02c5960b92d5cd9611cfaf19f095986b5637da7c106c9d7c6d57de9d01b0daede6fd023e56dcbaf2c85d80294de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
377daca10a777bc269a2022689ed1a5e

SHA1
31837ba209695991bb0b30a0a7d49b14bc02f107

SHA256
eb04358c36fa2be1374e45225eb0ed6699c9130e41e421733260a25da5bdc0f3

SHA512
985d2751312360efb8cc9a92bfd33286e87c21fba5bf4f1c7545cefba5df51a37d6838cd0b4769627e4f24ee5fdc9d402c046bf74047e06b1fdfeaaaed6ad63b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
583be80d11391abf564bf28bec674d48

SHA1
1dffc5663d59a6da5dc78b6ca373745c3295cc3a

SHA256
39398c9e1996acbf415282d213dced4895d8808d0564cfdbd93c73f976d66ffe

SHA512
314eb739268578e073ce335184dc8eb8b31838dfbfe8ca1f2e1b33c47947e81b90469b5d4bb8d8e100d66be715dae6244289cc8d413e7593854f094ac7dc6a92

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
51e5e3b8597628875dd403c66c667070

SHA1
1426d2c37f168db60a9616a46140744be2a2471d

SHA256
feefa4e398c7d7b4a99ad4f246bdb2eed2ff55b2e45ba06e96212230ef3b51c2

SHA512
9386c4faf0c7c5ac0a1effa98c4caac350b493366ae89f8436e3d3304f7a2e4cd81ec4439bbdd3bd1c7df80bedfa1ed6ff97157e800f8428d8e1e30137a6b9ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
8885c24cdbbe7dc9448def6577276919

SHA1
4c924a288dca18dfeeb0f1d970fdcca66901c5c2

SHA256
bf8bfaf5b5193fdf286e94abed6d8ce20ee4f6fb1d8398b4d6718f40c2536931

SHA512
5e9cd71d3a8354142245e82d4e08f70eb1556bed6e3517cbbcae2b3cc453b490f7b9116b7b8fab0de9af670e04d126032c02775e30d0246176a219c3d4b31c24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
256025861ddcc8e5dc1778529b554b5e

SHA1
79ae746fbac64d01fc22e42b6d8168c7d4588fd6

SHA256
ff6ee02aaf4c8d818f7df646b523a9aa04a44484573a5cd6efd196d57c26e1e7

SHA512
72dfcf6925a05d5d6aa9b22bc8d9662134fbc1004a6b9d35a38aba6b656d1fd313f3768643046b40c8108a8854938e61c52e878ae683f0df1795f9694440a470

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
cc7723c06b7dc2389a3177525bff025b

SHA1
ce201138536d71a0d09d0c0f003473886805b05f

SHA256
c31c699c0a2f743ae20bb1bbbbd708f218e29849ed39825459c0a773737798da

SHA512
6c26a16f50660c55f795e6e5a61c08038700ea5476203ec1c2c919d3a572de42ce54f5e4c541ef3fc93ef78ab79f7d5afcaa30e888a65515515435d39fe18a5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ed36517e0afa98fa5aebd1c0148d70fe

SHA1
eb5803377cf06572cee23b7be0ccce7ebae5049a

SHA256
03d3b81afc1d05bb59df1a2adb7583a1237bfe0ce3ab0160ed991b9c4de6701b

SHA512
b67a46b049187437135439437c3b117c0ffd88658c3f0485d2f13127767a42a8a378fe76efa1c041e03cb0108feefd7cdbb1be9d0d82b77914226450d72e7acc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4c0b0921ab2627b49aae3f4e30051c54

SHA1
0b58213a4adf6228a469e3c3068480d3150c6969

SHA256
fbe1dfec72c150a3e51ef88f7a5d57570b0b2e76c2bf059ae44e45db172bb209

SHA512
9a2cbf03f9517a380f3c9a6cf0201ddf8e130befa5d71d024c3532d0999a64da754ed9299d36661f08a3c87e094d9836d19327d0fe856345e3359dacd8fe2993

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
295189b2ee2c26f59084d8e6e03cae85

SHA1
75c4a2dd6ec885ca2d8f596d221a699c4bc2594d

SHA256
7516f8abfd8de6253419974992416b6a291d5e188293eb9309f321aa565f0752

SHA512
7003a2046f6f9bbcad07d83914233147eec0eaa2d9da21aaf049e8cf52925c45503598d5cda13de4413fd12cccba98c6fac63da9e6d06e1b54a71fe40f2e2a7b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
4a0abd5abdad81fcf22ced029c8d729b

SHA1
961c3813edffa8543fd2009d11a2e84605919925

SHA256
45e9954e67f4b367ec15e23c3b8272d617530d7e530b9b98b9d288dbdfb2193b

SHA512
fd4cc5cf4926c87116752e852cc3b26ec0a91044493e86b3dd8f320216e6e6213a3a6c1dcaccb21ec8c55c44ee8b7e1c72374e07f6853d895a34e556bccea586

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
5ba49171f05987b48e7984936056c9e6

SHA1
9a36441e88a0e5fdd0fe1c98d292ecc6f7aae33f

SHA256
847d46e3e54be41e1227adf4318418f609aa642c3763addf334b67498a886613

SHA512
e246029b6a23feb88fddf11a8999c27ac61e1e8d0787fb5a9562cd83af6a231c7ca26229334402cc185f1d7585a2de6ed78dd0e29e0f317d064f9c8a98ae697d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
4b4f96ac96fc6524bfd213eac1450bf1

SHA1
f2e29a105b62050c0ebf5de08fb7fa7d4dc8bc16

SHA256
d1eac62ea9db32742e35d3f0bfc780629686051caf934a03a57eda81bd837681

SHA512
b25d51992e5a5a8503d92bfdbaa821040ef546df7cf7abf82514787a61ebd8b5900e6c23bdd735ee2879203f375024f382799767f13c9e5eb665fd9743e67ff3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
4f8d050b716e776b422de24b0689ba8d

SHA1
4a860783198077d7ae4a6eeb7240d731e7088357

SHA256
ed1b0feccf3cc20d7432c9aa94d377d926e5e00f92d75c6135e94ec2db3bba8b

SHA512
8390eba93663cd2ef2c9885b4ad7f9a46766ad0d0d0554d78adb95df8b43d97c50d55503a37359f7bc07389f6b1ab2ccb8f8365eb18a79e2fad806715f4854c3

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
c3e08121cabb9380e3d50cadde97d53a

SHA1
0e666954e83e97e3883e52092fe2be88a520e8f8

SHA256
76e1d3ab7320c4b863adb091b5b77205d81e13eafb539a18ebe3d8ea46b29433

SHA512
9a6ef7710781d2f3a1f873129b21990548c1b275720080d87fe4051b464b0aef4ad8625656c388a65163563c6fb2086c29c01ba5f518c5b9679e7227fcc7941f

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
d9c90cc81a3965139958ce95221b3e3f

SHA1
e1053a91bd6481e12b86b6a79aae7193e44875b4

SHA256
f99e8c101bde6270bec53e6c18f76fb0f7973acf74f15fac1462b85f2872b1ac

SHA512
a3d4907bcba240286c401ad824fba47f7d1029ddc0ccc776a52049fc2668a7503adf115fe013c1d536d7acb733610b68432a4ccf5069df06f5b7551605128e83

Download Submit
C:\Users\Admin\AppData\Local\Temp\{477BD400-DBDA-4735-A5E0-9AD0D0AF2FB3}\common.js

Filesize
2KB

MD5
d98f70ffd105672292755a37f173c2ec

SHA1
c0154add295ac052f234a0282a62b704cdd01998

SHA256
257a42f797f140667c81930001e73943bfc243d50bcc775f75d0334a2d2cf2c3

SHA512
1909cc7e4da0949a469852240be2205209968b18b99f7d967bc0231de33d03c7cbaa9578972e30e95e6d7017aebf9cd70a55ba22cdc9d5774d2a237d3eb0971b

Download Submit
C:\Users\Admin\AppData\Local\Temp\{477BD400-DBDA-4735-A5E0-9AD0D0AF2FB3}\lib\jquery.custom-scrollbar.min.js

Filesize
14KB

MD5
ab3adf4aff09a1c562a29db05795c8ab

SHA1
f6c3f470aea0678945cb889f518a0e9a5ce44342

SHA256
d05e193674c6fc31de0503cbc0b152600f22689ad7ad72adb35fcc7c25d4b01b

SHA512
44dfc748d0bd84f123f9d3f62d5ea137d9128d5bdbe45da9a8666d09039eb179acf0dbb3030e09896fd61e7aa5ae6dfaffe9258d80949a64d0a7e45037791fb4

Download Submit
C:\Users\Admin\AppData\Local\Temp\{477BD400-DBDA-4735-A5E0-9AD0D0AF2FB3}\lib\jquery.min.js

Filesize
91KB

MD5
e1288116312e4728f98923c79b034b67

SHA1
8b6babff47b8a9793f37036fd1b1a3ad41d38423

SHA256
ba6eda7945ab8d7e57b34cc5a3dd292fa2e4c60a5ced79236ecf1a9e0f0c2d32

SHA512
bf28a9a446e50639a9592d7651f89511fc4e583e213f20a0dff3a44e1a7d73ceefdb6597db121c7742bde92410a27d83d92e2e86466858a19803e72a168e5656

Download Submit
C:\Users\Admin\AppData\Local\Temp\{477BD400-DBDA-4735-A5E0-9AD0D0AF2FB3}\lib\jquery.placeholder.min.js

Filesize
3KB

MD5
e13f16e89fff39422bbb2cb08a015d30

SHA1
e7cacaf84f53997dd096afd1c5f350fd3e7c6ce9

SHA256
24320add10244d1834052c7e75b853aa2d164601c9d09220a9f9ac1f0ae44afe

SHA512
aad811f03f59f799da4b8fc4f859b51c39f132b7ddbffadabe4ec2373bd340617d6fe98761d1fb86d77606791663b387d98a60fba9cee5d99c34f683bcb8d1f9

Download Submit
C:\Users\Admin\AppData\Local\Temp\{477BD400-DBDA-4735-A5E0-9AD0D0AF2FB3}\main.html

Filesize
8KB

MD5
f4b7942d6563727bd614f10da0f38445

SHA1
84f22240f7a5ed1c23b09e8677ac2ac3cd4e26f9

SHA256
e4bedde22ed405d291c746440a824d5f8527fb232e7a6be2ed9a76465d82f8dc

SHA512
f79b24ac78863a4ed87d41f37b2a5bc27017ebc5317f0a305d676090a16aee8a61384b476e7e9a68a024aa8da4784c1bd4f118766caf4450ec97af430e7074af

Download Submit
C:\Users\Admin\AppData\Local\Temp\{477BD400-DBDA-4735-A5E0-9AD0D0AF2FB3}\main.js

Filesize
58KB

MD5
a8f9eb478c7512c98ca1ad46dbcc298a

SHA1
454226dc42b911caafc9a1e56d8ad0000bbb7643

SHA256
1df6cbdc80c1df47d93d6e7516a2d7017362413a6b9d93634e143856695c3645

SHA512
ae3198cc6ae739f3009359988f5c090664e5fe8422ad1cf739fe316e66f344c10385d1f841c7b0e3ca9f7997c79d95fa0559386b6dec10641ceb8c290b14f5b3

Download Submit
C:\Users\Admin\AppData\Local\Temp\{CEA51782-1B04-4AB0-B3AF-8FA5B7CF2A67}\Dictionary\en_US.json

Filesize
72KB

MD5
c693e1bd4feda683ae5c71f2bd6b9de8

SHA1
2f3c32dbb95623c52ebf3b608074afdfbcbf050a

SHA256
5dffe13d4c72f59dbc6f8efb439350518acd4e8e07efa124973cfd1a625f60d4

SHA512
a48c520b1432f208f7494759d316cf2411163373ef7ba5bb2b2121b4520beb2932d4ea612e9d2dc8997b6221fa2d44c9312928c79394a5d8c577fa39aa5007d6

Download Submit
C:\Users\Admin\AppData\Local\Temp\{CEA51782-1B04-4AB0-B3AF-8FA5B7CF2A67}\clean.css

Filesize
702KB

MD5
4f3364af3e396f92a8826532bfb1a7e5

SHA1
7f7b613435ece78a358f2066287c2f2c3c6aa168

SHA256
45b9b77499356527e9047256db96a542a720bf075d67e9f6ba55d51fd562339e

SHA512
c022a28656483106095967ec4d57eb743d04f029406c2c553c9d19c103520e274c0eea19f411bdb7ae16f388211c456a413df5a0a6097036deb0010573d49c72

Download Submit
C:\Users\Admin\AppData\Local\Temp\{CEA51782-1B04-4AB0-B3AF-8FA5B7CF2A67}\common.css

Filesize
2KB

MD5
1265d497504870d225452b3309b0e06b

SHA1
29a3b783e6f2f2cd3f6d08833b83c7848f8e3450

SHA256
4273a5d4ef990dead6cabe760c27b25f7fcf8a51177f1b31813ad8866a565330

SHA512
9aa8b24e800a619651699c193a7747b8673a3cd4f8a5d3b16ee35f5ef6161f953a904631b97d118339332a3d2c7292c910802f6e1518db18d48fab5e9eb91681

Download Submit
C:\Users\Admin\AppData\Local\Temp\{CEA51782-1B04-4AB0-B3AF-8FA5B7CF2A67}\main.css

Filesize
16KB

MD5
ee23e36c90c9fccd530504285d371ac3

SHA1
7a4e24d18ec723d38cd922e3845ff290f0299e15

SHA256
32616e0764c80efb4607a0dccfec7cf7862886c4ae80e6405dc3cc5c62cd0f82

SHA512
542937075a96f6afb8170c6f41915efeec5e067803606c2a26d29e6c990d93a255ad8cea18600cd0825a0c91ff935d057870a1724062543a8e2bc09c4041b375

Download Submit
C:\Users\Admin\Downloads\Adobe photoshop 2021.7z:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
C:\Users\Admin\Downloads\Adobe photoshop cc19\packages\AAM\IPC\IPC.pima

Filesize
604KB

MD5
937d50fca5aa23b19d59b6906c1054cd

SHA1
deae3f398e393ed2966c30521f8ec67b63ce2263

SHA256
9ed0a6a7e2ff3c2e4c0dfc67ae984c37198d64bc82fdf8cc2ad826d28406c451

SHA512
9fef08b7b3d89d04ee701cf606f12999a2f065f33177a84d5b17c2066b259a57637f7ca7ea41c151bf2e2864ce006f43aeba87f0fc57fe53b1e28908d3c0e323

Download Submit
C:\Users\Admin\Downloads\Adobe photoshop cc19\packages\AAM\IPC\IPC.pimx

Filesize
57KB

MD5
92b46252406ffa6646cf4be809986623

SHA1
5543faedc35038cb6848f64c91e413b380505689

SHA256
0184e6b63dea884037cfa862107bd3e2d99a244334dfa641a4a1c312a5e59ce1

SHA512
39c21416428e9ce485c0fc4da6935783017e546297a1ab3d8b91402f27e4f11ee8b2744c15ccfe2ac5d873247b1b4b3537863e65b87a3e477999f58fca0366ca

Download Submit
C:\Users\Admin\Downloads\Adobe photoshop cc19\packages\AAM\IPC\IPC.sig

Filesize
1KB

MD5
025018695cd2f1a0490651b76044c2b7

SHA1
c75d64c216c34cac21391e308fc10488a66fe9b8

SHA256
df4e2284528eef0b50fadfd5a825f9f292e86a58c180f42653e93f4a912cb2bd

SHA512
d85f672b5be9ee6445c7d95faea12250bb3c3017c0064125b81b4b5bd3bae6bc8a36c9072b69226854f9960d4af499ea952385b1a5a5a34ed54ce9597161aa45

Download Submit
C:\Users\Admin\Downloads\Adobe photoshop cc19\packages\ADC\Core\Core.pima

Filesize
1.2MB

MD5
c999a6ae9d09ba9e0ef3702d29658b7b

SHA1
c9d82aa6645657bee195b1c77dfa03bb4caca3cd

SHA256
7def4402bdf0b4028ae621a762b6267d6ab75bc3b1f16dc051f3b5d1997b52b5

SHA512
7183a775d2ee5e8a2dbb9bf7468e5bc82e1507d3ae47e968a01b5ca92c3adcaf6f1109308030bc1a06399661686ccfea3296e2949b24a8a7f69a2f190abbd88d

Download Submit
C:\Users\Admin\Downloads\Adobe photoshop cc19\packages\ADC\Core\Core.pimx

Filesize
1KB

MD5
355cad725f072e31374c49c567a3ca15

SHA1
053ec84ffbbf0f165964ff0186750d8c02b65df4

SHA256
4536cd33fb466332bc57cfbf1407375d4ce3d08777caecf10153e73f36f9830d

SHA512
68369cdabc3a8c04227750d950839b99406b24f19732fa74a394dfdf293b77eef3a05ef9259bccb4b67749c2d55fa373c9af43c409fd257d37bd6a40cc3c72a0

Download Submit
C:\Users\Admin\Downloads\Adobe photoshop cc19\packages\ADC\Core\Core.sig

Filesize
1KB

MD5
169b3466cd76c726cb5253008b6209d7

SHA1
e7c9a737b514daf5b9e80265cd40a2db6665cbb0

SHA256
e7911f6f9bb036ff41eb038fdce0bc63018a4b05f742c070a4c99c1d0006fcb0

SHA512
8059f0578fd319708a52414b89432cb2057027d34325ac5989380ab13dd988fecdd3f78e2eb9b5ea6d31dca6399278b38e35836e744cce0bc72c536a2d0aaf82

Download Submit
C:\Users\Admin\Downloads\Adobe photoshop cc19\packages\ADC\HDBox\HDBox.pima

Filesize
8.1MB

MD5
f1003c4462c5af4457992ab42a724bcc

SHA1
58c2b853f51b4105118e2f203add31157e30bbdf

SHA256
7512b13c6a20930efef7932f5db8d796d848a3fb0983380cee187708805bd6ea

SHA512
1b25638cf373701f742dffbaf3fc1fbb324c78a703a461b3fef120ed5f009f3ec30ef7da65244fceb44b84d070f8b231ce02211f9ed8da21b73417cca551f37d

Download Submit
C:\Users\Admin\Downloads\Adobe photoshop cc19\packages\ADC\HDBox\HDBox.pimx

Filesize
6KB

MD5
73f6e5e8a1eaf76d93e283a7ea243567

SHA1
573331c9b2c90cd93c26a5ba968b6349e32f73fc

SHA256
99c3b561f8534293add74770b0aeea4574d0048d8c11cff53122feb5b5fe4fc5

SHA512
934fc757cb4a8be8c3163be9d83969af7e2e3c1212134de6b59b1abd5881c01465b7778af597ca0380b6f6496d21c313b4f13efc2e91794f4f2267209ca1f366

Download Submit
C:\Users\Admin\Downloads\Adobe photoshop cc19\packages\ADC\HDBox\HDBox.sig

Filesize
1KB

MD5
97493373ca9fd7ec4bc66e878936a132

SHA1
82b8fb56e03b4a877625e6b33bb9059d649e9649

SHA256
b6d08295f77886d87f416cea1ce79ac39dde9e14ffdb86a77dcdb30440077223

SHA512
5eafa6f16606699b4cb8ece17155ff67cea4dea2d22d099ba22a9d1dd06cd0b854a969e13a26418557ab72895481c3410ad4f3f564059105417a1c2af64ea261

Download Submit
C:\Users\Admin\Downloads\Adobe photoshop cc19\packages\ADC\IPCBox\IPCBox.pima

Filesize
2.5MB

MD5
6db360095252e59d1d265b679b63955d

SHA1
ba97f4da9591fab5ad29f3e28312d75dbb70e5aa

SHA256
3a195e13f386318584d0f504e0529a6b01b07c87d2d27aba5930ba6b14881bbe

SHA512
cd3d5e5b8fad6928b5ec4169a0695ec756068415c1ba2c6f55a8af0a38e2f29de043583da91d20eb4deb5a416a7eaf30290e3a949352d012789a5c319fae8cce

Download Submit
C:\Users\Admin\Downloads\Adobe photoshop cc19\packages\ADC\IPCBox\IPCBox.pimx

Filesize
3KB

MD5
e4be42f6f68ffc9396eddc68e798b87c

SHA1
e9b3b9dd36f64063e2f63493bdbc8751d3455b26

SHA256
e319deab41686f26e4e0f171bfe6317eff7a41e380d658bab27211988ae423ae

SHA512
eeddd08807a5891a55f609de989e4435e5978125a32a6ad0ee4b95d442f412979a9209f99e282190db2f6fb7bd1655acf194f669254952f154e006ecafc7e2cb

Download Submit
C:\Users\Admin\Downloads\Adobe photoshop cc19\packages\ADC\IPCBox\IPCBox.sig

Filesize
1KB

MD5
8324edf7eafd1b7c38931197006f0d04

SHA1
c341ccb0af69a0051cfcdf0813db4021933ade23

SHA256
4e6caf3ec051270346cacd72954efeb3679535378843d3c654a59f10f823f664

SHA512
943e53852321916d0ea3df2e39981d8159bca2d563e55023848260c338ce74752acbcbaa1c487c4120ed3052ee04edf674d79356b4b0ce261986c88d227b7e20

Download Submit
C:\Users\Admin\Downloads\Adobe photoshop cc19\packages\ADC\LCC\LCC.pima

Filesize
10.1MB

MD5
2a85b10f7596b25a869e51403e9b205b

SHA1
e9a71ed47a80b7acec2aebc59907dcc1c4b8a5d6

SHA256
a53f7b0196bc2f5bbcfe02edc1ae3b1a8e116c5fd95086966ce91934fb38e432

SHA512
a91f5931003eb42eafc9d8e8d1d80a483b6dac833aabda9ef6b63f45a376b3ae68f125cb2b44314b7bc5334645a5ca7b287acfcb6b5c0731967d1dde75ef0151

Download Submit
C:\Users\Admin\Downloads\Adobe photoshop cc19\packages\ADC\LCC\LCC.pimx

Filesize
12KB

MD5
d8350529ad58a9afec2d1483db086ebc

SHA1
1d42bc6a8a82aed76d22f6891ed57b76798ccc8d

SHA256
861b91bceee1b0175f93069d62ff71b1bbd1bbbbf88c028678a1403a0ba6fb62

SHA512
a2598c5daa0042fa8f3b77e8f96620b228b719837abd984c785ce9d369a6eedea83e928ca430c205115ac12efad71f3321003ed0ee2417f5bb8b76a935a5af67

Download Submit
C:\Users\Admin\Downloads\Adobe photoshop cc19\packages\ADC\LCC\LCC.sig

Filesize
1KB

MD5
b77aebfffd6b518e1eba0a6ea92819a4

SHA1
4e638bdd9e4f9c2f2fab5380bc006704eb0f8d30

SHA256
cbf6afb4b14421964a53451fdec7616c78fa8e819f09b9caa17a2a6461ac3a38

SHA512
e43d2efcff88611bdf069f65c6a7dd450ed1777f9152b542a32da021d241a2b6013e009df24f432721978e893cec5f2e1d3f6982d0ed8f93e1bd8b9202beef33

Download Submit
C:\Users\Admin\Downloads\Adobe photoshop cc19\packages\ADC\Runtime\Runtime.pimx

Filesize
4KB

MD5
3c2b005caeadc38a55de00f5374fcd49

SHA1
c7ea35777e53a1270f1b0069374dfbb9a27c8a73

SHA256
76d9575ba138371a69bc186741152329a1b6978eeed38e127d2bf092ddf13881

SHA512
6a65c59cf530802b075b2244bf614325955e873bf39992929ff697c3ca3a275a99e9c0294f6ac25f257cef9d1ae53d38e2858e2d99423ff3944740ee632bbbf5

Download Submit
C:\Users\Admin\Downloads\Adobe photoshop cc19\packages\ADC\Runtime\Runtime.sig

Filesize
1KB

MD5
c1096af84f260f40731eec0eb5ed03bf

SHA1
c15df3ee885a5595eb5c69d68d2663201dcfc3fd

SHA256
297b0040fe6f852b78d9125d0349117e5c84c001b349b02cde46534bbced79de

SHA512
3ba28c6e89be58f9c42e504f8504ee79d1ea7c9bc942b27382378a282c234eaf9618ea5952034cb812ea1c913b577dd4ebf450bec1bdbf79f1cd4cd3a3286e17

Download Submit
C:\Users\Admin\Downloads\Adobe photoshop cc19\packages\ApplicationInfo.xml

Filesize
3KB

MD5
1ef14b2f0e7b6cdd6a24a318e01462ad

SHA1
5c87e7bf42cef2e5afd4fc76685bed4a3f26e518

SHA256
2417dfd5759f2ca41cf756ca487abc5763ca014dee94f26ce29e9645ab166923

SHA512
54d301769a3eb96a5531f907f4b660e4aec6047597894822ef888edb2ef2c806e7db503ed32bb95d2a8d5f39470741bb954e4699531c8b06b52197e815be1163

Download Submit
C:\Users\Admin\Downloads\Adobe photoshop cc19\products\ACR\CameraRawRIBSCoExistPackage.zip

Filesize
75KB

MD5
d5117e1a9e27f9a4293bafbf19d743fe

SHA1
ec7a905af98a2c025fc2227b12d7e024343449d1

SHA256
048da738fbc0c5fd0401aba7e7a39690ad7e9ffd11a5b617b56e7bd486a198b4

SHA512
769f2661747c0b78f3dba6eb40bb5b7688ff967d9a1e783875f6fc2b37fa0ccc44198d263019ec6f9d5f1edb59058e58f44930b68ff0649a46c83736b24b63b7

Download Submit
C:\Users\Admin\Downloads\Adobe photoshop cc19\products\ACR\application.json

Filesize
26KB

MD5
7f3f70ffe36fa75b3ec569a650ddf556

SHA1
99cddfd8dc9fb94eba55459aa3741d37abca87ac

SHA256
81d775666d0db5a4294b78e4c2875700a071ee715b14eef3ddffbcd310e79abc

SHA512
2d1765bfd3f68f6bf69daa6febc9ecb4e7c301f3bc7740361c387fbfe88e52d18004b074929643914e2c3cfa21245e1f20063f8cc4d8282990ee4ce8a30c7dee

Download Submit
C:\Users\Admin\Downloads\Adobe photoshop cc19\products\COCM\AdobeColorCommonSetCMYK_1_0-mul.zip

Filesize
8.0MB

MD5
46ac8b4a619b13f8c60d325ec389f31a

SHA1
abf65e6bd92fa6ec2bdc145d78f99071d785f478

SHA256
0d17e32777e14b5972dea6c747974ea7332c07bfc65b08d349deef078805f6f7

SHA512
9fdcb9bd1947be4966c6600f7165a5c8d6b9ceafa71b5d6720907439760a04221c699ff4ef0aad9fb7eeefdbf0c4ddb9dc9621f91b1caee1bcf588a04d1d68a8

Download Submit
C:\Users\Admin\Downloads\Adobe photoshop cc19\products\COCM\Application.json

Filesize
1KB

MD5
d71c162294cfdf76b383da29b201457c

SHA1
367aa0a41c897a7d1929b898a882082c2b142d1b

SHA256
d1ded7b849f3e509836289fc58b6b4d3dfdc8243bbf9399f0eb003f662f2ad44

SHA512
a4dbd742b37eab115906766276c4be0228b3cf875666af0a4757b36dffd1def837eaa9cb4c3b6a295ce8d4fdcad34417df9a821de08db164620ce668ad18a3de

Download Submit
C:\Users\Admin\Downloads\Adobe photoshop cc19\products\COPS\AdobeColor_Photoshop_1_0-mul.zip

Filesize
575KB

MD5
d20ee81ed1f198731222764da8f5ba68

SHA1
e86b040d83f56ff97641b15d52eeb8988484487f

SHA256
a4005f99e10a311d457e86fd94e03eadc0b30b43f47a8bd7d42ec56b67bb506c

SHA512
8f46b826918772d45a2c614507a579b76af66d97384597dba1fe0e91607c6946ac511d3cc58b791672e64a1959bb2797249c3d5ea00a1888bfd50cd17125de43

Download Submit
C:\Users\Admin\Downloads\Adobe photoshop cc19\products\COPS\AdobeColor_VideoProfilesCS_1_0-mul.zip

Filesize
2KB

MD5
f94f6531fc03b399782ac254110e5113

SHA1
0e9de54f7253ab30a76e04f3b83588520c2e98fc

SHA256
4cb23d16508c5c44824bf0295288394c2868cf794be24a04a289dff75b0d61bc

SHA512
23d916ed2223b182080cb729e8ecefc85b861e79151af32dc4ed465c5422b3503ff2e50fb82fa965cf30a85c30b628d56655052bb2f8bf928c698393ad8b81bf

Download Submit
C:\Users\Admin\Downloads\Adobe photoshop cc19\products\COPS\Application.json

Filesize
3KB

MD5
62d1d278991cb867f36483d7212e3475

SHA1
71ff6ea62c8ad5ed602757c91eefd9fe10cfc4c7

SHA256
0efa6bb46063135c436b359f008cf14092c9ac2d51fd634bf77035ac563c47f4

SHA512
6c5bd5b4445f80a6a8fe6fd86ebb2218c10749b1438e4d3cdbb9df07e9faaa00ba995b0f8ac459acea4bca4235506eeb155ccb82be4c6dcd4d9f7966628d606c

Download Submit
C:\Users\Admin\Downloads\Adobe photoshop cc19\products\CORE\AdobeColorEU_ExtraSettings_1_0-mul.zip

Filesize
4.5MB

MD5
a195e0e1977cf66cb05e16baae88f517

SHA1
9e65dc8f2127a9203bd1e5685eaae10b7ec99139

SHA256
dce7e422dda858b32e3c9022a5fb16a29d4c5a3648be7be2eb1d13a8ac7d39f3

SHA512
8f4caf17c1bbc39c3fcf3727562a74f8d35496a17777617185cb1670e0fce6778510b816cd7c3b7d710a90cc330758ee46e543568d7ee3d898526332ac83bfc1

Download Submit
C:\Users\Admin\Downloads\Adobe photoshop cc19\products\CORE\AdobeColorEU_Recommended_1_0-mul.zip

Filesize
1.8MB

MD5
2b8476d16ce4e8256224679a75a8b089

SHA1
fb1893a5ec6c1b82a1f9e6344863342f7d045b0d

SHA256
5ec2b0e7ec4add43ea09944133703c37db21d184dcef2d6cc42ac061c9976425

SHA512
c7e600d7cbd9b2b298480c7f8ce6afb522c8fd952c4164da01118ad8ca65c1c17f5d40f77cc95b5b76464723687375ad5143451f2648c1ebf4bbbdd41695724d

Download Submit
C:\Users\Admin\Downloads\Adobe photoshop cc19\products\CORE\AdobeColorJA_ExtraSettings_1_0-mul.zip

Filesize
1.8MB

MD5
a1bfc355e2b932ccf3d569c1eb11cb13

SHA1
c60f25c0264c76de5360d39ac7476371d70ea7b5

SHA256
4e6d0321377164406a617636d5e1b2ef116a6ca0a223c18afb5b1d4dffeb0b8c

SHA512
78ea820043d73d861f45cd0657cefec3ddbfb25b6f63cbe75b3c3926a32b8b1772760c4dca26d0fcb85fb09eddee33b6e2a41374d3b02d50180c9c64a69fffd8

Download Submit
C:\Users\Admin\Downloads\Adobe photoshop cc19\products\CORE\AdobeColorJA_Recommended_1_0-mul.zip

Filesize
1.8MB

MD5
5e835f566eb86162dcb956ebe2666cd3

SHA1
685e7a90d0a8ddbe7dce25d2e9ad9bd3554aa2e7

SHA256
39bd3db40b3b5d9800b2f34da41bc9381ed850f765417eddad46918fb4796daf

SHA512
25bc3dc2c431f38a3c945047a0d41c2159ffe28c2b3c08bf683b0ade3fe7d17d021ae06635ceda1c7d69054befd7f416110889e9c2195f31954f08195ffcf526

Download Submit
C:\Users\Admin\Downloads\Adobe photoshop cc19\products\CORE\AdobeColorNA_ExtraSettings_1_0-mul.zip

Filesize
1.6MB

MD5
eb5712aaa10740f188dc201a98abc615

SHA1
3b969f0f073d695aad245cc5e576c5db1f4b98c2

SHA256
0362c4b7f42aed5ea45f1faae5c820ef736a54b81b0c75050be63d80bdaf3354

SHA512
1a43e26dea04a3405fc9796c035879a930e29b10c6ff1668698df381994019c5d47bd88aac6fa5e40cf5b98f7c291dc02057a5710f0177ca8f51ed42f21051e9

Download Submit
C:\Users\Admin\Downloads\Adobe photoshop cc19\products\CORE\AdobeColorNA_Recommended_1_0-mul.zip

Filesize
1.6MB

MD5
8b1f5762512cba205fc15ee7b9976db1

SHA1
d6a197a54b9689abed58e0a17fa13204781d86d2

SHA256
783ef9aff0dc109bf76ee573bf7d08a51ba1a6965d7f24e327188d481378dc62

SHA512
14d60b53c3dc54d416300d0b301ce294374da314c63954a49134ddd89e7b5aaa9147dd2c04f42927b6aa1d37de217aa6eadeb96a0ad36122a1537a5966d3fe17

Download Submit
C:\Users\Admin\Downloads\Adobe photoshop cc19\products\CORE\Application.json

Filesize
7KB

MD5
08c262166e616fd024b9998d22538f8a

SHA1
47e306959d31bf0df7a43905ffec076819ad31fd

SHA256
9e9ba49a55596982da6b25e114ed0c777e95b01079a1d9840fc1601889a4b066

SHA512
c00a4eac112808e18af8106502e9d502a62add271c2a99ed86a1986f3f60942a92bc0b3f567e152bd1db1a23a0dfee7fec9e368d24df0fb3535c1727d9e1d1c8

Download Submit
C:\Users\Admin\Downloads\Adobe photoshop cc19\products\CORG\AdobeColorCommonSetRGB_1_0-mul.zip

Filesize
8KB

MD5
0a3f86abd494069e42935ab96942fa6d

SHA1
21378511c82e4af4d6eeee57ad8cf5ed59d96aab

SHA256
078f893f3e9edcf30872407ec4928e3482485041444bd265612a479093c6bbff

SHA512
52301a92f59fbe4838862f6f9c4cb91e9a7f911523f5f4eb4caa4be956a74438429819027aea41998ad4066691def14a99d052c0dcd51ba01eee26d07bf5598e

Download Submit
C:\Users\Admin\Downloads\Adobe photoshop cc19\products\CORG\Application.json

Filesize
1KB

MD5
ba939ffbfe2ba2eab8f921af4a3ba51f

SHA1
7850ff5babdb13d5a4124985a78599095deb8024

SHA256
fc0f08404733e40055c4ab8411f53dea3c3362af0057d108d27286ed01edefe8

SHA512
8b2e91af19adb328ae36574dec27a2e2fd13314597911fe0b0831c9fc1e90819c4df2eb94d3dc30a0de1537ef71eb211b721443e76cf205397af8857bc8b9569

Download Submit
C:\Users\Admin\Downloads\Adobe photoshop cc19\products\Driver.xml

Filesize
2KB

MD5
b2de15b30c76119c835c80344cbb7e4d

SHA1
4abcea965d872210b24cef1836a10906aacae0a9

SHA256
dcce0708f3a94f158136f55e7ca4d9ecdc8a8fb5e342265073db09479e52dc05

SHA512
d439f20f083ba50f21569d6884bd8f8cfd410b3a4ec33e4ed767631c483b6b6269706c456be403a64625a20030f4ab786f43f057222886af1c12dd72f33f1a1c

Download Submit
C:\Users\Admin\Downloads\Adobe photoshop cc19\products\PHSP\AdobePhotoshop22-cs_CZ_x64.zip

Filesize
760KB

MD5
50c0c97de764c4d3c65d8283f2c499eb

SHA1
daea92483fef8bc630b60bfd8b4e3cebd0ae0b88

SHA256
1ee63ced5eaa1f2e360cdf463a4b2d4399f1c3426d000d00bf7594bb12dfe6fd

SHA512
1bdf56cfb53c156730192e4a6e6a463098a8da051c53f8a7d81a1bbf3fcb8ff93bd1c97779b466b2f00e2c63eb97e05c81c6cb9dd0ec61a02132b7eb105d8d0a

Download Submit
C:\Users\Admin\Downloads\Adobe photoshop cc19\products\PHSP\AdobePhotoshop22-da_DK_x64.zip

Filesize
729KB

MD5
17d44dba7051be63df0078548077cfd6

SHA1
d036b6f29d5a0b62f5406447e645b217b05eed54

SHA256
35609e7b9c8eb43cec7dc025d62b95b396b46166b843cc27ebb736fd7e148ce0

SHA512
48a2e337b0ece79bde31d9b2004147d5ddbd0235b16d2b969de764d4d2092e2a4fb022bc2bf546ce71c4e9562a046e9a5e2950a8dfc4e509548bc653a9b099bd

Download Submit
C:\Users\Admin\Downloads\Adobe photoshop cc19\products\PHSP\AdobePhotoshop22-de_DE_x64.zip

Filesize
753KB

MD5
42ed21f916492d639a88f5e9c7244604

SHA1
3a83982dee6091f993317a0819b5b28a765d040c

SHA256
344d58b7d646605e021fd2859259080187ee79a9007298d103cb2265059720b7

SHA512
a3265475a35d0601348237c2be7253998cf292ce3eb55b1191a3c3f933ff17fe14a9dd7d58ca1c91907648ba57e839ee319a1c928271429fc18034db6ef310be

Download Submit
C:\Users\Admin\Downloads\Adobe photoshop cc19\products\PHSP\AdobePhotoshop22-en_AE_x64.zip

Filesize
669KB

MD5
ce89ea5152ecd9b2ff3a597aec2b3bb4

SHA1
5adb92bc27fa30623f018e71350f14651d94a09c

SHA256
a2a5911a2557b2083e3bcfc4742172eadf1d8536492fcf7b6d4c2f4e458112c6

SHA512
050723bf94f402c973c434f03a5bc879110a4c55961e9a721f8bd354c01fcf37ec6c97bee63fdd176efd66415c0ecdd222afd162f62906331b7c5b1fcb0f7ddb

Download Submit
C:\Users\Admin\Downloads\Adobe photoshop cc19\products\PHSP\AdobePhotoshop22-en_GB_x64.zip

Filesize
669KB

MD5
e24d11e20a62071279d602ba8f5ce565

SHA1
ab2d53e3e49233385f9231f0fa685cbacc7012e0

SHA256
8ef3e018ea70fb5e353f40c14ba31ce8c2b82522225178ca73c32886beb98ed9

SHA512
2127ec399e1f88d8d5f15da12cf862aa0d7272999c1d9bd8d7be2d7c6e190c409a1c8d9d9c3afe71a719dee2cfd85a8de506ad1b12c7dd4eed321a1e9a2daca2

Download Submit