Overview

overview

4

Static

static

1

template.html

windows10-1703-x64

4

Analysis

  • max time kernel
    200s
  • max time network
    202s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-es
  • resource tags

    arch:x64arch:x86image:win10-20240404-eslocale:es-esos:windows10-1703-x64systemwindows
  • submitted
    08-09-2024 20:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    template.html

  • Size

    146B

  • MD5

    9fe3cb2b7313dc79bb477bc8fde184a7

  • SHA1

    4d7b3cb41e90618358d0ee066c45c76227a13747

  • SHA256

    32f2fa940d4b4fe19aca1e53a24e5aac29c57b7c5ee78588325b87f1b649c864

  • SHA512

    c54ad4f5292784e50b4830a8210b0d4d4ee08b803f4975c9859e637d483b3af38cb0436ac501dea0c73867b1a2c41b39ef2c27dc3fb20f3f27519b719ea743db

Score
4/10
discovery

Malware Config

Signatures

  • Drops file in Windows directory 6 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 10 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks processor information in registry 2 TTPs 4 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 4 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 20 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: MapViewOfSection 7 IoCs
  • Suspicious use of AdjustPrivilegeToken 8 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 14 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Windows\system32\LaunchWinApp.exe
    "C:\Windows\system32\LaunchWinApp.exe" "C:\Users\Admin\AppData\Local\Temp\template.html"
    1⤵
      PID:2160
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
      1⤵
      • Drops file in Windows directory
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:1568
    • C:\Windows\system32\browser_broker.exe
      C:\Windows\system32\browser_broker.exe -Embedding
      1⤵
      • Modifies Internet Explorer settings
      PID:216
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Modifies registry class
      • Suspicious behavior: MapViewOfSection
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2436
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Drops file in Windows directory
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      PID:1800
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Drops file in Windows directory
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      PID:4972
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Modifies registry class
      PID:2060
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Drops file in Windows directory
      • Modifies registry class
      PID:1220
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Modifies registry class
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      PID:1632
    • C:\Windows\System32\PickerHost.exe
      C:\Windows\System32\PickerHost.exe -Embedding
      1⤵
      • Drops file in Windows directory
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:2756
    • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\Documents\template.pdf"
      1⤵
      • System Location Discovery: System Language Discovery
      • Checks processor information in registry
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:196
      • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
        "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
        2⤵
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:3184
        • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
          "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=5BB9353247E2268B6AFCEB43D0DA334D --mojo-platform-channel-handle=1628 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
          3⤵
          • System Location Discovery: System Language Discovery
          PID:1896
        • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
          "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=9B5354AB51F15BA6FEA6F01A9E310409 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=9B5354AB51F15BA6FEA6F01A9E310409 --renderer-client-id=2 --mojo-platform-channel-handle=1640 --allow-no-sandbox-job /prefetch:1
          3⤵
          • System Location Discovery: System Language Discovery
          PID:1804
        • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
          "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=4D5964347E0B2F4054076B98411BFC5D --mojo-platform-channel-handle=2336 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
          3⤵
          • System Location Discovery: System Language Discovery
          PID:376
        • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
          "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=84084210EC08A4E5E00278AD0010C628 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=84084210EC08A4E5E00278AD0010C628 --renderer-client-id=5 --mojo-platform-channel-handle=2252 --allow-no-sandbox-job /prefetch:1
          3⤵
          • System Location Discovery: System Language Discovery
          PID:1912
        • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
          "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=C90009989737B433E83A181F22C91730 --mojo-platform-channel-handle=2688 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
          3⤵
          • System Location Discovery: System Language Discovery
          PID:3632
        • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
          "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=4C64445D4BF011183CAB251335531676 --mojo-platform-channel-handle=2752 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
          3⤵
          • System Location Discovery: System Language Discovery
          PID:4832
    • C:\Windows\SysWOW64\DllHost.exe
      C:\Windows\SysWOW64\DllHost.exe /Processid:{5AAABB05-F91B-4BCE-AB18-D8319DEDABA8}
      1⤵
      • System Location Discovery: System Language Discovery
      PID:2364
    • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\Downloads\form.pdf"
      1⤵
      • System Location Discovery: System Language Discovery
      • Checks processor information in registry
      • Suspicious use of SetWindowsHookEx
      PID:3164

    Network

    MITRE ATT&CK Matrix ATT&CK v13

    Initial Access

    Execution

    Persistence

    Privilege Escalation

    Defense Evasion

    Modify Registry

    1
    T1112

    Credential Access

    Discovery

    System Location Discovery

    1
    T1614

    System Language Discovery

    1
    T1614.001

    Query Registry

    1
    T1012

    System Information Discovery

    1
    T1082

    Lateral Movement

    Collection

    Exfiltration

    Command and Control

    Impact

    Resource Development

    Reconnaissance

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240908200827Z-199.bmp
      Filesize

      69KB

      MD5

      b3baafda4f30b7273a7db34ad0b396a9

      SHA1

      0848174baf724ff6ec8a577be9b65a910a1997c9

      SHA256

      0ca732f3691f96514a10f3e75355885bccd03bad311eb76bf4c3e77279167751

      SHA512

      6c7d00786f97db93ef6a06496c453ae009b0e68f04d82bfba4c6fbf2ac136706429f3c6153a6d6e90497fb7d92dcb52a305805d906be60cb88c088cda1de0524

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages
      Filesize

      36KB

      MD5

      b30d3becc8731792523d599d949e63f5

      SHA1

      19350257e42d7aee17fb3bf139a9d3adb330fad4

      SHA256

      b1b77e96279ead2b460de3de70e2ea4f5ad1b853598a4e27a5caf3f1a32cc4f3

      SHA512

      523f54895fb07f62b9a5f72c8b62e83d4d9506bda57b183818615f6eb7286e3b9c5a50409bc5c5164867c3ccdeae88aa395ecca6bc7e36d991552f857510792e

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages
      Filesize

      56KB

      MD5

      752a1f26b18748311b691c7d8fc20633

      SHA1

      c1f8e83eebc1cc1e9b88c773338eb09ff82ab862

      SHA256

      111dac2948e4cecb10b0d2e10d8afaa663d78d643826b592d6414a1fd77cc131

      SHA512

      a2f5f262faf2c3e9756da94b2c47787ce3a9391b5bd53581578aa9a764449e114836704d6dec4aadc097fed4c818831baa11affa1eb25be2bfad9349bb090fe5

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages
      Filesize

      64KB

      MD5

      21b04f05f77f1327357f64c39fc50da8

      SHA1

      ad9964efcc9ef4c0aec81bca38bb80530e969b40

      SHA256

      9122db0a0a1a559d2c5fe4c88c752c151dfa9dc703ca8fd8ea91702e628a5312

      SHA512

      3f691b580ff1459e9ec9b5c2cd5f187b98ade20a6c85087eaf74e4d3e8056302ba11586c01f72911da1593fb04822876f0a4478423d4753b114e99002a16e7dd

      Download Submit
    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db
      Filesize

      14KB

      MD5

      dea689076d7e1f0e80af8c1770c69bef

      SHA1

      390f97347bdd2b448eac60a65d468450400c721a

      SHA256

      d7ddcdc230fedac644807abc3368975ef6dd106f8da0953c9428e5f6284d7824

      SHA512

      874c6b34e02fdab966ea3daa7f9aa372982edba78fa36e0ecc86ec8f5de1c89eed55bb119180169dbb9f81269100404410f154cbe1223635fd14bd02212904f0

      Download Submit
    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db
      Filesize

      14KB

      MD5

      08d9e314ee2120a797fd259d85f1726d

      SHA1

      d8a907d2622baa6c85513402db4782e4e3081c1e

      SHA256

      e23f5d342dc9134bf8b1b25e3b32f341325e5026b4cb382bab1e2e10f0cc19d2

      SHA512

      cc99fd96792db734f0c0bd0592ebc689bce84c900e11a5e526bda49ba78c310f6c23fffe6393b6e1da12ab9f1eefba08f49afbb6b1dc4a0c972caa5b2d870e7b

      Download Submit
    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\L5P12AEX\edgecompatviewlist[1].xml
      Filesize

      74KB

      MD5

      d4fc49dc14f63895d997fa4940f24378

      SHA1

      3efb1437a7c5e46034147cbbc8db017c69d02c31

      SHA256

      853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1

      SHA512

      cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

      Download Submit
    • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\9VHNPXUJ\warmup[1].gif
      Filesize

      43B

      MD5

      325472601571f31e1bf00674c368d335

      SHA1

      2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a

      SHA256

      b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

      SHA512

      717ea0ff7f3f624c268eccb244e24ec1305ab21557abb3d6f1a7e183ff68a2d28f13d1d2af926c9ef6d1fb16dd8cbe34cd98cacf79091dddc7874dcee21ecfdc

      Download Submit
    • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\1UVPTUJ8\KIPNX3JS.htm
      Filesize

      827B

      MD5

      00e121df4095a394ae2150642634fe22

      SHA1

      2046467472b20ce8da92d72030d4f325c6696dec

      SHA256

      02561baa49c3b242c2b780ae77e658cf4d0a72edd5e19e512371ccdc1f6a80dc

      SHA512

      b435e7cefc75111779b48969477bdf1b17b7981074644a7b063527095f23624d837745c8bab64f8b2503e6c2da959eda9ef491be9b2cd84974add3b621ed7a84

      Download Submit
    • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\1UVPTUJ8\suggestions[1].es-ES
      Filesize

      18KB

      MD5

      e2749896090665aeb9b29bce1a591a75

      SHA1

      59e05283e04c6c0252d2b75d5141ba62d73e9df9

      SHA256

      d428ea8ca335c7cccf1e1564554d81b52fb5a1f20617aa99136cacf73354e0b7

      SHA512

      c750e9ccb30c45e2c4844df384ee9b02b81aa4c8e576197c0811910a63376a7d60e68f964dad858ff0e46a8fd0952ddaf19c8f79f3fd05cefd7dbf2c043d52c5

      Download Submit
    • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\70LMQ132\117010[1].jpg
      Filesize

      1.6MB

      MD5

      3465d72f6fb5f31759574263222f29db

      SHA1

      3a9bb4c59524d810d847ecb55bf4b24c916cdf27

      SHA256

      d5b75fae47f53e10d3c65c92afbbed905cd4675337b48047cee622f8a704aceb

      SHA512

      8c70707fe6063b3f2526cca2c501dc0013ba3c223916746eb9e3b6b2c520a3d37649d00fdfb11acb38f627a46d4e99c14e5999def1b0b124493d39f277f4dc1c

      Download Submit
    • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\70LMQ132\favicon[1].htm
      Filesize

      838B

      MD5

      188dc3b40a361afea2834147aab4366f

      SHA1

      d47e176d4dece75d4ec1a6361bba87a09d0df51b

      SHA256

      3fc62c074c6d3f40d55a0d45144da8c0f2416585efb61e8f06398d1d1b550962

      SHA512

      7e857d670d88d4a416ba5b37d9a76c3af071253932c7f4d8db65ea9436e0fa78cae181617e6607f6028bcc3ddc6a31880aeca9a31cabd852c791692f13e0e5dc

      Download Submit
    • memory/1220-394-0x000001B943040000-0x000001B943140000-memory.dmp
      Filesize

      1024KB

      Download
    • memory/1568-83-0x0000022847EC0000-0x0000022847EC1000-memory.dmp
      Filesize

      4KB

      Download
    • memory/1568-84-0x0000022847ED0000-0x0000022847ED1000-memory.dmp
      Filesize

      4KB

      Download
    • memory/1568-35-0x00000228404E0000-0x00000228404E2000-memory.dmp
      Filesize

      8KB

      Download
    • memory/1568-0-0x0000022841220000-0x0000022841230000-memory.dmp
      Filesize

      64KB

      Download
    • memory/1568-17-0x0000022841330000-0x0000022841340000-memory.dmp
      Filesize

      64KB

      Download
    • memory/1632-185-0x000001D3F94A0000-0x000001D3F94C0000-memory.dmp
      Filesize

      128KB

      Download
    • memory/1632-374-0x000001D3FA780000-0x000001D3FA7A0000-memory.dmp
      Filesize

      128KB

      Download
    • memory/1632-379-0x000001D3F9300000-0x000001D3F9400000-memory.dmp
      Filesize

      1024KB

      Download
    • memory/1632-217-0x000001D3F9C00000-0x000001D3F9C20000-memory.dmp
      Filesize

      128KB

      Download
    • memory/1632-190-0x000001D3F9890000-0x000001D3F98B0000-memory.dmp
      Filesize

      128KB

      Download
    • memory/1632-139-0x000001D3E8E10000-0x000001D3E8F10000-memory.dmp
      Filesize

      1024KB

      Download
    • memory/1632-347-0x000001D3FA720000-0x000001D3FA740000-memory.dmp
      Filesize

      128KB

      Download
    • memory/1800-42-0x000001E91D800000-0x000001E91D900000-memory.dmp
      Filesize

      1024KB

      Download
    • memory/4972-58-0x00000169505F0000-0x00000169505F2000-memory.dmp
      Filesize

      8KB

      Download
    • memory/4972-62-0x0000016960CF0000-0x0000016960CF2000-memory.dmp
      Filesize

      8KB

      Download
    • memory/4972-64-0x0000016960D10000-0x0000016960D12000-memory.dmp
      Filesize

      8KB

      Download
    • memory/4972-53-0x00000169505A0000-0x00000169505A2000-memory.dmp
      Filesize

      8KB

      Download
    • memory/4972-56-0x00000169505D0000-0x00000169505D2000-memory.dmp
      Filesize

      8KB

      Download
    • memory/4972-51-0x0000016950300000-0x0000016950400000-memory.dmp
      Filesize

      1024KB

      Download
    • memory/4972-60-0x0000016960CD0000-0x0000016960CD2000-memory.dmp
      Filesize

      8KB

      Download