hxxps://drive[.]google[.]com/file/d/1UaWK9hZG2xEQfDprNmive20n-OwNK9-4/view

Analysis

max time kernel
854s
max time network
849s
platform
windows10-2004_x64
resource
win10v2004-20240910-en
resource tags

arch:x64arch:x86image:win10v2004-20240910-enlocale:en-usos:windows10-2004-x64system
submitted
19-09-2024 06:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1UaWK9hZG2xEQfDprNmive20n-OwNK9-4/view

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
5788	Set-up.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
6	drive.google.com
10	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2888	5788	WerFault.exe	160

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Set-up.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2629364133-3182087385-364449604-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	Set-up.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2629364133-3182087385-364449604-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\Set-up.exe = "10001"	Set-up.exe

Modifies registry class 4 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2629364133-3182087385-364449604-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2629364133-3182087385-364449604-1000\{F07AB532-098A-4F84-B563-9D68C866D56B}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2629364133-3182087385-364449604-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2629364133-3182087385-364449604-1000_Classes\Local Settings	OpenWith.exe

Modifies system certificate store 2 TTPs 3 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25	Set-up.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 040000000100000010000000d474de575c39b2d39c8583c5c065498a0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25190000000100000010000000ba4f3972e7aed9dccdc210db59da13c92000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	Set-up.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 5c000000010000000400000000080000190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc36200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8040000000100000010000000d474de575c39b2d39c8583c5c065498a2000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	Set-up.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
3464	NOTEPAD.EXE

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
4588	msedge.exe
4588	msedge.exe
1356	msedge.exe
1356	msedge.exe
2564	identity_helper.exe
2564	identity_helper.exe
5360	msedge.exe
5360	msedge.exe
5296	msedge.exe
5296	msedge.exe
5296	msedge.exe
5296	msedge.exe
1548	msedge.exe
1548	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
6108	OpenWith.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 28 IoCs

pid	Process
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe

Suspicious use of AdjustPrivilegeToken 9 IoCs

description	pid	Process
Token: SeRestorePrivilege	4656	7zG.exe
Token: 35	4656	7zG.exe
Token: SeSecurityPrivilege	4656	7zG.exe
Token: SeSecurityPrivilege	4656	7zG.exe
Token: SeBackupPrivilege	2320	svchost.exe
Token: SeRestorePrivilege	2320	svchost.exe
Token: SeSecurityPrivilege	2320	svchost.exe
Token: SeTakeOwnershipPrivilege	2320	svchost.exe
Token: 35	2320	svchost.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe

Suspicious use of SetWindowsHookEx 12 IoCs

pid	Process
6108	OpenWith.exe
6108	OpenWith.exe
6108	OpenWith.exe
6108	OpenWith.exe
6108	OpenWith.exe
6108	OpenWith.exe
6108	OpenWith.exe
5588	OpenWith.exe
5588	OpenWith.exe
5588	OpenWith.exe
5788	Set-up.exe
5788	Set-up.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1356 wrote to memory of 4824	1356	msedge.exe	84
PID 1356 wrote to memory of 4824	1356	msedge.exe	84
PID 1356 wrote to memory of 4972	1356	msedge.exe	85
PID 1356 wrote to memory of 4972	1356	msedge.exe	85
PID 1356 wrote to memory of 4972	1356	msedge.exe	85
PID 1356 wrote to memory of 4972	1356	msedge.exe	85
PID 1356 wrote to memory of 4972	1356	msedge.exe	85
PID 1356 wrote to memory of 4972	1356	msedge.exe	85
PID 1356 wrote to memory of 4972	1356	msedge.exe	85
PID 1356 wrote to memory of 4972	1356	msedge.exe	85
PID 1356 wrote to memory of 4972	1356	msedge.exe	85
PID 1356 wrote to memory of 4972	1356	msedge.exe	85
PID 1356 wrote to memory of 4972	1356	msedge.exe	85
PID 1356 wrote to memory of 4972	1356	msedge.exe	85
PID 1356 wrote to memory of 4972	1356	msedge.exe	85
PID 1356 wrote to memory of 4972	1356	msedge.exe	85
PID 1356 wrote to memory of 4972	1356	msedge.exe	85
PID 1356 wrote to memory of 4972	1356	msedge.exe	85
PID 1356 wrote to memory of 4972	1356	msedge.exe	85
PID 1356 wrote to memory of 4972	1356	msedge.exe	85
PID 1356 wrote to memory of 4972	1356	msedge.exe	85
PID 1356 wrote to memory of 4972	1356	msedge.exe	85
PID 1356 wrote to memory of 4972	1356	msedge.exe	85
PID 1356 wrote to memory of 4972	1356	msedge.exe	85
PID 1356 wrote to memory of 4972	1356	msedge.exe	85
PID 1356 wrote to memory of 4972	1356	msedge.exe	85
PID 1356 wrote to memory of 4972	1356	msedge.exe	85
PID 1356 wrote to memory of 4972	1356	msedge.exe	85
PID 1356 wrote to memory of 4972	1356	msedge.exe	85
PID 1356 wrote to memory of 4972	1356	msedge.exe	85
PID 1356 wrote to memory of 4972	1356	msedge.exe	85
PID 1356 wrote to memory of 4972	1356	msedge.exe	85
PID 1356 wrote to memory of 4972	1356	msedge.exe	85
PID 1356 wrote to memory of 4972	1356	msedge.exe	85
PID 1356 wrote to memory of 4972	1356	msedge.exe	85
PID 1356 wrote to memory of 4972	1356	msedge.exe	85
PID 1356 wrote to memory of 4972	1356	msedge.exe	85
PID 1356 wrote to memory of 4972	1356	msedge.exe	85
PID 1356 wrote to memory of 4972	1356	msedge.exe	85
PID 1356 wrote to memory of 4972	1356	msedge.exe	85
PID 1356 wrote to memory of 4972	1356	msedge.exe	85
PID 1356 wrote to memory of 4972	1356	msedge.exe	85
PID 1356 wrote to memory of 4588	1356	msedge.exe	86
PID 1356 wrote to memory of 4588	1356	msedge.exe	86
PID 1356 wrote to memory of 4808	1356	msedge.exe	87
PID 1356 wrote to memory of 4808	1356	msedge.exe	87
PID 1356 wrote to memory of 4808	1356	msedge.exe	87
PID 1356 wrote to memory of 4808	1356	msedge.exe	87
PID 1356 wrote to memory of 4808	1356	msedge.exe	87
PID 1356 wrote to memory of 4808	1356	msedge.exe	87
PID 1356 wrote to memory of 4808	1356	msedge.exe	87
PID 1356 wrote to memory of 4808	1356	msedge.exe	87
PID 1356 wrote to memory of 4808	1356	msedge.exe	87
PID 1356 wrote to memory of 4808	1356	msedge.exe	87
PID 1356 wrote to memory of 4808	1356	msedge.exe	87
PID 1356 wrote to memory of 4808	1356	msedge.exe	87
PID 1356 wrote to memory of 4808	1356	msedge.exe	87
PID 1356 wrote to memory of 4808	1356	msedge.exe	87
PID 1356 wrote to memory of 4808	1356	msedge.exe	87
PID 1356 wrote to memory of 4808	1356	msedge.exe	87
PID 1356 wrote to memory of 4808	1356	msedge.exe	87
PID 1356 wrote to memory of 4808	1356	msedge.exe	87
PID 1356 wrote to memory of 4808	1356	msedge.exe	87
PID 1356 wrote to memory of 4808	1356	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://drive.google.com/file/d/1UaWK9hZG2xEQfDprNmive20n-OwNK9-4/view
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb44f046f8,0x7ffb44f04708,0x7ffb44f04718
  2⤵
  PID:4824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,16997537687242892198,15973265227925190970,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:2
  2⤵
  PID:4972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,16997537687242892198,15973265227925190970,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,16997537687242892198,15973265227925190970,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2840 /prefetch:8
  2⤵
  PID:4808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,16997537687242892198,15973265227925190970,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
  2⤵
  PID:2840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,16997537687242892198,15973265227925190970,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
  2⤵
  PID:2236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,16997537687242892198,15973265227925190970,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4968 /prefetch:1
  2⤵
  PID:2796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,16997537687242892198,15973265227925190970,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5180 /prefetch:1
  2⤵
  PID:1820
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,16997537687242892198,15973265227925190970,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5784 /prefetch:8
  2⤵
  PID:3900
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,16997537687242892198,15973265227925190970,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5784 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2100,16997537687242892198,15973265227925190970,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3980 /prefetch:8
  2⤵
  PID:3776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,16997537687242892198,15973265227925190970,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5360 /prefetch:1
  2⤵
  PID:628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,16997537687242892198,15973265227925190970,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6348 /prefetch:1
  2⤵
  PID:5304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,16997537687242892198,15973265227925190970,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6480 /prefetch:1
  2⤵
  PID:5312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,16997537687242892198,15973265227925190970,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5996 /prefetch:1
  2⤵
  PID:5472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,16997537687242892198,15973265227925190970,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6044 /prefetch:1
  2⤵
  PID:5480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,16997537687242892198,15973265227925190970,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4728 /prefetch:1
  2⤵
  PID:5836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,16997537687242892198,15973265227925190970,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5488 /prefetch:1
  2⤵
  PID:6096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2100,16997537687242892198,15973265227925190970,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=1796 /prefetch:8
  2⤵
  PID:5332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2100,16997537687242892198,15973265227925190970,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=2336 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:5360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,16997537687242892198,15973265227925190970,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:1
  2⤵
  PID:5708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,16997537687242892198,15973265227925190970,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4756 /prefetch:1
  2⤵
  PID:532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,16997537687242892198,15973265227925190970,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6460 /prefetch:1
  2⤵
  PID:5520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,16997537687242892198,15973265227925190970,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6680 /prefetch:1
  2⤵
  PID:5688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2100,16997537687242892198,15973265227925190970,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6952 /prefetch:8
  2⤵
  PID:3472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,16997537687242892198,15973265227925190970,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4796 /prefetch:1
  2⤵
  PID:1568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,16997537687242892198,15973265227925190970,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4864 /prefetch:1
  2⤵
  PID:4984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,16997537687242892198,15973265227925190970,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4816 /prefetch:1
  2⤵
  PID:5356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,16997537687242892198,15973265227925190970,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6664 /prefetch:1
  2⤵
  PID:5660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,16997537687242892198,15973265227925190970,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1820 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,16997537687242892198,15973265227925190970,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6772 /prefetch:1
  2⤵
  PID:2212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2100,16997537687242892198,15973265227925190970,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5828 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,16997537687242892198,15973265227925190970,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3144 /prefetch:1
  2⤵
  PID:5872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,16997537687242892198,15973265227925190970,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
  2⤵
  PID:5580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,16997537687242892198,15973265227925190970,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5836 /prefetch:1
  2⤵
  PID:2084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,16997537687242892198,15973265227925190970,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5776 /prefetch:1
  2⤵
  PID:5460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,16997537687242892198,15973265227925190970,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1724 /prefetch:1
  2⤵
  PID:4516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,16997537687242892198,15973265227925190970,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7064 /prefetch:1
  2⤵
  PID:324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,16997537687242892198,15973265227925190970,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6772 /prefetch:1
  2⤵
  PID:208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,16997537687242892198,15973265227925190970,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7288 /prefetch:1
  2⤵
  PID:5968

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2168

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:844

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5264

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:6108

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\ProtectPush.txt
1⤵
- Opens file in notepad (likely ransom note)
PID:3464

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:5588

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Premiere Pro 2020\" -ad -an -ai#7zMap16705:96:7zEvent32078
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4656

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k SDRSVC
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2320

C:\Users\Admin\Downloads\Premiere Pro 2020\Premiere Pro 2020\Adobe Premiere Pro 2020 v14.0.1.71 Pre-Activated [FileCR]\Set-up.exe
"C:\Users\Admin\Downloads\Premiere Pro 2020\Premiere Pro 2020\Adobe Premiere Pro 2020 v14.0.1.71 Pre-Activated [FileCR]\Set-up.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Modifies system certificate store
- Suspicious use of SetWindowsHookEx
PID:5788
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 5788 -s 1936
  2⤵
  - Program crash
  PID:2888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 440 -p 5788 -ip 5788
1⤵
PID:3648

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://filecr.com/
1⤵
PID:5036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffb44f046f8,0x7ffb44f04708,0x7ffb44f04718
  2⤵
  PID:3660

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7006aacd11b992cd29fca21e619e86ea

SHA1
f224b726a114d4c73d7379236739d5fbb8e7f7b7

SHA256
3c434b96841d5a0fa0a04a6b503c3c4d46f1c4e3a1be77853175e5680e182814

SHA512
6de169882c0e01217c4ca01f6ead8e5ebb316a77558e51cd862532dbf9147d9e267f8db667ff6e9fa33164243724f5e437cb882392382f3cae1072dadb762c1d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b80cf20d9e8cf6a579981bfaab1bdce2

SHA1
171a886be3a882bd04206295ce7f1db5b8b7035e

SHA256
10d995b136b604440ac4033b2222543975779068a321d7bddf675d0cb2a4c2b1

SHA512
0233b34866be1afd214a1c8a9dcf8328d16246b3a5ef142295333547b4cfdc787c8627439a2ca03c20cb49107f7428d39696143b71f56b7f1f05029b3a14376a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
70KB

MD5
4308671e9d218f479c8810d2c04ea6c6

SHA1
dd3686818bc62f93c6ab0190ed611031f97fdfcf

SHA256
5addbdd4fe74ff8afc4ca92f35eb60778af623e4f8b5911323ab58a9beed6a9a

SHA512
5936b6465140968acb7ad7f7486c50980081482766002c35d493f0bdd1cc648712eebf30225b6b7e29f6f3123458451d71e62d9328f7e0d9889028bff66e2ad2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
19KB

MD5
76a3f1e9a452564e0f8dce6c0ee111e8

SHA1
11c3d925cbc1a52d53584fd8606f8f713aa59114

SHA256
381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c

SHA512
a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

Filesize
41KB

MD5
3fa3fda65e1e29312e0a0eb8a939d0e8

SHA1
8d98d28790074ad68d2715d0c323e985b9f3240e

SHA256
ee5d25df51e5903841b499f56845b2860e848f9551bb1e9499d71b2719312c1b

SHA512
4e63a0659d891b55952b427444c243cb2cb6339de91e60eb133ca783499261e333eaf3d04fb24886c718b1a15b79e52f50ef9e3920d6cfa0b9e6185693372cac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

Filesize
63KB

MD5
710d7637cc7e21b62fd3efe6aba1fd27

SHA1
8645d6b137064c7b38e10c736724e17787db6cf3

SHA256
c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b

SHA512
19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

Filesize
84KB

MD5
74e33b4b54f4d1f3da06ab47c5936a13

SHA1
6e5976d593b6ee3dca3c4dbbb90071b76e1cd85c

SHA256
535fc48679c38decd459ad656bdd6914e539754265244d0cc7b1da6bddf3e287

SHA512
79218e8ee50484af968480ff9b211815c97c3f3035414e685aa5d15d9b4152682d87b66202339f212bf3b463a074bf7a4431107b50303f28e2eb4b17843991c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

Filesize
1.2MB

MD5
08f7d036b9973d744d3c2bb9aa8fdf66

SHA1
1518cc20d2b32591d586b08b977c6b6a8ad26d5c

SHA256
8d0c403ba7d22af8cca3c89985025d3340f71a1fdd1c959ccbcc5c8d3ff2ac99

SHA512
84dc1fc991066db3b4b51b307636b60b5bb1baaa62eb98dec2ee8c4b06f121d2000bd4015d01c9ee4771853652619fac00eb52558957e6a29f0d7bf02556e2bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002a

Filesize
212KB

MD5
08ec57068db9971e917b9046f90d0e49

SHA1
28b80d73a861f88735d89e301fa98f2ae502e94b

SHA256
7a68efe41e5d8408eed6e9d91a7b7b965a3062e4e28eeffeefb8cdba6391f4d1

SHA512
b154142173145122bc49ddd7f9530149100f6f3c5fd2f2e7503b13f7b160147b8b876344f6faae5e8616208c51311633df4c578802ac5d34c005bb154e9057cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
3327a87ccdeabc7da39f2da8f63a11cb

SHA1
c7e1637a35cc97b8c9eb297c63a81656bcb5bfcd

SHA256
1c4650a0db0d55923e3f427bc1ed592a22fb059c5ffa9cb755950f317985adaa

SHA512
98e967b5a49c6a6e8040a520b434fbac09506268cb70d3da1c9c81d9433ee4048a845d323f190bec010ee7804adfa78ed560dba0352e0d7447cc909f8433e6c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
aeebdca3bfe38679ced1564fce3b0b7f

SHA1
e650c21f0c0189b8ef6733da392b6a7ca51ac39f

SHA256
385c953805afec125f72463d11c52b1b289c45c49e153f66d6c667479d1a98ee

SHA512
91a2843c679f6d3f1381b2449e189a4981e42b6a960b6e953507e674bfdc6fe4cf72f7f449912a9fc9b168501a1ade742f2c1fcd2dab8b7752efba39656ce42f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
b1438f3b92ee6a8c568cad0132ae5d31

SHA1
e5dd0584f392cb5a8e9df96f25706b3e69b56d6c

SHA256
7c4695ab81c45119c39be2d3143e1e12f2dd7c94f4a76be24e8128d3cad5fd93

SHA512
a02a2f21331d1ffeec73b7985eb280c68a7304390877c79d82fd5224e662c179ba422e4d3cb8523287420dd09854733213dae215aab70d925b07a6d19892d8c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
a0504c8932c8437c90ed7815a3f40402

SHA1
40d0bf3d14752593426648298f0891b97d0f7f94

SHA256
03020f4afab4ee221f8be97b4a417da606b37d31a995dfed03ca2589bdc3be23

SHA512
0bbdb9043409d4c05fc77371d7b612fd3ae948e8ef69ac1b9868c2a857e257797b80d08782524db73b7fb970a3f7deee489743e848ee2385222989510c879aa1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
a1423f2dd5f81c6c4889587ad694d463

SHA1
1afb6528f4b999c766adae0efd988fc8e701efa4

SHA256
47542c7a8b3a48763650d7d1ef079bcbfe6720a5cbe0155f2f29b4b64d45831f

SHA512
d5978ec261ee8039837d6e6a9e8d7b104611e7f9cd041c86a0f2e6679be04dc9162ec3734ab0fc784e83aab52f9136bd2d2bbb0bf1ff548967d3e1826e621f39

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
4b620d996137576aafcad9eb65d7c69f

SHA1
0307c0737de5b033b46cd9cc7e7f1a0e88146be8

SHA256
0c45773ffe19f793b3c2b4a9b7417a72e2c129cd78f8c756913ddb384446fd12

SHA512
1c31a50dd798620babdcd37ddfcd90f33ec1e6ae00b97c51663b08d56723c8b56a8358bb2ea9027736db532fa1d538c0df84e6abcbc811979ed5436c580a900f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
7dea49865960cf0df7ce213c1ef922ad

SHA1
17ec9bc2c2962f326e7a83a3a7181061d54b8739

SHA256
e88e834a67e6b543c71603a9e021a59a0e761be0fa53114722078911ef53060f

SHA512
0cb4feb6a04391d52f9a7568b1462ab789f5cd7c896611da58343e573ed766382fd2ed33b0ee2b7fd7cd3c17848b69d2bc05d10317997e3da8a00250edb4ada0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
224521755c9c91fc02f39b10cb993df2

SHA1
6094bf11feb035ce2eb56945ba31e2d94c9150cb

SHA256
c337ca7f37acdcf2734a227aa3282993d8a686445ca6ff961ef63b6603e631f1

SHA512
cc02e9121e75b3b48d4fa03350701199dc7f5c5540316fd2ad11271d40665e6ad83e8bc82a69e22802d9ddeea9e2079b85911c624747225509fe7cabcdad9580

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
caaffde86f9e7c3bb8f49b61e41de3e0

SHA1
75a31a74cc4ffdc9369b3bb33795649d46a7f278

SHA256
eb06eb1000ed09d7120d55c8b82a713bff90dd1986dba449e90dd75d845e6a08

SHA512
972fc42b367877d7e92b222c0871932d4ee86821178c06fc00cd0f516c8d8cc86ad4f7587227dd0446d9fc9c460e65b2abc9e14e43075c59fb906d83c0f4c24e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
e640328078747f689da1196c8f9aea22

SHA1
362d6afd9655e9907eb86ee12b220f5b41954641

SHA256
b316f4d783b307d3bf5c4302ae5fea8651b24ad3790eec1019efabcfb7c89af2

SHA512
238952d02d6bf71345a07adbb9fcc7fb99ffc8e8748f3fdfbc7043be552ebd8b97a9bdd62b7c738a888cebeb745870fd1ab83e9a23c2061962e99ba0c7a4ffeb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
ff69ac4f4f84d2024d842383916d4820

SHA1
4cedf1afa27c790785d566ccec0265b229cada16

SHA256
0c892d96d7b1d6b48949252dc170408404ac30ac2dd58676c2a601f19768bd30

SHA512
14c63ad6bfa806201492ff1f6b74c56da78d6567ecc6336f24b2f4bef17a297f899546583bb84c8c7784d89dce66804f21fa6052a3067617c19990378946618d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
7de5a5379db0406a00609f870ecf8785

SHA1
a29c9aa6d263e5410ecdadd102249252a992cd53

SHA256
3b3c6023f897c9051db8b52dfa4d6f0b0482f09a7d966391000a7e223932b95b

SHA512
6ef9353b4daa2f4b6e9cbbcfbea9e41d9178ef2bc3e40040c81213a18bdc25da92cec1fec2502a62a75c8071ac0998021fb511af82f7c88cef8882b2f6f71e87

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
804b8455c1f9ee550da8b98a983cc511

SHA1
d67a08ad9de4d9a9d98924e029999ea0d0bb2d72

SHA256
3eed56dc503a405c57da3c9cb1ee0d30e3128e82c84992490b1e82f608cfd2a0

SHA512
6ff6d047b9101e1dc6d180a3bab2b97751f1852d201ae086b9c545893ef04daae86025da39ba8715b896664f2f88d7ba4aa428332915b14359ce6836f77dc64d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c6327abc29f080253bc722971ce90e27

SHA1
2643ad87f99ba0baa9b5e7f8ba0251fd23363f8b

SHA256
16ec5cb644fbde75d9c2786f45037754449c6db029ad3809da2c68a2339e1a15

SHA512
5af10d4b65c673234cdd1892260173a469b40b7e9b4a3a9baea39ea0d38bce1ebb43ebb757445baf072a84ee35cf55deca23a312df9c416185949efb3080c479

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
4e65c2e3b16bce8452bbb4d66abfcd19

SHA1
5d084a234944dc0d57a3a9eefdc6b34e14a10f5b

SHA256
9793474181f6d72ff13bfd439f5d22f474b957646d6172979776afb08fcc472d

SHA512
d407b333c408d308d2f8db71a0c41d76af23c8f5a1b3f56a6e66d0dddac0efda8bbae8375ff3cb5e62b4c6c849f677d106f0cf0bb5f6f87fe6c2b783995ed830

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
78ae3d5d7b48ffe330ae16be895c0468

SHA1
8d9bced38020231bb2f2236215bd1f2eb66ddc09

SHA256
d4f532602a6038b41d3af212f662c0819410bb3f702c63f31bc181538cac2591

SHA512
df34ba4ab00559d0d75a7921d7b224ce5aac8796d7b2a885efcef744fb152a038d0e76b6015135f4cdebf7c7ea021686209edd5695995d8ca51c5b0ac0862e99

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58cf03.TMP

Filesize
48B

MD5
8799a51d9df19920dcaf46152b4b0288

SHA1
1ef5b49a8e9a243a5a51ad5a786b5c29de1383b8

SHA256
0e10403eeece01a24082238332ccd7218cc5a442704216f568e6c7ba4b1ad8bf

SHA512
15f0af33206b6558fe13f61ebf5828b194c4f837b20e613a1f81934ca37c9cc8e6dd3dd4e3da35e6df0ce1dc443aa332ab448d4827a67303f431b0eb52235f46

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
9b1872db87bc2dc22d0e27bc7d5d3931

SHA1
181fa5c22b7e9bb3426622db35c031aeec3be453

SHA256
b50eb5f91524694374f39f4fa1c47f30aed9fcc959800e5c5d901961bb809c03

SHA512
81bfa164d787636a843397a7f36a9845dff1af1aa6bab36a0fb27838a05d14285cd752a1deff90a293111c8417ff59d5f58d3435c2ea1edef42e186b9d2df8aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
3c15e492390457002f5b723fc7c625dc

SHA1
9ebc844d001422ac49a6eebdad1c1822f715128b

SHA256
30c47f8ff78ce6c4c4639ada3d1b3aab9e62538d8c36ee1f98d955dc0d54fe92

SHA512
269b74e579346cc5e2dea6de26c42bc797e46f515e233459b0b46ddb81eddc29ff1b10ade440e78a965753f78809239a46c0a5bd0f5ef24c6740db27b6faab1a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
326394c40548c81a65c8e38d123c0615

SHA1
5d90970484f05a4ede462b4647e199ce24bd2c0e

SHA256
1008370051851efeebd1e7f8c5d86d10f1fd7a2ac5479d068779e353a3daf7fa

SHA512
09bb0f27e733b4518934a30f6bb6140ddc4156e0a3f323bac894404451645799e8ab7c65b249442b77493d153ed999d7413a24d4f8cefeab3beb3bc9db35598e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe587f0e.TMP

Filesize
1KB

MD5
6f5a62e8fcf762ece7dbed66de4fa35d

SHA1
a9a6f36c35dc47cbcc24786b0c19a908c7bfeebb

SHA256
0d0d643be0c6f73209b1c71425d71169d7fc4d89b7f8b1c86658e54d03cb10df

SHA512
cd9a7762d2d2fbda60920c0e9e236c5ce98aa4e22c07cdd070444c9d4de771b25c07fc1dd6fe1df5558a312d959dfb78c6608bf7e58b9c92b671888f11699e64

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
5ae9b6aedb51fec4977884c1c0442c0b

SHA1
fd9d0540cb77f576eb7e145a2afa1a328ef3f88f

SHA256
3eb83f21575a3dbc2edf3ad1149f8932abf11d773b5d800cc4f1948de76ddd23

SHA512
55d50afdc97c7ea7dda12b53bdcfa94e72b07d78fafc9ffa335f2a5b402419f34c7a6cbebe44f65d9040446bb8b08dae0453f871faccd1b67d51a54d4eed3dd0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
61d7d3752f64e2fda976754948b2c51f

SHA1
5ebff46590f150ec601ad102fc13a1df803fb6f9

SHA256
c58097f26d85432b965ca76982c786e865c5dc6a15718fdbdbabc46a42a4a8c4

SHA512
e137839e9ff264958f882235d733b7c3a5c49866f0c73bd42ac2a2f3a9bc1fbbec2232453ed10c2bf7825b0e97c348c4359c1aefc013517195e0c33961a0f86f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
3130b8b6d6248b745ae624069c4085b9

SHA1
1d2bf94f62c65390c0770b7fe77c0ac41b9d6094

SHA256
4eef54b412910267bd368814cd69b2716efee83d33de44396905029c59001d87

SHA512
95977ff46a4afd7fc1f1376fa53ca9a98826a35093028911d89bfb0b5825c40d8bd11cb1784ccb8f2db8d1ae8988125346abf42f278345e760507a797ee46bee

Download Submit
C:\Users\Admin\AppData\Local\Temp\{23D70564-2752-4728-BA4E-B6E3ACDDBDBB}\common.js

Filesize
2KB

MD5
d98f70ffd105672292755a37f173c2ec

SHA1
c0154add295ac052f234a0282a62b704cdd01998

SHA256
257a42f797f140667c81930001e73943bfc243d50bcc775f75d0334a2d2cf2c3

SHA512
1909cc7e4da0949a469852240be2205209968b18b99f7d967bc0231de33d03c7cbaa9578972e30e95e6d7017aebf9cd70a55ba22cdc9d5774d2a237d3eb0971b

Download Submit
C:\Users\Admin\AppData\Local\Temp\{23D70564-2752-4728-BA4E-B6E3ACDDBDBB}\lib\jquery.custom-scrollbar.min.js

Filesize
14KB

MD5
ab3adf4aff09a1c562a29db05795c8ab

SHA1
f6c3f470aea0678945cb889f518a0e9a5ce44342

SHA256
d05e193674c6fc31de0503cbc0b152600f22689ad7ad72adb35fcc7c25d4b01b

SHA512
44dfc748d0bd84f123f9d3f62d5ea137d9128d5bdbe45da9a8666d09039eb179acf0dbb3030e09896fd61e7aa5ae6dfaffe9258d80949a64d0a7e45037791fb4

Download Submit
C:\Users\Admin\AppData\Local\Temp\{23D70564-2752-4728-BA4E-B6E3ACDDBDBB}\lib\jquery.min.js

Filesize
91KB

MD5
e1288116312e4728f98923c79b034b67

SHA1
8b6babff47b8a9793f37036fd1b1a3ad41d38423

SHA256
ba6eda7945ab8d7e57b34cc5a3dd292fa2e4c60a5ced79236ecf1a9e0f0c2d32

SHA512
bf28a9a446e50639a9592d7651f89511fc4e583e213f20a0dff3a44e1a7d73ceefdb6597db121c7742bde92410a27d83d92e2e86466858a19803e72a168e5656

Download Submit
C:\Users\Admin\AppData\Local\Temp\{23D70564-2752-4728-BA4E-B6E3ACDDBDBB}\lib\jquery.placeholder.min.js

Filesize
3KB

MD5
e13f16e89fff39422bbb2cb08a015d30

SHA1
e7cacaf84f53997dd096afd1c5f350fd3e7c6ce9

SHA256
24320add10244d1834052c7e75b853aa2d164601c9d09220a9f9ac1f0ae44afe

SHA512
aad811f03f59f799da4b8fc4f859b51c39f132b7ddbffadabe4ec2373bd340617d6fe98761d1fb86d77606791663b387d98a60fba9cee5d99c34f683bcb8d1f9

Download Submit
C:\Users\Admin\AppData\Local\Temp\{23D70564-2752-4728-BA4E-B6E3ACDDBDBB}\main.html

Filesize
8KB

MD5
f4b7942d6563727bd614f10da0f38445

SHA1
84f22240f7a5ed1c23b09e8677ac2ac3cd4e26f9

SHA256
e4bedde22ed405d291c746440a824d5f8527fb232e7a6be2ed9a76465d82f8dc

SHA512
f79b24ac78863a4ed87d41f37b2a5bc27017ebc5317f0a305d676090a16aee8a61384b476e7e9a68a024aa8da4784c1bd4f118766caf4450ec97af430e7074af

Download Submit
C:\Users\Admin\AppData\Local\Temp\{23D70564-2752-4728-BA4E-B6E3ACDDBDBB}\main.js

Filesize
55KB

MD5
38c26016189d4d1b68fa10c54050e53c

SHA1
081bd6a4e2e0831750e2fb8ad5af07cc9f8b112e

SHA256
8720e510401d8830f4324b4ab2f9e50acc91afab981e43e90688afac9eabc3e5

SHA512
c5d1c754d41845f6a86bad00f4a3f0b05e7a8399333cf26052447b4731adf67a601eb87d58037cc49ffc0c032f9986b93420f77dd664a5bb10a057e0ed5e4938

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
a20d8cbc6c5a6d337fc3e1301bbead1d

SHA1
2a9f874a7f0a757a51db6495a9180c11a6dfef4a

SHA256
f96d240ff1730e49de0210ebb670df7cf9b973ce6db8d5d1def5a6c952506799

SHA512
c7b626dd92cf4fdd97dbc8b848061752c038c3805adef8626c5221d89ddc5770bd082129d78a532088635067248a65bce1134b2f7264f9a4403e4fd5246e5508

Download Submit
C:\Users\Admin\Downloads\Premiere Pro 2020\Premiere Pro 2020\Adobe Premiere Pro 2020 v14.0.1.71 Pre-Activated [FileCR]\Set-up.exe

Filesize
5.0MB

MD5
9cfa0d88f0b614d1ff6fc69b703a839a

SHA1
5ab4ba79a11b9cb127c023284162ae6987999ead

SHA256
582536081e67975055ccf8de5353502d7bda56f2aafcbefbb400f3d9012019c9

SHA512
4e85b7d123bcbc3b6e55f2cadaca45b26871766113d04c4e2d69296c879a19923eacacfe49717ee2526143cd6c3da00901622a505978c34303a427142fd474e1

Download Submit
C:\Users\Admin\Downloads\Premiere Pro 2020\Premiere Pro 2020\Adobe Premiere Pro 2020 v14.0.1.71 Pre-Activated [FileCR]\products\driver.xml

Filesize
1KB

MD5
bce3ec99e8f3c7e439371c8033e435b5

SHA1
727b365039ef2dcccb87ab422a4730aed00cd3bf

SHA256
4bcbf07749faac9c9f20fe81103695d6f31ba7d1a23e0da42cab0d832638484a

SHA512
54a651ee61ac519c72807f63ae5e1260a000c49780136302cfdd522c3c0f656b0ce3dc7f6979fee38b3ff6a7a4624903b481470788de320f6f7a59f60feb02ef

Download Submit
C:\Users\Admin\Downloads\Premiere Pro 2020\Premiere Pro 2020\Adobe Premiere Pro 2020 v14.0.1.71 Pre-Activated [FileCR]\resources\config.xml

Filesize
414B

MD5
cfd0fb5625b5200568a39810e18a58c1

SHA1
77bb8b5c19079cef151042faf86730edee23d8b0

SHA256
6bb7f79b1e8d4069ebb0a8e28eb66b34188dcfd309fa9bc2d229928eabe567f7

SHA512
f82c0de8a75b2863c541c0c7b382cbfd30c33a4abb6f123bd4540d426006bb7eaac6c734ba3938342a1ef54d5bfe6ab5066edef464aefb5947f46d5946ef0e4e

Download Submit
C:\Users\Admin\Downloads\Premiere Pro 2020\Premiere Pro 2020\Adobe Premiere Pro 2020 v14.0.1.71 Pre-Activated [FileCR]\resources\content\images\appIcon.png

Filesize
3KB

MD5
24732de113894a332856b14924d78810

SHA1
7097d100553dff305ebbfe35004e9b1fb13c25f8

SHA256
10ee1cd4a23899f273d4d1b8b2ee63b77cd08b9c7c76067d8c9ba12f7cf52836

SHA512
533cbd577512bdae3d063844b388c54a6c5ad98b5cb520b80df481f4453cc221e040a571a01193c1483399bf959b09cddb3e08f7019992c28b20c52366959649

Download Submit
C:\Users\Admin\Downloads\Premiere Pro 2020\Premiere Pro 2020\Adobe Premiere Pro 2020 v14.0.1.71 Pre-Activated [FileCR]\resources\content\images\appIcon2x.png

Filesize
3KB

MD5
cfc48e80b6007380a074ad3cda82d80d

SHA1
404369af07fc23962fc223b52926aca7d71474fb

SHA256
b8709a6a19c9842a519e18946ef31f229c2143b4e21f023c5cd62d44cae9d6dc

SHA512
57f83a8560a01da19980c638fa5602d7fb5379d0a37c5f4f0fbb196497650fdec18029412a424ae3a6814e4a36099ca3892c04f9e1ea881f35346d5f78b66a15

Download Submit