hxxps://www[.]mediafire[.]com/file/tf2nbtujgxgqbed/EXM_Premium_Tweaks_Updated[.]rar/file

Resubmissions

03/10/2024, 00:25

241003-aq13yavcrl 8

03/10/2024, 00:22

241003-anyj2aybqa 3

02/10/2024, 23:58

241002-31c33stepp 10

Analysis

max time kernel
150s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
03/10/2024, 00:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.mediafire.com/file/tf2nbtujgxgqbed/EXM_Premium_Tweaks_Updated.rar/file

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 7 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\Local Settings	OpenWith.exe

Suspicious behavior: EnumeratesProcesses 18 IoCs

pid	Process
660	msedge.exe
660	msedge.exe
4572	msedge.exe
4572	msedge.exe
4548	identity_helper.exe
4548	identity_helper.exe
5904	msedge.exe
5904	msedge.exe
4456	msedge.exe
4456	msedge.exe
6044	msedge.exe
6044	msedge.exe
5724	msedge.exe
5724	msedge.exe
5204	msedge.exe
5204	msedge.exe
5204	msedge.exe
5204	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
4392	OpenWith.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 48 IoCs

pid	Process
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe

Suspicious use of SetWindowsHookEx 19 IoCs

pid	Process
4392	OpenWith.exe
4392	OpenWith.exe
4392	OpenWith.exe
4392	OpenWith.exe
4392	OpenWith.exe
4392	OpenWith.exe
4392	OpenWith.exe
4392	OpenWith.exe
4392	OpenWith.exe
4392	OpenWith.exe
4392	OpenWith.exe
4392	OpenWith.exe
4392	OpenWith.exe
4392	OpenWith.exe
4392	OpenWith.exe
1264	AcroRd32.exe
1264	AcroRd32.exe
1264	AcroRd32.exe
1264	AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4572 wrote to memory of 4784	4572	msedge.exe	82
PID 4572 wrote to memory of 4784	4572	msedge.exe	82
PID 4572 wrote to memory of 3504	4572	msedge.exe	83
PID 4572 wrote to memory of 3504	4572	msedge.exe	83
PID 4572 wrote to memory of 3504	4572	msedge.exe	83
PID 4572 wrote to memory of 3504	4572	msedge.exe	83
PID 4572 wrote to memory of 3504	4572	msedge.exe	83
PID 4572 wrote to memory of 3504	4572	msedge.exe	83
PID 4572 wrote to memory of 3504	4572	msedge.exe	83
PID 4572 wrote to memory of 3504	4572	msedge.exe	83
PID 4572 wrote to memory of 3504	4572	msedge.exe	83
PID 4572 wrote to memory of 3504	4572	msedge.exe	83
PID 4572 wrote to memory of 3504	4572	msedge.exe	83
PID 4572 wrote to memory of 3504	4572	msedge.exe	83
PID 4572 wrote to memory of 3504	4572	msedge.exe	83
PID 4572 wrote to memory of 3504	4572	msedge.exe	83
PID 4572 wrote to memory of 3504	4572	msedge.exe	83
PID 4572 wrote to memory of 3504	4572	msedge.exe	83
PID 4572 wrote to memory of 3504	4572	msedge.exe	83
PID 4572 wrote to memory of 3504	4572	msedge.exe	83
PID 4572 wrote to memory of 3504	4572	msedge.exe	83
PID 4572 wrote to memory of 3504	4572	msedge.exe	83
PID 4572 wrote to memory of 3504	4572	msedge.exe	83
PID 4572 wrote to memory of 3504	4572	msedge.exe	83
PID 4572 wrote to memory of 3504	4572	msedge.exe	83
PID 4572 wrote to memory of 3504	4572	msedge.exe	83
PID 4572 wrote to memory of 3504	4572	msedge.exe	83
PID 4572 wrote to memory of 3504	4572	msedge.exe	83
PID 4572 wrote to memory of 3504	4572	msedge.exe	83
PID 4572 wrote to memory of 3504	4572	msedge.exe	83
PID 4572 wrote to memory of 3504	4572	msedge.exe	83
PID 4572 wrote to memory of 3504	4572	msedge.exe	83
PID 4572 wrote to memory of 3504	4572	msedge.exe	83
PID 4572 wrote to memory of 3504	4572	msedge.exe	83
PID 4572 wrote to memory of 3504	4572	msedge.exe	83
PID 4572 wrote to memory of 3504	4572	msedge.exe	83
PID 4572 wrote to memory of 3504	4572	msedge.exe	83
PID 4572 wrote to memory of 3504	4572	msedge.exe	83
PID 4572 wrote to memory of 3504	4572	msedge.exe	83
PID 4572 wrote to memory of 3504	4572	msedge.exe	83
PID 4572 wrote to memory of 3504	4572	msedge.exe	83
PID 4572 wrote to memory of 3504	4572	msedge.exe	83
PID 4572 wrote to memory of 660	4572	msedge.exe	84
PID 4572 wrote to memory of 660	4572	msedge.exe	84
PID 4572 wrote to memory of 4016	4572	msedge.exe	85
PID 4572 wrote to memory of 4016	4572	msedge.exe	85
PID 4572 wrote to memory of 4016	4572	msedge.exe	85
PID 4572 wrote to memory of 4016	4572	msedge.exe	85
PID 4572 wrote to memory of 4016	4572	msedge.exe	85
PID 4572 wrote to memory of 4016	4572	msedge.exe	85
PID 4572 wrote to memory of 4016	4572	msedge.exe	85
PID 4572 wrote to memory of 4016	4572	msedge.exe	85
PID 4572 wrote to memory of 4016	4572	msedge.exe	85
PID 4572 wrote to memory of 4016	4572	msedge.exe	85
PID 4572 wrote to memory of 4016	4572	msedge.exe	85
PID 4572 wrote to memory of 4016	4572	msedge.exe	85
PID 4572 wrote to memory of 4016	4572	msedge.exe	85
PID 4572 wrote to memory of 4016	4572	msedge.exe	85
PID 4572 wrote to memory of 4016	4572	msedge.exe	85
PID 4572 wrote to memory of 4016	4572	msedge.exe	85
PID 4572 wrote to memory of 4016	4572	msedge.exe	85
PID 4572 wrote to memory of 4016	4572	msedge.exe	85
PID 4572 wrote to memory of 4016	4572	msedge.exe	85
PID 4572 wrote to memory of 4016	4572	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.mediafire.com/file/tf2nbtujgxgqbed/EXM_Premium_Tweaks_Updated.rar/file
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa240646f8,0x7ffa24064708,0x7ffa24064718
  2⤵
  PID:4784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,1645471212357323680,16717089914329295141,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
  2⤵
  PID:3504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,1645471212357323680,16717089914329295141,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,1645471212357323680,16717089914329295141,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2836 /prefetch:8
  2⤵
  PID:4016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,1645471212357323680,16717089914329295141,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,1645471212357323680,16717089914329295141,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:512
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,1645471212357323680,16717089914329295141,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5772 /prefetch:8
  2⤵
  PID:4900
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,1645471212357323680,16717089914329295141,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5772 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,1645471212357323680,16717089914329295141,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5356 /prefetch:1
  2⤵
  PID:1432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,1645471212357323680,16717089914329295141,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5244 /prefetch:1
  2⤵
  PID:4400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,1645471212357323680,16717089914329295141,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3884 /prefetch:1
  2⤵
  PID:3696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,1645471212357323680,16717089914329295141,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5452 /prefetch:1
  2⤵
  PID:3100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,1645471212357323680,16717089914329295141,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6376 /prefetch:1
  2⤵
  PID:4412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,1645471212357323680,16717089914329295141,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6396 /prefetch:1
  2⤵
  PID:4000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,1645471212357323680,16717089914329295141,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6492 /prefetch:1
  2⤵
  PID:5228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,1645471212357323680,16717089914329295141,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6900 /prefetch:1
  2⤵
  PID:5384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,1645471212357323680,16717089914329295141,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5828 /prefetch:1
  2⤵
  PID:5460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,1645471212357323680,16717089914329295141,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7160 /prefetch:1
  2⤵
  PID:5468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,1645471212357323680,16717089914329295141,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5836 /prefetch:1
  2⤵
  PID:5668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2124,1645471212357323680,16717089914329295141,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6740 /prefetch:8
  2⤵
  PID:5884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,1645471212357323680,16717089914329295141,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6608 /prefetch:1
  2⤵
  PID:5892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2124,1645471212357323680,16717089914329295141,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5844 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,1645471212357323680,16717089914329295141,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7096 /prefetch:1
  2⤵
  PID:6120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,1645471212357323680,16717089914329295141,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6808 /prefetch:1
  2⤵
  PID:6128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,1645471212357323680,16717089914329295141,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:1
  2⤵
  PID:5568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,1645471212357323680,16717089914329295141,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6584 /prefetch:1
  2⤵
  PID:5336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,1645471212357323680,16717089914329295141,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1124 /prefetch:1
  2⤵
  PID:4440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,1645471212357323680,16717089914329295141,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6896 /prefetch:1
  2⤵
  PID:804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,1645471212357323680,16717089914329295141,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7272 /prefetch:1
  2⤵
  PID:5740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,1645471212357323680,16717089914329295141,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7448 /prefetch:1
  2⤵
  PID:1452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,1645471212357323680,16717089914329295141,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5996 /prefetch:1
  2⤵
  PID:3012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,1645471212357323680,16717089914329295141,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7276 /prefetch:1
  2⤵
  PID:4000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2124,1645471212357323680,16717089914329295141,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7196 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,1645471212357323680,16717089914329295141,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5820 /prefetch:1
  2⤵
  PID:372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,1645471212357323680,16717089914329295141,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4824 /prefetch:1
  2⤵
  PID:5764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,1645471212357323680,16717089914329295141,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6876 /prefetch:1
  2⤵
  PID:2552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,1645471212357323680,16717089914329295141,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6784 /prefetch:1
  2⤵
  PID:5780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,1645471212357323680,16717089914329295141,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7524 /prefetch:1
  2⤵
  PID:1548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,1645471212357323680,16717089914329295141,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6876 /prefetch:1
  2⤵
  PID:1244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,1645471212357323680,16717089914329295141,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2356 /prefetch:1
  2⤵
  PID:2688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,1645471212357323680,16717089914329295141,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6760 /prefetch:1
  2⤵
  PID:6040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,1645471212357323680,16717089914329295141,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6456 /prefetch:1
  2⤵
  PID:1712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2124,1645471212357323680,16717089914329295141,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=7508 /prefetch:8
  2⤵
  PID:4292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2124,1645471212357323680,16717089914329295141,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7520 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,1645471212357323680,16717089914329295141,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7096 /prefetch:1
  2⤵
  PID:6060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,1645471212357323680,16717089914329295141,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6876 /prefetch:1
  2⤵
  PID:4252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,1645471212357323680,16717089914329295141,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:5456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,1645471212357323680,16717089914329295141,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6724 /prefetch:1
  2⤵
  PID:5528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,1645471212357323680,16717089914329295141,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6768 /prefetch:1
  2⤵
  PID:624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,1645471212357323680,16717089914329295141,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:1
  2⤵
  PID:5716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2124,1645471212357323680,16717089914329295141,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2592 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,1645471212357323680,16717089914329295141,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5104 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,1645471212357323680,16717089914329295141,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6872 /prefetch:1
  2⤵
  PID:4884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,1645471212357323680,16717089914329295141,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6684 /prefetch:1
  2⤵
  PID:4588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,1645471212357323680,16717089914329295141,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6996 /prefetch:1
  2⤵
  PID:372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,1645471212357323680,16717089914329295141,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6308 /prefetch:1
  2⤵
  PID:4772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,1645471212357323680,16717089914329295141,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6300 /prefetch:1
  2⤵
  PID:2516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,1645471212357323680,16717089914329295141,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5796 /prefetch:1
  2⤵
  PID:5212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,1645471212357323680,16717089914329295141,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5412 /prefetch:1
  2⤵
  PID:4580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,1645471212357323680,16717089914329295141,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6136 /prefetch:1
  2⤵
  PID:688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,1645471212357323680,16717089914329295141,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5912 /prefetch:1
  2⤵
  PID:4076

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2316

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3896

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2cc 0x4ac
1⤵
PID:4384

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:4392
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\Downloads\EXM_Premium_Tweaks_Updated (3).rar"
  2⤵
  - System Location Discovery: System Language Discovery
  - Checks processor information in registry
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1264
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5152
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=5C8DD35D915B043D854F275C4D8B6DDF --mojo-platform-channel-handle=1744 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
      4⤵
      System Location Discovery: System Language Discovery
      PID:1452
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=B6A9CF78D16CC45810837CB04CC359F6 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=B6A9CF78D16CC45810837CB04CC359F6 --renderer-client-id=2 --mojo-platform-channel-handle=1760 --allow-no-sandbox-job /prefetch:1
      4⤵
      System Location Discovery: System Language Discovery
      PID:2036
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=C8F7A427657679515B5EDC7349F16C5B --mojo-platform-channel-handle=2332 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
      4⤵
      System Location Discovery: System Language Discovery
      PID:5672
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=8750799BEE55BA61632161D635D2B6AF --mojo-platform-channel-handle=2320 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
      4⤵
      System Location Discovery: System Language Discovery
      PID:5648
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=A7D224FB66DAF0236F37E715D6B8C7C9 --mojo-platform-channel-handle=1740 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
      4⤵
      System Location Discovery: System Language Discovery
      PID:5280

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5856

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f9664c896e19205022c094d725f820b6

SHA1
f8f1baf648df755ba64b412d512446baf88c0184

SHA256
7121d84202a850791c2320385eb59eda4d697310dc51b1fcd4d51264aba2434e

SHA512
3fa5d2c68a9e70e4a25eaac2095171d87c741eec2624c314c6a56f4fa390d6319633bf4c48b1a4af7e9a0451f346beced9693da88cfc7bcba8dfe209cbd1b3ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
847d47008dbea51cb1732d54861ba9c9

SHA1
f2099242027dccb88d6f05760b57f7c89d926c0d

SHA256
10292fa05d896a2952c1d602a72d761d34bc776b44d6a7df87e49b5b613a8ac1

SHA512
bd1526aa1cc1c016d95dfcc53a78b45b09dde4ce67357fc275ab835dbe1bb5b053ca386239f50cde95ad243a9c1bbb12f7505818577589beecc6084f7b94e83f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
72KB

MD5
389a8e96e6612fca7386b94c6b18690f

SHA1
f335d84e65c726b5a874c1c80a710e6de4210876

SHA256
e3e514983257c8499507d0f6093189092e61ea4951b211b50e8f3780b266ce8a

SHA512
880d185810ccd2920f6d08d41c7fd4e152c777235164c23f07bb2d7c6fe335f48fe2263664b114438abdace98ea613b8d186e421c5faec4a08dc03dada21010c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
84KB

MD5
c9d27871bf2522963f2da027fbbd3230

SHA1
45b0aecf3eb037cc61399e23c2e78a9600b76738

SHA256
ebc06c2e876a4eb8cce458bedb07524b6d66a1334fd0da8f61a1d8b1c795f6bf

SHA512
8c5df063a51df2de9f13a3d134731c5e6b04bb082aa367bf7debd24e76247556fcf2157e44905627f76d6ca58ecd4710778efe1778bdb7a3c3360891d4116857

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
19KB

MD5
16a408439eb5b0c4b28e323ae910ce68

SHA1
98df478d7346501a8c93bb6cc428f6894536b381

SHA256
467df30e488963980daf46289a304c00bbdac2100f4cd82e8162456bc2e47755

SHA512
3270d0d6144105682e1a3d0e27634207f57a7f96094c8559702dbb7ae36b81c598bff46be9a564c9fc5719c6f6ba9eacfc14a4e9ecd643f3e5ef1e5d70ab3f4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
43KB

MD5
7f3d8acbab87cddc895391eec9de2425

SHA1
72a90b3749073648744d31984b855c29527aa3f0

SHA256
e45d57a0e7c7bb183851b9e1bedf108835e13031a6775bbd8074ac6cc1eadbb6

SHA512
2c6d8b778c0abe19352f611e168461bf391ffa52a80e33bd769d06d00555c3411d464552c1eae74cecc876ed744bb9d0a2f170e9faad6af3002985966c8febce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
37KB

MD5
f7bb397be4dfbfa13cdd90517e93e65c

SHA1
285073b9baf7d3d79eaeeccdf77f28229857a793

SHA256
9e7cd786b811f5049e9ccf9f4189f4bf22b88803583df816b853c2e94c85f48c

SHA512
dbc5c4b823477a1820cd2ff71d64403e66b488ba466539d6c16461db7af7e6f18c756fd9a1801e5251cbe3fe95b2e61164fc45f6ddc6847e67e8e2cd6223cd0b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
109KB

MD5
75a28a81f8471e572309577262c471b3

SHA1
feccd1dc1200804ec60865a8372d0e6dcb8aeed5

SHA256
0cc6b0030f1f04a9b722a8956dcab5e1cf18651b6af1bf4b40c76f406e12f1d8

SHA512
c41e22444782edf46a3b98f6ef86321e3b58b06ff4638fbe4df3c7e4fe131edecbff0b6512b1477b089f5d2df3715363b004a13b26a622790cb21a2086c3541d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
21KB

MD5
660c3b546f2a131de50b69b91f26c636

SHA1
70f80e7f10e1dd9180efe191ce92d28296ec9035

SHA256
fd91362b7111a0dcc85ef6bd9bc776881c7428f8631d5a32725711dce678bff9

SHA512
6be1e881fbb4a112440883aecb232c1afc28d0f247276ef3285b17b925ea0a5d3bac8eac6db906fc6ac64a4192dd740f5743ba62ba36d8204ff3e8669b123db2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
54KB

MD5
d77ea9a9724bbeed1535a0ecbfacbf8e

SHA1
08737b96c6f8cccf697e06e9099dea0f5c96ac02

SHA256
13976e267187c61d5411dfe02194da7fef815f5c5a024938392b13894fb081e2

SHA512
b0611243d3d14defddbd2423ffeee66be287578a5d1898b85fc84713422ddecb0ee518bcfc88e296df34647a5103c8b42c46826a917935588a146e96a6907c37

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
72KB

MD5
e9ee79cc469b45392172db9bc8eb54cc

SHA1
82241451ce445caaa8edb455c155586b04a46ff4

SHA256
5b136fa7f6aecc5a6210a0522184411c4419e1389d65fe9f6beeea185be0d398

SHA512
04dca47ec0782f108094ffa7c1278c4c615c8541b74b8fa90af638231dbe6341e5f41ddea76846d6923649ce040642cde904ee40c7add8474fb8d780bd7657bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
27KB

MD5
90b4841812bf523bfd0d4becd6d63fce

SHA1
33e4af9165a865363afafda05aaff7beee34bce0

SHA256
5e2e3bf643ddf940c2481cd0755bccf7a1e657388169284a1acdb1198112e5d6

SHA512
6d5f5955b3f8d56e206fb475fdd5af4b9c2b556c6fb99a403f6c4e09e1ebe83512f8040aea86c90e47b238db5b5042a36ee245f4853b28cce49908481204b9e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
207KB

MD5
75b4b7cc3178047c09aa397facaf5d7c

SHA1
9cea223d16879403a254e4465e221c2209f04d02

SHA256
626822f81f890f9d5d9fcbe1e25ed1039d9eaac45de41ab09ea0a092156726f9

SHA512
bd6d68d26b33cd0e38f0f24a41afe980a39220718ee28c0b1ab479f89f9fc3b98a16a59104578605e499f0086058b9b30808b8c3043a082acd49b03033bb71be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
32KB

MD5
b9ac587f0e3396b4838f529764f2c760

SHA1
5614b445fd550716fbb29836441b69db2c7c7847

SHA256
8245cb4209ba71026cca66f77f6ec16e184ea8c9d5107206615194b14894fd06

SHA512
221031162ad7ffb0502502b80a3397c223c8f61ab22ded8720c5f0f9e09cf7e41af3e18a08a5a6923ec9faae33c09071c31dcb0a0c55a1e4a2694518003d3405

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
51KB

MD5
73c22ab0b4759b9069e18bb52bbb811d

SHA1
23f509bdf63ffae67c5eddd6b5b44638418f8777

SHA256
3b1c7ec22d217a5840b397ba212c8c1411975e31dcf18a0cdee421f00ba27123

SHA512
e80fcbcd00be78dae2b11027d0446d78ad2d7c740c0d774e36e24eb1a560a85cf5064beadd083f1762e3b1d1fc6e014b76f1ed877045fca94b6cdaa3746bb066

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
22KB

MD5
87a963d8f3dd6e2c632225b555789d52

SHA1
5c4acbe1316e49bc4f19a3ef4d63d049e433558c

SHA256
13dc193bf0f7b1edda3ba73b9afd6b7450ae7764a52d8bd6a92cf87f47761703

SHA512
7bb1e781b07ba09bad1e7745266944da449e0c5da7e1b6a092bd18e4f9206c883d528b54a3ee9985616e593787ac48812e0cbe743038231c88abf5e9616f0e61

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
78KB

MD5
82e0b620c29ff043d6f2a40df177835b

SHA1
6e19d04e12a1c982d9f2ec9d05a1044f126ed93f

SHA256
14dbe3e1629f09c679c2c95313e130c8e9a26321dd68390f70c8a95229e8181a

SHA512
e11d1398e020d27ac9d59089a2cea3efa5669ccabb214028ba2400c1991e4bb79b08a0a655938e94a11f499f98c5621460952e59c05d9313c3330892c2cdb183

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
149KB

MD5
5ee744b45a0b750b00065a7b599b4c31

SHA1
5afa5d067c151144b9b1d6a9956f9f5bcebf39b8

SHA256
94b2e7cc9d12c51a05c83858fa59a828462acf00aa715ad47e24eda5bcb629ed

SHA512
f0d00a873003f39fb9b29527843b4c191e2083b5d5a5aab2bf69d1a6c057df846610a29302fb81655f3308a96191ee82ebc201609e1cf193a89929491fb7c678

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

Filesize
137KB

MD5
5e0856fa15c15f96690dde42816ba54b

SHA1
c4bc8c904dddf00d68b9f03157fdea9c30a3e149

SHA256
b467f7e1362ec81aaf830ed5c231217a7f48611510e4a4059224fa8397a4240a

SHA512
0aa97cee8d4d914ed41917a7a1a45439bad0b4e46a4cb0a2b6d4b37a46d2c157cb8ae1d509b86da4e540887f5f0265861e5c7d46aeda590f8fc0339573ddbdab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

Filesize
63KB

MD5
a5cc79fbd666432c461daec09604f082

SHA1
9a3df93d85aca657c5c8b60f9b4063128319647e

SHA256
9a7f91177674363a59d898f41192d993f0dab2ce2c93a180b6d1042ea4b9e279

SHA512
f93ebbb16738cae18477a0bd833098abee3a77880b8623ae2a462ee8e209487045121700e013dd0da1c7c3f5c9f24a56f02a5cba837df4ac1f33c9f6e3522c62

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

Filesize
20KB

MD5
27a28a17041207e45e9c0c4e32944d75

SHA1
85e68e6f78201775603ff8eb89d406b8ee87f482

SHA256
f14154c32ebea98298065d61749f8ddd7c5acb94e3f85c79c2f16fd0dc12823f

SHA512
a6c21cba9096b299385e7486624474d9777ed116094203125e1deeceb4222b8b12d566165d3f3dc317b1789fa2f00f1083c9f919b679e145039b66cca964c345

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000028

Filesize
42KB

MD5
c18ac29cb1e1afeda67dcee7b8fa497f

SHA1
2e2fca9619705de092131991d0129594aea866e2

SHA256
f5f3e3e947878d45fefe0b0a2f895a13010d3121eba5e9d07bd1d79e01ddc3a0

SHA512
5dcae0c20e115715b382792e9b6293e644d44b644dad8a2960a9815beca0ba1ff2697118d282580c473643f97442b61380bd59a5ff92eb50bad11e96dc81a48c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000029

Filesize
51KB

MD5
5a7091bb1c4982bde3f9d3901587c11a

SHA1
2c990a8d38797d5dbcb8322219fc9d828aeeff29

SHA256
41c8fb1312e45d8c38f20cce6e9b922f39ad22728366566aa135bfca41e8e725

SHA512
1a8628e84210a47deb5d626d0f3c3ae39113e72a71df7ef90c6bcf857cff336248bc2a07a3b9be4cc66bf90587636dd34213eab52ac27d273c74c6005b3f7e4c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002a

Filesize
33KB

MD5
d989f35706c62ce4a5c561586c55566e

SHA1
d32e7958e5765609bf08dcdefd0b2c2a8714ce34

SHA256
375dfe942a03ee024b5cc827b3efda5550d13df7530281f50862ce3b33fcb716

SHA512
84b9347471279e53ec5f151caf47fd125b9c137d4bf550a873c8f46e269098ea5e2882b1dc1fe3b44095308df78f56d53674928f44a1e76d3bd7dc9d888d91dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002b

Filesize
148KB

MD5
7e7ae79453361bdbbc333a4e55379729

SHA1
f6fbaea64fe2494ed08b85658c817a4567cce0f9

SHA256
ca6ababe505d8c82b9456470cfadf491de6d5e1599ecb74ba0344a7df32dfe2d

SHA512
7e5120ac8d3f2760a21c36b0c765340f63438322b37301afe684298c58ad6e3e6087cc2b2bb62c410938da2ac5ffd261c4652374c4e26bbc39440000b37437e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002c

Filesize
47KB

MD5
015c126a3520c9a8f6a27979d0266e96

SHA1
2acf956561d44434a6d84204670cf849d3215d5f

SHA256
3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa

SHA512
02a20f2788bb1c3b2c7d3142c664cdec306b6ba5366e57e33c008edb3eb78638b98dc03cdf932a9dc440ded7827956f99117e7a3a4d55acadd29b006032d9c5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002d

Filesize
213KB

MD5
f942900ff0a10f251d338c612c456948

SHA1
4a283d3c8f3dc491e43c430d97c3489ee7a3d320

SHA256
38b76a54655aff71271a9ad376ac17f20187abd581bf5aced69ccde0fe6e2fd6

SHA512
9b393ce73598ed1997d28ceeddb23491a4d986c337984878ebb0ae06019e30ea77448d375d3d6563c774856d6bc98ee3ca0e0ba88ea5769a451a5e814f6ddb41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0381ee05bae5ca28_0

Filesize
379B

MD5
58e4150e58bab85202a9464f47f19bbf

SHA1
909bf605fce7a19fdc253e5e71a8757c558d73c0

SHA256
c099fce8045d1891debb14157ef6968af1d2fbcb7e3490c092bc3ca2a242186d

SHA512
b9d7e1f9e7bf930f64866e32b72c0edce6a1fd412b97b6b57ee259402c5b2b087afde461b199c6b61bd50378afdeb795a982c7d62a0d8a8d12d88d2720e65c4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0707e9e3705bd99a_0

Filesize
281B

MD5
03a4e70adbc3991a90311d58c146632f

SHA1
fa4b1e5b59d7c38ca967ed31ce4e65d28321b0c7

SHA256
c60aacce874d8c0f81a49a3b8b806b77774988f4b60817d147fef2c1e39ad264

SHA512
b34a94c05145277b59e02e10d76165f31f96b189e0b6f93a7b5946e93ec74b84c49b8d03bd18eebf15f0c268533bdd0dcc0155776dceb37f7975c82bf21c2760

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\49dd1ebb3bcf4d5a_0

Filesize
223KB

MD5
ff0d912162f1bce77bbb990e4f7fa1bc

SHA1
61d664b192e1393e7c44545ce57ccc785e5954df

SHA256
f0f00dadaa91e9b86ac55161ec64fc51cf2bb65a319bb0ed85e65edf3fbe6d62

SHA512
01afe068e2255d4aee612aa20c44d0fa1fa4023cbd356b1664aa592fcc9f9c99e5fa32f9103331fd0a130686be841d3c281843f5d96f31e02eac087bd8a13186

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\64223413fcd8d885_0

Filesize
261B

MD5
04ccb10d656f26de9bf84297c1cdc498

SHA1
501ec9c6cfa4d5eb8d05fb4186b58054d22cb6ee

SHA256
e115851739cd2bfaabde80e88a2518b6b862c0c675c6d500fbf42688abf770f5

SHA512
a6fed62707223b5e8963d1e07cdd63247b06e84db2eda6544b2b4cfd73c6f99f4b70a7dffd3b19b5c60eee5516f24d06f29836a95ff32fa7a92a132148c9ca7d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\67d15eb894d1be38_0

Filesize
4KB

MD5
3b16e3ef807e86db93c3915816298aa3

SHA1
68f4b45446df7ccde1df16997919b895eacd1bda

SHA256
16c0968ac9845a5028fc607f0c7dd16d38522aef872f18a964f22c6386d33d8b

SHA512
4fcf7aae1b1785a6e4b4716b7078959b26effdefe388c1027f352e6f0e59bc1c6e2e6e4ddb8a6ef3535e6901c956e4a21534b0efc64a8f613f57033880a2310d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7dfd163d978b904a_0

Filesize
245KB

MD5
05e7e65239ce80989e23b63621c04632

SHA1
d81d69162957c96a5c054af649e59e790e51759b

SHA256
302e7434da00a1a0881b91484ce6bf56646fbb2143491f71b407f32af996be96

SHA512
b938845fe7c426b849854e399796607ba251c893e50af603b2a4d1305c39e9d885c420fec5c1cfbb9e7ecca67824c41efa3437f5f1f9bbedb8688e9604b145e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\88c0dafec97b8821_0

Filesize
75KB

MD5
b6c8640a14d757255804d12d7c3bc1d1

SHA1
46cc35856f2c5017e0ac5e1054ee1863502f87eb

SHA256
7599ba22c615c42e24a6d8a10c4481a24d8a9cc9bfb92aef2795a1123ce82864

SHA512
08e3950378ad592c944aab78e3c8cc5f35baf9db12440d3b1810288e7143cd075f3cb7f9c565ed33fb115284fe0a15d9e04562178b66b66f49c633e714ebc23c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8da788ed8d3cf1ff_0

Filesize
264B

MD5
8b2c728b12d57e1c045a6ed9f59e9c97

SHA1
08457dd8b05dfd089d798dc13c481cb2b0451da1

SHA256
81583a01fe17523c6b3a00f118a4cc79f3d27784dd76cbc4c9da4131d34ee72e

SHA512
643e17c0eefcc6155f0ef9371c160ebb7626b80feda28ad72f5ba50317cac810820b7ffe8a786a6c040dcf56152d67f9f1956b3517da0975a6f936d0fab8292c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9076091ae67d7e90_0

Filesize
124KB

MD5
6070212b73609601634657d7c0857abc

SHA1
c93f2089194ec3bac38f25b47496859d07ed18d5

SHA256
5b4d232f053bf5b0747770e94aab10241402743ce9506fa1c4e9748b6f59ae05

SHA512
702ac9f4581c9067b7c3377efadd41922cd6f7ff2fa2f84823b033f6a6fe696fdf438c36d2c78ad92714038f5b59d364d6582a2441fc649459475c3ad2f51cb3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b41c96b8ec769b65_0

Filesize
263B

MD5
2ef8058c74461e14ec9a17fb422711f4

SHA1
a8605b51ee9d6fdcac2060ddafdba6f3b0081cb9

SHA256
2dc571c7efe15a34d2d9155aa96090890eebf2daa5d5f93d3c97f6bd1e848127

SHA512
8c281fa5808e1c1926d3cff2d2344e5f04ac6a85630c329a592dfe848d8a8b306e0f712242575997aface28cce38598819db0180d4107a5688a3f630e73c864a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b5cfb113e3a33d1a_0

Filesize
494KB

MD5
3a1ded1a8393ae2148f9ccb510ce5472

SHA1
a1eb56d6b0157681662355280a036ae079d22bdd

SHA256
67f207428eebadf1d28c34874b585c8afaa819f63049826c6987141b48a1f0ff

SHA512
08b46c12cc0b34214325db3a55e13d57bb714378864600e8762462a4afb968e82c40e896089681760d028763b106f34e4bcbc851385985824fd9a448e00a849c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d2dd64a649140650_0

Filesize
253B

MD5
f8632fbf6e3ed8b52cd670fe6cc8c778

SHA1
c5ba2831a209bd215829372486a544a708c6c87d

SHA256
6dd0a5a189eb3916a54289fc33b1706bd220fe53886d7b3ef5c9c60ec2a5adc8

SHA512
c004f1000e9085f43ae260f40a1231b3ca37d459405eba9ca57fa000c5b7950eddf3e0366981e0d16c260d44d01764c6240060423c399412b4abc7c8ec467f63

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d455c839fec11f2c_0

Filesize
186KB

MD5
92960a6749e5d547491f162abca95a10

SHA1
4d8b4257c56ddb6303ce88e38b2bb0799e35666d

SHA256
f0215dd2e1ba13da76bb790ee4f72ac8a070c8d626ead68b54f557eda4b6d751

SHA512
964693c5a0f536359be0cc087add4463e49483434520f7b65c2ad0b20fab4f186e7d146a8fb92c7aab849d79cbddf1142203bc370f77569517d65f8b858d6de8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
68e8dac84414df83f346ec7ad37672d1

SHA1
0850d004426cadecbd2be2dac48949d245bd5d88

SHA256
f6edea78d14de6e38979b46849755fa30b4683a193304b0f79674f981cf27154

SHA512
c211b8c4687534f4f1cf943aa109991b85c957e9643d59fede8c41e67af2147552a278e54c836cca305cd6073f0adb08e7fd591351724bab88dbcdb215269156

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
d4043d1b1f637e0b783adfd99726e343

SHA1
516e5722ffaa5335578a02299cf0aad416e00ad3

SHA256
e9083c02e74d5eaa87338de74df60cd61e17784f73cd80cede7f9638f882a2b3

SHA512
5cd14871b5af31fe587c7de6f00162fec05c390df14596f0f9afd6e5965bff836ef0c549db53be5a968add76f3970297c5a1010e558574ed347bd5cd0bdeb284

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
3c1ddca4d7274ad567590a5f92051183

SHA1
91378477694f7545c12d7819b5683f96fbcca24a

SHA256
a58350d407850c8cf4e693f16290fa9a721b79a3d0d1ae6dc40b918f7b292de3

SHA512
c865229f629b155d39e682036ca820976b3bd1cb920996860211a7cdaf0217e14ab557f66eb713a29d11a1e72187ffd29875fa534506d5b75805611db415063d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
13KB

MD5
ded7f754dc85598fe2976d3e5aa178e5

SHA1
328c5f58140c2f68c6caa9662ca75a5b855a924d

SHA256
ab4359793ae940d7dfdee30e13bb581d06accf04854a938855c677e4a6cee55e

SHA512
192886018f96bd11a3a1179fb4f711343f6c73b476224a9c3da2f7737a02af14c80b5790d75a23b88eff1fe045c86b0e87a19b14ce606da7249b2028fdc0545c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
10KB

MD5
3a442c0ca724dc2471b0ae77978224b4

SHA1
a2de9b052340388d43ea876935a02a175a599708

SHA256
639ed48856675ea3749ac11865d13206a4326a1d8e9196dcdc9a0945e89d34d4

SHA512
bc0cba62b3133d0c2c1086d944367524421419c5bbebdb57bdfa7089cb38cba7072f3c3881a432536cf7d791813d75426165fa9ec8b923f7e1f8c475d432c460

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
a4ac1c5e05db099df0e7d876526bee0b

SHA1
a1fefd40ade62a3edbb206636dc207f048b0c767

SHA256
6bc6f524e1ab21fb95f0ba47d5d2150afedf8a503838675cd9693164fcc57e2d

SHA512
2c8af29934cbe90989a3c6392e29e844c5d04ccdd763e74d44549042de63717445e7da53339169bea5df9f2623e750ae0dd5f1b73550edc4a42d1ce5a4661f25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
3133f678f7d11f216ba5e133240c9acf

SHA1
8c88e1fc4b1ecd44c249e60b58f9a3b102b162ed

SHA256
a79f8628ab5e81558635d9ed9a98ded1b4bba9bca306446f36b25b74c0928eb5

SHA512
45134a659648139f3e7ee216a5bf6965e59930a75ab587a56273a8fa438395d1397b87c611100aaad5f1db77f562c46dda6d9c50dc959c24015264858bcf50cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
504389c2b6e4228fe3c0426b2f83ba40

SHA1
baa087002e14d016fbe60e00376858df5ce28ce8

SHA256
9a177fc5f8ff82d139617919415937e3bec7f419e3dc8f77ff44ac0b03ae0b3c

SHA512
a5479d51e36e1e79a2095183ac7428a07904ffac7804718f612714734c5def7d6f081b6a89e27df9ec5de7bec85e478ca24925c0cd3ce5e4d44ed460cb4fa6bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
daff932aaaaf081fae8e04ebb5ff48f4

SHA1
868de3ebd9cdd3bf41082e147474a3ffcc954995

SHA256
42b70433f31de80f7ff2e3c8ace91e4d23c6e65617f472b1056ed5ad8322ca28

SHA512
b5c444aa434ff331dc311bf9808f015926e2ac9cd88451bd9a6e28ee48ee65f95ef9c8da12ebc92e985446906170a37f2c9b3db6c5bdf4f9e08585aa608d63ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
adfb2e8271ab4b917b8c2778a7d38143

SHA1
631e44448b3c41e887c8b5556823fe13babb4697

SHA256
d9eabf4ec717a567788977baf6b8ceb43ff87b1f17ca1489f4df727161f7e4ca

SHA512
797493e17022d051576bbc5f9938a89d159b8a792d934cba837b8a6c31a3df2a8c1c45908dc4ea196e0b59de2684f53aa914dfd64b4df3c213b3c087129b62f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
14KB

MD5
841155a0eb4085ff8c8cf860028258f7

SHA1
9d0a0ecdc64d0e5d252eff416595742369c132ba

SHA256
e938914abb9850800a2f4e52f40f2922b46de95754ade8eea9d439b5390e03fc

SHA512
27318676927ee4c7b6a06f80047e54473fd08f6112909d2e96e622f988d8626732f82066e03f4451f2c693155eee58efee07438e1f8d8f13ccb6ee6375debaed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
4e4367cb6cf0965cb66e980c2623e6fa

SHA1
dfe3e09a9d0d108e14fefae78a28000666077433

SHA256
a768649c121281eae26efdf3b584e93deff091425722393e22198903d2dca026

SHA512
45efbc628bed009398fe8469c6fd561c1221e6a4d42afc75f50ccded82f881ab47fc6a0cb179e1ea4122aef1ed3b48c31efd558486a42b1d3f06fc0831312e07

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
14KB

MD5
74b3b1c48296240fd4973fd7ed0442b2

SHA1
9752021b8191c8a94eb923272a05ec2db695e1c1

SHA256
a625e0c2dfff214b51c230f256b53eb56be316002321f052570b06feb1f21f1c

SHA512
ba19be58f52ae47c14e9423984a6bc23f86ccda00458afe6a4338887d17584d4b0f2b9449d68b7254b6548e4a758b59503665edd9566e866e9ea85aac8d15ac7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
83bb1fe803f985eb18395014b3ea79f4

SHA1
143655fe79904f9c9bdb8263a343c6d774b874e5

SHA256
c0f1c5ba960de98a63c7707e332ecb75ac45fb07147e8f20c4af89e72bb532cb

SHA512
8745c5933b00b1973a3bc3c02f34e0f78a87dc96d14d137f423187191ffc3e8e25fe76c5cb9c4d8e1942949183d896523e695ce98360128aff0cbafc95da3d1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
14KB

MD5
6a811ec943440c5804bd9a62fa48ddc2

SHA1
5d16c2faf3b37539307be71ece70fef421e50963

SHA256
1448bd9b92fc690a96c51bfb634303641eed8ec6dfb67e72b93172f3ee20830c

SHA512
c06e5aac9ae4fc37a9c0dc2bd41c1f39f016027fc20ffe388f1a9c95b157b93812842cef8177bd424d78e3f0ee73a8959bb0f838f2e273b0a1e212514d908139

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
e777779cd1cdc1de8db7bc4aab72a249

SHA1
2ef445fcd7c55d891818ec24f29321884a9e0e2f

SHA256
bf134ac7ce483d769d2f2ccecf5211c1e61a91b35724366a2d485efbb85d9502

SHA512
b11cae8222e1310f25e6e003070d3281390e33d432891c769e741f1752b93e3501f34c6aeb24bfc73e71b4a0ae03bbee87f43757e686b9d2f5ece9e94667ca38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
028b9ec15279ddfbe0fc3f6d10dbe724

SHA1
f99d0e49c5f57d32febe8feb42851738bbc3c30c

SHA256
4b529e19fe911b223c4cfd58df61b1c3bc089d48bb26c73479298dc3834d072f

SHA512
11c8fcaa0109fc3ad42767c96b3626bca2ec4b157a74e8f715f99cd690d3d3e128f66081ad52767692c99ea8e0a7bd39198b7f1c568196423204db5f24aa127a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
a33feba91173ef546f2700b9917e675d

SHA1
e932f808c7a5c2659ec64d5ca0fb595b8d73c452

SHA256
82cff7ff74361eac610a7b484e3c3cd379651f894cacc9081ede5cf89f03d960

SHA512
de0fe311a6da1612c8e675331e042a5cd9c980f08baeffd11b59f2a2ab249fd66c8ab273bb065a920a84447a5f615217bf9a385b4664c9df6961ab725ce0f810

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
b0dd78435f5d40729784181bbe3b394b

SHA1
faee39019b534262965baadf0f5eccd1280871c6

SHA256
79c158571a2f3e0330ca6a629d1e99043153f6c355b5a1b07519d4b2ea3e6dfd

SHA512
c0d9daf3cfdbcce574c8a5f6818361a4c7a6ab8237d5780540797db7fe1c989777b7d977a95da296d54475b18f6253fc39fb123eee1b99719fae045a08307da7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
35c3bc102fe9be66f987846a3f91314e

SHA1
18981108e824fa42bf7200b55b09db984976a468

SHA256
5e64da4e23a61aafd1aa682ca94c5769245a6e3cf231f77f0025221af530e8fc

SHA512
970d4e792baee8760b14c88c37338e599815c063b070ae1dcb6948c1c3baf80c71f5e67b39e36d3bc5869ba2cf1784348dff44aa9a7937eb60f8e314251e2774

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
42f2db22b8f8119d5041381efa463bb4

SHA1
d8da149a450cafaa7385ea76bf030f6d46d0c6a4

SHA256
6bd08630685abfd3512fbba7a614c3653164008274be96c274eaf617ce6abc59

SHA512
68cc01da8f5e284dc72d535f7b6f8c8ba5b931dc77f322b74364a0e9379ae953e48ff42dfa0d1594308d197e2feef530eabef1e50d9beee5f792912a4436fae2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
3269d64ba01d734eba78621e59485c04

SHA1
cd403f2305c1dd1235ba4b2c575a7e6fa501ce89

SHA256
6fdeee21f86847770b18cf99068a1647e699910599371a262325c4e19d45d81d

SHA512
382653d78678dd1895f44ccff7243f429de6d6b3c9eeb896e6c2302dfa75fb9387f1c79e73412dda35b2f7ae1b5dc4d842523a8b03822b6a78eca4e74e0f3ccb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe580059.TMP

Filesize
1KB

MD5
fbdf367324283cf465c0752e49e40189

SHA1
cdda6069d1b064395d6bd8a98fcecb4345b0d7cd

SHA256
dab8b4a61a6d70f307fc5cbba4aa1513cafa88b2be3fbbc58c96d7242fb71337

SHA512
4f86c4d670e5dafadedfd0b52ef9de7b31f54652da61816463f3f3c094781650ffa4991d2b9d3d1cd1206c73b2ffd144952228e1ae2f42377ca963e19f35c165

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
09c39cfbe5bffa36c0e6b269904eaa22

SHA1
27d3c803240cc806e3fd2508c33a45f47b328e9f

SHA256
910a3939f1713007ee7394cd1689cd0d1c09267a354320e885b450df7f8be82b

SHA512
74d2301bfa1c2d15485d4240afe7d2e6d762e22546eb6e9fc5964178aed6a7c410115c5477ccb8d1481a826e6aa3be3e058ed3c728491ab487bc780ea49bb6c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
af1e205db1a7d0696413eb4c90f3cf13

SHA1
2ffed0031c4822156ffce5448a21384e2ed27c9f

SHA256
2bc890dbc2cc6480e7845005ba6b98edac221f1f888d95937092e74bf5b9b948

SHA512
322acce27f9e2bd82455528f406f5684298b230ef6049a41397814dc75c3fb5a0bca6ce6b026961fd2458cc664477bbb4c769970cbd7e394397d4d24b2dd4f86

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 282209.crdownload

Filesize
47KB

MD5
330ecacffeb8549263e0a6dd1011afbe

SHA1
de48b43c23050440770024c69d86f7b527f88fe7

SHA256
334fab49dc0f008a76066226829a66b70dc84639f7c597c0d411efb566d73ab7

SHA512
3ad1bb5872c89c5d899e75a1a65533fdee39ad90214ecd53a18fae4c9eb5f873395e8a749949cd32711a1f82a2fcf99d93863d97c1279b97062a9f6f558362c4

Download Submit