hxxps://drive[.]google[.]com/file/d/1FnDw0GhhoOb-ll2pek2s11403uvnDDov/view

Analysis

max time kernel
934s
max time network
431s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
09/11/2024, 19:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1FnDw0GhhoOb-ll2pek2s11403uvnDDov/view

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 4 IoCs

pid	Process
3372	Set-up.exe
4424	Set-up.exe
2824	Set-up.exe
484	Set-up.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 6 IoCs

Web Service

T1102

flow	ioc
70	drive.google.com
1	drive.google.com
3	drive.google.com
8	drive.google.com
10	drive.google.com
12	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 4 IoCs

pid	pid_target	Process	procid_target
3144	3372	WerFault.exe	128
2312	4424	WerFault.exe	133
3504	2824	WerFault.exe	137
2464	484	WerFault.exe	141

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Set-up.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Set-up.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Set-up.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Set-up.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies Internet Explorer settings 1 TTPs 5 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	Set-up.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\Set-up.exe = "11001"	Set-up.exe
Key created	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	Set-up.exe
Key created	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	Set-up.exe
Key created	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	Set-up.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Applications\7z.exe\shell\open	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 19002f433a5c000000000000000000000000000000000000000000	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = 00000000ffffffff	OpenWith.exe
Key created	\Registry\User\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\NotificationData	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Applications\7z.exe\shell\open\command\ = "\"C:\\Program Files\\7-Zip\\7z.exe\" \"%1\""	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Generic"	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\MRUListEx = ffffffff	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\MRUListEx = 00000000ffffffff	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0 = 8c003100000000004759b365110050524f4752417e310000740009000400efbec55259614759b4652e0000003f0000000000010000000000000000004a00000000000de80700500072006f006700720061006d002000460069006c0065007300000040007300680065006c006c00330032002e0064006c006c002c002d0032003100370038003100000018000000	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	OpenWith.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Applications\7z.exe\shell\open\command	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Generic"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Applications\7z.exe\shell	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\MRUListEx = ffffffff	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Applications	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\NodeSlot = "2"	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\NodeSlot = "1"	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0 = 50003100000000004759a2611000372d5a6970003c0009000400efbe4759a2614759a2612e000000539f02000000040000000000000000000000000000000b9f050037002d005a0069007000000014000000	OpenWith.exe

Modifies system certificate store 2 TTPs 3 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25	Set-up.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 040000000100000010000000d474de575c39b2d39c8583c5c065498a0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25190000000100000010000000ba4f3972e7aed9dccdc210db59da13c92000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	Set-up.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 5c000000010000000400000000080000190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc36200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8040000000100000010000000d474de575c39b2d39c8583c5c065498a2000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	Set-up.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Adobe Photoshop 2024.rar:Zone.Identifier	msedge.exe

Suspicious behavior: EnumeratesProcesses 22 IoCs

pid	Process
4344	msedge.exe
4344	msedge.exe
4896	msedge.exe
4896	msedge.exe
4436	identity_helper.exe
4436	identity_helper.exe
4420	msedge.exe
4420	msedge.exe
4332	msedge.exe
4332	msedge.exe
4092	msedge.exe
4092	msedge.exe
4816	identity_helper.exe
4816	identity_helper.exe
4980	msedge.exe
4980	msedge.exe
3136	msedge.exe
3136	msedge.exe
3136	msedge.exe
3136	msedge.exe
1384	msedge.exe
1384	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1612	OpenWith.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 20 IoCs

pid	Process
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeRestorePrivilege	3184	7z.exe
Token: 35	3184	7z.exe
Token: SeRestorePrivilege	4040	7zG.exe
Token: 35	4040	7zG.exe
Token: SeSecurityPrivilege	4040	7zG.exe
Token: SeSecurityPrivilege	4040	7zG.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe

Suspicious use of SendNotifyMessage 28 IoCs

pid	Process
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe
4092	msedge.exe

Suspicious use of SetWindowsHookEx 34 IoCs

pid	Process
1612	OpenWith.exe
1612	OpenWith.exe
1612	OpenWith.exe
1612	OpenWith.exe
1612	OpenWith.exe
1612	OpenWith.exe
1612	OpenWith.exe
1612	OpenWith.exe
1612	OpenWith.exe
1612	OpenWith.exe
1612	OpenWith.exe
1612	OpenWith.exe
1612	OpenWith.exe
1612	OpenWith.exe
1612	OpenWith.exe
1612	OpenWith.exe
1612	OpenWith.exe
1612	OpenWith.exe
1612	OpenWith.exe
1612	OpenWith.exe
1612	OpenWith.exe
1612	OpenWith.exe
1612	OpenWith.exe
1612	OpenWith.exe
1612	OpenWith.exe
1612	OpenWith.exe
3372	Set-up.exe
3372	Set-up.exe
4424	Set-up.exe
4424	Set-up.exe
2824	Set-up.exe
2824	Set-up.exe
484	Set-up.exe
484	Set-up.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4896 wrote to memory of 4696	4896	msedge.exe	79
PID 4896 wrote to memory of 4696	4896	msedge.exe	79
PID 4896 wrote to memory of 2000	4896	msedge.exe	81
PID 4896 wrote to memory of 2000	4896	msedge.exe	81
PID 4896 wrote to memory of 2000	4896	msedge.exe	81
PID 4896 wrote to memory of 2000	4896	msedge.exe	81
PID 4896 wrote to memory of 2000	4896	msedge.exe	81
PID 4896 wrote to memory of 2000	4896	msedge.exe	81
PID 4896 wrote to memory of 2000	4896	msedge.exe	81
PID 4896 wrote to memory of 2000	4896	msedge.exe	81
PID 4896 wrote to memory of 2000	4896	msedge.exe	81
PID 4896 wrote to memory of 2000	4896	msedge.exe	81
PID 4896 wrote to memory of 2000	4896	msedge.exe	81
PID 4896 wrote to memory of 2000	4896	msedge.exe	81
PID 4896 wrote to memory of 2000	4896	msedge.exe	81
PID 4896 wrote to memory of 2000	4896	msedge.exe	81
PID 4896 wrote to memory of 2000	4896	msedge.exe	81
PID 4896 wrote to memory of 2000	4896	msedge.exe	81
PID 4896 wrote to memory of 2000	4896	msedge.exe	81
PID 4896 wrote to memory of 2000	4896	msedge.exe	81
PID 4896 wrote to memory of 2000	4896	msedge.exe	81
PID 4896 wrote to memory of 2000	4896	msedge.exe	81
PID 4896 wrote to memory of 2000	4896	msedge.exe	81
PID 4896 wrote to memory of 2000	4896	msedge.exe	81
PID 4896 wrote to memory of 2000	4896	msedge.exe	81
PID 4896 wrote to memory of 2000	4896	msedge.exe	81
PID 4896 wrote to memory of 2000	4896	msedge.exe	81
PID 4896 wrote to memory of 2000	4896	msedge.exe	81
PID 4896 wrote to memory of 2000	4896	msedge.exe	81
PID 4896 wrote to memory of 2000	4896	msedge.exe	81
PID 4896 wrote to memory of 2000	4896	msedge.exe	81
PID 4896 wrote to memory of 2000	4896	msedge.exe	81
PID 4896 wrote to memory of 2000	4896	msedge.exe	81
PID 4896 wrote to memory of 2000	4896	msedge.exe	81
PID 4896 wrote to memory of 2000	4896	msedge.exe	81
PID 4896 wrote to memory of 2000	4896	msedge.exe	81
PID 4896 wrote to memory of 2000	4896	msedge.exe	81
PID 4896 wrote to memory of 2000	4896	msedge.exe	81
PID 4896 wrote to memory of 2000	4896	msedge.exe	81
PID 4896 wrote to memory of 2000	4896	msedge.exe	81
PID 4896 wrote to memory of 2000	4896	msedge.exe	81
PID 4896 wrote to memory of 2000	4896	msedge.exe	81
PID 4896 wrote to memory of 4344	4896	msedge.exe	82
PID 4896 wrote to memory of 4344	4896	msedge.exe	82
PID 4896 wrote to memory of 4076	4896	msedge.exe	83
PID 4896 wrote to memory of 4076	4896	msedge.exe	83
PID 4896 wrote to memory of 4076	4896	msedge.exe	83
PID 4896 wrote to memory of 4076	4896	msedge.exe	83
PID 4896 wrote to memory of 4076	4896	msedge.exe	83
PID 4896 wrote to memory of 4076	4896	msedge.exe	83
PID 4896 wrote to memory of 4076	4896	msedge.exe	83
PID 4896 wrote to memory of 4076	4896	msedge.exe	83
PID 4896 wrote to memory of 4076	4896	msedge.exe	83
PID 4896 wrote to memory of 4076	4896	msedge.exe	83
PID 4896 wrote to memory of 4076	4896	msedge.exe	83
PID 4896 wrote to memory of 4076	4896	msedge.exe	83
PID 4896 wrote to memory of 4076	4896	msedge.exe	83
PID 4896 wrote to memory of 4076	4896	msedge.exe	83
PID 4896 wrote to memory of 4076	4896	msedge.exe	83
PID 4896 wrote to memory of 4076	4896	msedge.exe	83
PID 4896 wrote to memory of 4076	4896	msedge.exe	83
PID 4896 wrote to memory of 4076	4896	msedge.exe	83
PID 4896 wrote to memory of 4076	4896	msedge.exe	83
PID 4896 wrote to memory of 4076	4896	msedge.exe	83

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://drive.google.com/file/d/1FnDw0GhhoOb-ll2pek2s11403uvnDDov/view
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x104,0x108,0x10c,0x100,0x110,0x7ff8a0a03cb8,0x7ff8a0a03cc8,0x7ff8a0a03cd8
  2⤵
  PID:4696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1816,8234996937562239038,10636857301501683083,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1884 /prefetch:2
  2⤵
  PID:2000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1816,8234996937562239038,10636857301501683083,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1816,8234996937562239038,10636857301501683083,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2580 /prefetch:8
  2⤵
  PID:4076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1816,8234996937562239038,10636857301501683083,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:1176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1816,8234996937562239038,10636857301501683083,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:2788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1816,8234996937562239038,10636857301501683083,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5332 /prefetch:1
  2⤵
  PID:1212
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1816,8234996937562239038,10636857301501683083,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5808 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1816,8234996937562239038,10636857301501683083,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5092 /prefetch:1
  2⤵
  PID:3108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1816,8234996937562239038,10636857301501683083,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:1
  2⤵
  PID:4936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1816,8234996937562239038,10636857301501683083,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5508 /prefetch:1
  2⤵
  PID:1308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1816,8234996937562239038,10636857301501683083,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5868 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1816,8234996937562239038,10636857301501683083,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5944 /prefetch:1
  2⤵
  PID:2480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1816,8234996937562239038,10636857301501683083,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5844 /prefetch:1
  2⤵
  PID:1448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1816,8234996937562239038,10636857301501683083,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5512 /prefetch:1
  2⤵
  PID:2520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1816,8234996937562239038,10636857301501683083,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5308 /prefetch:1
  2⤵
  PID:2868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized
  2⤵
  - Enumerates system info in registry
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:4092
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff8a0a03cb8,0x7ff8a0a03cc8,0x7ff8a0a03cd8
    3⤵
    PID:872
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2020,12926273471313700740,15845875082966289950,131072 --enable-features=ParallelDownloading --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2032 /prefetch:2
    3⤵
    PID:3608
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2020,12926273471313700740,15845875082966289950,131072 --enable-features=ParallelDownloading --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2108 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4332
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2020,12926273471313700740,15845875082966289950,131072 --enable-features=ParallelDownloading --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2804 /prefetch:8
    3⤵
    PID:4964
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,12926273471313700740,15845875082966289950,131072 --enable-features=ParallelDownloading --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3156 /prefetch:1
    3⤵
    PID:1948
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,12926273471313700740,15845875082966289950,131072 --enable-features=ParallelDownloading --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3168 /prefetch:1
    3⤵
    PID:3504
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,12926273471313700740,15845875082966289950,131072 --enable-features=ParallelDownloading --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3820 /prefetch:1
    3⤵
    PID:4276
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,12926273471313700740,15845875082966289950,131072 --enable-features=ParallelDownloading --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4632 /prefetch:1
    3⤵
    PID:5080
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,12926273471313700740,15845875082966289950,131072 --enable-features=ParallelDownloading --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5164 /prefetch:1
    3⤵
    PID:4564
- - C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2020,12926273471313700740,15845875082966289950,131072 --enable-features=ParallelDownloading --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5504 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4816
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,12926273471313700740,15845875082966289950,131072 --enable-features=ParallelDownloading --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5696 /prefetch:1
    3⤵
    PID:844
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2020,12926273471313700740,15845875082966289950,131072 --enable-features=ParallelDownloading --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6012 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4980
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,12926273471313700740,15845875082966289950,131072 --enable-features=ParallelDownloading --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6116 /prefetch:1
    3⤵
    PID:1636
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,12926273471313700740,15845875082966289950,131072 --enable-features=ParallelDownloading --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6120 /prefetch:1
    3⤵
    PID:4676
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,12926273471313700740,15845875082966289950,131072 --enable-features=ParallelDownloading --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5644 /prefetch:1
    3⤵
    PID:1608
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,12926273471313700740,15845875082966289950,131072 --enable-features=ParallelDownloading --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5804 /prefetch:1
    3⤵
    PID:2552
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2020,12926273471313700740,15845875082966289950,131072 --enable-features=ParallelDownloading --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6740 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3136
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2020,12926273471313700740,15845875082966289950,131072 --enable-features=ParallelDownloading --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5724 /prefetch:8
    3⤵
    - NTFS ADS
    - Suspicious behavior: EnumeratesProcesses
    PID:1384

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1124

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:964

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3228

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1160

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1612
- C:\Program Files\7-Zip\7z.exe
  "C:\Program Files\7-Zip\7z.exe" "C:\Users\Admin\Downloads\Adobe Photoshop 2024.rar"
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:3184

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4704

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap14290:102:7zEvent5105
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4040

C:\Users\Admin\Downloads\Adobe Photoshop 2024\Set-up.exe
"C:\Users\Admin\Downloads\Adobe Photoshop 2024\Set-up.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Modifies system certificate store
- Suspicious use of SetWindowsHookEx
PID:3372
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3372 -s 2424
  2⤵
  - Program crash
  PID:3144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 3372 -ip 3372
1⤵
PID:1132

C:\Users\Admin\Downloads\Adobe Photoshop 2024\Set-up.exe
"C:\Users\Admin\Downloads\Adobe Photoshop 2024\Set-up.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:4424
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4424 -s 2144
  2⤵
  - Program crash
  PID:2312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 492 -p 4424 -ip 4424
1⤵
PID:4880

C:\Users\Admin\Downloads\Adobe Photoshop 2024\Set-up.exe
"C:\Users\Admin\Downloads\Adobe Photoshop 2024\Set-up.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2824
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2824 -s 2144
  2⤵
  - Program crash
  PID:3504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 492 -p 2824 -ip 2824
1⤵
PID:1392

C:\Users\Admin\Downloads\Adobe Photoshop 2024\Set-up.exe
"C:\Users\Admin\Downloads\Adobe Photoshop 2024\Set-up.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:484
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 484 -s 2136
  2⤵
  - Program crash
  PID:2464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 484 -ip 484
1⤵
PID:2956

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Adobe\Installer\Icons\PHSP__win64\config.xml

Filesize
269B

MD5
fc6656e65cbdbc92cc24b60eec7a3d72

SHA1
db7e3089c668bbbbad152acb66e9cf488708d70a

SHA256
2f917740b60e016b74a1388f71bccc5437d65b3a7feb3f89868a827ea04ab530

SHA512
ed7931a25b58fa3118770e3b585760275c0f07b9191396fc5ce5aba7366f0a4f47f84fc687393b600d2837969f8c77194b37cf6ab6c2691461c689a5b1e0e87c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4c1a24fa898d2a98b540b20272c8e47b

SHA1
3218bff9ce95b52842fa1b8bd00be073177141ef

SHA256
bbcc378fcbf64580e7a48b4e7ca9be57fa0a1f2e747f488325685bdb18d73a95

SHA512
e61f196e7f1c9a5fe249abe9b11eea770fb2f4babc61f60b12c71f43e6fe9354cf14869daf46abc2c2655bce180252acd43c10562a2dcd31fa7d90d33253820e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
09cc742ae466fe669e38155eb9b2852b

SHA1
905e475b036b2157ac9f62c3008e1837e0b97fbf

SHA256
f98fb9cca3f05391c346459a77efc0f6753cd0cf59352ed54482842dd0961df4

SHA512
8726cbecf571c41bc69b9fb2d99d524f693e2e6d69b7f106185c0251a06a37c8fac4b925ec58997c05241d89aef9ae201beadc661203da2ed9b2d79bb69584cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f1d2c7fd2ca29bb77a5da2d1847fbb92

SHA1
840de2cf36c22ba10ac96f90890b6a12a56526c6

SHA256
58d0f80310f4a84f687c5ce0adaa982eb42fe4480510399fa2ae975d40bb8bc5

SHA512
ede1fafea2404f16948fe0b5ea5161ccee3ee6e40c55ff98c337eac981a6776b9c73dc030a5c59e4347aec91259f497539206e71949c33adcecbf2c846709e14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

Filesize
44KB

MD5
4139984e8af79d5834860d5d52587f3d

SHA1
0b769993cb3e3db87b3b1742da04d907e1a5508b

SHA256
1bb95551c6a4eb7961edae2a77f3f5d549e51a700c116efca92cafd356913169

SHA512
763ccc16b16b5630cf3ade3de012e992397df4a9e4f67af3476cf2b068e5101068efbf063e3952f953120cdf85bee416d619a2b9b6f37e028c2b6dff24237cc2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

Filesize
264KB

MD5
150a7466fb9d532cb61bac35c75003e3

SHA1
3164f17138ffb3404f4474e8ba98aa5b3b9383f3

SHA256
9fc18317b9445504b9590ae6f08b7a9140b6e89ae28181a1ac1ff1bd6fa37d6c

SHA512
e98f59e22b2b70a48042cd98c0fbe1f3df164450abd1e2847d0c3b54f66561d778b30910f2354d62b15c2d96988740ee91d669b9d594db15cd27347e5822e438

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2

Filesize
1.0MB

MD5
9bc1849d5df0017e988d9162169300e9

SHA1
aa808e05a084ae157d0b8bcd2308ac006c2fa5ef

SHA256
5275af6b2ee66e2f643a5e3fe11fc6a6c6c5e746cc6276b851f5d37f8370499e

SHA512
820af8566f17e659e0cf606e89f38262daababa27ee08afced434b7507614644e05f897e8b8adf2b8eeb66a21a7fa19f0383041f010aedab1fd55eeacd7f2f96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3

Filesize
4.0MB

MD5
c75fbc146e3c679c2de634e0dfc8cf83

SHA1
e302b744e0741ecbb76dee2cc3113935debbfd0e

SHA256
a7c9c34710be9bae945d8b667ac93d383057a5eca448fb9233e2984550054d1b

SHA512
ee82e0fe20fecebf3c654d89049ef5c8c1511d4f7ce113881ba3c40473d756fd4421fdefce990b63b9942d340b6534a0955f823d4ddba8100fded055becb64d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
339KB

MD5
7e866ce1320c3c0fc07172cbba75abab

SHA1
2a98a6815d528539e179caa5d87ab198f79cec6e

SHA256
963ea9629ca5ffa93fa0a0f15f30e7862b58bfb4f8ab16a1ddc077c3d3f3937b

SHA512
2c6ea5d432bc4ba0957882b7c0cdcee9991efe08c6d28bd6c5ab133c1527046edbb4d9f0163ad672799f7c7eb1d8167cbe057e16a638914b5cf715075f91e0f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
670KB

MD5
d5ba3e4e3e7fee52e9917754dd416483

SHA1
4bf19e5b0361967f2857bb888952b9d217c01024

SHA256
aa5c4c09d84a038b8ac673a5e88b52e9b2874896023678db3cb20064e3a9751d

SHA512
01761a7743160d5ea2586622e67d24e1c38143b759120f7d7124ff85fb30f030893b2c35ddce4b7744709f94af77769259cc099591ac8463001fb4228c16d5dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b44b867d86ec7669_0

Filesize
295B

MD5
5256ad0dde7d1c5e40115c8f99156218

SHA1
5b2f77484fa36d78bc28b7fab0811e6ad8b20be3

SHA256
5a28c1987fa1f74793622520b447eaca27d8a60ddda700556c3e68d746871310

SHA512
d1789ea5b50edfe84f4fef44c9679a7b33342f87fa53a7159e5d8122b979fe85067506696e53f1f80f85037e7bab89e02f5235f8e3cbf1882de65d37a9acfa09

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
768B

MD5
51de89d7ae37251275b28b1183ab3d4a

SHA1
4a821255f915cfccfe1ac7521a35449df5551cc6

SHA256
2aa623cf098a2e72d26155efd827e29700b327cc754542d2afe96cca77e25199

SHA512
316c851fb8d60027f291b819311588d25a4a393c559dcc851b5ecb349c2d607fed0b702fa746fc5261e7d07774d7476f328d8aa3ba20d950f4e9344ecc4ebf85

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
480B

MD5
2eaae77da00e9d86865b3642748a7c23

SHA1
59347b1b14ad7f6df59f61316e7c41be4510ca07

SHA256
bd8037ca963b8177317e6ee20c369c32d862c83745555cf2ec8342bbe05832f1

SHA512
746e0fdc1116c22497636e94cbc7d8d8dac9624686ad4aa57d75385d0991b1b6f0313da9bdce907d8c1e78a5e5020133b81370ac690d5a231bdc3788809efdac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies

Filesize
20KB

MD5
a31b57a85df7ee56732d109e939dc01a

SHA1
7ae4eb2638323416d18401fae570eb414e10a792

SHA256
9dc39f12b6995be89c090619eebab8c8c31dc2fea6cc340959ab4dff5f706812

SHA512
c2bed3a6e8ef989436c0e78ba1dce8912cdb58414e8ca8f51d3acbf13beac67bebc94df3a9b714ec7c92d5e912c1ab54cb01f29970e779e3545c6c5dd94efa50

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Filesize
319B

MD5
faacdf2b0654dc971ca714d4d426250b

SHA1
2fbd8a145e5d87c807396fdb56c837b04a6548af

SHA256
795ccf09a03a5f405dd3c114461cbf951a1379c49b23a5a82e7d04e28f63556b

SHA512
e8293bad35888a8d635007abff27206f254d99d02a045b2d2b975531eb19281da8f2af996000cdb8cb55ad241edbd544a5fe154e05731be56e70da137ebc7228

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

Filesize
20KB

MD5
afb9c13ab30023746f7104100fa3c200

SHA1
90d9baf4422ed7f2fcc06c3268de50ebc39f23d2

SHA256
2cdc499558a0f009bcb437399291d317e1fad07295507e18cc617bb17521426c

SHA512
78e69dfcfdc837234bb947a69fca38b0dab6a92855ca67582489343ab73b656b4a7f7de0af0999d3df5d7505d45a8f984d95c81262bbfdc96de05e52fdbd8671

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
907e8138e4d356c65280f27f3561a6ed

SHA1
570cbb9d23c30799ec4a5b664ed133a088d81074

SHA256
558838a4a1202a310ad61155bebeb5ede917846620d7792b4641c617339229d4

SHA512
fa391b1fb1a4d16f83e8f7bac42113f0dc454d8f1b17bb6d4c1b69ab6e381435a80375f4072066a208c63f437e4e0202be6d73e2b647d185a90a0cde28344a2e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
0120ee0334eca14150a5cce88f7bb594

SHA1
1ae1869cd4a48e81d6bda967def6ba35aeb950ca

SHA256
366009d8d6a0343c15652ad917b40839864a00d1424e52e25c98530cedbfda2f

SHA512
5aeae7345fa6fc0fb90dc73e373aab9faf8fa8e70b135d0dda1d5e320ff34f319269fe3f8560058f3e9fe28cec35af771924d4e741401a958df4d8a2112f9ce4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
116KB

MD5
871459b8342275e0fb435ebab9647b86

SHA1
8b13f7eb5391d7badfcdaed54913e85bd9a47ffb

SHA256
5e02ede3385c7c9d78367f85a1ee146e01ee2690eaf9427333b6663eccc3e0db

SHA512
5f1c8b1df2f21a62bf44126295135ce8be493afe649f3ea44eda149bfa7549b339de4582970be57931b8012f0619975e35c10abedf0403da2280994c347c29b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
894B

MD5
56050fea3a4fb65647b4c320186a74d6

SHA1
2c6a27236c1abbee9eb5be66d6d068239422c7da

SHA256
464386b33fcdb456aee054e784b800c05d73b44ffa74c0faae45a39631afb7d4

SHA512
85a64db135c3f6cd0803db9ddd1ca3b043d9a0f6915e4c72ac953b22439a1a4a30525cd0c2067bfd57ce2df80e928e7c93f704e9406c70e8b7239362d77ec147

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History-journal

Filesize
20KB

MD5
df2ef9d681ff9aecbdff40bb5e426504

SHA1
b928ce922a6a68d0b4a77444ba887cb6fd00b7fa

SHA256
2526ddeb90f917dac188b23902d681e0f99efd9e21c16acbd7d067e8b2f505ac

SHA512
b67f433e55fb28b7a56f191ddbc80b817af20c7b3362e73c2011295ca2bd9a3533e8a4cf0afc1cf6f0f83708b18acb44afc52b65e083d3e76154ca015f1e3836

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

Filesize
95B

MD5
e747f00bc750c8b5438d17c626546063

SHA1
42fdc138eb2e3f5b19b21426a0cf9aa08fc2578b

SHA256
eb8ea32b91057259f2cb40d6f8fc63367a39685486fa045bd0d4cd57b4613b06

SHA512
40ac77e5937d6a79f104bd309e7e6e5593bf3c03f02efdbda375df04a7cd26afa3a7f677e7184919e25673a53663bcf36364b5e277d499d97046837fccbdf4a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
331B

MD5
6d02b10c2684700afa6701344e9e00c2

SHA1
59ba78d3e96fd7c49a4fa4f9946bd6229cc15811

SHA256
2f64ca355835c38aaeb73f92c76cd138c1f0de017cc99b87a456fb314ab21cd4

SHA512
c8a3ffc6996ae918df8625e22388abd2c39338506184ee863ad934516c326bbe3362f0fa4c9497e8529fe973162bae2eb853e384d5d13501a24853516275fc9a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
a6f1d0d8ef70a53e4180a920a06201b3

SHA1
98c93aa7d9e4ae80a706bbccb89747c1c51aa150

SHA256
74ea333195102b30d7265b780db8bcbc3febf74ae73888b652a00867694c7ff5

SHA512
0de46c896d14bb0961201ccf5da8dc8fd3ae4b8b5e0ce54ed83691b96a7e4a00483eff6ab34e35523dee88994ac330cc66b91a89d6b77cebc47d3ed4a637219b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
3b1068f4a94f186fcb81b3e304e63f06

SHA1
d4382f888c1c5c041f1308bbdec395a066c6f2c5

SHA256
b1b06c456922aa811afe9800cf425e572068b603a3892a69552d594a4e13bf63

SHA512
667dd2dde7b3b2a0af1f9e86adb88a31d28c6582e62538233a8a4f65aa90defb0d06b40f1c28343fc7f9f4d3463f027b4a041b250a10d6735d022e830039c731

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
f04e406d284693d9376ebf4df3c86594

SHA1
8671947c700fbef49a0f8d25c47cadf389480b06

SHA256
b4cd6bf6f9fecdac9816d90a448267319f4a487ca03e17347562100c5eb8db4f

SHA512
0a8dcf444a7959ca664563262b535a4bff41a5a51d69f0140b574e10e5a5cac6825b6a86fceb4c09c8d695a026827f36e58f1133f83a12e9cfc3344321eaad58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
c044b4c6e35b6b47b6ff04d44ed84885

SHA1
03fe6ce32099f5ab0d3a25e2374d775328f8eefd

SHA256
544405a6406e1edb1685baf810f7d83eaa51e719d31cf9251121eeb41ec73287

SHA512
56a3c27d1179be78c8a50481d435ac904efa31c502f3a22907c77e5880ef15f3a39d559257864374e181b432c2adf50fb00c7431ee606571d3f0acf27d321852

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
32319d42feba1ecdb1f485f549afa8c9

SHA1
3b947a52f5dcb4519668d5bc888a544088d603b6

SHA256
78f58054d1d19042d5aa9d8c02a969b673c584e817d2bd881ab7ba7d8464db06

SHA512
1ed9b356ed6eec56785d458468f6430ee322651f5e976937e375364be9fbdff184f2e75ccd08c108dacbd4beb334b504119fbeda000c32016b41afc67cf415e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
9ef3b7045a6bebf70217208c2cb9116c

SHA1
4784953068900247619ceabb0e218a9d46b3e965

SHA256
21e8f93931108d8ad9469372836ad44ca6467a93da83c192d77f1ab192340aaf

SHA512
576de8d99dfd7b2a02fb3fa4d5d6fa0d7e2f18a385a55ad993edaae139be165700852ce1befd6622fcdba40cee4279e5115fb7409ef3a5da917c5701e5895549

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
76144ac534efab97e98fa826ff5e5e14

SHA1
486891c40fad74faebd97965e5d13d98e1f19070

SHA256
27499af4c95625885354982303bfde557bd639983e3f3662952207a77d3099d8

SHA512
05ec940b99d90f5f85298f237438fbe74af0c043dbcde1ba8a76e1fd7c1ae3fdfc34a6c16d72fc9c2af7d530343ee2043c0911d91df34d0dd9e79b69bbce3538

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
d9a8868735b1fc820cbb4eeb63937819

SHA1
0e7b055e9fac63ef2b14dba36d4bc91bb4ad8c4b

SHA256
5ce470cdbfb7a537a8d492552e59d4e14509f0856f0a48c5b19def8bae67507a

SHA512
48cbb33598c82d4ded2dbcd9a366540a6d02a4026982c1f8fa4614d075b4dda22aaa181182b0336c056b9f26993677eeb39b5ed8a03fa62a6d8e1f93ebc75f3f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
37d4d61c870f9d8f7b51596318a6dbad

SHA1
1e49955435e400c7bce047506e0cc10bcafcd378

SHA256
c56d482db43809434669c344613f39251f83ba7bcc5c13addc2d3a7efd52df01

SHA512
fe3f5b077490057983314dfbc9cf2bd581e430947548218d0f17f57e117227ca3c707948149887a56b2904656c8a08c601bc9baf7a1abaa75cb3132957c06822

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
1fd04ace051697d16a3baab14f6f9155

SHA1
be4e49a67b414be735e9caf6b01ffb1520f84a29

SHA256
00293078b95e3d9e3b2138e26b8a051f0d713cf694f58732687b930e768207c6

SHA512
99e99dfa5e07dee877c4138395853d90ecce4ad6801b271f9e9f1b2ceaa96c8b1589f44c2d6ce2fdbbf94dfa8d33893ec0efa5a0efe6e202e4fe4309d63ba7d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
ea60d1e60a513f2307ec9cab3ee4441c

SHA1
6b6d781f3d8c50c0ffea7d659116411080691703

SHA256
c5f76b342127a4738a54cd2751d6b0fe2da6bc7b7d062e128ea509dd29860e9f

SHA512
cc21e35de09d5794416bbce1afa56b0687897aad8661254185044b12b7961a244e79cc2ca628e5d8a5b66c4d3f0704c7466960114c1d5808c11aa56ea1d24980

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
4ea7cae994de822b0dadc4ccb805a192

SHA1
8b3309e084791e56daefb44f5a4f6e0615bdad92

SHA256
8d9e1f5be916647c43d64587ae95b9155d23db0ac0749fc621d96397a406f3fa

SHA512
74620315defe43fb4355ce3e1e8ba426fd4c2a6b9ad72098b7023c647a1958f8ada3ee8f9a654039ea75eefbe9ac19e58288e65992c7a8e063a695a74e2a5c5f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
cbe00e8fae4605647a44ebb5820f80f0

SHA1
a181ef67f71e2ae309026c40fdb07d63c816ff04

SHA256
742c9804000d9433cea16dd5cf042bb35a6ff766d6491dbad89f8ffeb00d8243

SHA512
eda1670483e85a6eca846b67b7158ec0bc9392f1634477d125a5eab50aa1610082a3718c843653b9fe2f780dd7969420795bb0f4a39be2a8cfeb66d70ffd108d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c43714dd6543a72e347ca0d4b9e14f67

SHA1
ec4061236d4ded922f937c450139528c8e8efd5a

SHA256
5ca2125af2812c4f2ce8a1d2fe2ef3b84731ff390061f566881f5e027af704dc

SHA512
6b2c30965d1b18896e3bbff5d7de1c7548b08a532995b69ed38aa798522ec058f4eea83733491c0619d3e4268e3d133601532047a5f9cdfacf5dc13ad8cff375

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
fa3c1fe4db73c1194aedc244cbd42441

SHA1
5921a5b14b07c7ad5b16987073b1986831938f96

SHA256
247d18da18de3b125910ac8aa08292700a9d9b7a4b87f84889ad3bc3cbdf3ce7

SHA512
e14b688fd16b065df885e04288c04b451d15c429c784dcd79c33170d280ce29c28547486009525f5484220d2c5ff3312e6c3f705ace9408cffd92e0c435b6200

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6e5059f0f9eee299621addfd621ac8e6

SHA1
822130b7e4bf1f187e56d45c0dc54ab57efe63f1

SHA256
7e5cb6bd1b69c47a7214a1c04addeb66cd38c23e46ba0794c27d9da58df4ccde

SHA512
38ac8ae4fa749d33856f476351654e207963475e97084c80258b41dc372626e9935f206c9ade0831c7a8fc1345970439b5bc88c93a43580f21a9deb53d69f637

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
70007f1bb6674f06af7cd4e0e312c85b

SHA1
9ecc999275f41b8c57717e7449e5e29cc4e4ea5e

SHA256
0dca58336de7b9024d00454dec57f7daa3c3627c0ac92f7bc13b83095cc8fe5c

SHA512
8ebf799dd6a9ebb0d92e2bbe9532cadab624620e223683b62c68265c95f5b0aa641d4ac936252fc341a0335fa7e86f6a159006e08e790ae94edd144af0ed556e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Reporting and NEL

Filesize
36KB

MD5
464323d041527bc880c0d83bc298641c

SHA1
6ed16c92fa52d124e4a9827b07b11b38374cf1cc

SHA256
a5584a9f33d94dfe72a28ccb9b58ebf5cdce49bee50dbcd40e0f8e30cfe32108

SHA512
99780d1754b7c753724d4a32ffa33e4ec00ab8d47009c817dc8bd82259bafdb0b39aaafc2918ddcbaee165004b9530ef950359e1d116806c47f97c274d0f8db8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
487B

MD5
80f8099bd4dd559e78db51fd452a7359

SHA1
f723bf0433db1d7d365ecad12a805d935f61ef6c

SHA256
17c60e86a31941ac095b1cbadc6be31f874a7144d87d2388776dc79f1fb4b0fd

SHA512
b93d309b1987071f902bc76f8f13e2afac52e6dba67d71b1f791e14e5cc7069ee21a4038fdadae2f82937de23fbb8a88a5545e29986b80194c51db7465ba1930

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
322B

MD5
f7f4d9684c00d3d31769c5b10955fb30

SHA1
8eaf0c83ca41f63611fbd68d0a6e77ada43bfb83

SHA256
2ab2b50190991917033e28d979531ab65f267d3292e5da8640408c617e23a814

SHA512
603a79f214683b6b3cfb5ac27cf2465e2f596a0b0123c7e0a050682d428e370450346b8694dd041131cfee4cd589fd7b42a3b0715353a240c4f96a9deaa4cfe8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13375653802098812

Filesize
15KB

MD5
c27adadfed21ab47c870c6209d682cd6

SHA1
79c5278836093a5e91911b65f061b59892d01188

SHA256
808fd3445407d40bc88f24f09b40d9fedcff9aef74a03d3759079a214eb39c4f

SHA512
a376a290d46edb33928a56646411c8b7b810c38cbfa7da02ef56bf1e639a7d25432cae953fcab73bd30b41bf0fcc2297c9679d0c8011f700a060a1f1218d1c78

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13375653802311812

Filesize
5KB

MD5
b0ad8f949fc0bcee2870cf1b17daf7ec

SHA1
45c7e094fbab48b43e7bb51f7bcdbce51a0ec48e

SHA256
184677cb991584398862646ccbfefa26f2a911c4389c29882b59b6b31fde499e

SHA512
2b1ec39af9d360102468002d15c122d7029593329c1ca94052374a3bd988328b7593e5d97c492ae18adf66f9e15a8c1cad1ec89152034bd77f1841a7dcb106bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
112B

MD5
451621fb31ae3b5932f4dc65c279d37e

SHA1
87dbe68b7b9116ea0a08e702c6f336b68c20e72e

SHA256
5a75cab9d7d0616f8569e1a431e260376dc4a6fd2ab0702a2d9826ee107045c1

SHA512
ed43884fbb54af7a19f469d82c5298d6bff0899eacdb087e275ef285ee3204cd26fb53260f62378a81cc7b462a10277a6482d59c1a0714afbb1aceb5f9c9cbd6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
350B

MD5
3ae37baa39fb1d622b3f2031bdb193a9

SHA1
654d3766bcd06b9ff43547d5a6add362353f852e

SHA256
14b466550c82229e3ab0cedb57ea7a57ccf035b972256c51d4f8ad627f273c0d

SHA512
15a8093c5a4c7c5a4ee3af29d77c25be4c710adc48aff862745649cb6def555cf8743dfb56b7b60687493e6d1f6f6bd1bf5ff3b9eb7c15d65dc7c97800344978

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
7a0122531419659a9d95a4ee270b13d1

SHA1
381b73f46f62dc1d26bd0b709b2507f1f82564c9

SHA256
fb555916d3d2ea9e2203b87b4825b5b7b152d22c2ada026c259a99b802985c28

SHA512
fdc27150ac9df5abbe0b9a94e9a219acfb62c911b3013f58d90f7bcf8b969a0f6d0e63e26e2a985abc127a71796d13d5129308ef5a6badf68e19221304f8035c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
886f9c455335829214bfb42713da8d86

SHA1
e0082fe796775fdce70280c0d6160cd813a82de3

SHA256
9af68b9516914db9d6cd39165c5b885d1cbb4ac39b7308acf93a5f18cefc192d

SHA512
28a5766dccc6bdb458f006eb5fc847b7c6af36d74a143020e8b8d4109e6985f4b7d6c8e720dca98ebafa25201b5617b1168c512b2709ce4a59caf97459697c7a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
9e1dcb30f1907dc8d3e6829819198495

SHA1
dd1b9e7e7cc174cbe59dbeb3192683c0669d21d8

SHA256
1e334071bfb62c78fe106b5d0f3eb8571192c207c23d5c9fba81c6746bd2215d

SHA512
e93eea52c67e3d9035624ac7a290f69976765020ddc01fb8f757da12910a8e6f41bb2b014228c7fe8aff8e56422cfc04392711828c7fee778255d897346c03e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
fd7b3ee1bee13c5d3bda2ecd10901c79

SHA1
c2a7c666b983fb35043dbcc68377685636ef8019

SHA256
eb27684d3ce92a306fe131775116c9f92288e706757936fcfbd15061e8d22f0e

SHA512
63c3bc4a2a0ea6c99c4cd89854d882910d2034ad48502448469d9c9e3a778181e092c4a64661755df4efd26f6215d056cb4e2c1da771468c543cdebb15529f69

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
44KB

MD5
7ec2a12ac3a9ae6732199d6164c1aa87

SHA1
991f466df1d3495172e5b057526127befed83f90

SHA256
271cf1dc263ca54d65a4011cd2fdc02bd33d12d2845543ae5060f1eaacd2db06

SHA512
fc65f5ca60918474fbfbdd25a1a3692f7090eb085f919562215dc7b773d5546f7085c77bc12f98ba3815c623d892ace67579a2ee65da60c5f7986a60ee483059

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Filesize
19B

MD5
0407b455f23e3655661ba46a574cfca4

SHA1
855cb7cc8eac30458b4207614d046cb09ee3a591

SHA256
ab5c71347d95f319781df230012713c7819ac0d69373e8c9a7302cae3f9a04b7

SHA512
3020f7c87dc5201589fa43e03b1591ed8beb64523b37eb3736557f3ab7d654980fb42284115a69d91de44204cefab751b60466c0ef677608467de43d41bfb939

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
319B

MD5
640e498cc701a96486d158c63516fc74

SHA1
18b9fe533c69e847a0dc99db99c5181ed65bd53d

SHA256
d9d6e86a470696a7348ec75b19daef16fdf233032a5d10c9aa652d8b856aa94b

SHA512
e0d390fef373d8dc2a560ad41cc1e66e107dcdff0f1ab0a1271aedce5720430cd5265a458216b0e083c7b8968780b67d59a19a093aed93849406ccd4b9671181

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
318B

MD5
0701deb6d94f0d4ff13b58981107cb26

SHA1
64d35b21781bffd6c86dab0ab3945f58253e4262

SHA256
10f1f3f959a28359db433639068dfb9d4c3e1301f99ae4a9f540a0ac870c5d8f

SHA512
f95e962e8ee16d5418d556c48c26a8951e4126544ae67be7fae22f56bfb818abb483f240aecd9e99d5088334d17c6e3d0e84519218c49fdc2af4616be4515a6a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
337B

MD5
a8d646bcdded47616a7164845993a5a6

SHA1
5e43e10e40cea479e9ba8ae38db6cf661f20799e

SHA256
6a4c8ff4ae6419cd01a5472be653a6aee3ddf674c3484d2ee0d13310d18a8e6e

SHA512
9b5c47cfd9ec0905b52178dc5e4e0975b119f20a84995bb378fac48e81cab8564f106dd87d3177e1a4bfbc14eda5f293def02f7b5ad04fe2c21d2a57dc45dd1a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
7ada04b5c2483e9037b3ac30bdb1a210

SHA1
0ce7cb11e3c8e0c008aa96bb72c9f2b892682a35

SHA256
ab09800c490ae8b2afd6450445c5b8eb149016d478c3d332497086c78c6c2833

SHA512
6dbeaab26cb3b30032932ba923bc44ccab6d8a40a5c5fe3292c84907ba70d829b60210ab2f1470cb9b5d3d351c447f860c31310d9cab350dbaefcf54a1334fab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
5edc09cc0dd6189a954cf21cb5443329

SHA1
5093e49d9d152bb1772141db55e2fe84edd7a2f8

SHA256
1bd6a859459497496030cae188abbf7d9dd0dc0faf06d78e101f0f674d3e33e9

SHA512
33aa1ab43af503b32c369320caa4be03f7f3288cc3fe9d3f3f1f30899f16acef94065f907c35bd0985e0051c0b063a7657b689732a4a523cbd98c4bf85eab3df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

Filesize
4.0MB

MD5
f348aec0141c51f3307409af8e58b269

SHA1
a4b5c754accbbec60aba6c91025e575c077c2b39

SHA256
68f9337e62d8007f2d13a8cf86c4370d5b55a1a37d862986b775eaf6b803e302

SHA512
2e2089a419459d5dd6ccda0d63b6a913e6cdbee28cfcbcc9b54c7d6d9a875f5097a296ca0066bd2151add217720c33aa0093da96bbe568292af11ac4ee66cf1c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000001

Filesize
20KB

MD5
7e86d5c1bf2ff36b15bfbd8fcf748b16

SHA1
59a1515ddff8caec85c4f27ffb17b69a42ec6226

SHA256
82f03e141e82546b261c1a24cd9ae3cfd4b19a7b4f343a296428deeda88cf856

SHA512
943fdf966d2ca4bfb35e01431e7bae1611e86d4bbf9c27524ba4502a9a93b8c0bb39e7760a8ee76993c4099da1ff49febe0b48468f134d4121f22a0ffb41bf2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000002

Filesize
20KB

MD5
2a029687e73114ebcb4fad10c0114e8a

SHA1
f09cbbed46b9f8c731568bdcee13024e89bda397

SHA256
fe6e92a5b020858bbdd8089533c6f22703bc5927e22f689c384164096705b11b

SHA512
211dc45e2bb5739bcf863c44ca8132f92e895b3c95d074929aa4338698d53c6ccb3a8e2f23180260d9226073f4f5cd21a200010a7a224de7c8ac2e1cc853730d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000003

Filesize
20KB

MD5
ef9588ca82f853399e5968af99985e74

SHA1
80d9df4f75c3e789ddf10584d9ff9de2b6154cb0

SHA256
9d550015f47a4d5d502f8a2f5b33bd9cbd136f4fea7c64754c8cc5a9651f7fe5

SHA512
a77b6b0bcea459ab4fc1e5d0983e85b86a6b0835849345f6afbfb27a5e84d8d1a38ff16e21ecf862e95d0a74e3fe97fda28bea66752b8bd64fd44c8ba680a5c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
b29bcf9cd0e55f93000b4bb265a9810b

SHA1
e662b8c98bd5eced29495dbe2a8f1930e3f714b8

SHA256
f53ab2877a33ef4dbde62f23f0cbfb572924a80a3921f47fc080d680107064b4

SHA512
e15f515e4177d38d6bb83a939a0a8f901ce64dffe45e635063161497d527fbddaf2b1261195fde90b72b4c3e64ac0a0500003faceffcc749471733c9e83eb011

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
79c2235b0d75ded5159f3c9bf64dc475

SHA1
fb346220283dbdf14588334d9611cce094cf31a0

SHA256
de92498bd68203ba2f6387805f7cfd83b72d2c39c642225fd776dc109181b6a7

SHA512
129899e0a242437152cfad2f520ade35515258600bdc86745af10c046f6e47aefc478cad83ebd61b13130479370dfd9fbad132fb560a2ec89e75b5b3ffc23cf9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
fb9456de6540c71515a8c8c8f37dd868

SHA1
7a5d670299b263ecd56673b0472a2c14179b18ca

SHA256
f02c190957500b7f400373048fb6a641bd3f0155bf8dba4505281661af711826

SHA512
453af187e0e42ee2a47372b3ba08868c53faeabb9d91ba1d8699d47c756ea07f174c4858f516d8da14446e82befce95f58bc51bbfada3849cc2b368173c3a728

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
18c9156666519d4c28fdf46c504a4c68

SHA1
69a609ae2b493363fcdb9620edb2ea9d90cf41af

SHA256
11e438bbd5fb4dea75a8f50fcdd42dd9c8067cfd58bb308898424f0f9246dfc1

SHA512
d19a5c40f40103207bf8c61f20feb21349b87fd54d13fbcd94936835e58e0a72af2efff39346d9c8b14b4ff33d61ed0f94ce26d98ca3e35cfb18a2b3657354b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
aaa72f2838d29f32b8a1b988d7676f36

SHA1
2f149b14e24e4a28e6e590eea924295ba8aec792

SHA256
51f139eeaa6b066f887886f04b0314e8284460948a2d2e5163c934d2556c7278

SHA512
9f84172846abd423b7bdf0669120972c3cd920d0a6dbc24ab32297edd95f8862f5d03ed535737b779506372325dd748bd775081afe0652e4e9cdc8c8c175152d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
7b413ddf515e8e0e9b08b02f82adc9f9

SHA1
05d4f6fbafcc70b730fcadc9099162534059a989

SHA256
f3adfbd2f5937e6237b5c9cf00569e77ed3e8e97d9ea36e8b2bd14be0508d6d4

SHA512
f3c6388be72472d462bc39033b9970c753a831016a143a625e7ebc2ba5ecf9705358dbac2176044ae18da3075b78b17c9fda78eeefbb6d4d792bac1e6ed171b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
01f87724099a4d38ff6fbc92d430ec59

SHA1
55c67c23b1d795b857bbcd1a933398b99aa1fe57

SHA256
da4a2bd7b2eb7f780591b44871a82206144ebec186d5fb6ccd5d1b8e280d411b

SHA512
72e6030cc8e03b412184d7c22a1af9368add6f3abcbd7057bd63264b94bf1e93f3e99830519aaf9f7e8363660fe50f02c4df67e91266f6b60bc84c863aa4f352

Download Submit
C:\Users\Admin\AppData\Local\Temp\datF164.tmp

Filesize
140KB

MD5
d070306a9062178afdfa98fcc06d2525

SHA1
ba299b83eb0a3499820fddcf305af0ddbda3e5d0

SHA256
8f5ccdfd3da9185d4ad262ec386ebb64b3eb6c0521ec5bd1662cec04e1e0f895

SHA512
7c69e576b01642ecd7dd5fe9531f90608fa9ade9d98a364bcc81ccd0da4daef55fd0babc6cb35bff2963274d09ef0cd2f9bce8839040776577b4e6a86eb5add5

Download Submit
C:\Users\Admin\AppData\Local\Temp\datF165.tmp

Filesize
140KB

MD5
e204643042591aeec2043c5eae255099

SHA1
ba5f2f94740400f540befc89f1c4d022a26faa84

SHA256
7f58f56a7a353f8fc78ec2757394a7c7f28165e6bbf2a37d6a6e48e845874f3e

SHA512
7196c5b8e88100a08eb296be7570df4d045268ad6bab1c45ebaa9063aa9b46b8896886e24a9f861e322b167dd95e18d5a18abb76f1bb01c8bc85c36bead855ef

Download Submit
C:\Users\Admin\AppData\Local\Temp\datF176.tmp

Filesize
139KB

MD5
dfce51814cf6d2f42375f948602cd99d

SHA1
766e162ff305343010b67fbaa28b36af277c5b34

SHA256
7a8a945586a1d21d2922cb4aed9e28d872129f6c396ac69f47ef3e32ea972ba0

SHA512
2c9489c18719ad29928e86a9e631e080b024c882a77a582f40f4f86f625de9b08ad3c09710d5ee32b5cae5284fd960f412f05290bdb3b4709f097b269b99ce21

Download Submit
C:\Users\Admin\AppData\Local\Temp\datF177.tmp

Filesize
103KB

MD5
fa794ec12d353c26805ff53821331fc2

SHA1
cbc6658badeda2ad9b0d2e03a0a35ff7fbba542a

SHA256
cfdbd8a2aa463c11e483dc10c480acd274e9786632f5571a3970e8a20a2d8237

SHA512
1161afdbf6fc9b74421031fe6e139587f291ffaec03cae4aa76c1a86e10a69c7b1602ecbfbf60287ce8ed926377ad159992cde605ba98e75b212e971b7e14f18

Download Submit
C:\Users\Admin\AppData\Local\Temp\{97CB8E9A-077D-41A6-898A-B93756D9E5DE}\carousel\Dictionary\cs_cz\locale.json

Filesize
405B

MD5
0e66bd0983b2c3516613cc751d69971b

SHA1
551c857dad708f8e0ddc6b618de7966c254abe0e

SHA256
7d3aecdf9b1ea5128ef87a1e6e74dc3e283fb28dd6af8113b4e99040b15747d4

SHA512
44779ee6d29d2747774726b2c3f76a41e6775548d57705f16d59ad3a4ca1be44fb6cd12d1ef0f6f8f228911fc317f6451c403d04f6f1fefb097c8763d5801087

Download Submit
C:\Users\Admin\AppData\Local\Temp\{97CB8E9A-077D-41A6-898A-B93756D9E5DE}\carousel\Dictionary\de_de\locale.json

Filesize
386B

MD5
d3f198446f78d6e17d85882563ea6b36

SHA1
3bc7c9cc9182935e4ea000ff951ce9493b99fd70

SHA256
e683843b5ecbe6bafd03c26c3762e9e4fe37cb5dc1d9a7188c9158553f3ccdca

SHA512
d3516f25c4f62a5f0787a173f73e001a149e9fbead9ca85964b94f1786635b246ddf182cbf6a46607938c24928939f41c1812db6b9260a81b70cc20b8722d046

Download Submit
C:\Users\Admin\AppData\Local\Temp\{97CB8E9A-077D-41A6-898A-B93756D9E5DE}\carousel\Dictionary\en_US\locale.json

Filesize
353B

MD5
031aa6225b953a69e223fc71566058b7

SHA1
45a89a91cc432bdb698be076c8cc1db027b3d50c

SHA256
b754524e0f798d8db77bc777a0fed09978fd3fc9d4494f227b7fe07185efd9ce

SHA512
e61497f74508016c8ad755701c907d2d5e053f6e2d7b1228feb0b9276b8ad202975d81ab2806d5c3593adf6ca1bd320d6bbd6a59e565ed300060e851867b52d3

Download Submit
C:\Users\Admin\AppData\Local\Temp\{97CB8E9A-077D-41A6-898A-B93756D9E5DE}\carousel\Dictionary\es_es\locale.json

Filesize
390B

MD5
592ebf7fadf7792f05ddae25d75a9d59

SHA1
2853af5a44ee3163261bb471cb7a33f0a0bb2ed6

SHA256
1f10dc92034244bbe5435c8d0029773025b929a36f3d30a4a5a3a4526d8a874e

SHA512
59ebddad4576a121b43181547cf0f806e7fc1192428e782233f3e20c4b75e0e7a2febfa809efe7f9296eed38ccc63f9d4f6850c8cdbaabf06ae99d80c93f2f9b

Download Submit
C:\Users\Admin\AppData\Local\Temp\{97CB8E9A-077D-41A6-898A-B93756D9E5DE}\carousel\Dictionary\fr_fr\locale.json

Filesize
383B

MD5
47c7066b8c2d86ae7047ba355e57230a

SHA1
5702d5eae9b69896db0e2c9ebe8d6f7b83abc6c1

SHA256
e9c432fa590566d463502adcd51a129f789ebc01c59f6409c5734a0109f05156

SHA512
58a0da179b19c507f1ffe8fe4ca1312f2f0c8799c8f4f53a279b1bdfde311105c76bac187ea179598dc7d13fd32fd002fe0f06f5aa1b1a67cf147e7a02dd9f9f

Download Submit
C:\Users\Admin\AppData\Local\Temp\{97CB8E9A-077D-41A6-898A-B93756D9E5DE}\carousel\Dictionary\it_it\locale.json

Filesize
495B

MD5
78d8a38ab29f2c70fc0552038763561c

SHA1
51ef11689a9e8fd6cf629e2c0238e12d59341e72

SHA256
2c5ffe288391affe2accc1988900d02c3517b652881fba852994d459434239ac

SHA512
969cabda8324cdf3a9cbe0b0b8fdd2a611ef3b813c012a749a89d792c9a9c6ef3ee513c53b76065efd6d1e93ddfa5c31510bf3e25be2fcb86592988cb4abe591

Download Submit
C:\Users\Admin\AppData\Local\Temp\{97CB8E9A-077D-41A6-898A-B93756D9E5DE}\carousel\Dictionary\ja_jp\locale.json

Filesize
435B

MD5
8eefa1bb3912183d9e3438f91c098841

SHA1
d06c23d25afc8672eace3d214798c5122b664ca7

SHA256
919cba4b8a59f6b69ce16011e50f3bafc76efe58b21032501626cac364d48e9d

SHA512
5027e49717b19842438388b57232b8739e8a1cf15642bf9806e7eb5a749ed9c7a102d2c876cc8d9cf2113558509965cd638b128519071ff6cb06e1b4d5ac7af7

Download Submit
C:\Users\Admin\AppData\Local\Temp\{97CB8E9A-077D-41A6-898A-B93756D9E5DE}\carousel\Dictionary\ko_kr\locale.json

Filesize
406B

MD5
3a504ea81ba343fab1ebe2a10efaa1a2

SHA1
eddd814cf6ba568a80553a5516bd588b18ce5a52

SHA256
9b4e351eb416e95f6843224227857c528dce2d7a8bd64876204879138208951e

SHA512
57a52b016801fef387c8d33b483dce4d5bd518bd9989ffaf775df4b4dd1bc83e614bf3ace69f779c5047b0bde6b7b4db861530700523acf25110d8846b7e13e4

Download Submit
C:\Users\Admin\AppData\Local\Temp\{97CB8E9A-077D-41A6-898A-B93756D9E5DE}\carousel\Dictionary\nl_nl\locale.json

Filesize
386B

MD5
c4d0d42780213ddf399e83c60e8f25ca

SHA1
55c4589f3d9a514dee78fd47e7c3696b3df60c79

SHA256
416b4f94812ac0b6bbeb1a5e4f06e587f4ecad75b8efa02072eb7ae92b622b34

SHA512
74edb2fdbdb07a4fef43f3b61bf08188f4ba24cabd75c50c2e53210ea38e345ac7211dab5e761dccb6e0aadfe901b81cf27ec851b640474ab9979996c8841398

Download Submit
C:\Users\Admin\AppData\Local\Temp\{97CB8E9A-077D-41A6-898A-B93756D9E5DE}\carousel\Dictionary\pl_pl\locale.json

Filesize
415B

MD5
440e7340c381b936d04d8206e966d44b

SHA1
3f5743e2392c734a546f7b9f75b616ae4a121f40

SHA256
7aa4d5a764e0f0a9649a5faa24f14206d0ae44f3e386ed002df2e6f5d359f0a3

SHA512
3adac1c7c6dffd76f6196414919b051cb9152ea073df1313aaff549b7d8d77b73683a83ce03fd87af6a10a6c9223a07c05130d8e96b9d998dc0104fdadee5b80

Download Submit
C:\Users\Admin\AppData\Local\Temp\{97CB8E9A-077D-41A6-898A-B93756D9E5DE}\carousel\Dictionary\ru_ru\locale.json

Filesize
626B

MD5
3f1235f9c362e368fe52fd708da455b5

SHA1
88bb2da22e940527b61ceceb4d78c992af78126f

SHA256
454f7fe589e1e08f2cf112eddaa839b60951698a84ba87e7767d4dbbcb3a038b

SHA512
d1dce3df39db2db386545f71a5a67b0725906878983944bc97ddb3c95f706cdc71a7a04d717a28428a7e682adcaf40f2f94561c681f4790989876f5c1bdb2bc5

Download Submit
C:\Users\Admin\AppData\Local\Temp\{97CB8E9A-077D-41A6-898A-B93756D9E5DE}\carousel\Dictionary\sv_se\locale.json

Filesize
378B

MD5
690dbabeee5810ae5b68027eeb148f1a

SHA1
f1624c92497acdfbc53ffb5a891c545b293d01c7

SHA256
270157002492ad80fff2d47f9cdc0257b72bafed053556ddd5b14c910c6a9a8e

SHA512
01f685608ffe85b4beb4bdf20b701944f7b83ab0fbb90b39f379053285e058610fa9f4c6671f4055586674a9a3a849a2784ddede476e4677be9667f3faad8b14

Download Submit
C:\Users\Admin\AppData\Local\Temp\{97CB8E9A-077D-41A6-898A-B93756D9E5DE}\carousel\Dictionary\zh_cn\locale.json

Filesize
360B

MD5
9fcab8f3d4f4840c927531f5975109c9

SHA1
d433d4dfc1fdac136057f8fd551db01727a749bb

SHA256
b103e04a7ddbeefb389641dd93fafee6119f3316f4133702bb3af38bae92fb4f

SHA512
05a947de06e5594ff031fa4b9aeea39725db4648308ebe7bf12d4db875abadfa4f3982b77c5435de9d498da905ae8c8c69b96bc1dda954288b7f9d7a66701496

Download Submit
C:\Users\Admin\AppData\Local\Temp\{97CB8E9A-077D-41A6-898A-B93756D9E5DE}\carousel\Dictionary\zh_tw\locale.json

Filesize
361B

MD5
bebb9ba86d130666f1dcaf88abac5d9a

SHA1
e07ea165fdfcaa1b073f77f891c248b1669235cb

SHA256
efc69bc38f34fccaaa7fa985dfbd75c0196da23971fba3df349cb8953657e7b0

SHA512
aedd79f53b6f2a923714965320db4e648f8560b6a6d3e53d39b36d16a55d1f9f19bc898b9aad4efe441392dc424936d0b7e04d0a15f1423dd5dec81a7a55d90a

Download Submit
C:\Users\Admin\AppData\Local\Temp\{97CB8E9A-077D-41A6-898A-B93756D9E5DE}\carousel\carousel.js

Filesize
2KB

MD5
755a1bb2b209c2dc7a05c32a7a461ec4

SHA1
115952f7486d5552ee157ad18ae20ba9e7cf6594

SHA256
f771ce5c2a69e92f808fe856ce473786b9d14067681c501b7fcc87caa1125e97

SHA512
764fee2f12ddf5b6b7d98c56a289289e44ad65d3ab022b723611d48eb4b59df2d48452ae3f99ce6d9d1cfcbb0ac28944c5b3257ea00ba055a210c97130887e66

Download Submit
C:\Users\Admin\AppData\Local\Temp\{97CB8E9A-077D-41A6-898A-B93756D9E5DE}\carousel\css\fonts\adobeclean\adobeclean-regular-webfont.woff

Filesize
30KB

MD5
6af297e58edc414ee90c76c2d3ea8678

SHA1
7497d181cd6fe3a4b01a4f8b6ba6a47d3fa54333

SHA256
3e8f59db6dfae287af8dccc0fdf5e15a8aa2a954c2c232bc6c64536e1a27eaa5

SHA512
61e14f8e605c4d2b52c9a874f40e73fde43625bc468ba3c7316e7672cffd05b7c1766c875fc1b48218bd2b6856226645ee9bcb45810eb7121c5dbd0c184b7d0a

Download Submit
C:\Users\Admin\AppData\Local\Temp\{97CB8E9A-077D-41A6-898A-B93756D9E5DE}\carousel\css\styles.css

Filesize
189B

MD5
3a0ec2d2c5020a3cf45c13a87434b285

SHA1
12275d4d51de801ce28c88a0c246de22c6d08120

SHA256
406288e48ced388744e5165a1ec4266f419cc409e4a70036e4b15a93af5c42ab

SHA512
a7c6d55f64d91e5d71661e040f4d06d2c873e0b2d2a3b2e52ff60d230a7c7c0924cd0ddc4dc124d53736c934023a27d6ed77c1266732f0b5de5dc75b02715c8b

Download Submit
C:\Users\Admin\AppData\Local\Temp\{97CB8E9A-077D-41A6-898A-B93756D9E5DE}\carousel\images\01_creativity_for_all_445x239.mp4

Filesize
984KB

MD5
81e4c33fad74a5bd58008f4b1525adf1

SHA1
6ce7f599a1319495be5b677fdca16fdd433bebd3

SHA256
7a3e8435aa3383576ff1a19abc639c5f4539fec6d4023a82889378b221dbdd97

SHA512
8af1037e6a68882563dc8a85f0f14902043226b9bdd771a160ec838b83ebecbba4cccf88ade63e1437eb34cde98a90b4a9614488613cd3859d87a4e114731869

Download Submit
C:\Users\Admin\AppData\Local\Temp\{97CB8E9A-077D-41A6-898A-B93756D9E5DE}\carousel\index.html

Filesize
2KB

MD5
e89a10413d61d0f8e20366fc168e60bb

SHA1
3ff1aa248751d03ba5dc7b25e11db87e694cc6bf

SHA256
679419e78e55488f0625cf74673bc365176093783b34331227997fa075ff4c43

SHA512
0a70c72b523a74292f72e20ae44221ea10dfbd93532d6fc32dfaf24f0bf8e31d64e89a9a385d05453c52b88ffd80c7a80c9b98bada37ee2e06d13fff5ec32e05

Download Submit
C:\Users\Admin\AppData\Local\Temp\{97CB8E9A-077D-41A6-898A-B93756D9E5DE}\carousel\lib\jquery.min.js

Filesize
91KB

MD5
e1288116312e4728f98923c79b034b67

SHA1
8b6babff47b8a9793f37036fd1b1a3ad41d38423

SHA256
ba6eda7945ab8d7e57b34cc5a3dd292fa2e4c60a5ced79236ecf1a9e0f0c2d32

SHA512
bf28a9a446e50639a9592d7651f89511fc4e583e213f20a0dff3a44e1a7d73ceefdb6597db121c7742bde92410a27d83d92e2e86466858a19803e72a168e5656

Download Submit
C:\Users\Admin\AppData\Local\Temp\{97CB8E9A-077D-41A6-898A-B93756D9E5DE}\common.js

Filesize
2KB

MD5
d98f70ffd105672292755a37f173c2ec

SHA1
c0154add295ac052f234a0282a62b704cdd01998

SHA256
257a42f797f140667c81930001e73943bfc243d50bcc775f75d0334a2d2cf2c3

SHA512
1909cc7e4da0949a469852240be2205209968b18b99f7d967bc0231de33d03c7cbaa9578972e30e95e6d7017aebf9cd70a55ba22cdc9d5774d2a237d3eb0971b

Download Submit
C:\Users\Admin\AppData\Local\Temp\{97CB8E9A-077D-41A6-898A-B93756D9E5DE}\images\productIcon.png

Filesize
1KB

MD5
930eb6f1ca2dd339b2cfaa23f3e7c4cd

SHA1
16f569b9785919d0b6a939aa4f2b3e64b0966a85

SHA256
ac5b06748aacc67f7aa9257c2f5ab1d3a81077271b4ea69d24daa3be616679b8

SHA512
7e025d0895cea47ad93dd527d7b4a6777a00879351adf176f08bb408ca5f43db348fb9217d45c44d86bb7f2e6ca4ae4fb57fe093a616c9db9f28765fb1771532

Download Submit
C:\Users\Admin\AppData\Local\Temp\{97CB8E9A-077D-41A6-898A-B93756D9E5DE}\images\productIcon2x.png

Filesize
2KB

MD5
69d2b84603309bed326301ca60dc01ba

SHA1
700351e3f8b9e7247a78185201121c50945b42d1

SHA256
de028e7aebdb9d6a7aec2668b15ff42936da28ea73c8ffb969fe58025d63707d

SHA512
ea1b501847d28e8c0a27fadc6b64e6eabaa9aa09d30e39076d2c25e15ae20d36afe1d760da112a38a3b7c80a54304fd5f62cd9324a8d38fbf1e13e892a672a82

Download Submit
C:\Users\Admin\AppData\Local\Temp\{97CB8E9A-077D-41A6-898A-B93756D9E5DE}\lib\jquery.custom-scrollbar.min.js

Filesize
14KB

MD5
ab3adf4aff09a1c562a29db05795c8ab

SHA1
f6c3f470aea0678945cb889f518a0e9a5ce44342

SHA256
d05e193674c6fc31de0503cbc0b152600f22689ad7ad72adb35fcc7c25d4b01b

SHA512
44dfc748d0bd84f123f9d3f62d5ea137d9128d5bdbe45da9a8666d09039eb179acf0dbb3030e09896fd61e7aa5ae6dfaffe9258d80949a64d0a7e45037791fb4

Download Submit
C:\Users\Admin\AppData\Local\Temp\{97CB8E9A-077D-41A6-898A-B93756D9E5DE}\lib\jquery.placeholder.min.js

Filesize
3KB

MD5
e13f16e89fff39422bbb2cb08a015d30

SHA1
e7cacaf84f53997dd096afd1c5f350fd3e7c6ce9

SHA256
24320add10244d1834052c7e75b853aa2d164601c9d09220a9f9ac1f0ae44afe

SHA512
aad811f03f59f799da4b8fc4f859b51c39f132b7ddbffadabe4ec2373bd340617d6fe98761d1fb86d77606791663b387d98a60fba9cee5d99c34f683bcb8d1f9

Download Submit
C:\Users\Admin\AppData\Local\Temp\{97CB8E9A-077D-41A6-898A-B93756D9E5DE}\main.html

Filesize
8KB

MD5
f4b7942d6563727bd614f10da0f38445

SHA1
84f22240f7a5ed1c23b09e8677ac2ac3cd4e26f9

SHA256
e4bedde22ed405d291c746440a824d5f8527fb232e7a6be2ed9a76465d82f8dc

SHA512
f79b24ac78863a4ed87d41f37b2a5bc27017ebc5317f0a305d676090a16aee8a61384b476e7e9a68a024aa8da4784c1bd4f118766caf4450ec97af430e7074af

Download Submit
C:\Users\Admin\AppData\Local\Temp\{97CB8E9A-077D-41A6-898A-B93756D9E5DE}\main.js

Filesize
58KB

MD5
a8f9eb478c7512c98ca1ad46dbcc298a

SHA1
454226dc42b911caafc9a1e56d8ad0000bbb7643

SHA256
1df6cbdc80c1df47d93d6e7516a2d7017362413a6b9d93634e143856695c3645

SHA512
ae3198cc6ae739f3009359988f5c090664e5fe8422ad1cf739fe316e66f344c10385d1f841c7b0e3ca9f7997c79d95fa0559386b6dec10641ceb8c290b14f5b3

Download Submit
C:\Users\Admin\AppData\Local\Temp\{A4658B1F-AE7C-4B85-BC7E-347E76C01124}\Dictionary\en_US.json

Filesize
72KB

MD5
c693e1bd4feda683ae5c71f2bd6b9de8

SHA1
2f3c32dbb95623c52ebf3b608074afdfbcbf050a

SHA256
5dffe13d4c72f59dbc6f8efb439350518acd4e8e07efa124973cfd1a625f60d4

SHA512
a48c520b1432f208f7494759d316cf2411163373ef7ba5bb2b2121b4520beb2932d4ea612e9d2dc8997b6221fa2d44c9312928c79394a5d8c577fa39aa5007d6

Download Submit
C:\Users\Admin\AppData\Local\Temp\{A4658B1F-AE7C-4B85-BC7E-347E76C01124}\clean.css

Filesize
702KB

MD5
4f3364af3e396f92a8826532bfb1a7e5

SHA1
7f7b613435ece78a358f2066287c2f2c3c6aa168

SHA256
45b9b77499356527e9047256db96a542a720bf075d67e9f6ba55d51fd562339e

SHA512
c022a28656483106095967ec4d57eb743d04f029406c2c553c9d19c103520e274c0eea19f411bdb7ae16f388211c456a413df5a0a6097036deb0010573d49c72

Download Submit
C:\Users\Admin\AppData\Local\Temp\{A4658B1F-AE7C-4B85-BC7E-347E76C01124}\common.css

Filesize
2KB

MD5
1265d497504870d225452b3309b0e06b

SHA1
29a3b783e6f2f2cd3f6d08833b83c7848f8e3450

SHA256
4273a5d4ef990dead6cabe760c27b25f7fcf8a51177f1b31813ad8866a565330

SHA512
9aa8b24e800a619651699c193a7747b8673a3cd4f8a5d3b16ee35f5ef6161f953a904631b97d118339332a3d2c7292c910802f6e1518db18d48fab5e9eb91681

Download Submit
C:\Users\Admin\AppData\Local\Temp\{A4658B1F-AE7C-4B85-BC7E-347E76C01124}\main.css

Filesize
16KB

MD5
ee23e36c90c9fccd530504285d371ac3

SHA1
7a4e24d18ec723d38cd922e3845ff290f0299e15

SHA256
32616e0764c80efb4607a0dccfec7cf7862886c4ae80e6405dc3cc5c62cd0f82

SHA512
542937075a96f6afb8170c6f41915efeec5e067803606c2a26d29e6c990d93a255ad8cea18600cd0825a0c91ff935d057870a1724062543a8e2bc09c4041b375

Download Submit
C:\Users\Admin\Downloads\Adobe Photoshop 2024\packages\ACC64\3DI\3DI.pima

Filesize
190B

MD5
bfa2825492d0d648a227b6d8a0662e83

SHA1
0c3f1c5fba466792398104812e944a6cd3a9b78d

SHA256
95514c3e12a559ee471e63b22b1b00aff1afe2e0fc60415d022be23df676bc1d

SHA512
68159d2ebc5b4416e448f0fc6960703e826bd01137d18a7a4616619a2090a903ccad1059e29941b08d9c2c881dbb9051ef2d91fa58472dfae1c28ab6da4a62f2

Download Submit