hxxps://drive[.]google[.]com/file/d/1UaWK9hZG2xEQfDprNmive20n-OwNK9-4/view

Analysis

max time kernel
384s
max time network
374s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
22-11-2024 06:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1UaWK9hZG2xEQfDprNmive20n-OwNK9-4/view

Score

8^/10

discovery persistence privilege_escalation

Malware Config

Signatures

Downloads MZ/PE file
Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
persistence privilege_escalation

Component Object Model Hijacking
T1546.015

Executes dropped EXE 7 IoCs

pid	Process
4828	7z2408-x64 (1).exe
5448	7z2408-x64 (1).exe
2624	7zG.exe
2760	Set-up.exe
5236	Set-up.exe
2576	Set-up.exe
4236	Set-up.exe

Loads dropped DLL 2 IoCs

pid	Process
3416	Process not Found
2624	7zG.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
4	drive.google.com
8	drive.google.com

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\7-Zip\Lang\zh-cn.txt	7z2408-x64 (1).exe
File opened for modification	C:\Program Files\7-Zip\Lang\ne.txt	7z2408-x64 (1).exe
File opened for modification	C:\Program Files\7-Zip\Lang\es.txt	7z2408-x64 (1).exe
File opened for modification	C:\Program Files\7-Zip\Lang\gu.txt	7z2408-x64 (1).exe
File opened for modification	C:\Program Files\7-Zip\Lang\hu.txt	7z2408-x64 (1).exe
File opened for modification	C:\Program Files\7-Zip\Lang\az.txt	7z2408-x64 (1).exe
File opened for modification	C:\Program Files\7-Zip\Lang\sv.txt	7z2408-x64 (1).exe
File opened for modification	C:\Program Files\7-Zip\7-zip.chm	7z2408-x64 (1).exe
File opened for modification	C:\Program Files\7-Zip\Lang\ug.txt	7z2408-x64 (1).exe
File opened for modification	C:\Program Files\7-Zip\Lang\bg.txt	7z2408-x64 (1).exe
File opened for modification	C:\Program Files\7-Zip\Lang\mn.txt	7z2408-x64 (1).exe
File opened for modification	C:\Program Files\7-Zip\Lang\sw.txt	7z2408-x64 (1).exe
File opened for modification	C:\Program Files\7-Zip\Lang\es.txt	7z2408-x64 (1).exe
File opened for modification	C:\Program Files\7-Zip\Lang\hr.txt	7z2408-x64 (1).exe
File opened for modification	C:\Program Files\7-Zip\Lang\be.txt	7z2408-x64 (1).exe
File opened for modification	C:\Program Files\7-Zip\Lang\is.txt	7z2408-x64 (1).exe
File opened for modification	C:\Program Files\7-Zip\7-zip.dll	7z2408-x64 (1).exe
File opened for modification	C:\Program Files\7-Zip\Lang\cy.txt	7z2408-x64 (1).exe
File opened for modification	C:\Program Files\7-Zip\Lang\hi.txt	7z2408-x64 (1).exe
File opened for modification	C:\Program Files\7-Zip\Lang\ru.txt	7z2408-x64 (1).exe
File opened for modification	C:\Program Files\7-Zip\Lang\sl.txt	7z2408-x64 (1).exe
File opened for modification	C:\Program Files\7-Zip\Lang\it.txt	7z2408-x64 (1).exe
File opened for modification	C:\Program Files\7-Zip\Lang\nn.txt	7z2408-x64 (1).exe
File opened for modification	C:\Program Files\7-Zip\Lang\ku-ckb.txt	7z2408-x64 (1).exe
File opened for modification	C:\Program Files\7-Zip\Lang\nl.txt	7z2408-x64 (1).exe
File opened for modification	C:\Program Files\7-Zip\Lang\bn.txt	7z2408-x64 (1).exe
File opened for modification	C:\Program Files\7-Zip\Lang\sw.txt	7z2408-x64 (1).exe
File opened for modification	C:\Program Files\7-Zip\Lang\ta.txt	7z2408-x64 (1).exe
File opened for modification	C:\Program Files\7-Zip\Lang\sr-spl.txt	7z2408-x64 (1).exe
File opened for modification	C:\Program Files\7-Zip\Lang\ba.txt	7z2408-x64 (1).exe
File opened for modification	C:\Program Files\7-Zip\Lang\de.txt	7z2408-x64 (1).exe
File opened for modification	C:\Program Files\7-Zip\Lang\hr.txt	7z2408-x64 (1).exe
File opened for modification	C:\Program Files\7-Zip\Lang\an.txt	7z2408-x64 (1).exe
File opened for modification	C:\Program Files\7-Zip\Lang\kab.txt	7z2408-x64 (1).exe
File opened for modification	C:\Program Files\7-Zip\7zG.exe	7z2408-x64 (1).exe
File opened for modification	C:\Program Files\7-Zip\Lang\ba.txt	7z2408-x64 (1).exe
File opened for modification	C:\Program Files\7-Zip\Lang\sv.txt	7z2408-x64 (1).exe
File opened for modification	C:\Program Files\7-Zip\Lang\eo.txt	7z2408-x64 (1).exe
File opened for modification	C:\Program Files\7-Zip\Lang\tr.txt	7z2408-x64 (1).exe
File opened for modification	C:\Program Files\7-Zip\Lang\vi.txt	7z2408-x64 (1).exe
File opened for modification	C:\Program Files\7-Zip\Lang\fi.txt	7z2408-x64 (1).exe
File opened for modification	C:\Program Files\7-Zip\Lang\lt.txt	7z2408-x64 (1).exe
File opened for modification	C:\Program Files\7-Zip\Lang\mr.txt	7z2408-x64 (1).exe
File opened for modification	C:\Program Files\7-Zip\Lang\si.txt	7z2408-x64 (1).exe
File opened for modification	C:\Program Files\7-Zip\Lang\nb.txt	7z2408-x64 (1).exe
File opened for modification	C:\Program Files\7-Zip\Lang\id.txt	7z2408-x64 (1).exe
File opened for modification	C:\Program Files\7-Zip\Lang\zh-tw.txt	7z2408-x64 (1).exe
File opened for modification	C:\Program Files\7-Zip\Lang\ja.txt	7z2408-x64 (1).exe
File opened for modification	C:\Program Files\7-Zip\Uninstall.exe	7z2408-x64 (1).exe
File opened for modification	C:\Program Files\7-Zip\Lang\pt-br.txt	7z2408-x64 (1).exe
File opened for modification	C:\Program Files\7-Zip\7-zip32.dll	7z2408-x64 (1).exe
File opened for modification	C:\Program Files\7-Zip\Lang\sr-spc.txt	7z2408-x64 (1).exe
File opened for modification	C:\Program Files\7-Zip\Lang\tk.txt	7z2408-x64 (1).exe
File opened for modification	C:\Program Files\7-Zip\7-zip.dll	7z2408-x64 (1).exe
File opened for modification	C:\Program Files\7-Zip\Lang\ext.txt	7z2408-x64 (1).exe
File opened for modification	C:\Program Files\7-Zip\Lang\sr-spc.txt	7z2408-x64 (1).exe
File opened for modification	C:\Program Files\7-Zip\Lang\ku-ckb.txt	7z2408-x64 (1).exe
File opened for modification	C:\Program Files\7-Zip\readme.txt	7z2408-x64 (1).exe
File opened for modification	C:\Program Files\7-Zip\Lang\sk.txt	7z2408-x64 (1).exe
File opened for modification	C:\Program Files\7-Zip\7zG.exe	7z2408-x64 (1).exe
File opened for modification	C:\Program Files\7-Zip\Lang\ga.txt	7z2408-x64 (1).exe
File opened for modification	C:\Program Files\7-Zip\Lang\gu.txt	7z2408-x64 (1).exe
File opened for modification	C:\Program Files\7-Zip\Lang\mng2.txt	7z2408-x64 (1).exe
File opened for modification	C:\Program Files\7-Zip\Lang\id.txt	7z2408-x64 (1).exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 4 IoCs

pid	pid_target	Process	procid_target
5052	2760	WerFault.exe	150
5708	5236	WerFault.exe	158
3720	2576	WerFault.exe	167
3164	4236	WerFault.exe	171

System Location Discovery: System Language Discovery 1 TTPs 6 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7z2408-x64 (1).exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7z2408-x64 (1).exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Set-up.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Set-up.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Set-up.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Set-up.exe

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	taskmgr.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies Internet Explorer settings 1 TTPs 5 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	Set-up.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\Set-up.exe = "10001"	Set-up.exe
Key created	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	Set-up.exe
Key created	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	Set-up.exe
Key created	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	Set-up.exe

Modifies registry class 42 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2408-x64 (1).exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}	7z2408-x64 (1).exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32	7z2408-x64 (1).exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ThreadingModel = "Apartment"	7z2408-x64 (1).exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2408-x64 (1).exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2408-x64 (1).exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ThreadingModel = "Apartment"	7z2408-x64 (1).exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\7-Zip	7z2408-x64 (1).exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\7-Zip	7z2408-x64 (1).exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2408-x64 (1).exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\ = "7-Zip Shell Extension"	7z2408-x64 (1).exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\ = "7-Zip Shell Extension"	7z2408-x64 (1).exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ = "C:\\Program Files\\7-Zip\\7-zip.dll"	7z2408-x64 (1).exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip	7z2408-x64 (1).exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\7-Zip	7z2408-x64 (1).exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}	7z2408-x64 (1).exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ThreadingModel = "Apartment"	7z2408-x64 (1).exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}	7z2408-x64 (1).exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\7-Zip	7z2408-x64 (1).exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip	7z2408-x64 (1).exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\7-Zip	7z2408-x64 (1).exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ = "C:\\Program Files\\7-Zip\\7-zip32.dll"	7z2408-x64 (1).exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32	7z2408-x64 (1).exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\ = "7-Zip Shell Extension"	7z2408-x64 (1).exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32	7z2408-x64 (1).exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\7-Zip	7z2408-x64 (1).exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32	7z2408-x64 (1).exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip	7z2408-x64 (1).exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2408-x64 (1).exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2408-x64 (1).exe
Key created	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings	msedge.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2408-x64 (1).exe
Key created	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000_Classes\Local Settings	OpenWith.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\ = "7-Zip Shell Extension"	7z2408-x64 (1).exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2408-x64 (1).exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}	7z2408-x64 (1).exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ = "C:\\Program Files\\7-Zip\\7-zip.dll"	7z2408-x64 (1).exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ = "C:\\Program Files\\7-Zip\\7-zip32.dll"	7z2408-x64 (1).exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ThreadingModel = "Apartment"	7z2408-x64 (1).exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2408-x64 (1).exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip	7z2408-x64 (1).exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2408-x64 (1).exe

Modifies system certificate store 2 TTPs 3 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25	Set-up.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 040000000100000010000000d474de575c39b2d39c8583c5c065498a0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25190000000100000010000000ba4f3972e7aed9dccdc210db59da13c92000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	Set-up.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 5c000000010000000400000000080000190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc36200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8040000000100000010000000d474de575c39b2d39c8583c5c065498a2000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	Set-up.exe

NTFS ADS 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 655590.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 215084.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
1584	msedge.exe
1584	msedge.exe
5036	msedge.exe
5036	msedge.exe
3588	identity_helper.exe
3588	identity_helper.exe
2872	msedge.exe
2872	msedge.exe
2872	msedge.exe
2872	msedge.exe
2528	msedge.exe
2528	msedge.exe
5620	msedge.exe
5620	msedge.exe
5392	taskmgr.exe
5392	taskmgr.exe
5392	taskmgr.exe
5392	taskmgr.exe
5392	taskmgr.exe
5392	taskmgr.exe
5392	taskmgr.exe
5392	taskmgr.exe
5392	taskmgr.exe
5392	taskmgr.exe
5392	taskmgr.exe
5392	taskmgr.exe
5392	taskmgr.exe
5392	taskmgr.exe
5392	taskmgr.exe
5392	taskmgr.exe
5392	taskmgr.exe
5392	taskmgr.exe
5392	taskmgr.exe
5392	taskmgr.exe
5392	taskmgr.exe
5392	taskmgr.exe
5392	taskmgr.exe
5392	taskmgr.exe
5392	taskmgr.exe
5392	taskmgr.exe
5392	taskmgr.exe
5392	taskmgr.exe
5392	taskmgr.exe
5392	taskmgr.exe
5392	taskmgr.exe
5392	taskmgr.exe
5392	taskmgr.exe
5392	taskmgr.exe
5392	taskmgr.exe
5392	taskmgr.exe
5392	taskmgr.exe
5392	taskmgr.exe
5392	taskmgr.exe
5392	taskmgr.exe
5392	taskmgr.exe
5392	taskmgr.exe
5392	taskmgr.exe
5392	taskmgr.exe
5392	taskmgr.exe
5392	taskmgr.exe
5392	taskmgr.exe
5392	taskmgr.exe
5392	taskmgr.exe
5392	taskmgr.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
2444	OpenWith.exe
5392	taskmgr.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 28 IoCs

pid	Process
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe

Suspicious use of AdjustPrivilegeToken 7 IoCs

description	pid	Process
Token: SeRestorePrivilege	2624	7zG.exe
Token: 35	2624	7zG.exe
Token: SeSecurityPrivilege	2624	7zG.exe
Token: SeSecurityPrivilege	2624	7zG.exe
Token: SeDebugPrivilege	5392	taskmgr.exe
Token: SeSystemProfilePrivilege	5392	taskmgr.exe
Token: SeCreateGlobalPrivilege	5392	taskmgr.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5036	msedge.exe
5392	taskmgr.exe
5392	taskmgr.exe
5392	taskmgr.exe
5392	taskmgr.exe
5392	taskmgr.exe
5392	taskmgr.exe
5392	taskmgr.exe
5392	taskmgr.exe
5392	taskmgr.exe
5392	taskmgr.exe
5392	taskmgr.exe
5392	taskmgr.exe
5392	taskmgr.exe
5392	taskmgr.exe
5392	taskmgr.exe
5392	taskmgr.exe
5392	taskmgr.exe
5392	taskmgr.exe
5392	taskmgr.exe
5392	taskmgr.exe
5392	taskmgr.exe
5392	taskmgr.exe
5392	taskmgr.exe
5392	taskmgr.exe
5392	taskmgr.exe
5392	taskmgr.exe
5392	taskmgr.exe
5392	taskmgr.exe
5392	taskmgr.exe
5392	taskmgr.exe
5392	taskmgr.exe
5392	taskmgr.exe

Suspicious use of SetWindowsHookEx 19 IoCs

pid	Process
4828	7z2408-x64 (1).exe
2444	OpenWith.exe
2444	OpenWith.exe
2444	OpenWith.exe
2444	OpenWith.exe
2444	OpenWith.exe
2444	OpenWith.exe
2444	OpenWith.exe
2444	OpenWith.exe
2444	OpenWith.exe
5448	7z2408-x64 (1).exe
2760	Set-up.exe
2760	Set-up.exe
5236	Set-up.exe
5236	Set-up.exe
2576	Set-up.exe
2576	Set-up.exe
4236	Set-up.exe
4236	Set-up.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5036 wrote to memory of 3428	5036	msedge.exe	83
PID 5036 wrote to memory of 3428	5036	msedge.exe	83
PID 5036 wrote to memory of 2684	5036	msedge.exe	84
PID 5036 wrote to memory of 2684	5036	msedge.exe	84
PID 5036 wrote to memory of 2684	5036	msedge.exe	84
PID 5036 wrote to memory of 2684	5036	msedge.exe	84
PID 5036 wrote to memory of 2684	5036	msedge.exe	84
PID 5036 wrote to memory of 2684	5036	msedge.exe	84
PID 5036 wrote to memory of 2684	5036	msedge.exe	84
PID 5036 wrote to memory of 2684	5036	msedge.exe	84
PID 5036 wrote to memory of 2684	5036	msedge.exe	84
PID 5036 wrote to memory of 2684	5036	msedge.exe	84
PID 5036 wrote to memory of 2684	5036	msedge.exe	84
PID 5036 wrote to memory of 2684	5036	msedge.exe	84
PID 5036 wrote to memory of 2684	5036	msedge.exe	84
PID 5036 wrote to memory of 2684	5036	msedge.exe	84
PID 5036 wrote to memory of 2684	5036	msedge.exe	84
PID 5036 wrote to memory of 2684	5036	msedge.exe	84
PID 5036 wrote to memory of 2684	5036	msedge.exe	84
PID 5036 wrote to memory of 2684	5036	msedge.exe	84
PID 5036 wrote to memory of 2684	5036	msedge.exe	84
PID 5036 wrote to memory of 2684	5036	msedge.exe	84
PID 5036 wrote to memory of 2684	5036	msedge.exe	84
PID 5036 wrote to memory of 2684	5036	msedge.exe	84
PID 5036 wrote to memory of 2684	5036	msedge.exe	84
PID 5036 wrote to memory of 2684	5036	msedge.exe	84
PID 5036 wrote to memory of 2684	5036	msedge.exe	84
PID 5036 wrote to memory of 2684	5036	msedge.exe	84
PID 5036 wrote to memory of 2684	5036	msedge.exe	84
PID 5036 wrote to memory of 2684	5036	msedge.exe	84
PID 5036 wrote to memory of 2684	5036	msedge.exe	84
PID 5036 wrote to memory of 2684	5036	msedge.exe	84
PID 5036 wrote to memory of 2684	5036	msedge.exe	84
PID 5036 wrote to memory of 2684	5036	msedge.exe	84
PID 5036 wrote to memory of 2684	5036	msedge.exe	84
PID 5036 wrote to memory of 2684	5036	msedge.exe	84
PID 5036 wrote to memory of 2684	5036	msedge.exe	84
PID 5036 wrote to memory of 2684	5036	msedge.exe	84
PID 5036 wrote to memory of 2684	5036	msedge.exe	84
PID 5036 wrote to memory of 2684	5036	msedge.exe	84
PID 5036 wrote to memory of 2684	5036	msedge.exe	84
PID 5036 wrote to memory of 2684	5036	msedge.exe	84
PID 5036 wrote to memory of 1584	5036	msedge.exe	85
PID 5036 wrote to memory of 1584	5036	msedge.exe	85
PID 5036 wrote to memory of 3636	5036	msedge.exe	86
PID 5036 wrote to memory of 3636	5036	msedge.exe	86
PID 5036 wrote to memory of 3636	5036	msedge.exe	86
PID 5036 wrote to memory of 3636	5036	msedge.exe	86
PID 5036 wrote to memory of 3636	5036	msedge.exe	86
PID 5036 wrote to memory of 3636	5036	msedge.exe	86
PID 5036 wrote to memory of 3636	5036	msedge.exe	86
PID 5036 wrote to memory of 3636	5036	msedge.exe	86
PID 5036 wrote to memory of 3636	5036	msedge.exe	86
PID 5036 wrote to memory of 3636	5036	msedge.exe	86
PID 5036 wrote to memory of 3636	5036	msedge.exe	86
PID 5036 wrote to memory of 3636	5036	msedge.exe	86
PID 5036 wrote to memory of 3636	5036	msedge.exe	86
PID 5036 wrote to memory of 3636	5036	msedge.exe	86
PID 5036 wrote to memory of 3636	5036	msedge.exe	86
PID 5036 wrote to memory of 3636	5036	msedge.exe	86
PID 5036 wrote to memory of 3636	5036	msedge.exe	86
PID 5036 wrote to memory of 3636	5036	msedge.exe	86
PID 5036 wrote to memory of 3636	5036	msedge.exe	86
PID 5036 wrote to memory of 3636	5036	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://drive.google.com/file/d/1UaWK9hZG2xEQfDprNmive20n-OwNK9-4/view
1⤵
- Enumerates system info in registry
- Modifies registry class
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe772746f8,0x7ffe77274708,0x7ffe77274718
  2⤵
  PID:3428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,5442516214806795203,8099518753104139733,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2060 /prefetch:2
  2⤵
  PID:2684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,5442516214806795203,8099518753104139733,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2052,5442516214806795203,8099518753104139733,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2748 /prefetch:8
  2⤵
  PID:3636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,5442516214806795203,8099518753104139733,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
  2⤵
  PID:4092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,5442516214806795203,8099518753104139733,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
  2⤵
  PID:5068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,5442516214806795203,8099518753104139733,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4160 /prefetch:1
  2⤵
  PID:4384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,5442516214806795203,8099518753104139733,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3924 /prefetch:1
  2⤵
  PID:116
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,5442516214806795203,8099518753104139733,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5848 /prefetch:8
  2⤵
  PID:1180
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,5442516214806795203,8099518753104139733,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5848 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2052,5442516214806795203,8099518753104139733,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5920 /prefetch:8
  2⤵
  PID:4024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,5442516214806795203,8099518753104139733,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6088 /prefetch:1
  2⤵
  PID:2200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,5442516214806795203,8099518753104139733,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5620 /prefetch:1
  2⤵
  PID:3528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,5442516214806795203,8099518753104139733,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5432 /prefetch:1
  2⤵
  PID:4520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,5442516214806795203,8099518753104139733,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4756 /prefetch:1
  2⤵
  PID:5292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,5442516214806795203,8099518753104139733,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6092 /prefetch:1
  2⤵
  PID:5300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,5442516214806795203,8099518753104139733,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2344 /prefetch:1
  2⤵
  PID:5828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,5442516214806795203,8099518753104139733,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6420 /prefetch:1
  2⤵
  PID:5928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,5442516214806795203,8099518753104139733,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3640 /prefetch:1
  2⤵
  PID:1456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,5442516214806795203,8099518753104139733,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6128 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,5442516214806795203,8099518753104139733,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3848 /prefetch:1
  2⤵
  PID:3940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,5442516214806795203,8099518753104139733,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3588 /prefetch:1
  2⤵
  PID:5428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,5442516214806795203,8099518753104139733,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5456 /prefetch:1
  2⤵
  PID:4696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,5442516214806795203,8099518753104139733,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:1
  2⤵
  PID:4868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,5442516214806795203,8099518753104139733,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3496 /prefetch:1
  2⤵
  PID:5180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,5442516214806795203,8099518753104139733,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3640 /prefetch:1
  2⤵
  PID:3448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,5442516214806795203,8099518753104139733,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6476 /prefetch:1
  2⤵
  PID:3492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,5442516214806795203,8099518753104139733,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6740 /prefetch:1
  2⤵
  PID:5444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,5442516214806795203,8099518753104139733,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6484 /prefetch:1
  2⤵
  PID:4092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,5442516214806795203,8099518753104139733,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5492 /prefetch:1
  2⤵
  PID:5516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2052,5442516214806795203,8099518753104139733,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=1916 /prefetch:8
  2⤵
  PID:960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2052,5442516214806795203,8099518753104139733,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5224 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,5442516214806795203,8099518753104139733,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5552 /prefetch:1
  2⤵
  PID:5764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,5442516214806795203,8099518753104139733,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6684 /prefetch:1
  2⤵
  PID:5024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2052,5442516214806795203,8099518753104139733,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5452 /prefetch:8
  2⤵
  PID:5404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2052,5442516214806795203,8099518753104139733,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4072 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5620
- C:\Users\Admin\Downloads\7z2408-x64 (1).exe
  "C:\Users\Admin\Downloads\7z2408-x64 (1).exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:4828
- C:\Users\Admin\Downloads\7z2408-x64 (1).exe
  "C:\Users\Admin\Downloads\7z2408-x64 (1).exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:5448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,5442516214806795203,8099518753104139733,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4960 /prefetch:1
  2⤵
  PID:3032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,5442516214806795203,8099518753104139733,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6748 /prefetch:1
  2⤵
  PID:1616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,5442516214806795203,8099518753104139733,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7332 /prefetch:1
  2⤵
  PID:2100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,5442516214806795203,8099518753104139733,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6920 /prefetch:1
  2⤵
  PID:5308

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2652

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2260

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2444

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5028

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap3642:96:7zEvent30068
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
PID:2624

C:\Users\Admin\Downloads\Premiere Pro 2020\Adobe Premiere Pro 2020 v14.0.1.71 Pre-Activated [FileCR]\Set-up.exe
"C:\Users\Admin\Downloads\Premiere Pro 2020\Adobe Premiere Pro 2020 v14.0.1.71 Pre-Activated [FileCR]\Set-up.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Modifies system certificate store
- Suspicious use of SetWindowsHookEx
PID:2760
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2760 -s 2404
  2⤵
  - Program crash
  PID:5052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 2760 -ip 2760
1⤵
PID:2848

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SendNotifyMessage
PID:5392

C:\Users\Admin\Downloads\Premiere Pro 2020\Adobe Premiere Pro 2020 v14.0.1.71 Pre-Activated [FileCR]\Set-up.exe
"C:\Users\Admin\Downloads\Premiere Pro 2020\Adobe Premiere Pro 2020 v14.0.1.71 Pre-Activated [FileCR]\Set-up.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:5236
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 5236 -s 2228
  2⤵
  - Program crash
  PID:5708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 5236 -ip 5236
1⤵
PID:5348

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://filecr.com/
1⤵
PID:5940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffe772746f8,0x7ffe77274708,0x7ffe77274718
  2⤵
  PID:5976

C:\Users\Admin\Downloads\Premiere Pro 2020\Adobe Premiere Pro 2020 v14.0.1.71 Pre-Activated [FileCR]\Set-up.exe
"C:\Users\Admin\Downloads\Premiere Pro 2020\Adobe Premiere Pro 2020 v14.0.1.71 Pre-Activated [FileCR]\Set-up.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2576
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2576 -s 2228
  2⤵
  - Program crash
  PID:3720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 2576 -ip 2576
1⤵
PID:5100

C:\Users\Admin\Downloads\Premiere Pro 2020\Adobe Premiere Pro 2020 v14.0.1.71 Pre-Activated [FileCR]\Set-up.exe
"C:\Users\Admin\Downloads\Premiere Pro 2020\Adobe Premiere Pro 2020 v14.0.1.71 Pre-Activated [FileCR]\Set-up.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:4236
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4236 -s 2240
  2⤵
  - Program crash
  PID:3164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 4236 -ip 4236
1⤵
PID:6120

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Privilege Escalation

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip.chm

Filesize
117KB

MD5
99b88f4d6d13713053db06b449ed6a9f

SHA1
f718e09a42e9ec49db060589d24135ca6929e8e0

SHA256
f830ddc5280d00e1cb160f9e5dd114292d5efef66c23c3c03c224894250bac2f

SHA512
9f1cb9ad8023b340c82e987bab33cddd817e3ece892aca7350650343396d4dc5d00cfd99c0718a862280c81d7d525c5e870390e1cdfdb4987b6663b1394cf1fc

Download Submit
C:\Program Files\7-Zip\7zFM.exe

Filesize
963KB

MD5
004d7851f74f86704152ecaaa147f0ce

SHA1
45a9765c26eb0b1372cb711120d90b5f111123b3

SHA256
028cf2158df45889e9a565c9ce3c6648fb05c286b97f39c33317163e35d6f6be

SHA512
16ebda34803977a324f5592f947b32f5bb2362dd520dc2e97088d12729024498ddfa6800694d37f2e6e5c6fc8d4c6f603414f0c033df9288efc66a2c39b5ec29

Download Submit
C:\Program Files\7-Zip\History.txt

Filesize
6KB

MD5
86d07103fb8d487d17d33974c0bdc0c2

SHA1
d0318dd9296b5fd92a190329faf5f16f9cc131c3

SHA256
ee3d0eb585da90d0bb36a2f3d2a7fb5fdce5336141ea8f779d7450d8a4b16c42

SHA512
367edb4e86c904d73078ad0cab8c627ab123bde3d647aa21ed695bd54146f7669791e9f38dee27070bc9608332cb0fb6d85798e22e05c505624cb7b6d4ace3af

Download Submit
C:\Program Files\7-Zip\Lang\af.txt

Filesize
4KB

MD5
df216fae5b13d3c3afe87e405fd34b97

SHA1
787ccb4e18fc2f12a6528adbb7d428397fc4678a

SHA256
9cf684ea88ea5a479f510750e4089aee60bbb2452aa85285312bafcc02c10a34

SHA512
a6eee3d60b88f9676200b40ca9c44cc4e64cf555d9b8788d4fde05e05b8ca5da1d2c7a72114a18358829858d10f2beff094afd3bc12b370460800040537cff68

Download Submit
C:\Program Files\7-Zip\Lang\an.txt

Filesize
7KB

MD5
f16218139e027338a16c3199091d0600

SHA1
da48140a4c033eea217e97118f595394195a15d5

SHA256
3ab9f7aacd38c4cde814f86bc37eec2b9df8d0dddb95fc1d09a5f5bcb11f0eeb

SHA512
b2e99d70d1a7a2a1bfa2ffb61f3ca2d1b18591c4707e4c6c5efb9becdd205d646b3baa0e8cbd28ce297d7830d3dfb8f737266c66e53a83bdbe58b117f8e3ae14

Download Submit
C:\Program Files\7-Zip\Lang\ar.txt

Filesize
12KB

MD5
5747381dc970306051432b18fb2236f2

SHA1
20c65850073308e498b63e5937af68b2e21c66f3

SHA256
85a26c7b59d6d9932f71518ccd03eceeba42043cb1707719b72bfc348c1c1d72

SHA512
3306e15b2c9bb2751b626f6f726de0bcafdc41487ba11fabfcef0a6a798572b29f2ee95384ff347b3b83b310444aaeec23e12bb3ddd7567222a0dd275b0180ff

Download Submit
C:\Program Files\7-Zip\Lang\ast.txt

Filesize
4KB

MD5
1cf6411ff9154a34afb512901ba3ee02

SHA1
958f7ff322475f16ca44728349934bc2f7309423

SHA256
f5f2174daf36e65790c7f0e9a4496b12e14816dad2ee5b1d48a52307076be35f

SHA512
b554c1ab165a6344982533cceed316d7f73b5b94ce483b5dc6fb1f492c6b1914773027d31c35d60ab9408669520ea0785dc0d934d3b2eb4d78570ff7ccbfcf9c

Download Submit
C:\Program Files\7-Zip\Lang\az.txt

Filesize
10KB

MD5
9cd3a23ca6f66f570607f63be6aa0001

SHA1
912837c29c0e07470e257c21775b7513e9af4475

SHA256
1da941116e20e69f61a4a68481797e302c11fcf462ca7203a565588b26011615

SHA512
c90ead15096009b626b06f9eae1b004f4adba5d18ccdb5c7d92694d36903760541f8aa7352be96466f2b0775c69f850605988fa4ef86f3de4fca34f7b645457e

Download Submit
C:\Program Files\7-Zip\Lang\ba.txt

Filesize
10KB

MD5
387ff78cf5f524fc44640f3025746145

SHA1
8480e549d00003de262b54bc342af66049c43d3b

SHA256
8a85c3fcb5f81157490971ee4f5e6b9e4f80be69a802ebed04e6724ce859713f

SHA512
7851633ee62c00fa2c68f6f59220a836307e6dde37eae5e5dca3ca254d167e305fe1eb342f93112032dadafe9e9608c97036ac489761f7bdc776a98337152344

Download Submit
C:\Program Files\7-Zip\Lang\be.txt

Filesize
11KB

MD5
b1dd654e9d8c8c1b001f7b3a15d7b5d3

SHA1
5a933ae8204163c90c00d97ba0c589f4d9f3f532

SHA256
32071222af04465a3d98bb30e253579aa4beceaeb6b21ac7c15b25f46620bf30

SHA512
0137900aeb21f53e4af4027ea15eed7696ed0156577fe6194c2b2097f5fb9d201e7e9d52a51a26ae9a426f8137692154d80676f8705f335fed9ae7e0e1d0a10e

Download Submit
C:\Program Files\7-Zip\Lang\bg.txt

Filesize
17KB

MD5
2d0c8197d84a083ef904f8f5608afe46

SHA1
5ae918d2bb3e9337538ef204342c5a1d690c7b02

SHA256
62c6f410d011a109abecb79caa24d8aeb98b0046d329d611a4d07e66460eef3f

SHA512
3243d24bc9fdb59e1964e4be353c10b6e9d4229ef903a5ace9c0cb6e1689403173b11db022ca2244c1ef0f568be95f21915083a8c5b016f07752026d332878a4

Download Submit
C:\Program Files\7-Zip\Lang\bn.txt

Filesize
14KB

MD5
771c8b73a374cb30df4df682d9c40edf

SHA1
46aa892c3553bddc159a2c470bd317d1f7b8af2a

SHA256
3f55b2ec5033c39c159593c6f5ece667b92f32938b38fcaf58b4b2a98176c1fc

SHA512
8dcc9cc13322c4504ee49111e1f674809892900709290e58a4e219053b1f78747780e1266e1f4128c0c526c8c37b1a5d1a452eefba2890e3a5190eebe30657ba

Download Submit
C:\Program Files\7-Zip\Lang\br.txt

Filesize
4KB

MD5
07504a4edab058c2f67c8bcb95c605dd

SHA1
3e2ae05865fb474f10b396bfefd453c074f822fa

SHA256
432bdb3eaa9953b084ee14eee8fe0abbc1b384cbdd984ccf35f0415d45aabba8

SHA512
b3f54d695c2a12e97c93af4df09ce1800b49e40302bec7071a151f13866edfdfafc56f70de07686650a46a8664608d8d3ea38c2939f2f1630ce0bf968d669ccc

Download Submit
C:\Program Files\7-Zip\Lang\ca.txt

Filesize
8KB

MD5
264fb4b86bcfb77de221e063beebd832

SHA1
a2eb0a43ea4002c2d8b5817a207eb24296336a20

SHA256
07b5c0ac13d62882bf59db528168b6f0ffdf921d5442fae46319e84c90be3203

SHA512
8d1a73e902c50fd390b9372483ebd2ec58d588bacf0a3b8c8b9474657c67705b6a284bb16bba4326d314c7a3cc11caf320da38d5acb42e685ed2f8a8b6f411f4

Download Submit
C:\Program Files\7-Zip\Lang\co.txt

Filesize
11KB

MD5
de64842f09051e3af6792930a0456b16

SHA1
498b92a35f2a14101183ebe8a22c381610794465

SHA256
dcfb95b47a4435eb7504b804da47302d8a62bbe450dadf1a34baea51c7f60c77

SHA512
5dabeed739a753fd20807400dfc84f7bf1eb544704660a74afcf4e0205b7c71f1ddcf9f79ac2f7b63579735a38e224685b0125c49568cbde2d9d6add4c7d0ed8

Download Submit
C:\Program Files\7-Zip\Lang\cs.txt

Filesize
9KB

MD5
dbdcfc996677513ea17c583511a5323b

SHA1
d655664bc98389ed916bed719203f286bab79d3c

SHA256
a6e329f37aca346ef64f2c08cc36568d5383d5b325c0caf758857ed3ff3953f2

SHA512
df495a8e8d50d7ec24abb55ce66b7e9b8118af63db3eb2153a321792d809f7559e41de3a9c16800347623ab10292aac2e1761b716cb5080e99a5c8726f7cc113

Download Submit
C:\Program Files\7-Zip\Lang\cy.txt

Filesize
4KB

MD5
6bdf25354b531370754506223b146600

SHA1
c2487c59eeeaa5c0bdb19d826fb1e926d691358e

SHA256
470eaf5e67f5ead5b8c3ecc1b5b21b29d16c73591eb0047b681660346e25b3fb

SHA512
c357b07c176175cc36a85c42d91b0cada79dbfb584bdf57f22a6cb11898f88aecf4392037d5cea3e1bc02df7493bb27b9509226f810f1875105bbc33c6ae3f20

Download Submit
C:\Program Files\7-Zip\Lang\da.txt

Filesize
7KB

MD5
c397e8ac4b966e1476adbce006bb49e4

SHA1
3e473e3bc11bd828a1e60225273d47c8121f3f2c

SHA256
5ccd481367f7d8c544de6177187aff53f1143ae451ae755ce9ed9b52c5f5d478

SHA512
cbbece415d16b9984c82bd8fa4c03dbd1fec58ed04e9ef0a860b74d451d03d1c7e07b23b3e652374a3b9128a7987414074c2a281087f24a77873cc45ec5aadd2

Download Submit
C:\Program Files\7-Zip\Lang\de.txt

Filesize
9KB

MD5
1e30a705da680aaeceaec26dcf2981de

SHA1
965c8ed225fb3a914f63164e0df2d5a24255c3d0

SHA256
895f76bfa4b1165e4c5a11bdab70a774e7d05d4bbdaec0230f29dcc85d5d3563

SHA512
ff96e6578a1ee38db309e72a33f5de7960edcc260ca1f5d899a822c78595cc761fedbdcdd10050378c02d8a36718d76c18c6796498e2574501011f9d988da701

Download Submit
C:\Program Files\7-Zip\Lang\el.txt

Filesize
17KB

MD5
5894a446df1321fbdda52a11ff402295

SHA1
a08bf21d20f8ec0fc305c87c71e2c94b98a075a4

SHA256
2dd2130f94d31262b12680c080c96b38ad55c1007f9e610ec8473d4bb13d2908

SHA512
0a2c3d24e7e9add3ca583c09a63ba130d0088ed36947b9f7b02bb48be4d30ef8dc6b8d788535a941f74a7992566b969adf3bd729665e61bfe22b67075766f8de

Download Submit
C:\Program Files\7-Zip\Lang\en.ttt

Filesize
7KB

MD5
bf2e140e9d30d6c51d372638ba7f4bd9

SHA1
a4358379a21a050252d738f6987df587c0bd373d

SHA256
c218145bb039e1fd042fb1f5425b634a4bdc1f40b13801e33ed36cfdbda063ed

SHA512
b524388f7476c9a43e841746764ff59bdb1f8a1b4299353156081a854ee4435b94b34b1a87c299ec23f8909e0652222595b3177ee0392e3b8c0ff0a818db7f9a

Download Submit
C:\Program Files\7-Zip\Lang\eo.txt

Filesize
4KB

MD5
29caad3b73f6557f0306f4f6c6338235

SHA1
d4b3147f23c75de84287ad501e7403e0fce69921

SHA256
a6ef5a5a1e28d406fd78079d9cacf819b047a296adc7083d34f2bfb3d071e5af

SHA512
77618995d9cf90603c5d4ad60262832d8ad64c91a5e6944efd447a5cc082a381666d986bb294d7982c8721b0113f867b86490ca11bb3d46980132c9e4df1bd92

Download Submit
C:\Program Files\7-Zip\Lang\es.txt

Filesize
10KB

MD5
ed230f9f52ef20a79c4bed8a9fefdf21

SHA1
ec0153260b58438ad17faf1a506b22ad0fec1bdc

SHA256
7199b362f43e9dca2049c0eeb8b1bb443488ca87e12d7dda0f717b2adbdb7f95

SHA512
32f0e954235420a535291cf58b823baacf4a84723231a8636c093061a8c64fcd0952c414fc5bc7080fd8e93f050505d308e834fea44b8ab84802d8449f076bc9

Download Submit
C:\Program Files\7-Zip\Lang\et.txt

Filesize
6KB

MD5
d6a50c4139d0973776fc294ee775c2ac

SHA1
1881d68ae10d7eb53291b80bd527a856304078a0

SHA256
6b2718882bb47e905f1fdd7b75ece5cc233904203c1407c6f0dcdc5e08e276da

SHA512
0fd14b4fd9b613d04ef8747dcd6a47f6f7777ac35c847387c0ea4b217f198aa8ac54ea1698419d4122b808f852e9110d1780edcb61a4057c1e2774aa5382e727

Download Submit
C:\Program Files\7-Zip\Lang\eu.txt

Filesize
8KB

MD5
c90cd9f1e3d05b80aba527eb765cbf13

SHA1
66d1e1b250e2288f1e81322edc3a272fc4d0fffc

SHA256
a1c9d46b0639878951538f531bba69aeddd61e6ad5229e3bf9c458196851c7d8

SHA512
439375d01799da3500dfa48c54eb46f7b971a299dfebff31492f39887d53ed83df284ef196eb8bc07d99d0ec92be08a1bf1a7dbf0ce9823c85449cc6f948f24c

Download Submit
C:\Program Files\7-Zip\Lang\ext.txt

Filesize
7KB

MD5
459b9c72a423304ffbc7901f81588337

SHA1
0ba0a0d9668c53f0184c99e9580b90ff308d79be

SHA256
8075fd31b4ebb54603f69abb59d383dcef2f5b66a9f63bb9554027fd2949671c

SHA512
033ced457609563e0f98c66493f665b557ddd26fab9a603e9de97978d9f28465c5ac09e96f5f8e0ecd502d73df29305a7e2b8a0ad4ee50777a75d6ab8d996d7f

Download Submit
C:\Program Files\7-Zip\Lang\fa.txt

Filesize
12KB

MD5
741e0235c771e803c1b2a0b0549eac9d

SHA1
7839ae307e2690721ad11143e076c77d3b699a3c

SHA256
657f2aceb60d557f907603568b0096f9d94143ff5a624262bbfeb019d45d06d7

SHA512
f8662732464fa6a20f35edcce066048a6ba6811f5e56e9ca3d9aa0d198fc9517642b4f659a46d8cb8c87e890adc055433fa71380fb50189bc103d7fbb87e0be5

Download Submit
C:\Program Files\7-Zip\Lang\fi.txt

Filesize
8KB

MD5
a04b6a55f112679c7004226b6298f885

SHA1
06c2377ac6a288fe9edd42df0c52f63dce968312

SHA256
12cc4a2cef76045e07dafc7aec7cf6f16a646c0bb80873ec89a5ae0b4844443b

SHA512
88c7ed08b35558d6d2cd8713b5d045fba366010b8c7a4a7e315c0073cd510d3da41b0438f277d2e0e9043b6fcb87e8417eb5698ab18b3c3d24be7ff64b038e38

Download Submit
C:\Program Files\7-Zip\descript.ion

Filesize
366B

MD5
eb7e322bdc62614e49ded60e0fb23845

SHA1
1bb477811ecdb01457790c46217b61cb53153b75

SHA256
1da513f5a4e8018b9ae143884eb3eaf72454b606fd51f2401b7cfd9be4dbbf4f

SHA512
8160b581a3f237d87e664d93310f5e85a42df793b3e22390093f9fb9a0a39950be6df2a713b55259fce5d5411d0499886a8039288d9481b4095fabadddbebb60

Download Submit
C:\ProgramData\Adobe\Installer\Icons\PPRO_14.0.1_win64\config.xml

Filesize
414B

MD5
cfd0fb5625b5200568a39810e18a58c1

SHA1
77bb8b5c19079cef151042faf86730edee23d8b0

SHA256
6bb7f79b1e8d4069ebb0a8e28eb66b34188dcfd309fa9bc2d229928eabe567f7

SHA512
f82c0de8a75b2863c541c0c7b382cbfd30c33a4abb6f123bd4540d426006bb7eaac6c734ba3938342a1ef54d5bfe6ab5066edef464aefb5947f46d5946ef0e4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d7cb450b1315c63b1d5d89d98ba22da5

SHA1
694005cd9e1a4c54e0b83d0598a8a0c089df1556

SHA256
38355fd694faf1223518e40bac1996bdceaf44191214b0a23c4334d5fb07d031

SHA512
df04d4f4b77bae447a940b28aeac345b21b299d8d26e28ecbb3c1c9e9a0e07c551e412d545c7dbb147a92c12bad7ae49ac35af021c34b88e2c6c5f7a0b65f6a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
37f660dd4b6ddf23bc37f5c823d1c33a

SHA1
1c35538aa307a3e09d15519df6ace99674ae428b

SHA256
4e2510a1d5a50a94fe4ce0f74932ab780758a8cbdc6d176a9ce8ab92309f26f8

SHA512
807b8b8dc9109b6f78fc63655450bf12b9a006ff63e8f29ade8899d45fdf4a6c068c5c46a3efbc4232b9e1e35d6494f00ded5cdb3e235c8a25023bfbd823992d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

Filesize
1.5MB

MD5
0330d0bd7341a9afe5b6d161b1ff4aa1

SHA1
86918e72f2e43c9c664c246e62b41452d662fbf3

SHA256
67cb9d3452c9dd974b04f4a5fd842dbcba8184f2344ff72e3662d7cdb68b099b

SHA512
850382414d9d33eab134f8bd89dc99759f8d0459b7ad48bd9588405a3705aeb2cd727898529e3f71d9776a42e141c717e844e0b5c358818bbeac01d096907ad1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
5e6947c8b14f97c496d14bae07066240

SHA1
404c6b147de8b21d2e39e48fc9f4f225f3debab1

SHA256
9f09d0bfb6b000654fd356066250be746604916b1b854fc4162d939ad48750ea

SHA512
f37a1fb850c0aeccb647577e4ecbc22dd75af77c5a329d207bdeefa02481a720e16b89ec112f8f5652245178c139f051af44b355e1880dfd3994d9d2ee31a86e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
73401a510fc6c15ef98ebd19150e5ffe

SHA1
01aaf8d5a5d4450a064dd70c941e642d50b5e6e8

SHA256
e965d4ceeee4693468b89efe3a6cd6d561237fa68c6611db7189cc5444d3757c

SHA512
43f214adb10506a018b3e4ddfb4a6c2bff606484e5aabde7a95663bc231ea2e447cab0d9266cfe68e87b331f5e40b118d352855499ccfc3f9c70a6023b6a732b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
480B

MD5
41c9d4346dfd65e73fc900f7ec62e8c7

SHA1
2ac93fe2e0acc4819d8030f44ac2851ed8916bbc

SHA256
d07bc1752a93a36a45bc09c037c3a59ab0104014963e7fb29c2d17324fc6c70c

SHA512
8e30e4c54344d3c4c785931d792157984816d6c7193221fb026ef8c1a55442b3b9b58d1d8f60554688a14ad5cf65f1ce064e099503df57ea4da0d3bfabe961d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
77b30e324250aad307f1ae8d764742ca

SHA1
ccffdce6a825099b035c22940e62f8950a74d8af

SHA256
f1777de3043ceeca784ff5556434ffada3140e3d3c1a76bd5bc63f116400eaad

SHA512
656c098b38aaad706368879b3dacd3561332f2ed48fdd03efea60acf5c91d81399465c71449aac77eccfd93722424ccfcf4995235d01f61a1c1eaae614c033bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
2eb34f72cae42b85bdb4e4b2d1404041

SHA1
65dfd2d7bba74d97c5ff4adfe19ee41897925896

SHA256
1ccce5cd729c3d481f6fe17cdd8c186eb829e86a77b2db35c1e528b2b2b3f16f

SHA512
c110595b5e3c7c98c60829d11bab2712ccd9bbf7dbbf2e3c2204252dc6628b062459f998f06c534545441f4f56c4d0e95678e27c1f4ca522db6a1e111e819cf8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
0515122a2bf5172fe2d73ebb41d9fdf3

SHA1
b91a5c7ee32a438fa7d78e81224d0c7d91b0b79b

SHA256
d82f235acfc35204068149dab1e5f66b66fccd1fb1234ba8f39dabf3f3f4404d

SHA512
69375e7b47c1dd69675a600380d706cf085bf3c891ced3ff9fd031a26a99635b6fe15de65814af3577021eee290254e702b796f6f4578c14b6625e5fb15915dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
7a40d21b4ed3b4347449fa93d08e4928

SHA1
947841b9b625a8594738f5ca06010a98870f9960

SHA256
62e470ef26bf489535be25d6920850655baad812d4d1ede5ca9923bd26407568

SHA512
6b3940d576916c45a40e38884271595ec9dc069bb6b9561f8be3f4f5b675aadb92ab7bcba740873c6e0dd156efd7333813cd1e0f675542fbbb7e76e59a7f3f8f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
51cc903e8a2996f9996154995b0d4e1c

SHA1
9b0af28847b81c0faad0e5784563c2a041ff0ea6

SHA256
16d093a03a5a0c03c31166374b5b73682378fd00e61b0beb09908073f3a4fd13

SHA512
9ab60a49d7f2a3e0a9d3685586601124ef454e412e04b504b716dd474c7345952f672c36793e5930898801964bcd5f53d94c24892cf7f49fe881c06c55073884

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
9fba4acb12f7b5f2835841754cbf05a3

SHA1
97a45cfcf583a2f2410736a312462c7eded35430

SHA256
881cbb64568d7fedd12673dab758d82037865b928186e7ceb5436998b7460f64

SHA512
e149d10d2bec7ca944570ffa1e6b3b5c1ca95f87ef6fa5e766c2768b46ae89cbd2601e74e74e338aef702ca49629832bee81f660b0e45061f8494d792bc0e757

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
4fdd73fbff24fdfcbf7eacece5138bc6

SHA1
6a9a61e3e723399675b2d67ff70e6dd18ac385fa

SHA256
38bcc038e6a3bf1b57778aacf7c07a9f9ec77573d5d956a0d4d39847ac56ad89

SHA512
e4d1beebc6e7b40cd59e7aaeb51c918e8875db3de8b05884b1f4887450e8e7c001c0cf14f948d5a274b0dfc1c899dd79d831b8e6d7a474df4480bc294905a76d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
e71f927911d21539a20a086c0f45e2ad

SHA1
a18da046d8c7b4d292891e5a34c6be34b1290dca

SHA256
0659679cb03322094df6bd481a09ba57c0f7eeeaccb53784596ba00197f5c5d0

SHA512
bb03e0211e88ad37dd47ca7a545d5122f628abdf1e1e7b3ecd2ef7f8676e33da24ed4f97ec5645e8ab034ddfc9f3ed20822c5d181d58c758aba095f620d8d50b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
bcb6034f40b6bb0fabb69a44dbea2f2a

SHA1
882051f10175de03c802be513569a72e404f6f6a

SHA256
bd24937500afbd53df56feac38d5d02b6b91bf356fc69a4415f756adb993f509

SHA512
4e12f38533e2df18f3b6069dcfc6d5cac72e26b1e46ce31b0ad4348eaa233e9ce6428911566bf03503bcacc7435159a475d0db522c46ca83c4aecbc027a165d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
9e56d9d5daa66e6456df0d20bdd2a0ed

SHA1
743193363c62b988970617d282c110f9fd92f925

SHA256
163656236d4f9994076395c4f4d4eec271e346a0725f915279602edf6aefe663

SHA512
3cdb0720da360466d74348afc58ef5ecbcd24d704b412065cf5e7faf1156cab27d127a1989e34dac84d3acdb20edcb9a51be75d9f7f68cbdd70e90fb9b2b2dce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0e0ca2330645791e63225ace959dfca8

SHA1
c59c13a32d94091bcbf08f979d751e4e7f3dc850

SHA256
42ad22e3090f65a2860f2b6ab574a2805696eeab5d679414db09796a45c88ef1

SHA512
689035e212b3d95e85a9bbe5c2ff4140e05e35f0b3bf36f25339ba5211a4e74bb5434494427e090c905937d8e7050dbcfb692ebe9a288e4e40cd104312e0ebbf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
8c142e28cdc2d075d631afe559c4ed6d

SHA1
f84f97110946b4a85504e6e5ef744ea224370d97

SHA256
42e815b22042aa3b9cbaecdde0ec15cd48740da7ac39ef0df3d736ff8cb456eb

SHA512
7848087add7c14ae392ce18ce57cb32c354ffea4c45412031dae84832d2793271a214261663fd3cd3b000be8c755713d53c2e68705666af9358fed2ca4ba50e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
1b4410e0d82c55dc5a3d2d047a62fde8

SHA1
7d544c96d2b1227dff33d9f6121315a2d09ef3ad

SHA256
28dfe636e4ad55678ef0d4e27e4d5d4c4a3b6cc7d973c561c1d613ff1427ee50

SHA512
4cbe03bc199f62d445e49fe835644d77d36e5f1282a8f733f8177217ca81e4107b988b4eb129b7b29ca3c2d5236c53d0b93569ef07d1cee18dfa9ba2b43d8a52

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
c179c1878cd5bc12b797a39366e28a16

SHA1
584ad67ee721107a5b69a53d5464f7dbe947a2d6

SHA256
4571715bd46e55e67bd9de76c306249c6759e93d9d5e1b04fa78c085895baeff

SHA512
881a151c205b1aff1a55b8574639c18e754d54ed34cdd50d361ff4e6a89900e6e1ea6ba4fb25cb44b7c982336c069a848faa12a45f43b097a918bc30d2bc34df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
6e3b449533b6b452707ad42713effc49

SHA1
076dccd6319adadf55d9ab0efe724ae5d206bf14

SHA256
f1230b377c60e08e14ab9009534c0f0b54bbada73085a163ec3dd7940ca75d28

SHA512
bda9a8cb7200356f412176a495ac9ba2b99bbdc0c04f92b07ed4d3a16f0cbb4f35450b7e9edc36505cfe96f35b121ed41efdaaa434e619d7b65a1766232e94d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5ce4d9.TMP

Filesize
48B

MD5
9bb97865552fe78df476929988b97570

SHA1
9348608155ab14bbeaad868be3ee67303b8c196d

SHA256
f1b5bcf79e956ed110014882eea630bad0a57ea3f84176e0dc2fdf5e549cf161

SHA512
23d45443f5499b23ea2d0a881a865ca563d4427b07e33bac7cf9646b5e26d375ce4ae4303e83d3d8ab78259310c3342cea3ff6aa6c0e4834ab4184eebbdfba1d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
1887ad098fad13b9659d51a40a2dd42b

SHA1
48148df5d2d1e2b8b205be948032e358f211677e

SHA256
06d9698a1d6052b5e26819a3de1197eef5949b4a519f8f7d603134a185fddfd6

SHA512
a6f7b3f5f6f7867b0098304722085f6e30b46775980b810293e7591cc70b67a63b41eef83a320eb3cccee40632616229890b7b65cc6aff13540a91a6658cd05f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a486f26a0db47b69a8d5fce0d08826ca

SHA1
1362671a767a1090d6d292bfa7e5ba6852289d5e

SHA256
d3f0e179ceea017d38e6253e62a3406a3bb59c1c06e0572a617e5c90633340da

SHA512
3b5d199f5ad349d20dbdb6bf850a77cc041b7932b82b6d53e4b06fad0b4dc03ab0ede047aafc501262b48ac18c403ac22b2038a1aae890d7aec4e755458bd0eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
66ea8bbbf80ab534d377d2a0cd45bd9c

SHA1
e883de1f869de9d67ddc5591ae6ab890b58d84e0

SHA256
ee568467791e1686a1b4d593d35a295558ca3e492d09949567c47390dd113881

SHA512
329430e76f58857827a33382ae85be97701eef514a71ebd225bbc45462527ea8aa42dbeb4b737a699ad2b23d7b14a306c4cf784d11b62b744553c46df7e8216a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
ea20e64886c904057bb7ab014088ee08

SHA1
3e5a218fb0ae2f944d4ae825bcd7274f23e25ea0

SHA256
f03480cc070c3a8822320bb37539aad336305398608c206bab7d934decfce792

SHA512
abe7786c0dac7e37061e5044059fb4294abf66f1794231d29b3b5458a4daf570b681b188c388b0d8fa0949e2e62fdcbc775292bb8ab3d82d40e7b8ce9bfc49f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
f3cab6fd7f0468ed70bffdb2041364f9

SHA1
436eb7bb61614e65fc2bd1d161c63be55ef89045

SHA256
4b3559a0725cccab5f7557471d8c9709d68e33f7cd74070936d8fbb3e361c620

SHA512
64c4ca8d95e40da6cbf2b5333dad37c8a7e5431ef054c5f658b0e9683f9b3aa5a1a3d3279083cd832127078b1a4bbeb631666972194f56ef05f6b1742e0a5494

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
fe7938b7a88ed00c5c56f3750f16ca1c

SHA1
78d11ad50954b5d04a8dde25e56cfe4b968b3e97

SHA256
09965de8ff4b0c572b0c2026c3bccb1fbc15721eacf3d0c7d08cae3c12fb6b08

SHA512
bfb4cbbb151585321208b3195ddba8f94dcb910f88b1e11e15f04dff7699156a4302c1430022b083de8e0c727111cc9f4a1e575520acf6da0b56f8cadbd89421

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
f9562b9727e1cc7bfcb87f5b0548bb89

SHA1
81fd82ed9a41856bb97484fc4614441d5e564a6a

SHA256
d87f1ecd73a324e47a7d0a96eeb3cff3f4f6029f6e3b82b2c379887e9ed40f47

SHA512
5f5169044351cb6eaa0e398381a81628feef887a6922629c130af686aa5d5bf498288cdb6cb286746a270463c35805528efecf591c67646959a14682be8cd2d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5a2452.TMP

Filesize
1KB

MD5
8bced049e6cd80cf557b5ec9e06e10fb

SHA1
9b92649d6985227c18ee3c73104cd63630be13e5

SHA256
d4b16502deaff13f151ff3bb6e91a3d8942175f8b8af8b8226b68cc6511086d3

SHA512
25440b72f505915732e436fed321c0fe059bd924e4513fe39e8b93f5db918d4dfea635ba90a46ce182e8daf34caa7793c3d55ad51edc8deb40872f74d51a2711

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
3223776cc284ad6326c4ebbc8451cdab

SHA1
f3e2562474d2d19fdb9322c7183400d83ef6ca36

SHA256
3afa281396a6ef8312682987184388f68c12c6bd002daf13634755bf2364210a

SHA512
db228ed2beac4e713bc3a2aff50abcc7744715407dd17ba79c62e323f859fbdf047b7926da32594066e468e9554c595da2574a86a3b0d9f2e7e08e252285678f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
fb6735c070dc70fe53dfbe944a78f33d

SHA1
ce3af220c1fcf63ff47230416feefbc5783a4c44

SHA256
29e6f5cd28de979eae97eeb977cb81b6c36799d05b233dfa2188a6d2e7edb6fc

SHA512
a08f060dcf8a1350a5fd57aacdbba21ccfd404b29694046f292f1504f144fd5b0672f61bbd1a5035d8742aa2a53ebf18f31bafa50c2640712c75f52073dea314

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
57628387d78572a89e009afa68f3c1fb

SHA1
a453ef8974afe9a2c1c63bb299c831d59e886ac1

SHA256
880b483bc74157aa4666c6b1ba824b790c06ba07ee616f2429423e3f765a12fe

SHA512
7d0bd035a02013382b477c8b185bd3dda4d60eaa328bbe73aadf46270d7b22a3efeb8c7a1b1f8091f1867a2283b240860931355b4c6b13480833133fd7ca1d1d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
eea31cfa21c5027304d40f0f64c26686

SHA1
5e78fdc5b6986783035df1977d0f9bcd60924c87

SHA256
30e316dbd43ae01591af9e2caf9398469caab863f37ef208c040ef418b3b25be

SHA512
75c335df57c200c84a0c9f22263ecb1a90abefa89235df8eebdbd13d17bc62ad46eb340b02a0168b0fe010fdbd0b83961848bd2759250417a04e77fc35db3bb9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
2237c9fcd3a55b74efd5245ff8f05c5e

SHA1
33176c3202b1f79dab684422c4ab401889db8c6e

SHA256
b511b364bc2a456a9701bf5c5478bebd7fdcc2fea5c5c790c4ec6cd732ca992e

SHA512
6e59def58abc8cb6ec233f92f77bcf90f5f5c3baf73d4aba10bb3e52e5ef541bd198e5e12d88be5c84d0188d4dec35f437b888e717db523edc8c188cf308b718

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
6d293bd8ffdcae5b8b52b4aa5ad658bf

SHA1
f99cc297868cba6d6953edc15b1396efbc1fc94d

SHA256
27201724d9c07cf721079c2c7651af995cbb16133a5d7c42971a7c3316d064bb

SHA512
c89555d901fc8879675b08ab0f5dde5799e90129cc6ab53ccb8017d93b17890d442c666168c5c972478693394e07d311c4b926487d124e43845bf7047958146e

Download Submit
C:\Users\Admin\AppData\Local\Temp\datF285.tmp

Filesize
140KB

MD5
d070306a9062178afdfa98fcc06d2525

SHA1
ba299b83eb0a3499820fddcf305af0ddbda3e5d0

SHA256
8f5ccdfd3da9185d4ad262ec386ebb64b3eb6c0521ec5bd1662cec04e1e0f895

SHA512
7c69e576b01642ecd7dd5fe9531f90608fa9ade9d98a364bcc81ccd0da4daef55fd0babc6cb35bff2963274d09ef0cd2f9bce8839040776577b4e6a86eb5add5

Download Submit
C:\Users\Admin\AppData\Local\Temp\datF296.tmp

Filesize
140KB

MD5
e204643042591aeec2043c5eae255099

SHA1
ba5f2f94740400f540befc89f1c4d022a26faa84

SHA256
7f58f56a7a353f8fc78ec2757394a7c7f28165e6bbf2a37d6a6e48e845874f3e

SHA512
7196c5b8e88100a08eb296be7570df4d045268ad6bab1c45ebaa9063aa9b46b8896886e24a9f861e322b167dd95e18d5a18abb76f1bb01c8bc85c36bead855ef

Download Submit
C:\Users\Admin\AppData\Local\Temp\datF2A7.tmp

Filesize
139KB

MD5
dfce51814cf6d2f42375f948602cd99d

SHA1
766e162ff305343010b67fbaa28b36af277c5b34

SHA256
7a8a945586a1d21d2922cb4aed9e28d872129f6c396ac69f47ef3e32ea972ba0

SHA512
2c9489c18719ad29928e86a9e631e080b024c882a77a582f40f4f86f625de9b08ad3c09710d5ee32b5cae5284fd960f412f05290bdb3b4709f097b269b99ce21

Download Submit
C:\Users\Admin\AppData\Local\Temp\datF2A8.tmp

Filesize
103KB

MD5
fa794ec12d353c26805ff53821331fc2

SHA1
cbc6658badeda2ad9b0d2e03a0a35ff7fbba542a

SHA256
cfdbd8a2aa463c11e483dc10c480acd274e9786632f5571a3970e8a20a2d8237

SHA512
1161afdbf6fc9b74421031fe6e139587f291ffaec03cae4aa76c1a86e10a69c7b1602ecbfbf60287ce8ed926377ad159992cde605ba98e75b212e971b7e14f18

Download Submit
C:\Users\Admin\AppData\Local\Temp\{6BE741D0-B755-4B59-B310-9B5019193C55}\common.js

Filesize
2KB

MD5
d98f70ffd105672292755a37f173c2ec

SHA1
c0154add295ac052f234a0282a62b704cdd01998

SHA256
257a42f797f140667c81930001e73943bfc243d50bcc775f75d0334a2d2cf2c3

SHA512
1909cc7e4da0949a469852240be2205209968b18b99f7d967bc0231de33d03c7cbaa9578972e30e95e6d7017aebf9cd70a55ba22cdc9d5774d2a237d3eb0971b

Download Submit
C:\Users\Admin\AppData\Local\Temp\{6BE741D0-B755-4B59-B310-9B5019193C55}\images\productIcon.png

Filesize
3KB

MD5
24732de113894a332856b14924d78810

SHA1
7097d100553dff305ebbfe35004e9b1fb13c25f8

SHA256
10ee1cd4a23899f273d4d1b8b2ee63b77cd08b9c7c76067d8c9ba12f7cf52836

SHA512
533cbd577512bdae3d063844b388c54a6c5ad98b5cb520b80df481f4453cc221e040a571a01193c1483399bf959b09cddb3e08f7019992c28b20c52366959649

Download Submit
C:\Users\Admin\AppData\Local\Temp\{6BE741D0-B755-4B59-B310-9B5019193C55}\images\productIcon2x.png

Filesize
3KB

MD5
cfc48e80b6007380a074ad3cda82d80d

SHA1
404369af07fc23962fc223b52926aca7d71474fb

SHA256
b8709a6a19c9842a519e18946ef31f229c2143b4e21f023c5cd62d44cae9d6dc

SHA512
57f83a8560a01da19980c638fa5602d7fb5379d0a37c5f4f0fbb196497650fdec18029412a424ae3a6814e4a36099ca3892c04f9e1ea881f35346d5f78b66a15

Download Submit
C:\Users\Admin\AppData\Local\Temp\{6BE741D0-B755-4B59-B310-9B5019193C55}\lib\jquery.custom-scrollbar.min.js

Filesize
14KB

MD5
ab3adf4aff09a1c562a29db05795c8ab

SHA1
f6c3f470aea0678945cb889f518a0e9a5ce44342

SHA256
d05e193674c6fc31de0503cbc0b152600f22689ad7ad72adb35fcc7c25d4b01b

SHA512
44dfc748d0bd84f123f9d3f62d5ea137d9128d5bdbe45da9a8666d09039eb179acf0dbb3030e09896fd61e7aa5ae6dfaffe9258d80949a64d0a7e45037791fb4

Download Submit
C:\Users\Admin\AppData\Local\Temp\{6BE741D0-B755-4B59-B310-9B5019193C55}\lib\jquery.min.js

Filesize
91KB

MD5
e1288116312e4728f98923c79b034b67

SHA1
8b6babff47b8a9793f37036fd1b1a3ad41d38423

SHA256
ba6eda7945ab8d7e57b34cc5a3dd292fa2e4c60a5ced79236ecf1a9e0f0c2d32

SHA512
bf28a9a446e50639a9592d7651f89511fc4e583e213f20a0dff3a44e1a7d73ceefdb6597db121c7742bde92410a27d83d92e2e86466858a19803e72a168e5656

Download Submit
C:\Users\Admin\AppData\Local\Temp\{6BE741D0-B755-4B59-B310-9B5019193C55}\lib\jquery.placeholder.min.js

Filesize
3KB

MD5
e13f16e89fff39422bbb2cb08a015d30

SHA1
e7cacaf84f53997dd096afd1c5f350fd3e7c6ce9

SHA256
24320add10244d1834052c7e75b853aa2d164601c9d09220a9f9ac1f0ae44afe

SHA512
aad811f03f59f799da4b8fc4f859b51c39f132b7ddbffadabe4ec2373bd340617d6fe98761d1fb86d77606791663b387d98a60fba9cee5d99c34f683bcb8d1f9

Download Submit
C:\Users\Admin\AppData\Local\Temp\{6BE741D0-B755-4B59-B310-9B5019193C55}\main.html

Filesize
8KB

MD5
f4b7942d6563727bd614f10da0f38445

SHA1
84f22240f7a5ed1c23b09e8677ac2ac3cd4e26f9

SHA256
e4bedde22ed405d291c746440a824d5f8527fb232e7a6be2ed9a76465d82f8dc

SHA512
f79b24ac78863a4ed87d41f37b2a5bc27017ebc5317f0a305d676090a16aee8a61384b476e7e9a68a024aa8da4784c1bd4f118766caf4450ec97af430e7074af

Download Submit
C:\Users\Admin\AppData\Local\Temp\{6BE741D0-B755-4B59-B310-9B5019193C55}\main.js

Filesize
55KB

MD5
38c26016189d4d1b68fa10c54050e53c

SHA1
081bd6a4e2e0831750e2fb8ad5af07cc9f8b112e

SHA256
8720e510401d8830f4324b4ab2f9e50acc91afab981e43e90688afac9eabc3e5

SHA512
c5d1c754d41845f6a86bad00f4a3f0b05e7a8399333cf26052447b4731adf67a601eb87d58037cc49ffc0c032f9986b93420f77dd664a5bb10a057e0ed5e4938

Download Submit
C:\Users\Admin\AppData\Local\Temp\{D79EB0F6-41B1-4DF2-9F41-5E64B7E78024}\Dictionary\en_US.json

Filesize
66KB

MD5
e31bb4d060dbc54389da6bb28563d32c

SHA1
74225ae9f23488dc0784796a7ab9ba0afcfd8a42

SHA256
03000343482070d46c57eac94a0422008bc9f7403bed7d437c83c7356a7221ad

SHA512
4067045e3dc3630a95ecfb58e6003f61531b458117efd74003d395d37cd6492203013590ec1818b140d4b03a74219767503c4a06b258f376c0b77f5dbec0286a

Download Submit
C:\Users\Admin\AppData\Local\Temp\{D79EB0F6-41B1-4DF2-9F41-5E64B7E78024}\clean.css

Filesize
702KB

MD5
4f3364af3e396f92a8826532bfb1a7e5

SHA1
7f7b613435ece78a358f2066287c2f2c3c6aa168

SHA256
45b9b77499356527e9047256db96a542a720bf075d67e9f6ba55d51fd562339e

SHA512
c022a28656483106095967ec4d57eb743d04f029406c2c553c9d19c103520e274c0eea19f411bdb7ae16f388211c456a413df5a0a6097036deb0010573d49c72

Download Submit
C:\Users\Admin\AppData\Local\Temp\{D79EB0F6-41B1-4DF2-9F41-5E64B7E78024}\common.css

Filesize
2KB

MD5
1265d497504870d225452b3309b0e06b

SHA1
29a3b783e6f2f2cd3f6d08833b83c7848f8e3450

SHA256
4273a5d4ef990dead6cabe760c27b25f7fcf8a51177f1b31813ad8866a565330

SHA512
9aa8b24e800a619651699c193a7747b8673a3cd4f8a5d3b16ee35f5ef6161f953a904631b97d118339332a3d2c7292c910802f6e1518db18d48fab5e9eb91681

Download Submit
C:\Users\Admin\AppData\Local\Temp\{D79EB0F6-41B1-4DF2-9F41-5E64B7E78024}\main.css

Filesize
16KB

MD5
7c78973c915f36032696fdf7aec03a62

SHA1
8b97d334df0188ed2d423d295d8fb0decb0c2469

SHA256
bb9e634c550fa54e7b58f011a9182a52f36c93bc15e235c7d0d486617bd9a7c5

SHA512
40e180b438d208abe2784fe1f880645b1e0c656995785f8c7effda4170cfdc3bd05e098c7a3242c2ef483ee8b783bcce40e35de04269580ee9958fed63d8deb0

Download Submit
memory/5392-1212-0x000002715D2C0000-0x000002715D2C1000-memory.dmp

Filesize
4KB

Download
memory/5392-1209-0x000002715D2C0000-0x000002715D2C1000-memory.dmp

Filesize
4KB

Download
memory/5392-1210-0x000002715D2C0000-0x000002715D2C1000-memory.dmp

Filesize
4KB

Download
memory/5392-1208-0x000002715D2C0000-0x000002715D2C1000-memory.dmp

Filesize
4KB

Download
memory/5392-1213-0x000002715D2C0000-0x000002715D2C1000-memory.dmp

Filesize
4KB

Download
memory/5392-1211-0x000002715D2C0000-0x000002715D2C1000-memory.dmp

Filesize
4KB

Download
memory/5392-1201-0x000002715D2C0000-0x000002715D2C1000-memory.dmp

Filesize
4KB

Download
memory/5392-1202-0x000002715D2C0000-0x000002715D2C1000-memory.dmp

Filesize
4KB

Download
memory/5392-1203-0x000002715D2C0000-0x000002715D2C1000-memory.dmp

Filesize
4KB

Download
memory/5392-1207-0x000002715D2C0000-0x000002715D2C1000-memory.dmp

Filesize
4KB

Download