infinitylock | hxxp://google[.]com

Analysis

max time kernel
759s
max time network
763s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20250207-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20250207-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
10-02-2025 09:40

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

http://google.com

Score

10^/10

infinitylock bootkit defense_evasion discovery persistence ransomware trojan

Malware Config

Signatures

InfinityLock Ransomware
Also known as InfinityCrypt. Based on the open-source HiddenTear ransomware.
ransomware infinitylock
Infinitylock family
infinitylock

Downloads MZ/PE file 2 IoCs

flow	pid	Process
114	4500	Process not Found
99	1472	msedge.exe

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-808110790-2952985133-1854531158-1000\Control Panel\International\Geo\Nation	tor-browser-windows-x86_64-portable-14.0.6.exe
Key value queried	\REGISTRY\USER\S-1-5-21-808110790-2952985133-1854531158-1000\Control Panel\International\Geo\Nation	firefox.exe

Executes dropped EXE 14 IoCs

pid	Process
4072	tor-browser-windows-x86_64-portable-14.0.6.exe
3680	firefox.exe
4784	firefox.exe
2128	firefox.exe
3464	firefox.exe
3680	firefox.exe
4384	tor.exe
1688	firefox.exe
5772	firefox.exe
5820	firefox.exe
5980	firefox.exe
6040	firefox.exe
6080	firefox.exe
5652	lyrebird.exe

Loads dropped DLL 64 IoCs

pid	Process
4072	tor-browser-windows-x86_64-portable-14.0.6.exe
4072	tor-browser-windows-x86_64-portable-14.0.6.exe
4072	tor-browser-windows-x86_64-portable-14.0.6.exe
3680	firefox.exe
4784	firefox.exe
4784	firefox.exe
4784	firefox.exe
4784	firefox.exe
4784	firefox.exe
4784	firefox.exe
4784	firefox.exe
4784	firefox.exe
4784	firefox.exe
4784	firefox.exe
4784	firefox.exe
4784	firefox.exe
4784	firefox.exe
2128	firefox.exe
2128	firefox.exe
2128	firefox.exe
2128	firefox.exe
2128	firefox.exe
3464	firefox.exe
3464	firefox.exe
3464	firefox.exe
3464	firefox.exe
3464	firefox.exe
3680	firefox.exe
3680	firefox.exe
3680	firefox.exe
3680	firefox.exe
3680	firefox.exe
1688	firefox.exe
1688	firefox.exe
1688	firefox.exe
1688	firefox.exe
1688	firefox.exe
3680	firefox.exe
3680	firefox.exe
1688	firefox.exe
1688	firefox.exe
5772	firefox.exe
5772	firefox.exe
5772	firefox.exe
5772	firefox.exe
5772	firefox.exe
5820	firefox.exe
5820	firefox.exe
5820	firefox.exe
5820	firefox.exe
5820	firefox.exe
5980	firefox.exe
5980	firefox.exe
5980	firefox.exe
5980	firefox.exe
5980	firefox.exe
6040	firefox.exe
6080	firefox.exe
6080	firefox.exe
6080	firefox.exe
6080	firefox.exe
6080	firefox.exe
5772	firefox.exe
5772	firefox.exe

Checks whether UAC is enabled 1 TTPs 1 IoCs

defense_evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	firefox.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 5 IoCs

Web Service

T1102

flow	ioc
208	camo.githubusercontent.com
220	camo.githubusercontent.com
234	raw.githubusercontent.com
206	camo.githubusercontent.com
207	camo.githubusercontent.com

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	[email protected]

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\fi-fi\ui-strings.js.A51EB58FDD84698725331105240345170F09DA7A128C4C261DBACA7FF17BA7B1	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\ru-ru\ui-strings.js.A51EB58FDD84698725331105240345170F09DA7A128C4C261DBACA7FF17BA7B1	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\nls\nl-nl\ui-strings.js.A51EB58FDD84698725331105240345170F09DA7A128C4C261DBACA7FF17BA7B1	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\js\nls\eu-es\ui-strings.js.A51EB58FDD84698725331105240345170F09DA7A128C4C261DBACA7FF17BA7B1	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\js\nls\ko-kr\ui-strings.js.A51EB58FDD84698725331105240345170F09DA7A128C4C261DBACA7FF17BA7B1	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins3d\prc\MyriadCAD.otf.A51EB58FDD84698725331105240345170F09DA7A128C4C261DBACA7FF17BA7B1	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_listview.svg.A51EB58FDD84698725331105240345170F09DA7A128C4C261DBACA7FF17BA7B1	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\apple-touch-icon-144x144-precomposed.png.A51EB58FDD84698725331105240345170F09DA7A128C4C261DBACA7FF17BA7B1	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_ellipses-hover.svg.A51EB58FDD84698725331105240345170F09DA7A128C4C261DBACA7FF17BA7B1	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\FillnSign_visual.svg.A51EB58FDD84698725331105240345170F09DA7A128C4C261DBACA7FF17BA7B1	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\HomeBanner_Dark.pdf.A51EB58FDD84698725331105240345170F09DA7A128C4C261DBACA7FF17BA7B1	[email protected]
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\132.0.2957.140\Locales\he.pak.A51EB58FDD84698725331105240345170F09DA7A128C4C261DBACA7FF17BA7B1	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_filterselected-dark-disabled_32.svg.A51EB58FDD84698725331105240345170F09DA7A128C4C261DBACA7FF17BA7B1	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\ja-jp\ui-strings.js.A51EB58FDD84698725331105240345170F09DA7A128C4C261DBACA7FF17BA7B1	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\ru-ru\ui-strings.js.A51EB58FDD84698725331105240345170F09DA7A128C4C261DBACA7FF17BA7B1	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\walk-through\images\checkmark.png.A51EB58FDD84698725331105240345170F09DA7A128C4C261DBACA7FF17BA7B1	[email protected]
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\132.0.2957.140\prefs_enclave_x64.dll.A51EB58FDD84698725331105240345170F09DA7A128C4C261DBACA7FF17BA7B1	[email protected]
File opened for modification	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\PackageManagementDscUtilities.psm1.A51EB58FDD84698725331105240345170F09DA7A128C4C261DBACA7FF17BA7B1	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\win-scrollbar\arrow-up.png.A51EB58FDD84698725331105240345170F09DA7A128C4C261DBACA7FF17BA7B1	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\fill-sign-2x.png.A51EB58FDD84698725331105240345170F09DA7A128C4C261DBACA7FF17BA7B1	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\Font\MinionPro-BoldIt.otf.A51EB58FDD84698725331105240345170F09DA7A128C4C261DBACA7FF17BA7B1	[email protected]
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\132.0.2957.140\Locales\zh-TW.pak.A51EB58FDD84698725331105240345170F09DA7A128C4C261DBACA7FF17BA7B1	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\en-ae\ui-strings.js.A51EB58FDD84698725331105240345170F09DA7A128C4C261DBACA7FF17BA7B1	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\it-it\ui-strings.js.A51EB58FDD84698725331105240345170F09DA7A128C4C261DBACA7FF17BA7B1	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\nls\ja-jp\ui-strings.js.A51EB58FDD84698725331105240345170F09DA7A128C4C261DBACA7FF17BA7B1	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\walk-through\images\themeless\S_ThumbDownOutline_22_N.svg.A51EB58FDD84698725331105240345170F09DA7A128C4C261DBACA7FF17BA7B1	[email protected]
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.371\goopdateres_zh-CN.dll.A51EB58FDD84698725331105240345170F09DA7A128C4C261DBACA7FF17BA7B1	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\pl-pl\ui-strings.js.A51EB58FDD84698725331105240345170F09DA7A128C4C261DBACA7FF17BA7B1	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\plugin.js.A51EB58FDD84698725331105240345170F09DA7A128C4C261DBACA7FF17BA7B1	[email protected]
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.147.37\msedgeupdateres_id.dll.A51EB58FDD84698725331105240345170F09DA7A128C4C261DBACA7FF17BA7B1	[email protected]
File opened for modification	C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Abbreviations\en_US\List.txt.A51EB58FDD84698725331105240345170F09DA7A128C4C261DBACA7FF17BA7B1	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\icudt58.dll.A51EB58FDD84698725331105240345170F09DA7A128C4C261DBACA7FF17BA7B1	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\DigSig.api.A51EB58FDD84698725331105240345170F09DA7A128C4C261DBACA7FF17BA7B1	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\he-il\ui-strings.js.A51EB58FDD84698725331105240345170F09DA7A128C4C261DBACA7FF17BA7B1	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\js\nls\es-es\ui-strings.js.A51EB58FDD84698725331105240345170F09DA7A128C4C261DBACA7FF17BA7B1	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\images\Info2x.png.A51EB58FDD84698725331105240345170F09DA7A128C4C261DBACA7FF17BA7B1	[email protected]
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.147.37\msedgeupdateres_lt.dll.A51EB58FDD84698725331105240345170F09DA7A128C4C261DBACA7FF17BA7B1	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\libcef.dll.A51EB58FDD84698725331105240345170F09DA7A128C4C261DBACA7FF17BA7B1	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\S_IlluEmptyStateCCFiles_280x192.svg.A51EB58FDD84698725331105240345170F09DA7A128C4C261DBACA7FF17BA7B1	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\cs-cz\ui-strings.js.A51EB58FDD84698725331105240345170F09DA7A128C4C261DBACA7FF17BA7B1	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\pages-app\images\themes\dark\example_icons.png.A51EB58FDD84698725331105240345170F09DA7A128C4C261DBACA7FF17BA7B1	[email protected]
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\wdag.dll.A51EB58FDD84698725331105240345170F09DA7A128C4C261DBACA7FF17BA7B1	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\illustrations.png.A51EB58FDD84698725331105240345170F09DA7A128C4C261DBACA7FF17BA7B1	[email protected]
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\dual_engine_adapter_x64.dll.A51EB58FDD84698725331105240345170F09DA7A128C4C261DBACA7FF17BA7B1	[email protected]
File opened for modification	C:\Program Files (x86)\Mozilla Maintenance Service\logs\maintenanceservice-install.log.A51EB58FDD84698725331105240345170F09DA7A128C4C261DBACA7FF17BA7B1	[email protected]
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\132.0.2957.140\Locales\nl.pak.A51EB58FDD84698725331105240345170F09DA7A128C4C261DBACA7FF17BA7B1	[email protected]
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\132.0.2957.140\Trust Protection Lists\Mu\Cryptomining.A51EB58FDD84698725331105240345170F09DA7A128C4C261DBACA7FF17BA7B1	[email protected]
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\vk_swiftshader_icd.json.A51EB58FDD84698725331105240345170F09DA7A128C4C261DBACA7FF17BA7B1	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\plugin.js.A51EB58FDD84698725331105240345170F09DA7A128C4C261DBACA7FF17BA7B1	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\illustrations_retina.png.A51EB58FDD84698725331105240345170F09DA7A128C4C261DBACA7FF17BA7B1	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\uk-ua\ui-strings.js.A51EB58FDD84698725331105240345170F09DA7A128C4C261DBACA7FF17BA7B1	[email protected]
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\ResiliencyLinks\Locales\ru.pak.DATA.A51EB58FDD84698725331105240345170F09DA7A128C4C261DBACA7FF17BA7B1	[email protected]
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\ResiliencyLinks\Locales\ug.pak.DATA.A51EB58FDD84698725331105240345170F09DA7A128C4C261DBACA7FF17BA7B1	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\nls\ko-kr\ui-strings.js.A51EB58FDD84698725331105240345170F09DA7A128C4C261DBACA7FF17BA7B1	[email protected]
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\Edge.dat.A51EB58FDD84698725331105240345170F09DA7A128C4C261DBACA7FF17BA7B1	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\nb-no\ui-strings.js.A51EB58FDD84698725331105240345170F09DA7A128C4C261DBACA7FF17BA7B1	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\themes\dark\illustrations_retina.png.A51EB58FDD84698725331105240345170F09DA7A128C4C261DBACA7FF17BA7B1	[email protected]
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\ResiliencyLinks\Locales\tr.pak.DATA.A51EB58FDD84698725331105240345170F09DA7A128C4C261DBACA7FF17BA7B1	[email protected]
File opened for modification	C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\AddInViews\Microsoft.VisualStudio.Tools.Applications.Runtime.v9.0.dll.A51EB58FDD84698725331105240345170F09DA7A128C4C261DBACA7FF17BA7B1	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_editpdf_18.svg.A51EB58FDD84698725331105240345170F09DA7A128C4C261DBACA7FF17BA7B1	[email protected]
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.371\goopdateres_ur.dll.A51EB58FDD84698725331105240345170F09DA7A128C4C261DBACA7FF17BA7B1	[email protected]
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\132.0.2957.140\VisualElements\SmallLogoCanary.png.A51EB58FDD84698725331105240345170F09DA7A128C4C261DBACA7FF17BA7B1	[email protected]
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\VisualElements\LogoBeta.png.A51EB58FDD84698725331105240345170F09DA7A128C4C261DBACA7FF17BA7B1	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\trash.gif.A51EB58FDD84698725331105240345170F09DA7A128C4C261DBACA7FF17BA7B1	[email protected]

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 4 IoCs

pid	pid_target	Process	procid_target
5844	4484	WerFault.exe	171
3572	5424	WerFault.exe	179
5096	4608	WerFault.exe	182
3296	5180	WerFault.exe	185

System Location Discovery: System Language Discovery 1 TTPs 7 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	YouAreAnIdiot.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	YouAreAnIdiot.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	YouAreAnIdiot.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	YouAreAnIdiot.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	[email protected]

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 1 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
3440	MicrosoftEdgeUpdate.exe

Checks processor information in registry 2 TTPs 10 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	[email protected]
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	[email protected]
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies registry class 3 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	tor-browser-windows-x86_64-portable-14.0.6.exe
Key created	\REGISTRY\USER\S-1-5-21-808110790-2952985133-1854531158-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-808110790-2952985133-1854531158-1000_Classes\Local Settings	OpenWith.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 66843.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 22 IoCs

pid	Process
1472	msedge.exe
1472	msedge.exe
3872	msedge.exe
3872	msedge.exe
3772	identity_helper.exe
3772	identity_helper.exe
2440	msedge.exe
2440	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
5652	lyrebird.exe
5652	lyrebird.exe
1020	msedge.exe
1020	msedge.exe
5964	msedge.exe
5964	msedge.exe
3692	msedge.exe
3692	msedge.exe
2452	msedge.exe
2452	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 44 IoCs

pid	Process
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeDebugPrivilege	4784	firefox.exe
Token: SeDebugPrivilege	4784	firefox.exe
Token: SeDebugPrivilege	2900	[email protected]
Token: SeShutdownPrivilege	4328	[email protected]

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe

Suspicious use of SetWindowsHookEx 7 IoCs

pid	Process
4784	firefox.exe
4968	OpenWith.exe
4968	OpenWith.exe
4968	OpenWith.exe
4968	OpenWith.exe
4968	OpenWith.exe
4328	[email protected]

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3872 wrote to memory of 3312	3872	msedge.exe	84
PID 3872 wrote to memory of 3312	3872	msedge.exe	84
PID 3872 wrote to memory of 1208	3872	msedge.exe	86
PID 3872 wrote to memory of 1208	3872	msedge.exe	86
PID 3872 wrote to memory of 1208	3872	msedge.exe	86
PID 3872 wrote to memory of 1208	3872	msedge.exe	86
PID 3872 wrote to memory of 1208	3872	msedge.exe	86
PID 3872 wrote to memory of 1208	3872	msedge.exe	86
PID 3872 wrote to memory of 1208	3872	msedge.exe	86
PID 3872 wrote to memory of 1208	3872	msedge.exe	86
PID 3872 wrote to memory of 1208	3872	msedge.exe	86
PID 3872 wrote to memory of 1208	3872	msedge.exe	86
PID 3872 wrote to memory of 1208	3872	msedge.exe	86
PID 3872 wrote to memory of 1208	3872	msedge.exe	86
PID 3872 wrote to memory of 1208	3872	msedge.exe	86
PID 3872 wrote to memory of 1208	3872	msedge.exe	86
PID 3872 wrote to memory of 1208	3872	msedge.exe	86
PID 3872 wrote to memory of 1208	3872	msedge.exe	86
PID 3872 wrote to memory of 1208	3872	msedge.exe	86
PID 3872 wrote to memory of 1208	3872	msedge.exe	86
PID 3872 wrote to memory of 1208	3872	msedge.exe	86
PID 3872 wrote to memory of 1208	3872	msedge.exe	86
PID 3872 wrote to memory of 1208	3872	msedge.exe	86
PID 3872 wrote to memory of 1208	3872	msedge.exe	86
PID 3872 wrote to memory of 1208	3872	msedge.exe	86
PID 3872 wrote to memory of 1208	3872	msedge.exe	86
PID 3872 wrote to memory of 1208	3872	msedge.exe	86
PID 3872 wrote to memory of 1208	3872	msedge.exe	86
PID 3872 wrote to memory of 1208	3872	msedge.exe	86
PID 3872 wrote to memory of 1208	3872	msedge.exe	86
PID 3872 wrote to memory of 1208	3872	msedge.exe	86
PID 3872 wrote to memory of 1208	3872	msedge.exe	86
PID 3872 wrote to memory of 1208	3872	msedge.exe	86
PID 3872 wrote to memory of 1208	3872	msedge.exe	86
PID 3872 wrote to memory of 1208	3872	msedge.exe	86
PID 3872 wrote to memory of 1208	3872	msedge.exe	86
PID 3872 wrote to memory of 1208	3872	msedge.exe	86
PID 3872 wrote to memory of 1208	3872	msedge.exe	86
PID 3872 wrote to memory of 1208	3872	msedge.exe	86
PID 3872 wrote to memory of 1208	3872	msedge.exe	86
PID 3872 wrote to memory of 1208	3872	msedge.exe	86
PID 3872 wrote to memory of 1208	3872	msedge.exe	86
PID 3872 wrote to memory of 1472	3872	msedge.exe	87
PID 3872 wrote to memory of 1472	3872	msedge.exe	87
PID 3872 wrote to memory of 2772	3872	msedge.exe	88
PID 3872 wrote to memory of 2772	3872	msedge.exe	88
PID 3872 wrote to memory of 2772	3872	msedge.exe	88
PID 3872 wrote to memory of 2772	3872	msedge.exe	88
PID 3872 wrote to memory of 2772	3872	msedge.exe	88
PID 3872 wrote to memory of 2772	3872	msedge.exe	88
PID 3872 wrote to memory of 2772	3872	msedge.exe	88
PID 3872 wrote to memory of 2772	3872	msedge.exe	88
PID 3872 wrote to memory of 2772	3872	msedge.exe	88
PID 3872 wrote to memory of 2772	3872	msedge.exe	88
PID 3872 wrote to memory of 2772	3872	msedge.exe	88
PID 3872 wrote to memory of 2772	3872	msedge.exe	88
PID 3872 wrote to memory of 2772	3872	msedge.exe	88
PID 3872 wrote to memory of 2772	3872	msedge.exe	88
PID 3872 wrote to memory of 2772	3872	msedge.exe	88
PID 3872 wrote to memory of 2772	3872	msedge.exe	88
PID 3872 wrote to memory of 2772	3872	msedge.exe	88
PID 3872 wrote to memory of 2772	3872	msedge.exe	88
PID 3872 wrote to memory of 2772	3872	msedge.exe	88
PID 3872 wrote to memory of 2772	3872	msedge.exe	88

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://google.com
1⤵
- Enumerates system info in registry
- Modifies registry class
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7fff5db346f8,0x7fff5db34708,0x7fff5db34718
  2⤵
  PID:3312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,14739977847179829370,7155716496023477623,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
  2⤵
  PID:1208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,14739977847179829370,7155716496023477623,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3
  2⤵
  - Downloads MZ/PE file
  - Suspicious behavior: EnumeratesProcesses
  PID:1472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,14739977847179829370,7155716496023477623,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2900 /prefetch:8
  2⤵
  PID:2772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,14739977847179829370,7155716496023477623,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:2500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,14739977847179829370,7155716496023477623,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:2540
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,14739977847179829370,7155716496023477623,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5428 /prefetch:8
  2⤵
  PID:1496
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,14739977847179829370,7155716496023477623,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5428 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,14739977847179829370,7155716496023477623,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5720 /prefetch:1
  2⤵
  PID:3256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,14739977847179829370,7155716496023477623,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5860 /prefetch:1
  2⤵
  PID:4860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,14739977847179829370,7155716496023477623,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5420 /prefetch:1
  2⤵
  PID:2008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,14739977847179829370,7155716496023477623,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4268 /prefetch:1
  2⤵
  PID:3700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,14739977847179829370,7155716496023477623,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5824 /prefetch:1
  2⤵
  PID:3788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,14739977847179829370,7155716496023477623,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5988 /prefetch:1
  2⤵
  PID:3632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,14739977847179829370,7155716496023477623,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5044 /prefetch:1
  2⤵
  PID:4900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,14739977847179829370,7155716496023477623,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:4204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2096,14739977847179829370,7155716496023477623,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4172 /prefetch:8
  2⤵
  PID:4784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,14739977847179829370,7155716496023477623,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5620 /prefetch:1
  2⤵
  PID:3116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2096,14739977847179829370,7155716496023477623,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6624 /prefetch:8
  2⤵
  PID:2316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,14739977847179829370,7155716496023477623,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6684 /prefetch:1
  2⤵
  PID:4220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2096,14739977847179829370,7155716496023477623,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1900 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2440
- C:\Users\Admin\Downloads\tor-browser-windows-x86_64-portable-14.0.6.exe
  "C:\Users\Admin\Downloads\tor-browser-windows-x86_64-portable-14.0.6.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - Modifies registry class
  PID:4072
- - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
    "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:3680
  - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
      "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe"
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Loads dropped DLL
      Checks whether UAC is enabled
      Checks processor information in registry
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of SetWindowsHookEx
      PID:4784
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel=2548 -parentBuildID 20250206184358 -prefsHandle 2504 -prefMapHandle 2496 -prefsLen 21012 -prefMapSize 252221 -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {185ffeb2-fe1e-42ad-8951-45baf05dd715} 4784 gpu
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2128
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel=2100 -childID 1 -isForBrowser -prefsHandle 2260 -prefMapHandle 1804 -prefsLen 21821 -prefMapSize 252221 -jsInitHandle 1360 -jsInitLen 234780 -parentBuildID 20250206184358 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {ca594f6a-96fa-41bb-9716-f0a61aa3a656} 4784 tab
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:3464
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Tor\tor.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Tor\tor.exe" -f "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\torrc" DataDirectory "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor" ClientOnionAuthDir "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\onion-auth" --defaults-torrc "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\torrc-defaults" GeoIPFile "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\geoip" GeoIPv6File "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\geoip6" +__ControlPort 127.0.0.1:9151 HashedControlPassword 16:29ded2b3458423f260bc77963318189dbb04ae3c47663df2936d3e7b36 +__SocksPort "127.0.0.1:9150 ExtendedErrors IPv6Traffic PreferIPv6 KeepAliveIsolateSOCKSAuth" __OwningControllerProcess 4784 DisableNetwork 1
        5⤵
        Executes dropped EXE
        
        PID:4384
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel=3132 -childID 2 -isForBrowser -prefsHandle 3124 -prefMapHandle 3120 -prefsLen 22592 -prefMapSize 252221 -jsInitHandle 1360 -jsInitLen 234780 -parentBuildID 20250206184358 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {0a51b213-eab9-4e2a-ac04-9c7bd8b2156a} 4784 tab
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:3680
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel=3304 -childID 3 -isForBrowser -prefsHandle 3312 -prefMapHandle 3316 -prefsLen 22705 -prefMapSize 252221 -jsInitHandle 1360 -jsInitLen 234780 -parentBuildID 20250206184358 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {ddb2eecf-8ac4-460f-987e-1239dab22103} 4784 tab
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1688
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel=2032 -parentBuildID 20250206184358 -prefsHandle 3556 -prefMapHandle 3488 -prefsLen 25414 -prefMapSize 252221 -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {521e3b41-5e7c-48ac-b052-e5dacc52d9e0} 4784 rdd
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:5772
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel=2128 -parentBuildID 20250206184358 -sandboxingKind 0 -prefsHandle 3620 -prefMapHandle 2144 -prefsLen 25414 -prefMapSize 252221 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {fe0c8eeb-ce34-4c8e-b387-525304b981be} 4784 utility
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Checks processor information in registry
        
        PID:5820
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel=4124 -childID 4 -isForBrowser -prefsHandle 4116 -prefMapHandle 4112 -prefsLen 24122 -prefMapSize 252221 -jsInitHandle 1360 -jsInitLen 234780 -parentBuildID 20250206184358 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {85cc546d-5201-4667-ab2b-4f87f27442c0} 4784 tab
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:5980
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel=4380 -childID 5 -isForBrowser -prefsHandle 4388 -prefMapHandle 4392 -prefsLen 24122 -prefMapSize 252221 -jsInitHandle 1360 -jsInitLen 234780 -parentBuildID 20250206184358 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {c8ba5c40-7043-4a4e-b5f5-3597ef57aebf} 4784 tab
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:6040
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel=4624 -childID 6 -isForBrowser -prefsHandle 4632 -prefMapHandle 4636 -prefsLen 24122 -prefMapSize 252221 -jsInitHandle 1360 -jsInitLen 234780 -parentBuildID 20250206184358 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {373432fe-cb04-41e2-99c1-1b7afcd21b44} 4784 tab
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:6080
    - - C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Tor\PluggableTransports\lyrebird.exe
        
        "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Tor\PluggableTransports\lyrebird.exe"
        5⤵
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        
        PID:5652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,14739977847179829370,7155716496023477623,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4920 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,14739977847179829370,7155716496023477623,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5680 /prefetch:1
  2⤵
  PID:448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,14739977847179829370,7155716496023477623,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6732 /prefetch:1
  2⤵
  PID:5476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,14739977847179829370,7155716496023477623,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5996 /prefetch:1
  2⤵
  PID:5836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,14739977847179829370,7155716496023477623,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5048 /prefetch:1
  2⤵
  PID:5952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,14739977847179829370,7155716496023477623,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5904 /prefetch:1
  2⤵
  PID:5852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,14739977847179829370,7155716496023477623,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6736 /prefetch:1
  2⤵
  PID:5920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,14739977847179829370,7155716496023477623,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5820 /prefetch:1
  2⤵
  PID:5928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,14739977847179829370,7155716496023477623,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3588 /prefetch:1
  2⤵
  PID:2440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,14739977847179829370,7155716496023477623,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4880 /prefetch:1
  2⤵
  PID:5864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,14739977847179829370,7155716496023477623,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4956 /prefetch:1
  2⤵
  PID:3336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,14739977847179829370,7155716496023477623,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7080 /prefetch:1
  2⤵
  PID:5528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,14739977847179829370,7155716496023477623,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7000 /prefetch:1
  2⤵
  PID:6052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,14739977847179829370,7155716496023477623,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2172 /prefetch:1
  2⤵
  PID:3572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,14739977847179829370,7155716496023477623,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3520 /prefetch:1
  2⤵
  PID:4584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,14739977847179829370,7155716496023477623,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2568 /prefetch:1
  2⤵
  PID:2252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,14739977847179829370,7155716496023477623,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5432 /prefetch:1
  2⤵
  PID:5268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,14739977847179829370,7155716496023477623,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4932 /prefetch:1
  2⤵
  PID:1356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,14739977847179829370,7155716496023477623,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5784 /prefetch:1
  2⤵
  PID:1364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,14739977847179829370,7155716496023477623,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4072 /prefetch:1
  2⤵
  PID:3108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,14739977847179829370,7155716496023477623,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6408 /prefetch:1
  2⤵
  PID:864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,14739977847179829370,7155716496023477623,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6252 /prefetch:1
  2⤵
  PID:3168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,14739977847179829370,7155716496023477623,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7052 /prefetch:1
  2⤵
  PID:5560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,14739977847179829370,7155716496023477623,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8064 /prefetch:1
  2⤵
  PID:1616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2096,14739977847179829370,7155716496023477623,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6948 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,14739977847179829370,7155716496023477623,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7628 /prefetch:1
  2⤵
  PID:6000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,14739977847179829370,7155716496023477623,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7044 /prefetch:1
  2⤵
  PID:5408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,14739977847179829370,7155716496023477623,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8084 /prefetch:1
  2⤵
  PID:324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,14739977847179829370,7155716496023477623,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:5696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,14739977847179829370,7155716496023477623,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7068 /prefetch:1
  2⤵
  PID:4472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2096,14739977847179829370,7155716496023477623,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7980 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,14739977847179829370,7155716496023477623,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6372 /prefetch:1
  2⤵
  PID:2944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,14739977847179829370,7155716496023477623,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1896 /prefetch:1
  2⤵
  PID:4840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2096,14739977847179829370,7155716496023477623,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7984 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,14739977847179829370,7155716496023477623,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8020 /prefetch:1
  2⤵
  PID:1736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,14739977847179829370,7155716496023477623,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1896 /prefetch:1
  2⤵
  PID:5224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2096,14739977847179829370,7155716496023477623,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7692 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2452

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1740

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2552

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuNDMiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuNDMiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MjU3MDczNjEtRDU1Qy00RjMyLUE4OTAtM0I1ODgzMzY2NUMxfSIgdXNlcmlkPSJ7RjhDQkE0NEQtQjJDMC00MDI4LUIyRTEtMDRGQzE1QzM3NDFGfSIgaW5zdGFsbHNvdXJjZT0ibGltaXRlZCIgcmVxdWVzdGlkPSJ7RThCQjNEMDYtOTkzRC00Njk2LUI5ODAtODhGNjVCRDA3NUIwfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjIiIHBoeXNtZW1vcnk9IjQiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0NC40NTI5IiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iMTI1IiBpc193aXA9IjAiIGlzX2luX2xvY2tkb3duX21vZGU9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtyNDUydDErazJUZ3EvSFh6anZGTkJSaG9wQldSOXNialh4cWVVREg5dVgwPSZxdW90OyIvPjxhcHAgYXBwaWQ9Ins4QTY5RDM0NS1ENTY0LTQ2M2MtQUZGMS1BNjlEOUU1MzBGOTZ9IiB2ZXJzaW9uPSIxMjMuMC42MzEyLjEyMyIgbmV4dHZlcnNpb249IiIgbGFuZz0iZW4iIGJyYW5kPSJHR0xTIiBjbGllbnQ9IiIgaW5zdGFsbGFnZT0iMiIgaW5zdGFsbGRhdGV0aW1lPSIxNzM4OTM1NTAwIiBvb2JlX2luc3RhbGxfdGltZT0iMTMzODM0MDgwNDYzMTQwMDAwIj48ZXZlbnQgZXZlbnR0eXBlPSIzMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMjE3OTg2MiIgc3lzdGVtX3VwdGltZV90aWNrcz0iNTI4NjY5ODczNiIvPjwvYXBwPjwvcmVxdWVzdD4
1⤵
- System Location Discovery: System Language Discovery
- System Network Configuration Discovery: Internet Connection Discovery
PID:3440

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5080

C:\Users\Admin\AppData\Local\Temp\208d2fb7-4b0e-4c04-95e4-466e1b1aac75_YouAreAnIdiot.zip.c75\YouAreAnIdiot.exe
"C:\Users\Admin\AppData\Local\Temp\208d2fb7-4b0e-4c04-95e4-466e1b1aac75_YouAreAnIdiot.zip.c75\YouAreAnIdiot.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:4484
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4484 -s 1196
  2⤵
  - Program crash
  PID:5844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 4484 -ip 4484
1⤵
PID:5824

C:\Users\Admin\AppData\Local\Temp\cfe02faa-af51-4f67-b70c-916ca3c6c21b_YouAreAnIdiot.zip.21b\YouAreAnIdiot.exe
"C:\Users\Admin\AppData\Local\Temp\cfe02faa-af51-4f67-b70c-916ca3c6c21b_YouAreAnIdiot.zip.21b\YouAreAnIdiot.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:5424
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 5424 -s 1204
  2⤵
  - Program crash
  PID:3572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 5424 -ip 5424
1⤵
PID:2584

C:\Users\Admin\AppData\Local\Temp\81923ce3-c035-41d4-8083-41a95d5c58bf_YouAreAnIdiot.zip.8bf\YouAreAnIdiot.exe
"C:\Users\Admin\AppData\Local\Temp\81923ce3-c035-41d4-8083-41a95d5c58bf_YouAreAnIdiot.zip.8bf\YouAreAnIdiot.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:4608
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4608 -s 1196
  2⤵
  - Program crash
  PID:5096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 4608 -ip 4608
1⤵
PID:6040

C:\Users\Admin\AppData\Local\Temp\ce9a3691-da9b-4694-b353-a5a6c8902a29_YouAreAnIdiot.zip.a29\YouAreAnIdiot.exe
"C:\Users\Admin\AppData\Local\Temp\ce9a3691-da9b-4694-b353-a5a6c8902a29_YouAreAnIdiot.zip.a29\YouAreAnIdiot.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:5180
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 5180 -s 1196
  2⤵
  - Program crash
  PID:3296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 5180 -ip 5180
1⤵
PID:1468

C:\Users\Admin\AppData\Local\Temp\6e94ec54-23ed-4af1-b8a9-4a7ac63cf277_InfinityCrypt.zip.277\[email protected]
"C:\Users\Admin\AppData\Local\Temp\6e94ec54-23ed-4af1-b8a9-4a7ac63cf277_InfinityCrypt.zip.277\[email protected]"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Checks processor information in registry
- Suspicious use of AdjustPrivilegeToken
PID:2900

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4968

C:\Windows\system32\WerFault.exe
"C:\Windows\system32\WerFault.exe" -k -lc PDCRevocation PDCRevocation-20250210-0953.dmp
1⤵
PID:2400

C:\Users\Admin\AppData\Local\Temp\c354f27f-a378-48e9-8cb3-2c08a48a1d44_Petya.A.zip.d44\[email protected]
"C:\Users\Admin\AppData\Local\Temp\c354f27f-a378-48e9-8cb3-2c08a48a1d44_Petya.A.zip.d44\[email protected]"
1⤵
- Writes to the Master Boot Record (MBR)
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:4328

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\icudtl.dat.A51EB58FDD84698725331105240345170F09DA7A128C4C261DBACA7FF17BA7B1

Filesize
16B

MD5
3f52b4f127c3e69907d4c0e752d95b3d

SHA1
5f0c498a68e48914af5df12851983d8e9725b7ff

SHA256
ddfca20f4648f5ffe0109cba82c3351e826e4c8b4a7e2e866480ad6ca2a0acde

SHA512
67fa6f6471e599e7bbe830023fede1cd9982bea923f4a5b451b443c4221d3fae50eaa211e91228dcc5a4c4860c2d2fde012b036026469fb892f0730475e54958

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_remove_18.svg.A51EB58FDD84698725331105240345170F09DA7A128C4C261DBACA7FF17BA7B1

Filesize
720B

MD5
1742572d6112baed623bf2dc9c8cb8ad

SHA1
54715ec08062ce500e9d63201dd9803cf3c5497f

SHA256
413f8f9ff89ee1f8d92b8c1aaa4534ca8e59c5d2dba95554b0285953d760e44e

SHA512
a515ec5e987f6e8399b635436c6b7e66dce22df788f061e10380ae236ad7af7dca3be4366c50d15339f7e2bc6873d6aa28cfc77b83171333b8cfec7d0c1677e5

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\images\example_icons.png.A51EB58FDD84698725331105240345170F09DA7A128C4C261DBACA7FF17BA7B1

Filesize
688B

MD5
f99205a1cc4adda2770af981ea8baf6a

SHA1
01d2eb31f202aaa09c51e19a14afc2893ad853c3

SHA256
b48bf0246526d4c2b000a078aa5ad5e8da414ce83b7d9971bff96a631f47d6eb

SHA512
d9f93497f323aa22760248e95302cf36d9649c2041018edc2b3dfde47c1a8d69eeca075403d2c0bfb8847f2a5fc5f6ddf80c717e080aef0458a19aed378edb6e

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\images\example_icons2x.png.A51EB58FDD84698725331105240345170F09DA7A128C4C261DBACA7FF17BA7B1

Filesize
1KB

MD5
402792a726410c5c3c154ac144cb83ae

SHA1
3bb2f793dd0024f94e8bcced4cc90acfd64564cb

SHA256
0e6380d5d673533080ae2321419963537b5664deeb5db907d9b4d879988fca81

SHA512
e6a28b37c84d7d9079acd739d1fd6502a7b4f800998857617ec42b41b67230c55f99613743405d279dfb6633ffc753c77455476a3205f735bb70f411999ac990

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon.png.A51EB58FDD84698725331105240345170F09DA7A128C4C261DBACA7FF17BA7B1

Filesize
448B

MD5
3ec01f43af45f5290ebb637037afc14d

SHA1
b18bbc79188e78daa87ed69798657ef8055ed972

SHA256
74c641f0d3dd33b5b004b8336181666b259bfa64f109083ba2ca312205efb82d

SHA512
bab7f8f6a691c2819b5957411a306f21b092c39a64545e9d968a0359a43d8504879d72af42b89dec02e73b017e6c733e16202f1486648a041d350a6cac9726d5

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_2x.png.A51EB58FDD84698725331105240345170F09DA7A128C4C261DBACA7FF17BA7B1

Filesize
624B

MD5
a406720b020c5f69920843a119f72163

SHA1
fb63f67f60912b2ffb417596bab14c31face57d5

SHA256
b5609315932ce7a0b108206053640c3ad394152cb306a5551f267a8168f7c503

SHA512
ab61e8b6eb1b52e343832fb12879fc86cdb049bedba5ce46cc2183b9637f40ab7cafdf598e4c3d2ce07fe2564b02b6cab3d9cac0388b77289f4e98f0bc069e9c

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_hover.png.A51EB58FDD84698725331105240345170F09DA7A128C4C261DBACA7FF17BA7B1

Filesize
400B

MD5
3a2be08c54d5dc0f95dd996299e9754d

SHA1
f174c6585fe11d841dd3a7215e7dfadebc503739

SHA256
c5d50882751c859499d5295fe7c8cf3c461c03ca9625db97600f64dce1ee39db

SHA512
9f58e07ba871133cf21dece5c762fa7db79c36ad0d70d82dbff0b6711c7295b4e44d3d72d514eb983f936de7deb8b3d83a4666bcacbffea52a6323f47bd54dc6

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_hover_2x.png.A51EB58FDD84698725331105240345170F09DA7A128C4C261DBACA7FF17BA7B1

Filesize
560B

MD5
770f79d60ca9f6a9a740349c65e56398

SHA1
1c9875bbf4027b11e02403834796902305a8e4b8

SHA256
f16f3864538d27f1c1b70c851244202840c7c70550e78aa363fe5692ebd6708e

SHA512
ba88e350e92c6a54047da883b5207e8371687c183b7c83313a646ff6ec538a9f75bf8a101b67dd54c98d20e9ae2bba6f692c15d7d789861eb69e4b5adf7407ba

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon.png.A51EB58FDD84698725331105240345170F09DA7A128C4C261DBACA7FF17BA7B1

Filesize
400B

MD5
3fd38f95bf3ec8d9d36b11dc40be809c

SHA1
c12807d416c00cc418210a62a1fa1529c348d468

SHA256
4a0eb84922beb1034053ef9e51c6ac8843f1b01a8cda60e2b203e7e16098df2d

SHA512
8a479c2df7e8f7b53af321861d610193665a385af3125ad0901d95cba4a650c408761609ec2015a4740f5304c401a84d685be69fa6a11bd0b285f38ca09ff274

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png.A51EB58FDD84698725331105240345170F09DA7A128C4C261DBACA7FF17BA7B1

Filesize
560B

MD5
537df6c7af917e8b482a67f022888782

SHA1
570458cc925f880e2b7de3f1257a2d2c0059b863

SHA256
df73a8fe83ca8ac47dfee7801ceba1c87aab7484980e4f9891c29595a233c0a3

SHA512
74286c7cacf5292b2e47773ae4d86197172b72cdf3cbe1ae42e47a132d9458378db8ba0cf6e3ba5642dacafdec686337a3f03cbf27185fcade9725d49fd258c9

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png.A51EB58FDD84698725331105240345170F09DA7A128C4C261DBACA7FF17BA7B1

Filesize
400B

MD5
c508840676eacae3f9589c05f47cef02

SHA1
5f2aac7812d930d5680cedf267ccbee756e99d1d

SHA256
119cdc20bf01b3cd61d11285c2ba29885d0b5ff05dfa5cd9c15b700062cb19b8

SHA512
481d362776aea76f40d7437f8cc1ef9778ba1f3ca41187550ccd6de8e5dc1808a4d78b144fba8a2c653b772e25f906db97e9ba05e4775ae554c4b436a156911c

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png.A51EB58FDD84698725331105240345170F09DA7A128C4C261DBACA7FF17BA7B1

Filesize
560B

MD5
e4d0ed774fd3f92b5305e9f187fe5a02

SHA1
18f42480623c7ea28aff64a02651e2e979520800

SHA256
bee1e7c381a704b8b38627afeb2b4f0ea0ec939e5c9b66465963079bd038beda

SHA512
6648087ac0cf29173c2aa0bb7f5bf431e42befd341a8cb200c6171dfa40065bce31b98998d740cdbc09175f4cc308b164475db535cd8ee74abac90c477c801b4

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\icons.png.A51EB58FDD84698725331105240345170F09DA7A128C4C261DBACA7FF17BA7B1

Filesize
7KB

MD5
5d056352688f5a7845e218e8cda8ffba

SHA1
921f8ff5f1e68b239ee31e519b4013c49075b359

SHA256
a89a9a69fd2d8787461e38f125566691c8d86f539b61085362ddc27c4d9dd597

SHA512
8f2a20de685ed0b9a5a2a299920e39d78315bbd332da779ed8cf73036fa02758fc60d4f951b06f998d6a729c8a07a46058b9f677a42007b38aed112510d7308b

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\icons_ie8.gif.A51EB58FDD84698725331105240345170F09DA7A128C4C261DBACA7FF17BA7B1

Filesize
7KB

MD5
ceb6cc905b68ca4d3edb65d9386432f4

SHA1
e63f0f926b18986b2554bdbfea10c81736c033ec

SHA256
7fe862df4e58daddb34be075563f31fe258a2852322f26ee334d1b13d6f44703

SHA512
ae65d353f4e47834f81345b3c895bb1f7f8ce98e5a946a512fddfc6dc022eb9be2549ad807386533f10a269e4556726d7e4ab6d15ba2c979134e70d1f0156c04

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\icons_retina.png.A51EB58FDD84698725331105240345170F09DA7A128C4C261DBACA7FF17BA7B1

Filesize
15KB

MD5
f7191901edbbb68c0e7bf53ac78c0b0c

SHA1
86f80917c76dd96f61f8ae52c620d01a0ff2c478

SHA256
78aeb729e62b0ccf06aa36737ddf887dc947db8856c7ffe226da887a937bf61f

SHA512
03a763b70979c864a94b37dc4c75c7ee0fae190e765b5c0c42254a0a9cbb5426351d397e022d0b7b45d182073efc711d06240d647b2129e6c8dd78d143095d57

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\new_icons.png.A51EB58FDD84698725331105240345170F09DA7A128C4C261DBACA7FF17BA7B1

Filesize
8KB

MD5
00ac1a6c4d86f9c15f00fb74a217ca7c

SHA1
c9dd9cc0003cc2f867a677b31745b34d64c487ed

SHA256
2d4c59fa7a65cbc3c615ddb9b0015bd1d8ed9beb843713fe73ba913dabf45e3f

SHA512
a3dd88b009df8d37a146715ed53a3662f81ea2e2962c131b3530f2c9ac201394694e2e2368fbf8057fa3d8c05586506d26e6a8e8d6f9fb172eddf7568c08db09

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\new_icons_retina.png.A51EB58FDD84698725331105240345170F09DA7A128C4C261DBACA7FF17BA7B1

Filesize
17KB

MD5
b6db9b32bf55caa44ec0167b5b9fbeca

SHA1
b5d3801d02d6f86712990ca3dfc0af409233094e

SHA256
8a69d0270f556023fa8c97b1569fbf8eeaefbd8747dbf76624d02bb16778d195

SHA512
62eb8ca21466025029f218adab7ae3073989c033c676a26cfa8f731a0447081b43615022e927cef46237dbdbdad7b33b3581d92a807f87cb4cf6ca25434f5c19

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\bg_pattern_RHP.png.A51EB58FDD84698725331105240345170F09DA7A128C4C261DBACA7FF17BA7B1

Filesize
192B

MD5
2e1e0cc155bfee576edb5d82315fbf16

SHA1
016e56bca37aa68ebf24ffed005ed39c701d101b

SHA256
48d50edd7b0413bc2f9b8ceaa1e0351a4d94055884262a852876cd88720e210c

SHA512
1aecd70b052039a4e679b7d00b1cb63982cd92aaf9d845ed5baf18265f1caa4dd353c687fb713ca65c3852071bc5f7104809fca391ce24a800e5fa07108e225b

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\bg_patterns_header.png.A51EB58FDD84698725331105240345170F09DA7A128C4C261DBACA7FF17BA7B1

Filesize
704B

MD5
f83ffe0068b64c1711f7a951ae1fb2f6

SHA1
d861e6f7475e08e4b936a672b5998f92e7c2e20e

SHA256
51a43db09d165e26b7786c380489262b0164b9bd6fb3510381e899abc3a7bbfa

SHA512
436b334d76fdbc5a275ad693508d60b4ddb90e3f8cfa3e2ac539c32c1ff72463e74a51e03cd5cc8f1ec4f4da6c62aabfbd1e7cf538718110c174b80a67408e66

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\illustrations.png.A51EB58FDD84698725331105240345170F09DA7A128C4C261DBACA7FF17BA7B1

Filesize
8KB

MD5
71fa8104f76f67aadda93b93c4defb84

SHA1
f9dd9f3c2ac59108c18ee2cc08aa8dcca0f52213

SHA256
a13b49e8dc37d0bd147a6f5da7bf095cdc472e0da80afee7bf70ed70835c5f9d

SHA512
8ab6dcd18cd3b752ea04fd6f4f8bc728c9f399b5db7b4a4bed9e2e07d85a8e1456c53243376f61986db734480c7bd4b2b11afe2e9793c4e211e8739ea1c88fa0

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\illustrations_retina.png.A51EB58FDD84698725331105240345170F09DA7A128C4C261DBACA7FF17BA7B1

Filesize
19KB

MD5
b858a8785ede57744dbe89c1b4cd8b1b

SHA1
dd90a99cb64553902438abfe8aece7d503687a6c

SHA256
a83e030fcfe0af810f7edcb6e914d5a4c23a2f325c53a7e2396bc20d87c32b34

SHA512
c06563c74820ba4f6f40a89ff1595048061bc5c6a0d91a0e0d1548761168693a853f29cacc7fe3d0fb99d90e8d38ba768267b69dab14857ee23dfffafded3bbc

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\en-gb\ui-strings.js.A51EB58FDD84698725331105240345170F09DA7A128C4C261DBACA7FF17BA7B1

Filesize
832B

MD5
28ea3983cf5405f883f778658b859eb3

SHA1
58a06d69a7f70b41a2d4677b8443ab9fe7aff7f3

SHA256
c27786ba141719cfa7403fa06c71c929e75570f1291e44d0a70f911806e9033e

SHA512
1d0890934fac99658306adb5b79b8ccf560777ff05f91e84777ce3df0702e948bbd9ef723b0244f6e300b5f743a49d4522d579148cf771147b6d276fb9354c7c

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\ui-strings.js.A51EB58FDD84698725331105240345170F09DA7A128C4C261DBACA7FF17BA7B1

Filesize
1KB

MD5
e74a6a6d2732864fb6bdba29ac292c4a

SHA1
b0c7977c5e8c1cf0ffc2a70830e8b23df27e2264

SHA256
5461ce2b9d95e05fdd39bc8d42eb93beaf0ddcf10216215078c9c92199c8e5e1

SHA512
2fad76c02aa386948f618a06e693f8474b174ed487ffd61197175709847cc083755f0dc8c99cd39829210b16c46831e0d5afdd89478b9a065e347d15b21a4893

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\ui-strings.js.A51EB58FDD84698725331105240345170F09DA7A128C4C261DBACA7FF17BA7B1

Filesize
1KB

MD5
5acdb812c0ea7dc46b1f9fac09db5335

SHA1
1d6e15477819a4234edfbcca1ee67b26363d0725

SHA256
08ea17ccdd5ba64466f5a7d3188699e00d4e82f9ed9b3d71b5049173930566d4

SHA512
369d7101c42c74dd300e8a6e81cfea56e2941b5bd20fde14ee6b2d1d98e75b2df087c5993bf465e0b87895bcf0f74ebfc85c11e2a06a691bb3d2403698e38dee

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\task-handler\css\main.css.A51EB58FDD84698725331105240345170F09DA7A128C4C261DBACA7FF17BA7B1

Filesize
816B

MD5
6e1915e2785059492c2b1da505762d0d

SHA1
221910239db76450b1ee2e926eefcce4ab3e0d89

SHA256
2ef689b36e2af1ea9363e988262e1746b63ecb8fd170ef5c013063423af3b8a7

SHA512
2a0bf77f23b2d32df7b1c2216e01660b5e8625255c8ff421756e5d603825d63424f47002cba7246a0e4b0e9f2b34465d316322c0428a1d5a3b16f5e363f529de

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\bun.png.A51EB58FDD84698725331105240345170F09DA7A128C4C261DBACA7FF17BA7B1

Filesize
2KB

MD5
fc73ee2a5f336047c7122c2a33656a64

SHA1
d21c5a28e485e09bf1a33c0c50916ce1bfd63d5d

SHA256
0e9e76e5f5af70054b62575021781f19e383cae3b5dd1b838ffc8c571a2930d5

SHA512
5d7a11edb0d51fcaab33beecf91e17aa58295bba3aaa87340a2c660f85834678668d75446cb61f34b8765bc4fa0eba5663366fe8c9509a05004842ccdc7c3010

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\cstm_brand_preview.png.A51EB58FDD84698725331105240345170F09DA7A128C4C261DBACA7FF17BA7B1

Filesize
2KB

MD5
368ac3df2330c3f9abce796192154631

SHA1
a9b36a70c89882836ded3ec0e11c51e3ed0b0173

SHA256
0fc80e587e34c7e5dfddc4ebb1c95a03e9912f3933d9767502ac9838235e471c

SHA512
49eeae07780673aadced575254acb7156f81fa9abdf31aba67a1f4eb13402610869405351493a6c3dc79594e1a39879eddf7082f50c189d6723811bc3beefbab

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\cstm_brand_preview2x.png.A51EB58FDD84698725331105240345170F09DA7A128C4C261DBACA7FF17BA7B1

Filesize
4KB

MD5
8d05dbd5d3536e80113bf289ab159385

SHA1
d046ab3b8f1018f17e8faabc7564c19d360d5593

SHA256
9b7e25010a15cbe54a04c563161cc58632825027e7403b97ce94fdb7891324d6

SHA512
94b77d6b3bc3caacd7aa486252595e3eff4c7fed18f7d6683f6223930f381b7b0085a8b2ec0dc13b1873c2628cc15c01fc7118ca7c8935eeae71048685d7f66b

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\dd_arrow_small.png.A51EB58FDD84698725331105240345170F09DA7A128C4C261DBACA7FF17BA7B1

Filesize
304B

MD5
1502736c35756afd5a128b9dd56aa99f

SHA1
6d266da72b48241d51c2c8896beb3dbe0e1ae427

SHA256
38c7fb299ca3097c99f2b563f2281a709602f29b070bdc161abfc5ec56f5ffdd

SHA512
1e3285939888a444a5ff7301b1d22bfbda96211d001e0a0f1d68bcc78589c84408e3d77c3c82bc3e37af9c37d50b8311f9c4b0674cd64d3e1c076f3ca0bb5e6a

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\dd_arrow_small2x.png.A51EB58FDD84698725331105240345170F09DA7A128C4C261DBACA7FF17BA7B1

Filesize
400B

MD5
54485a44a8fcd48a4a0b59d80051c85b

SHA1
890c3662be6ba749752e00dfc18f9333483bc552

SHA256
15af104032c5115c02ed1d691ccde6a23745573da254e128f5ec78bf471d8fa1

SHA512
03f6c6274cc7e63bdbc64c20bfdae91a4e0b6b025ad334376ae9c65523b4a4273a335f5c62001c3c2957a9134ad9c3fe78ab989f142706aa122a94466654c567

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\nub.png.A51EB58FDD84698725331105240345170F09DA7A128C4C261DBACA7FF17BA7B1

Filesize
1008B

MD5
6112dc099bf0124ce52e9bfd194f21d8

SHA1
53056d18b5b19389fe95c977f9335dff9d0a70ff

SHA256
a126446d6d45330410919e19037ba3946038233a74b0fa18797d38dd7ac6299e

SHA512
22c4678327451f72a0cb1a5427d3a318c8bf002fd10d67ffc06799c01bcbc6e04a2b93e4857eb22ad19531903c760d33d8ca7633aa39710feabc77456cc01605

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\share_icons.png.A51EB58FDD84698725331105240345170F09DA7A128C4C261DBACA7FF17BA7B1

Filesize
1KB

MD5
256e716cd43b15c4b2d0d519b25f82f8

SHA1
c9688b50126ed0fb3b8d9d568ef6f06a80555cc3

SHA256
40e4e8bf4c0d0c103c7cf1e29a22c2a03c5ac4af16e2f6fdbdd998ef0f475f0e

SHA512
12e338ab469237f3eb6f5475fba4f25aea75b56662e6d152ae6c96e7960574f94e529e7a71fbff6edf5acd4c4006a427f0e22f7e035c4f34b283a92dce439fed

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\share_icons2x.png.A51EB58FDD84698725331105240345170F09DA7A128C4C261DBACA7FF17BA7B1

Filesize
2KB

MD5
3b070282cb64a058ae2b7ff722c51e31

SHA1
bae58ec62d798b9e24f913855eaa6a1c67277218

SHA256
77f68ccba624b49ff35a9231367996422031c3f223cba478f7e673c97ae3d6c9

SHA512
1bfc644842d13d22575085975ae28d01c414a892e93616107072845657f8b03dd310a787080c48add8e7f68c41ed142a0bc0b10d3f25ddd3b97ae9eab09cf255

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\nl-nl\ui-strings.js.A51EB58FDD84698725331105240345170F09DA7A128C4C261DBACA7FF17BA7B1

Filesize
848B

MD5
2dafc4b09e0ee4201677085ddae55cb6

SHA1
1f2002e0357df9ae03e5e0476296219f4971cae9

SHA256
e86a526bb9f0cd0e1fa1c68840ce3a1c20ef2c0b8b6830dae228fdb9e3a41ede

SHA512
19dee1a913ffa0acb33c264c62a83c6d1540009beece6a6cbb89d2fb8f8bf2e345cdea121ffa492e3d746e5647efabdc05875321ea643a1ea3d8ea507f026539

Download Submit
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_US_POSIX.txt.A51EB58FDD84698725331105240345170F09DA7A128C4C261DBACA7FF17BA7B1

Filesize
32KB

MD5
448b09c3ec1158905b1d33b3102105ca

SHA1
0629be9459ac9372e951557df03b831e7f174aef

SHA256
28b9d629504eac7c07cb2b0a92be0a158e5e20edd62e7eb3d89051115a0772e8

SHA512
258d391f1a4897fefc0e145b1b883b88ee5da754b6498917a0cf4d88fd86fb15b8aff809dca79b2a828dab58583fdd2914896f6771b757ee633e18e3989dd11f

Download Submit
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\ResiliencyLinks\identity_proxy\win10\identity_helper.Sparse.Beta.msix.DATA.A51EB58FDD84698725331105240345170F09DA7A128C4C261DBACA7FF17BA7B1

Filesize
53KB

MD5
94af57bdcebec12725b353eed6ccab3b

SHA1
7207ef47bcd99c4d8f12e86ba5076f01578b2b49

SHA256
97368151c443cdc82528d0ffa2d3c37b524464239e9d52b974c6c1c9b0f36ff6

SHA512
2475e16cc5d5177234ad79da761cb74986950e96f645f86977f2a34167be340446cfb52daf21eb67d518b2eae976b01a82b12c69f7fd7c7dd281121572b8f254

Download Submit
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\ResiliencyLinks\identity_proxy\win10\identity_helper.Sparse.Canary.msix.DATA.A51EB58FDD84698725331105240345170F09DA7A128C4C261DBACA7FF17BA7B1

Filesize
53KB

MD5
385bb7ee750ed36bf233310c2ef44d8b

SHA1
0814e64055d080e03d9fa43f449025cbb2c76fe5

SHA256
2887c6ed677264d864bd1a2a93522ed0f48d97241b5b3ecedf92be0f7e2a4ed2

SHA512
23cc9779580bbe98e54fc629f23254dfe4174460d20245d9955a4bebc6ac470d5c55d853873342a95ce560ba11b68284c434ba856c7cd8a38f0443e1c46a5bfc

Download Submit
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\ResiliencyLinks\identity_proxy\win10\identity_helper.Sparse.Dev.msix.DATA.A51EB58FDD84698725331105240345170F09DA7A128C4C261DBACA7FF17BA7B1

Filesize
52KB

MD5
b7f1c08015c21be743695a7b8eadbd32

SHA1
adfbda567207890f798802b9583474add0615a07

SHA256
c3c184ee1575b4680b709b2ab8b1e3dee96ce2c8df81824636e0e70c630d7185

SHA512
2d9a76ac230b6c5c9ea6656a4ad98f8294706a2ed9dbea1cccd45e9838785b8fc2f38eeb65dc14f183e2098a7b2e58c2a31615d44def1f7b6da7f53a2ad6b9c2

Download Submit
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\identity_proxy\win10\identity_helper.Sparse.Internal.msix.A51EB58FDD84698725331105240345170F09DA7A128C4C261DBACA7FF17BA7B1

Filesize
56KB

MD5
8f679e6566cb14add8e59f694857d258

SHA1
8886e09c0c4b000686e4ea175909ec8ec2a6f2b7

SHA256
cf2f6a81d731a9816b67040928cafec2a6fd7a28dd04eba395b0222cda620d00

SHA512
1f60bbab2892a1c58c0ad015e9b33815d4fc41a00ad367232b4e73747e8f6d89c2ea693b466e5d781c718cde43ac168ad19cd671ba98d03a3f820ee242da2a95

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1977cc535a7944487f1e9e38e2f933b4

SHA1
b146e9f8df12a9d50247e97f1f9d2fb58cc0d133

SHA256
09ca3145ee4478184a8c8301b04c95ca96aa905e268470e63a19aaa3108bdf8e

SHA512
6f17ca2fceff0493bb4bf110b2922e70fbb7f46017420e702135cb0fa601ee63a1bebb6a3db2a9af8b34dcd0c41f784bcec03c8b2a36021db5df0b3dacc1fc91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023

Filesize
48KB

MD5
e6bdbbafd0db1e54b799923805de6865

SHA1
0259693673f1bf6df5b4d22cbdc5f3766b49fadb

SHA256
24333b9966c121cc45c599066ac4ef5956d97ee7f42c6b36df0eda88a66312f2

SHA512
05f3944d17757a7b41c8e66d750074f92828e29a0ccf13c91d9a3678c6156f0cb7753a2837352a69ba9508768eac6d4e18c8b91df3aa863aa049b43fe102a949

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000025

Filesize
366KB

MD5
e6940bda64389c1fa2ae8e1727abe131

SHA1
1568647e5acd7835321d847024df3ffdf629e547

SHA256
eef5dd06cf622fb43ea42872bc616d956de98a3335861af84d35dbaf2ab32699

SHA512
91c07e84e5188336464ae9939bfc974d26b0c55d19542527bdcd3e9cac56d8c07655dc921acaa487ed993977a22a0f128dc3c6111273273ff1f637b20bb56fb6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000026

Filesize
70KB

MD5
3b06aa689e8bf1aed00d923a55cfdd49

SHA1
ca186701396ba24d747438e6de95397ed5014361

SHA256
cd1569510154d7fa83732ccf69e41e833421f4e5ec7f70a5353ad07940ec445c

SHA512
0422b94ec68439a172281605264dede7b987804b3acfdeeb86ca7b12249e0bd90e8e625f9549a9635165034b089d59861260bedf7676f9fa68c5b332123035ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000027

Filesize
25KB

MD5
e580283a2015072bac6b880355fe117e

SHA1
0c0f3ca89e1a9da80cd5f536130ce5da3ad64bfe

SHA256
be8b1b612f207b673b1b031a7c67f8e2421d57a305bebf11d94f1c6e47d569ee

SHA512
65903ba8657d145cc3bbe37f5688b803ee03dd8ff8da23b587f64acaa793eaea52fcb6e8c0ec5032e0e3a2faacc917406ada179706182ce757d1c02979986dd6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002d

Filesize
38KB

MD5
adf2df4a8072227a229a3f8cf81dc9df

SHA1
48b588df27e0a83fa3c56d97d68700170a58bd36

SHA256
2fd56ac4d62fec83843c83054e5548834a19001c077cdb224901237f2e2c0e4c

SHA512
d18ffc9a41157ea96014a503640b3a2a3931f578293e88cc05aa61c8223221d948c05637875d8e3ee5847b6a99341ea22b6a1aee67c170e27bde5e154cf1b9ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002e

Filesize
20KB

MD5
4fd1024ba54efb125f870f5acc18ec1d

SHA1
d4ae8aa359736de6a3866415156806231316c71f

SHA256
ebac279b7a5132a42efe07edbd0f0217478d57124ff21365ef01d33a343e2f36

SHA512
e39cc9701a77b9ee2b532096ea703c751fde9d31c7a3c6f1a2bb0fa54e480009fd31d1aafeb160a8f3bfee330172ded2e3061a9ba82a95e039e5d54916343903

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002f

Filesize
37KB

MD5
4c0a7d97898d984078239033559269d2

SHA1
a3633dfc9744c790606ac243ee52207b826c1e9e

SHA256
189d8dac5d80bb54dcb1b9054233e3d64c90017af89d3290eacb67089b50fbb0

SHA512
be19c6b55b37907f7864f8efd855590354d49050250d77e5d7057895b7517ef89243e7529ad8efd596988d19481c753bda06dca5e4bee582fce49a4bb096ae6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000030

Filesize
21KB

MD5
38a759878edd6734647e9cd996017d90

SHA1
196bc2d58c375a19cd5bb30afed86775d5c88842

SHA256
405513788623c259826d8340da7c0dfe462a4907df13fb9e68ff6144bff4c938

SHA512
8439ca471004ad93669750d59d029675b10c112e15a2666cd5995843c36a3b3475f9dfb36e06ee47e7befcde5fe66cd58f35fd8a6bbdd0a02d5c5cb0ff6eafc8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000031

Filesize
26KB

MD5
525579bebb76f28a5731e8606e80014c

SHA1
73b822370d96e8420a4cdeef1c40ed78a847d8b4

SHA256
f38998984e6b19271846322441f439e231836622e746a2f6577a8848e5eed503

SHA512
18219147fca7306220b6e8231ff85ebeb409c5cc512adff65c04437d0f99582751ccb24b531bbedf21f981c6955c044074a4405702c3a4fae3b9bf435018cc1a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000032

Filesize
18KB

MD5
8bd66dfc42a1353c5e996cd88dc1501f

SHA1
dc779a25ab37913f3198eb6f8c4d89e2a05635a6

SHA256
ef8772f5b2cf54057e1cfb7cb2e61f09cbd20db5ee307133caf517831a5df839

SHA512
203a46b2d09da788614b86480d81769011c7d42e833fa33a19e99c86a987a3bd8755b89906b9fd0497a80a5cf27f1c5e795a66fe3d1c4a921667ec745ccf22f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000033

Filesize
18KB

MD5
df5df05b063c584376d235fa678175ec

SHA1
a38b234dfbddf38a915f6e3e80123d2acfadbdaa

SHA256
13abafa660e5d4cc56de010f88b1ebf8fc39ec77b1dfdffa28caec59f15ef71d

SHA512
bfaffa447e3e84e32cb4665ad75c4d8ea71bbe9b2229d645fbe41961b5503de67498ec5b107d6368aeea9366c185bc04d31100fa920ca4673633baf679ab6116

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000034

Filesize
58KB

MD5
516211116c71c1795552808ce4eb07d4

SHA1
c602df6e9af1441d0131c7000f31e5b7eaa8dd8e

SHA256
812bfe89ce42e422ddbe49e9bbceb40757c32e1f7d6b055f22cda61f8bcc5e23

SHA512
fd35c6b94274866d1c500eb65669149723afd0fcfb4a1b6276a53ca19f0533d78d0ac78cd6ba23d47ddb32e8099d2660091ea2945a74b5645e42d07725b03354

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000035

Filesize
43KB

MD5
0338716dd36e4b9abb83d5b4c03e6f0e

SHA1
647fddd00cedfe248c5df23285b66fcbfc5b9635

SHA256
16c7ef93c2100659e37dae54fa67d2fc35875dfd00acfcf1795b65dbfd3496bb

SHA512
fe6621739d990c32dfaad032a2cc31d5fd8fd52ff3ac7c9281b6f33e762189c859109146cb60384604a216384eee4426a316308831eb3efbdeb467e807df8003

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000036

Filesize
108KB

MD5
d78913ec94c74c8f7b9917ea8d8e7c5f

SHA1
b75dc5cf1fbcd90c59adaeb0a66bed203fa17a46

SHA256
0fc8cd712751d7f0704be9138524456fb825a6beb4f13e08ff5feec14b482d86

SHA512
d17d858361f6e763c2b473fd1271a1cc605d546e456e428f90e0bfd649ba3da38c7097953064fc4e03b5349b4c8804b84fb2425cf4a62b9950e7be9f1bab123d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000037

Filesize
55KB

MD5
c649e6cc75cd77864686cfd918842a19

SHA1
86ee00041481009c794cd3ae0e8784df6432e5ec

SHA256
f451a4a37826390ab4ea966706292ee7dd41039d1bedc882cbc8392734535393

SHA512
e9e779870071fe309bbde9b6a278d9627c7f2402b55ac4c0a48c65b1de5172cf9dad2992f8619d7e7aaf978e6ccd607620de88554aa963f3d45501913ed49f64

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000038

Filesize
87KB

MD5
65b0f915e780d51aa0bca6313a034f32

SHA1
3dd3659cfd5d3fe3adc95e447a0d23c214a3f580

SHA256
27f0d8282b7347ae6cd6d5a980d70020b68cace0fbe53ad32048f314a86d4f16

SHA512
e5af841fd4266710d181a114a10585428c1572eb0cd4538be765f9f76019a1f3ea20e594a7ee384d219a30a1d958c482f5b1920551235941eec1bcacd01e4b6f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000039

Filesize
16KB

MD5
dde035d148d344c412bd7ba8016cf9c6

SHA1
fb923138d1cde1f7876d03ca9d30d1accbcf6f34

SHA256
bcff459088f46809fba3c1d46ee97b79675c44f589293d1d661192cf41c05da9

SHA512
87843b8eb37be13e746eb05583441cb4a6e16c3d199788c457672e29fdadc501fc25245095b73cf7712e611f5ff40b37e27fca5ec3fa9eb26d94c546af8b2bc0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003a

Filesize
16KB

MD5
a1a77f1e7fde49637871f656eed991d8

SHA1
c7b45cc7d8f5fb4a06149a6f072bd20b353e39af

SHA256
6bfdebc1fee36f64be7083588e759977369566142c5469fcf655c80bbf2b47c6

SHA512
909d440931707dc21904f926c9b4eb1e75890e1c7d313156caf10cf54d07a03daa38661a0d1ae1b19f75a827e9a5e7e6be9a607629e444745c9cf09fdc91de86

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003b

Filesize
17KB

MD5
401e03bf29a7adf09385096f522db8da

SHA1
bc499d48fc3e7a78db89e4a37a1b86efe29205f9

SHA256
b38ba3abf9185e5d4542499c2160b6b175743cf801d3100478aa57f5772ab8ea

SHA512
436ca6726c00a0053dd0fcf4fba8b0e57eda3ac491833b214967e092583a48aabf68d5a8b37ebc7e409134a5ae47a196ae2ccbbd333de2dc2d83511ab6634b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003c

Filesize
16KB

MD5
bf617fa09f98c0795e739283c270fa57

SHA1
9932a46708408e41f1a32f04a2ca0eedf66645d1

SHA256
0af924fb05a6812f03d429027b1f79f478b5874223a53108f6cc18e836136241

SHA512
20b7092b688fdb209a7ee13f53f674f1f8c8041c895f56f98a43d3579f7fc2588da0b02992d845946a1cfbf87e41f965928b0053ebc3bd07c9a6a404e7594fd0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000073

Filesize
128KB

MD5
1559522c34054e5144fe68ee98c29e61

SHA1
ff80eeb6bcf4498c9ff38c252be2726e65c10c34

SHA256
e99651aa5c5dcf9128adc8da685f1295b959f640a173098d07018b030d529509

SHA512
6dab1f391ab1bea12b799fcfb56d70cfbdbde05ad350b53fcb782418495fad1c275fe1a40f9edd238473c3d532b4d87948bddd140e5912f14aff4293be6e4b4c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\479a45e1e8222253_0

Filesize
1KB

MD5
44a2a9fb9a0f4847bc20159b6f898009

SHA1
a731369a11e01b21b46bef5838cba03f83140d90

SHA256
e2fc2eddca5a0b35be0eaf85f388bc65629b54de0dcc58883e92a5405bb6ad2e

SHA512
8b9a335947d046bd0566e120d76e67b0fb05f91192fd263c49bf1189ba6290ae14ce42b16c8c3a791bff1f4e4477fae4668b2c27e4597976fa331b1ff59c036b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
3KB

MD5
fc3ba12d88e5ebd825350725bfc5811e

SHA1
6ba120bd4c13cbee7afb63ea7d9a391e848a3ec9

SHA256
cea795b8bba770ab8d65d3ab3d034255a7d7d4c76fd58aabbb15c07e7bab5ba1

SHA512
1ed8d89009e27e1cefc7fc01759a5cd497bd8c8344f7ae1f4c922d80b978d1bfc144e1f0bf64ff368c9b5e095d5b4e79d407231f6ab6b2c5bacb6671c49fbcc7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
3KB

MD5
52ed423f76b9a72906d4801d175eba77

SHA1
96b7e4654d87e49be5bc6e1f897a249a51e0718b

SHA256
d6930bb8d6392d992cb953867a415c8628ca028d7b5c0791ee55e3ef11c89f26

SHA512
c0abce3569d67c26bf86033c3ffae4396713348163e2d0f3f5cbe476e58c4cbc4e6536e34e0cd53f8e5f067a84054bf95bc6ccb9a35b7e6df9fe2043401243fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
822bdd98acaa449cb956cf549c986ef0

SHA1
908680188c55aed7b20aa91033274aed09689e7e

SHA256
e38bf82523cd35a778f11de7a958e64e05f18f5050fdb083b16f2110aed4b517

SHA512
e72c1eca8faa58c0b0ab2e41f32e8d3b59f9f601f80ca4cb4203b316ded579542ffe3c70938821a01efd1a57b1f1ea9cee6d44d1db73554eb49db8e4608c1a43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
384B

MD5
24bee376a9f7a671796179258fa49c38

SHA1
dfebd1fe0be81f3e60efa22c39d7279e85012b09

SHA256
a0149f4de086a86633475c21a319a13ae0bc1be851ca81e2903973dd13b8ebb5

SHA512
fcad0a57125b981eb7897d8a6773248fd4dc31686825068edf37088cc133ea96f4c6b94fcb9ec92621738820b1d42ac9d23922342866f800bf2d5851cf7b6d4b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
886d33e52a86bb0e73ada6ea803cb7bb

SHA1
d7aba2a7a0a0a670da1b7b5a7219242eba3402bb

SHA256
53a1e7fdd84b29156f26a1c9f5037f3bcd900cd73dac6443e62a21fa03637790

SHA512
b58379715be5ec5b63c27ea5c2ac4ec60335bf411680ee88940a92e6f092efcbe31fae5bf1ce4002a34805271bbfd94d79a91a10ac2dc728de448b958effb3a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
7d8686fe0e037ca46951d1c0138c8ca5

SHA1
594c10c3736f806f7ccabaf7e61aa5fce3c12dfe

SHA256
20a12143897e31ee2136d63b61939a23b346f61b9506f6c2b2b227ff7317916f

SHA512
d6db49b0479594d55a96ebf0bce608bda4e4da73b786e427172412ed47a6c0b02395e4ffa73209657adb32ef5226bbc0770072fac9edebab9328dec722e500b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
dbe204200a397ae0e779477875544c2d

SHA1
02000dd78e8c48e70c4ac0748c0d3d6a995debed

SHA256
07c6229fdca3aa6bb492f181153580db5493ce938963bfcfab3835153b5c58ed

SHA512
3b1e9f9daa093c9b0833a50fc9c5149452545e044f71baea6dc14f63abd4eabb1739e356e7de81654fb3f7487948e187fc96c00742a910f5c900300c761f548e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
5cb6c352780fc69ae85cf22302d77200

SHA1
e65d6b6a890beed8d932877f9a1364aa43108609

SHA256
e696a098c5a3cc9a2c010e84ffae21b9c699f9bc2c0ee5ac420e7ea0f4b66516

SHA512
8bd79b375432fb85338cc7a24bf4627d263f320230b10f69cd3d9d85b96f5967c5fdcb1dc558882dd1e6e9e186f0cc8373f33db651dc6afa77d8ffd98270cfe8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
5ef8c8aac46cbce8d782f78e3c12022b

SHA1
8c9a6ed31a5ec98215dfbf6334ec6c226c36e8c7

SHA256
5ab55ad71fc5f99ab975bcb27340659645812cec37f9cf42dbdf5770b4333c2a

SHA512
ef9d7903ba35c2a42e748357546e62a4b3d6adb1ae255f4d7ef5d0c9e0ba3738f654f5f6211711f65f566ebec8bd3737b6d221ef6330bcbe1bcb319bf14fb8ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
061c5e70f939f02742e40008a33c5555

SHA1
af36d7d8d9eb12df388128ec68c1586f5b366751

SHA256
b1a352401ba291bfc258b1a00a062c35797774b54b2493aa4c588a494db6ca58

SHA512
8d0130e5b14033888f0aa774ed65f6172e395697d9ccec2db973a63f3e0a6008f28b13ac4265819392a8e9aaaed030dc9ff5180d3772e8f2b13e3f009acf54ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
c0bef98a310769aec0aa316889f77d3b

SHA1
5ac6234ce30c46e315ae6620b60d34646b9bcce7

SHA256
8f8bb27402a65805d9743ba9aca11e2c3326a7f3e451ce3291334064235dd807

SHA512
c4d1c772c8e1ce73015a33fff381bd210fea83b54f65f5625ec2ec2ccc5256154aa0d43c475856cf2ad016bd01eabad931f42c0f4f9c34ec469ad1cca96d7c2e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
0a241110c2da69be2f14bbcf61c72f20

SHA1
ce6cfb6490ed2f3b9bc6ff39f78d784a46feee40

SHA256
69a0b47413b329c5fd78cb2fc89107bdc26ad2cc4b21146770c1ba1e48a056c2

SHA512
50d879db66c834a3101bd6906de93fd1dfa9219ae4ba499a5f4b81cd28e8b621c3de35d264f37246180c643b449bca795d151352ce1a11b2e4eac56b4f65e6c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c88328c08c039de2c37cfee442cb0525

SHA1
d80829c4076c733fe1ae0fca7bd005cb0268419d

SHA256
7336f4828ba7189f2a921162077d6f63190e457a5d49cceb51ae3ec696f7b2aa

SHA512
5eb10100eb3b0a43834661bbac19e6ce4e5c1f79d5d1dcf5621279518fbff24876cdecec872ef08d51404d2d69beb6d8d58a6e55629f681c47330fffafce7c2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
b72e7e481491be73781eee520ef5d2de

SHA1
1c682476341c414217f729bcb93544bca6c156de

SHA256
fed73cf31cb951d3288c005d3f5706161e9a492b5ea706329c22cb94b1a1fea3

SHA512
ed6e1d62bf6b104434aca81010a5cf5b93b230103da288e30f2eaad2f3f0410c220a53db924ee59252e02122ecf8674ca9d255c53415dcecc15350bc4b2591f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
0676a424a3ce6e31ca96f150bfd843e3

SHA1
9f1bde06894328905644ae75036d3ccd4ece6a28

SHA256
e24087de8f73a38960dc42c196eca8a92841ee4f086faa23129b1cc7fa75cbc9

SHA512
b469f5e71d116a04a37b868fb071968a60429318d14b49d4f888ca0584eac0a4da6785ab8a197947976d0b6ca0f09efcafdc9a9ddda7e6c60137fb52be0aaff7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
3bb3015b92f339d4d22f19e201a82ec6

SHA1
114d321127d3a4da2dae8c837cb595038a95b572

SHA256
3f7ff00a9937314e510252ba6935b00e2e47b50ca7b52d323ecc3f0222c7ba5d

SHA512
341246cf9ebc27b14d6804495687341d87208e016ceb76ccfc178709ced9d4fae5cf980e0758291958d693c9d7f2d9974f012d90286e79dd3a98cefb6b4cad8c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e0e6ed4d3e4a6fe1801126f2882124e9

SHA1
d2fed5d26b52f3aaa8eea7315bce6e1beb275e8f

SHA256
90ef8c2db23598fcffc61cf0fb869f4ee7d03202391b56d579360c7335f4707d

SHA512
5037f5aca2441a5363f0bcda2ef709494797e565c030d42ede14d18c13f9c0d112a0dcf32bf4d4f61c8091974be9ea4f79e769909da3eea4d8784c8289190f86

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a6f3753b530e770fa8ecd52f3995c633

SHA1
b7cf22110343e06b769c5b5dab141ca02a45948d

SHA256
d6da69c0acf7000aefc06ff7327b6dd3361eeb85a40aeae147242f35963f9f41

SHA512
be9c7fac7a3783075e50146b525056fd8bd92c3baee39d84cf3915276724f2f0863151d9900d5b950d9f022f24ef2c1e915efb57668fb0791734cc245715106e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
5eb88706fb3346c72d7be4b98d48540c

SHA1
eaa1171df390439aa3daa2b6ade48183f06c03ff

SHA256
52398896dfbd96b1ebcc6ed26cfa63b7db90f4cb7473c345ee53f8b0a7a01964

SHA512
cb003dfe67a0755ff777daad9cfe6f8a1b627a1176f9d330405f14666883704ed90591b2887a6a2a513ec5070218de7b3d871ac532bcbc642f8782dc05d7b4ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
d2170f5be7c70395b652ad740e49f101

SHA1
aee6107bf9a529bb8edc928863eae4d529b1b613

SHA256
1586ac9a08d35dbb8b6212abb35e58cd5065c3a2312922bbd2b040939e184320

SHA512
58d881221dc5b154fa829db3f32d4505450a3df6f39cba276d21b9f4b067251aca5ddf8cf2145f3efbf353804178fe7c791e6764d12fa7d25c6116f5d8e9af8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
2a48b1cc92d7342f3f9ef6f353281ecd

SHA1
b71fe86432c2055b79492c5016e4f04d6bd91a5c

SHA256
d66908f930f8593b52d980ff84048bff5f477cc420680ce3d6c61618cacef025

SHA512
8acca9206120dbd47d910ba0c686d633169386d2f283cd2755d309a04b8566c17bf2ff8d5e365fa262ab191cf37d7adb60873cd1207845bb442d58317c2ce2bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
9fa1615133f5a8d288fd9af18c91d74b

SHA1
436b79484f7fa3ef5b6cdafe87baa7c55628bf5e

SHA256
67b7523d559809aab179d4439db2127fa0e31e4930e6f5360aee5355ccc3ecb6

SHA512
d57ce22dc7413616926ba0f6ee94d4df998d490d708b8e4b4af8cf54e3aa9bb535671a82bff948b3bbff5b53edc3f8d2d1f850d97214e8cbb5a134fa8c574c54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d955e89ba518f9d4946468c8ce9ed0ff

SHA1
5edf643b4acd82f3039a904069892d7180720421

SHA256
dbe00ee836771b6b721e6c732ab3f09bc7274bb1e18e40107baf2fdaea58e0b2

SHA512
d0a04991cab3e0668ab7b4376a41365f326ffc3a684cfe022d2e634fa733cad5226224ba5510b0af61b5a27b8e89b08f195c5d0f31d05a4c4b5ec41f8555380f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
1460c701e5a71493062e18fb30eff012

SHA1
8299c461626df035c4f880aed7ea996ed8410429

SHA256
bfdd804ffec99daf30563f9b989310072c846350980b0691604c454edecc1c6b

SHA512
90ee3540d354d82e1f2a5f425eaa970fa1c029851eeee62a5eb9e025ed9a216fc39b27739983e4d5b61098cb2e984ff067958d88dd054d822c628500fb78f78f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
568dcdd7940af66056315c1c61062211

SHA1
5f1d1d787d3fc79ae64a732a70ae2a238e5341db

SHA256
793af2b4988cd83dbe9f0920b11d7ff3a63f15a5f6e26c7a17ba681152c39327

SHA512
a732bb07f3a8c40a4262fc3356f9344e4d0eca6380fb0ad23a921ee7a7acd3bda8db24664940be8ff2098d1d27921e87a2f25b8c558c05538235e768a342e182

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
5b2e244b797b803a6e07fac7c80db1e0

SHA1
a7bd78e1f89aa553420088f2562eb49316476b8a

SHA256
0e84037d54db53dc5638836d900eb61690d89b5fe27d13b0b14fb098f7f1c924

SHA512
428d0932830bf707680f0dc429a304032698040191aa4b165973f54581b0f4779432f2d98985147bc68d12e6e04929d2b5e25a42c1efcb5aa7835612d928a662

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
94841998469521361f9805a9ed58079b

SHA1
b49583f9a031d52d76b196d14623e13b03918e19

SHA256
0be853422296fa7d9b8deadf271d137a7a61a8a659f82298f269af0f9f13ff69

SHA512
ec3135b95566c05f6a6bcc75be9b710679836694dd1ab280ce0a3c15d31e06e393c56df56bbd6e5f2d05f6ca8f829b49f3fc898be2c0367adf12e8ae859bfa3f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
47ff7443cb05a64e1af690d274cc768c

SHA1
8ab0c4c5468f66a107d2463fac369644a7677d51

SHA256
bafb2809f13f08db06a27f0014a45fe2d34a2aa17472b71b76cb6af1f1b0e25d

SHA512
e18d08fffb0b10fd30fb2ad41897810ed45b100cb9149e53c93ff280daf3ffef21ffada0befc511468bead6c0d2cded83e23c4bc66e0540036ac2cd874506b1b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
21aa946cf1e1714d92151450cbce9bce

SHA1
d4c6971c069eff88418b5b1c7478521bd1dc3cbb

SHA256
e691e4362afdf5854b8ebddabb75ac5877ee2c11cbb919dc507b3757b53c6598

SHA512
0a3a71b52e8521ef6923964cd20655f4e8f506ea0546493335ab25616bb2f9a733fe52bd8007048eedbc1dc704a51f9b3485d0b6d4fe60664acb50016102ce2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
2116472150c5588b4109b81d4a47b684

SHA1
11d59d65eda7c2f7181dce977795f2fe01ed86c1

SHA256
670af6796bccb2d8df0b0b77b3a1ad5a6c9f74d8e3029305e84b0667b2969ee1

SHA512
2a8747883d3f3d128b02470c2874ffc7ae9bfe86b1a07c0a66e24221c316a450b28a29a67c3572395196981ea14408860e1203e4361f91262b68eeae63468e2b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
94d484bd36b7e8c7d6d7c7da5a6d20ea

SHA1
2955e8c176e7bff818b76709f3891f8b8047f9e9

SHA256
c03cec2b1541d3e44fc1e755834a0c8bb104f2c4cb41a3d1c9b5fb804f016dec

SHA512
8484d82c51ceab4625df9da3b487ba103c72520e3719e9fef446732f0a88a37b5d694ae1a817dbdaf117fdc334a7e652047989e7c44fae5c2d2a88883209c207

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
539B

MD5
de97a7e4faf5f9f738686f7617347bf1

SHA1
b74feb7dfb6fe00e6da8b738e1005a0f923236ae

SHA256
eca1498cb67794042c09f912cf5cad5d911a04e57969de9211e4c0c0434650f5

SHA512
a53ff69ec4bc5838ab5ce5909defe80aa804fc76734d6739386cba1aedef16cf0ddb8da3f7880eece159259501a0e1f68b9ee629b5fc82a9faf4a2abf34e2ab3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
5d6b68cca3ca3fa943e0b044a231e284

SHA1
1f36cfeb2c0dbd8c723b77a926397b6efcc617e4

SHA256
cb9a9229eec084197f043fe2efcb002ec14ca7ff5f09c5577b907afba5eed6c7

SHA512
fcb26601775cfc3c8425179898a5157c2c049a689e2661f48a90e759505ce493bf871a2b5b1330b7f54d2227b41725e257803e03e91d48e42c18542cd22a8553

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
521b7e611be07595242f4b7cef3cac19

SHA1
2785a306a324aa49957b17c94a7e58307e81a707

SHA256
257dfe461dcaf7472e4b2ba08a107d064a8260df09d0674c6b26c8001749d209

SHA512
b0afff2ecbcab157e4e09004edfb1fac9830af3de5369865e1f3a764030af5067c0b9e43a786aa80938bcec4fc03c91c872b7b69bacb322ef89cf8507ec50aca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
404e800fd9a54a7bf7aa321444ddd511

SHA1
f8e3998e8ec270fc163047dd2509d0e490a1afee

SHA256
c600f01f747e120da746ceec6d04b973d52860278beff58051bb3119508a1ec1

SHA512
59e976c4e273f7289c1a8c46b261f6bca0538f1ff943d31b94b242936d145c25a089f6a845e0c91140433e8fd46e43870b50eb3ecedac4bf1b73a9a083738abc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
cb2bdd5f058da87cbea2d16e1919058e

SHA1
eba7f5a3a290e521c7da75c7f8faa22b2761dfd9

SHA256
0f78270a7d369b52689662b370c189e3bbdcdb20c37939efb35097a0565c44a7

SHA512
5b59cc8b1dc56d11899ae3fcb53a571429c8aa348820c76470dba9260c84c66145a14cc41c0e34a0249d8d8689868df268a7985642b251d2fcd7dec0f1061a30

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
0fa6d75d80a51f9fb91c76dd4fd1fb98

SHA1
b6c76557b14edb66de244dfed59f6ab3c360fb74

SHA256
75d93ae7f6f5439c2eeafc900ab00ef3cd973418b3518fecef336c9762086a90

SHA512
80c0e006f185cb6d1291a3a22664c208ebeb77f9ac46e734662a881843d45db56d3c5d7429dc3bc0ba826c4e415aed3882dd73deef1ad5925434839b66791af5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
94a1d53d1a5ead62a347351761e16a3b

SHA1
1d25fb475818bbcd1cf93bef0294136d009b23be

SHA256
7cc57d983dfed893e67fb9a5e6be99059c16adaaa0fd226b3205fdcb951699eb

SHA512
45d4700a6c6158d4d5cd574a8b6a919fe2a3b93d71d3e9fc7ded8c25c7d612e58bf71489a3dbc6ba004f6b7a8b3a1137634dfcdc2e91e02e2b78a82580831b81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
1c2d783763a0156a5ce64fa15a6d1c26

SHA1
c75e325799a667c58af22e7272a45d14aa1e13b0

SHA256
92c4c7ac45ec82ce5ff4bd072004c113e1d8a0f685b33c771f159f9e61bf2fc5

SHA512
20e94960e8a4892b63653ddc767b3736e19d1de5a92672ba0e5d66f03ed855a3c1697e052c1f617a7708eccaf3e7b5098a6bb667fd0c7a1239048c8df8267b74

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
707B

MD5
8615f745941bec084d893b8598d90a17

SHA1
3c45d3e2fa7f7c29128002c192c20ff9552bcaa8

SHA256
c218fc195f6ba6697dba9d3c817b2f11d4c93e6030ebea1401145077da3b9d35

SHA512
0ffb5612d8c4ad860ca55a0cc064ccbaa28dc926fb7a7b95ad29fe4bb05825fbb8ef0ebcfa76a4ca962bee45a13c59ed863f1b0027bfdde31cf0d2d4b9486c19

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
539B

MD5
ec04ab7d9e9e90ff98d8360db45870a1

SHA1
ad371afa65f406b2559ed6f3d44b623d598c1db0

SHA256
c2738450cee84ef5aad2041bd603be43a5d9c282772bece45871f7f245caef05

SHA512
c5adc6b1d21b4c174b3ef8c86e29fc981dc696b65795ec3ec5562d742ad4813b486469ae4e5ff57cf1cb661ed443205931cdc7f95ae4d67fc7e1b880dae049a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
7aad32f8481c6011e8168dcaa95d9c5f

SHA1
9e431bbb11dffff581dd6819b2953502c8b29b29

SHA256
f2fd8aab9f6b132047408300667e6bdb85aff9340ce1df07dae0886cc8321316

SHA512
d4b556abdaf1561607f27b0c7df1f29760193343a518bf0ca72f2a0f43f675ddacc3cb980cadc211b13ed690d2c6a9dbbb8bd4e7fc539f41301d7d44028ec2d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
cb23554e3700f55486d9d6b3bd09b153

SHA1
511ac45bf3587346876ac2dfeb7f72f66cbd5c63

SHA256
6e4dc4f4b0cdc28bb2917fa27344c0d80aa6ea826f61c7f2f3b04a343e5e24b4

SHA512
2f40282e3cc84f6cd8a9a76e6892d554283d2f631347f4f7c4fd0e30f4328db8131ce41e542b8f324c6036cdf59888ab195d95f3b9842812abf699e328dfe3b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
3efada1f082ae2feb0c5aa8663eed7bb

SHA1
364b2b12ad690d6791760dab352aa41a63410d13

SHA256
4b533ee67780213bc202a2a12b801f9cde3442fe26044e29d86edf22659efeb5

SHA512
6023667fc5a52b8c07e979cce42901fba228e47f51eca0bcd647c3f522565714ea11026801db104a3da0208f932fabaee3bfa1c9c3792e56e90e02731e606796

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
ef55d6466fc360cb191513bbeacabd57

SHA1
aaefcf7e980153988fc00a08f4699ef5446860a3

SHA256
472a0b55d524abe7590acf50269c4c200105de24a462b7d59f7789c5424e1d5e

SHA512
1192564537640c0a8fb6ee4bf1ce295e640691a3ca94a90e4f027c1a0b73cb5905958c74764718bf14335ba0203cb3a3e73b68a6ebdcb7691458d3624cf7e7a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
ae77739815bdbfe745538827006b8a8b

SHA1
49f17e847ebbfd5fa7b8f4759cf60dbf2ef0e9ec

SHA256
b34977de69939e0c8904f72857847994544b15c07153cd3cbab8a1cf2437c8c7

SHA512
6cdd34e1bb39fd051bd08fcb44b2b51dfc66ccc92f59643fd0d79d48b656df7e05aa7f56cfdd295d6bf5038c402a57f130c52570b9ea8f2fb19bf40e8b4c0afc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
a4af9ee4c1b0f6becdcd8670e38e13c3

SHA1
0dd2887928926c5e2502231306094d79ec5f2b67

SHA256
3e7e42148bab5ee297f38c60d13bd8a83c30228b68f13975804ef9a27e1a6648

SHA512
03a32e6bb6a477227a7c4f385c36eb2694ce505b29625ae2650481f6c430773595bdc4d5ac61d6136fcb3b1a5efc4624e1de405531bb00445ce88f6508b4ab34

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
fbc2efdfeea3093d91b9d23d59e3c0c9

SHA1
e5f11f8e2f8f7f27e2f2ad0740c19c41dc3614c8

SHA256
65501062edf490b8e7f1d4f8bef84c824ba9fbecfe91094e5bede5a5e933b834

SHA512
2587d27505c244d153dc324d9f8b0ba578fd652630a3f587a76d4cf182113643e701b40bfdc44ffb1c3e74b868676e9c6d993bdaf3e0eec912ce48d461af8cea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
a84d1a686d6b35e7039e15e3324c2c69

SHA1
f509a3c7f6a7aed11177b44482780b2429b29821

SHA256
5373c5e77b26bae6d945ec7c2e62bd7e044e537a281cc0bdc980e6cebd439889

SHA512
a88d1f62f49df8afd8190985c89e0bb0f2b51e089e4220527258664087fc1c786823dee3ab14c6cc03109133efbe7f65faaa80c1da73296866f5a28bc3bd258d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
7768bf90bf1f47d9517ae0607f0a4d41

SHA1
3e8f9737bb50f15f0dec65614e5c6ce556498c9f

SHA256
7393311c0b497b31746f5efca3e6af8dca9b942bb6cb0fe0f660024d7349cd05

SHA512
8c4917cc14eac761ccac37757b321f39c1614792b0694ede5b357f8aab0fb5ae8fac35362ea18c011452529870aa7812ed8be049a55ccf1151e69b6bcb972b9c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
cae60bb16229653cc0ea3ec12eba2be4

SHA1
9bb14fa7431b6eb8630543af787c182c039f803f

SHA256
f63dc4bce222bdcd95704ffd3340382db629af3f9d96fd5a831caddc379faa99

SHA512
122f28dffed2420056c6cfc004abfc192b73f9e76c62dd3faf76bb78de7130ec603159ef8d260fe7d891a28b82c932781fb482e5ef671b96504fb43ff60deab1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
fd553d4a901b95b6756a11be27fa63de

SHA1
49c21cc338f5e09def684f63159376af3e0dd5c7

SHA256
5f6c25c7551528e8f09eb885042d2688f7580bff75656a814204bc2352c0393f

SHA512
5636673f80eeebc971466de693b1d710942d757a2d3ccd4d5bf673f58ec9617976688b2357805dd6e9d63da26e577079efc969a02b8840ea294e8e35bb8ce576

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
3fb19532ac6793f57e18206a3e88fd4b

SHA1
f487a4cc1cb0841a971e5652e4ac0b89ca2d4b03

SHA256
7916de714c685ba302bdbb90f8f45357224275ba2992cec7c4a3d96537a9cbc1

SHA512
b78183f339d003f8fdaca2f7624f89923b9fb1b2de0b15ba475ac4953dabaf78c5366619a8d3ab4ab07b0f2a741e08cb9833664b9fb0d254245b0a23100779db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
302a604af63e7a38a7cd7b0d28d0dff4

SHA1
d8ea70e23137b81847873ea3e59bfd752b2effcb

SHA256
b91a9c8a7215d93afc1e84aa7d89b7b97c258148449cb57114ebef1150a96fff

SHA512
e153124f768452017ac2ba69cbdabd51546109c1a5363b67489217164bccecddee875a56ac4c0acc7bc4278f2f191fa94b2d9fcdbdf88c28533f2b30963352f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
5004c604a8e7d7ec4450834499e74204

SHA1
56dd7aee9d046cade68a50f47c344b938670bea7

SHA256
b19874de50e90deeb2dcbba29d80d73bf39f4fd2bf11a0ff60e6b382b18a613b

SHA512
180787e31ef8d8f269b3a0b94f1997f199f92d52035f18bd2f7c1431725e4b614dfac2bd42e0645b39c09111490a7a1c12d615f48e91ba201363179421970990

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
7cd1d3830c56bb213de163844844a76c

SHA1
ce83b2515f1ad2748ba27b78a28e81c905f382fc

SHA256
de464e4f6f2b8aa104895ae8e0fa11af7585c867fcc9ad8cdb5695028c21c0a8

SHA512
3ad7e450ee5fad08cee3fdc08c5f3fb6a5f8f4de26db1cfbcd019cc0c1c64e928f6ac52575c8265013c8df3e70e54b3cfe24cd87a2f2f138e76165d7d622c4ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe581a78.TMP

Filesize
204B

MD5
9abc349c80b7f72f60f51851645fee27

SHA1
2fcaa39787f7d4054154ebdb7c5b39e1a53e3234

SHA256
3861866c165f1f90113b481bdce5cf8547bb7a7daae4ce331b1f124a81a02cfb

SHA512
0feb338df773881c64f28e922f2b2d0082066ad3a4c2d194e2815127017d6caf6be71ea275636daa39e160e5b4431c997c57e5b7e0b1f5ba9a2a9410b8adb5cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
de95de7d5e6c0d74bbc5566ebb3fed9d

SHA1
8d59eae1ba652aa5d6bd308b7f0c3b9fcc34263f

SHA256
04a222de86aa657527722b4feb692a5a0cad3f31f02ed5bae2a39f991c5f879d

SHA512
aaa409d5dd7914206c46fde2ac546efa3f14672910b802053087b4b7fb56aeca1ac460b2b2ec41983f3441a29dda88e4261b5155d9f34752543af660b814cdcf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
46cf270c92da6b68dfc8afd57aba14c3

SHA1
97269f7678f3b8692a6ffc5edee90d111f2d0605

SHA256
f917b9945a1962136faf113a3a251ff764ed122c683cd1c347d90c97d8e80ab1

SHA512
6bc9170fca0d509e6377f887b2f93015bd74773bb7159248a98abcec4eceb97fc47909814e6782dea9c79f01c273315b20cc5757cd80429f9cd49a77f3b0e1e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
7f959ff5663a0f91ef6d83884affa9d4

SHA1
8f748de11d3687a602611838d53cae17a070fe8c

SHA256
09c73e1c0990316565293ed5d73b17bec20ae0d025f50ac64002ce252f9010b6

SHA512
2047d95d64df3b83c03ad117712a32fdc15c660d98f3299b0e1b264a121b37b3dddbf75df457b81e63efeac7ae5825f6ef43ac5989788d9726509ca21cd480b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
e4bf478191a64746fac10e79d8d34f91

SHA1
a13a8b38883aecc791d7c6e948b35d1c6544ed9a

SHA256
649410eca2780971631a82cdafe33ec43361fe9d68f385e43005f686d14e342a

SHA512
8c4fbb1ef403e6cdd9d826c4dc73dfb253ba17ca14784b61978490a2b723e2d37552dc368c89703af89842123da20dd38937e9f0c15377923f8bf9c84dab4ec5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
3c7562ef7310827cded1d8440830c646

SHA1
424040e4ef8d2c81989c67e192bb123de4770441

SHA256
c9da290fb385786582dd2646dd182eaa439435ed5fa009daa278633ba1a128a8

SHA512
6e16feb2e2a07224e68840474ecb8891d64b5317f047e85252d30a79031deca8f106ee7ea63257405ca575e4c62b0a6e32766595fcf27210bdf03e66b710e68a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
67d1c086bc2545f7c5c4b03da8892793

SHA1
5d666fc45162e94213bda6b5b00419879b45544c

SHA256
eb9a925f0e7863d81460baab6a373f0fd2f73ab218b7132a5f718686c35c9b4c

SHA512
7693183e7f99c82ab114cde4335f7828307648dd490c6c8f403feac5c6a102205d536b9987ab63ef238ab22a7946560b34526a84c255e3222d46432e1844c9d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
6422c4604bd1db6c9f464931b26e75d1

SHA1
99eb364df45b34097891bd51158538637b305768

SHA256
41ce643c092db854880c44e542b78472ebfe990813071f534436542d0099df8d

SHA512
695e17cb4939bcca2eb9af7f873e468daae915584d861f95425270d9aa253aa314735fb9c9eddd35c8464c881ae9fe68bd7ed98e771094428edcc34d9f674bc2

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsm2E3C.tmp\LangDLL.dll

Filesize
7KB

MD5
9888fb6b91a680305b2a3e7b71d6561d

SHA1
4a7935da38f88e9f74f425078ee39eb6269c4e63

SHA256
81726604d47b192620bcf90d6e42ba8ee8b4c54935b0081655e08247d6b6c675

SHA512
f50755e5624bfc3a60a23a7dda012509c1e31d9772d6a0ccaca88e32ae8d4602e10e38003d78b1626464502db7ea7c47d772efb7b3ea7c3e2238bf3b9809f833

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsm2E3C.tmp\System.dll

Filesize
24KB

MD5
d997606c77e880be2744c44128843d60

SHA1
92bb9003dc14ae03963f503e82a668877ca4295f

SHA256
abb2613ff851b2cbfb61bf97e4eef9d4912abcb46e04774ad84812ab75d4dde9

SHA512
714d7ce786e9fbb6f0d0e537a146a3a24aa79089669dd168b7c110dfba667fa7afb794b3dd2b93fa76e1d1771af3347a0f568cbb0fbcc8d9755de9e6e54382b3

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsm2E3C.tmp\nsDialogs.dll

Filesize
13KB

MD5
bd0d7a73d0fc619e280372587e9e3115

SHA1
0cde473dda5d4fda8190e6460f3229cae2571af5

SHA256
c7f2afe3a2424e71563e69d862dc027d299d84fba4ac1ba11e593361daec0a80

SHA512
914983bfa336f9ea019bf5dc9ee403af56a6c7c1d88b8092609e4026a3377daa6ef9a8e51a93537f6769ae165c264763645a363fb6a89f8689f59caf985c18b2

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
775c7e150e1798cff3c5d633b5c1d406

SHA1
2dbc406a6cef8756eaaf8c5c5d0696d15606040f

SHA256
ec28b7ffb3fd80e4906e2bf3dff7a48b2353e4d06f47dc3351e62f3c6ccf6061

SHA512
adcbd8e3c204b7f4d78d7fe8a97718bb82570aa41028bcdd146111f3831c0998b1b45366384da62a439262fe6f9907baf7354779c97f8ecae1906f16646926f7

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
0958b063a74d2cec82e39b031d663e7f

SHA1
97ddeda8d6b1ebf30c2a01f5253014cadca3a068

SHA256
159209a4a0bb1e00e6f87d0d2abe3ca62b5cb040875566d89e42b35494463013

SHA512
b5aff7d0c3084e562a86dbe69e029417bcfcea1697d3ce30a0b4525bf6e35e0cd63a9da2e96130c5e570eb6ddb48cb502a2780d8aa10460a433db7966abd9cc2

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\datareporting\glean\db\data.safe.tmp

Filesize
182B

MD5
7d3d11283370585b060d50a12715851a

SHA1
3a05d9b7daa2d377d95e7a5f3e8e7a8f705938e3

SHA256
86bff840e1bec67b7c91f97f4d37e3a638c5fdc7b56aae210b01745f292347b9

SHA512
a185a956e7105ad5a903d5d0e780df9421cf7b84ef1f83f7e9f3ab81bf683b440f23e55df4bbd52d60e89af467b5fc949bf1faa7810c523b98c7c2361fde010e

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extensions.json

Filesize
16KB

MD5
a9430a9b8fdd73fbf6813f61973ff912

SHA1
1f2086361d99b1462a17f97f345569e03e7410d2

SHA256
fd1e68dfbcad8b7086bd13e10954900ea171af3d4a55589c54d54bc1dce69777

SHA512
d3365a98310114d0776ef17414c67bdacb7493a70ab9e5451fd84cf064aac2b3dbddc951ee51033a1ac1ecc0e63a2c8cfa372dc824b86960ccb37d97ae582f77

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs-1.js

Filesize
5KB

MD5
72841410889d03d6d6928cc3c745feb9

SHA1
3b01c9b68319a51ed4dce6404df7bc10dc5657fb

SHA256
44ec0d59430d3f25fe40f6183c2d4e9612c28021e118bc57e15a2167332f5e1b

SHA512
652c2cdac44c66c2a19a580161bc02e30b23348fa3f1b91edffc71f2f0394db02acc4f597dba5624938198d4cc9268d70eec62b04bab4493097f0b5380828e12

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs-1.js

Filesize
4KB

MD5
0abab609dcbadc44f6d2372034d968b9

SHA1
ed959db4296ada74716a3d3795e6468f2a37a1f1

SHA256
016876530d32570a28d913bd27673f7c5f8b69544be9f88ba751857f7b2c702d

SHA512
6edfc908f76e40b1057e265008f736a29fb625dc2e1dc9341c6c7b3518b229c28ec448473ba8b964ae8275271bfba502b74dfbc89291486b11334401e1ccc1b6

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js

Filesize
1KB

MD5
3f5b299b8c8367cb92bbe980d23fac81

SHA1
6e3545ca8bc46852f8dd0fa25af640b550120f69

SHA256
c7a3b9e75166f03b2415cf866db1bdd8e1676c0d56cdfb91d2316a408616def4

SHA512
5f70176161de09560fdbc28db999b5ceafecd72b64b82d50b1493f2fb2a62403b7b0a4d515972fd8e0cefdb8d7d2239c0aa432dfd21051cd05f211c0876b02e1

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
136KB

MD5
c0fc9032972f9a8d83b9c7e41cfa1f26

SHA1
12c9751da5af40f85bfe2b58969ac4737d35827b

SHA256
b16bdfcc38931de5b0b277041625b64a0b52702825b39634180c244dbaa32187

SHA512
315f64eefa21299ad8e67503637ce8f3789b0cccb51cbb51b4cd1c1e39a8753a7a8cd14a62bdafad981353d19bd6b5abb8a8e43b255e1411347bd1c9e38dfedd

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profiles.ini

Filesize
103B

MD5
5b0cb2afa381416690d2b48a5534fe41

SHA1
5c7d290a828ca789ea3cf496e563324133d95e06

SHA256
11dedeb495c4c00ad4ef2ecacbd58918d1c7910f572bbbc87397788bafca265c

SHA512
0e8aafd992d53b2318765052bf3fbd5f21355ae0cbda0d82558ecbb6304136f379bb869c2f9a863496c5d0c11703dbd24041af86131d32af71f276df7c5a740e

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\cached-microdesc-consensus.tmp

Filesize
2.8MB

MD5
ed8ebf1f7b580b248eca9e6bdf5bced6

SHA1
60bd2849c36468657eb0d23816bb5bc2dc78a28a

SHA256
a9d83acbf9612314964df054ed49a408620d016e04caa0b9a8ae30a804daf091

SHA512
a0bbcd2f53aba95e89f61de9916621e26c472eeef752a3d29ae7cbae7d3870555b1eca57c4cbd9192cd032c1ffb1ea39d93e59526189bcfb5babf6e16db26699

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\cached-microdescs.new

Filesize
4.2MB

MD5
4e657814941b7464d2f73cc6b88c857d

SHA1
6db0c7c9f7fd4d0154c0e89b16e48484307f7f71

SHA256
81779c8c8506962fb91e3cd7711edd80dc75111f8f84aa5256af06cb3f849140

SHA512
ea64fd64a108f62e74f89c5b557eac5a2ab030b9915bfd5c493f15a0b476c7b8a3488b4d21f9556d28ec99745c529bac48939df5202cd7f197299984167eb879

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\browser\omni.ja

Filesize
25.9MB

MD5
32801e3819731827c0f3c6bb65054e4b

SHA1
5385c20f6f04e368524a9c8ed6a56ded8539d407

SHA256
08547ec3206e8bb77ef8a0f7a4b2ca8352661dd3b389111703b612c05a8300f4

SHA512
df513299414793772e683ec3a4e81b1ffbc56fc7fb0ae4af92a3da0edf1b7e3a6944aae6bcf60b013b1334c50f0aff341c14703c1d2a6144968b71962718dd57

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\defaults\pref\channel-prefs.js

Filesize
429B

MD5
3d84d108d421f30fb3c5ef2536d2a3eb

SHA1
0f3b02737462227a9b9e471f075357c9112f0a68

SHA256
7d9d37eff1dc4e59a6437026602f1953ef58ee46ff3d81dbb8e13b0fd0bec86b

SHA512
76cb3d59b08b0e546034cbb4fb11d8cfbb80703430dfe6c9147612182ba01910901330db7f0f304a90474724f32fd7b9d102c351218f7a291d28b3a80b7ac1e5

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\dependentlibs.list

Filesize
55B

MD5
a515bc619743c790d426780ed4810105

SHA1
355dab227f0291b2c7f1945478eec7a4248578a0

SHA256
612e53338b53449be39f2e9086e15edc7bb3e7aa56c9d65a9d53b9eb3c3cc77d

SHA512
48ecd83a5eb1557dfabfaf588057e86fb4b7610f6ece119d6d89a38369d1c9426027520ce5b6d1cc79a4783b9f39ac58afb360cc76e05bbe8bbbd5128c5d395b

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\distribution\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi

Filesize
957KB

MD5
62c2b654a504e5e5ae9e51319b9e6005

SHA1
b8f185129557bf8cbef1640f9393f4785e95cb63

SHA256
f9639e63ffcfc352036de00e4ff6694bb0ca65a0bb8fbd103bd08f32dc1ff31a

SHA512
87e7c642fb4dfee08a8f1136de61fa5c1a4ea5588c31492c0e6e76f378466e4a891ba7aecb7c20e2a772cb4ce6d6ae85863906ff80597bf7d43fe1423578c405

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe

Filesize
1.7MB

MD5
3b615ec63cd44f67f1d435e4f6a24602

SHA1
a5c44a1409231e13528f0912efd6f26e682e8c9e

SHA256
85d8fb8fcfdaaa51b8db3aabe69b52beb091e337bab31e397b803eea71f48266

SHA512
1acfb75153dc8db80241f82a3d6d7588989ebb34741ada3e5981f9d6fed9aaf19bf18a8e332a2d99186a7c32d62d64140d5bb2edcdde63b3591907698277b910

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\000_README.txt

Filesize
296B

MD5
b699245ef09504ebc6f7851bcd00524c

SHA1
7aa6fe2d8496f4d23f401d5867ebd174f6c1ff61

SHA256
14014e6904c0a496afaf2a7ba6f63926d16d4e8695862d3af439954434765de1

SHA512
d3a56cb9f0e9fa3fa4db87bf5e8eabf78cccc297ffbef3cd1f1969621c1bb50eda42ae8ccd40ffb06aa69fecad18c0ba8f800b501f1446b8aa454d2df06521ec

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\fonts\NotoNaskhArabic-Regular.ttf

Filesize
239KB

MD5
75a26f9ce250f3ba740481374081ff86

SHA1
7841512f9c97da85e037e03b27adeaac2024968d

SHA256
2d5d78e9cc27d7193926c7e460314c9da7dbec1268494dbf117adc53c171ac06

SHA512
7922811ec908ef6a39bb9e33927275393df06bfe5da22b75d924efc0e13e399ba495b00fc245c5a8ee3885e2f1de212dc366aee387b15a87d8726f69cad2690c

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\freebl3.dll

Filesize
979KB

MD5
4dedc3da64f17cbc60ee1aac2e85f345

SHA1
f25867f74bcb1aa72f9a0acc745ff8dd38a6985c

SHA256
93441330776d9db42a8dc2020953e1126ec1cc9776334abe77f785fb43470c2a

SHA512
55d04931a725d3d402a8f31ad6a704b4793bf4967dedf38047fab07e314bb36e637ea8a4ee322e32658441dacb7cf75fee631dc276ea5b186df55177aa1a4bda

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\gkcodecs.dll

Filesize
10.0MB

MD5
b52544f5f0b161b52b28857ad7e8ddec

SHA1
54dd3977d335c2703179a593c29808f84f25c948

SHA256
f6cdadfec0915db9b2c6bdab392afe0267ffa29dbdcc5a8f60d43a5a4b14a7e4

SHA512
df79e96dc27f56ecfb11c066a885abe4c32fffccdf9a694f832be1b47aa8e83f8699131f48694471c888651907e00521602cab261a553db4d843fe5d78d2dd38

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\lgpllibs.dll

Filesize
493KB

MD5
be97dae810895735e59bea2d77cd08e4

SHA1
b0f8dbb59e335f6b47746cd001f902d41d088584

SHA256
8ff6c2249c80c949f39e6f97eec77404c1259c6e86a9511e58a41d789e2cd222

SHA512
7acac3feb199da60ed3b782c54535389f07af0719ec46c384c0d58cfdcd8b6ee8a83c51d09dd2745bdf68420d451c59925f5dbe156f87b6aeab74b02c2b0bc8c

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\mozglue.dll

Filesize
1.4MB

MD5
03ab717201fa486b3d3ae927fc47ba3c

SHA1
90b7ca51458398dd3dfc77d0bb9f4c968192d950

SHA256
dbbb7f7f0f861960ad7b252a99bc7aba48b91a45e8d4404f4b086df63d7d0967

SHA512
4ca5a11eb2f01f03a25e04c8e40143518e42cc7b04c907ee90e78fc70f43449de208631676cfe07cfd97c9409626aee4fbe9099ca7ddd32d683821392b3a27b4

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\nss3.dll

Filesize
2.6MB

MD5
41a130f8f8301e6852d127cb2358ad03

SHA1
fcd7a00ebedbc47655d716dab96c4dc92be31e50

SHA256
5b9d19d5d8a52dd56f14e0cd374c90e60e374e9e48c2e2d1b5944fb23bb15be0

SHA512
890d60a08c23fbfbcc93bcd0932ed51146dd59b218b457c165d43e4c391d716b4ceb594f18f6353003a08932e5ea96520ec28ec32091ea2a92753e4210c1bd73

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\nssckbi.dll

Filesize
480KB

MD5
f21dbe7111c99f88c70754b1888b8564

SHA1
479d1ada3f59f928b1cf3d08c33f6ec78c52a787

SHA256
d59c84826514e73d70cce48aafb6f7b186814a35cd09c67d6b0cf011d4e6975a

SHA512
042e27be6ea4fdab5e9d21947a9f6dd760e8801ce33042d9d51af3f601fb07ef1f930f65013cf3576c8c4a98d2ee56c5716f9d3389448f82d86e2ea59684ef8c

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\omni.ja

Filesize
18.5MB

MD5
4bcad1a18b44fdaf04a3074b18e746a5

SHA1
774bc24c4597bf30db23aac852953b55be6204cc

SHA256
a6654f886c224ef2f9052512c1d1d79d061116a7dfdfc344ebc16a235d70fd93

SHA512
8b68e47de7a68064a8e9a3a5f4d09854fa3ce1daa2d5f9ff654ef9f23620c7d2d5e97d2824d225c3fcfb59a580777469df56add0791e1974589531c717ac8812

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\softokn3.dll

Filesize
301KB

MD5
3f9f256dea31ce0905711eb4b5ed3527

SHA1
fca5b48674b67ed3d813129f8399ca86e14a1632

SHA256
c4bc68971a9824532d867afcf90f58f99888d898e0df65dc0fae4d895dc0f0b8

SHA512
404ed09fe239d9e80ae1653b20222014b50fd48dbb19afd027f9341195ebcdba6700a9bdfe04eba54721207222fb4dd451e5868506f228ac742ad853bdfc934c

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Tor Browser.lnk

Filesize
829B

MD5
925e13777fc551654343c9855e52ab3a

SHA1
47022257bac4e2f4a7e57f64262685a7bb09703f

SHA256
a86ecaf0e8530bf615b31392000e0ea6ca8e5e9fe489d7a0a69d0700060388ca

SHA512
b995b66dc1a26b4e8e072f423104a430a9c7ab6320bbb026a6498027f90bd4ed450aef630eb385591c375313f7091474ebe5b7e81230428d5d2a186de48880ff

Download Submit
C:\Users\Admin\Downloads\InfinityCrypt.zip

Filesize
33KB

MD5
5569bfe4f06724dd750c2a4690b79ba0

SHA1
05414c7d5dacf43370ab451d28d4ac27bdcabf22

SHA256
cfa4daab47e6eb546323d4c976261aefba3947b4cce1a655dde9d9d6d725b527

SHA512
775bd600625dc5d293cfebb208d7dc9b506b08dd0da22124a7a69fb435756c2a309cbd3d813fc78543fd9bae7e9b286a5bd83a956859c05f5656daa96fcc2165

Download Submit
C:\Users\Admin\Downloads\YouAreAnIdiot.zip

Filesize
223KB

MD5
a7a51358ab9cdf1773b76bc2e25812d9

SHA1
9f3befe37f5fbe58bbb9476a811869c5410ee919

SHA256
817ae49d7329ea507f0a01bb8009b9698bbd2fbe5055c942536f73f4d1d2b612

SHA512
3adc88eec7f646e50be24d2322b146438350aad358b3939d6ec0cd700fa3e3c07f2b75c5cd5e0018721af8e2391b0f32138ab66369869aaaa055d9188b4aa38d

Download Submit
memory/1688-948-0x0000022F52300000-0x0000022F523CD000-memory.dmp

Filesize
820KB

Download
memory/2900-2755-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/2900-6670-0x0000000006C00000-0x0000000006C66000-memory.dmp

Filesize
408KB

Download
memory/3464-924-0x000001EC06F00000-0x000001EC06FCD000-memory.dmp

Filesize
820KB

Download
memory/3464-700-0x00007FFF6B090000-0x00007FFF6B091000-memory.dmp

Filesize
4KB

Download
memory/3464-701-0x00007FFF6BB30000-0x00007FFF6BB31000-memory.dmp

Filesize
4KB

Download
memory/3680-947-0x000002F45A570000-0x000002F45A63D000-memory.dmp

Filesize
820KB

Download
memory/4484-2646-0x0000000005870000-0x0000000005902000-memory.dmp

Filesize
584KB

Download
memory/4484-2648-0x0000000005980000-0x00000000059D6000-memory.dmp

Filesize
344KB

Download
memory/4484-2647-0x0000000005910000-0x000000000591A000-memory.dmp

Filesize
40KB

Download
memory/4484-2645-0x0000000005E20000-0x00000000063C6000-memory.dmp

Filesize
5.6MB

Download
memory/4484-2644-0x00000000057D0000-0x000000000586C000-memory.dmp

Filesize
624KB

Download
memory/4484-2643-0x0000000000EA0000-0x0000000000F12000-memory.dmp

Filesize
456KB

Download
memory/4784-808-0x0000016058430000-0x0000016058440000-memory.dmp

Filesize
64KB

Download
memory/5820-955-0x0000025B7CA10000-0x0000025B7CADD000-memory.dmp

Filesize
820KB

Download
memory/5980-956-0x00000174AFC40000-0x00000174AFD0D000-memory.dmp

Filesize
820KB

Download
memory/6040-957-0x0000018959200000-0x00000189592CD000-memory.dmp

Filesize
820KB

Download
memory/6080-958-0x00000192235A0000-0x000001922366D000-memory.dmp

Filesize
820KB

Download

Analysis

Sharing

Errors

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads