hxxps://www[.]youtube[.]com/redirect?event=comments&redir_token=QUFFLUhqbnVPa2ZWYVJXZE9FMXlhRElNTW1qdHNvUEpCUXxBQ3Jtc0tuNWNSWU5nSlNqdWtWVUVNN0w3UnJwMTM5V09vZ2dNNmZGQ29YSThUelVkMjJiT1B6dy1sdzNIWHhMVzhVX3Jmcm5jSWRsTkRQQlNoaFVSS2xLc1FZLV9uUFRyOUFEUnM4dU1hMlJuWVRHMGlwNVAzZw&q=http%3A%2F%2Fmediafire[.]com%2Ffile%2Fdvsa99fe2q8dnzq%2FCounter_Strike_1[.]6_v23-No_steam_by_Prowees[.]rar%2Ffile&stzid=UgwNi4cZ5lsJu9jzYHx4AaABAg[.]9rncVBy5ojp9rx0EMdP-py

Resubmissions

19/07/2023, 21:36

230719-1f9kfabh3t 6

19/07/2023, 21:33

230719-1empaabc67 6

Analysis

max time kernel
924s
max time network
921s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
19/07/2023, 21:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.youtube.com/redirect?event=comments&redir_token=QUFFLUhqbnVPa2ZWYVJXZE9FMXlhRElNTW1qdHNvUEpCUXxBQ3Jtc0tuNWNSWU5nSlNqdWtWVUVNN0w3UnJwMTM5V09vZ2dNNmZGQ29YSThUelVkMjJiT1B6dy1sdzNIWHhMVzhVX3Jmcm5jSWRsTkRQQlNoaFVSS2xLc1FZLV9uUFRyOUFEUnM4dU1hMlJuWVRHMGlwNVAzZw&q=http%3A%2F%2Fmediafire.com%2Ffile%2Fdvsa99fe2q8dnzq%2FCounter_Strike_1.6_v23-No_steam_by_Prowees.rar%2Ffile&stzid=UgwNi4cZ5lsJu9jzYHx4AaABAg.9rncVBy5ojp9rx0EMdP-py

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\Software\Microsoft\Windows\CurrentVersion\Run	chrome.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133342145012840093"	chrome.exe

Modifies registry class 20 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\cfg_auto_file\shell\open\command\ = "%SystemRoot%\\system32\\NOTEPAD.EXE %1"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\.cfg	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\.cfg\ = "cfg_auto_file"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\cfg_auto_file	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\cfg_auto_file\shell\edit	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\cfg_auto_file\shell	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\cfg_auto_file\shell\edit\command	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\cfg_auto_file\shell\edit\command\ = "%SystemRoot%\\system32\\NOTEPAD.EXE %1"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\cfg_auto_file\shell\open	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings	7zFM.exe
Key created	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\cfg_auto_file\shell\open\command	OpenWith.exe

Opens file in notepad (likely ransom note) 3 IoCs

ransomware

pid	Process
3012	NOTEPAD.EXE
4184	NOTEPAD.EXE
5544	NOTEPAD.EXE

Suspicious behavior: EnumeratesProcesses 30 IoCs

pid	Process
4020	msedge.exe
4020	msedge.exe
2652	msedge.exe
2652	msedge.exe
788	identity_helper.exe
788	identity_helper.exe
5928	msedge.exe
5928	msedge.exe
5928	msedge.exe
5928	msedge.exe
4192	msedge.exe
4192	msedge.exe
3716	chrome.exe
3716	chrome.exe
1992	msedge.exe
1992	msedge.exe
4836	msedge.exe
4836	msedge.exe
5452	identity_helper.exe
5452	identity_helper.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
6140	msedge.exe
6140	msedge.exe
3704	msedge.exe
3704	msedge.exe
5056	7zFM.exe
5056	7zFM.exe

Suspicious behavior: GetForegroundWindowSpam 3 IoCs

pid	Process
5904	OpenWith.exe
5056	7zFM.exe
3132	OpenWith.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 44 IoCs

pid	Process
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe

Suspicious use of AdjustPrivilegeToken 28 IoCs

description	pid	Process
Token: SeRestorePrivilege	6036	7zFM.exe
Token: 35	6036	7zFM.exe
Token: SeSecurityPrivilege	6036	7zFM.exe
Token: SeShutdownPrivilege	3716	chrome.exe
Token: SeCreatePagefilePrivilege	3716	chrome.exe
Token: SeShutdownPrivilege	3716	chrome.exe
Token: SeCreatePagefilePrivilege	3716	chrome.exe
Token: SeShutdownPrivilege	3716	chrome.exe
Token: SeCreatePagefilePrivilege	3716	chrome.exe
Token: SeShutdownPrivilege	3716	chrome.exe
Token: SeCreatePagefilePrivilege	3716	chrome.exe
Token: SeShutdownPrivilege	3716	chrome.exe
Token: SeCreatePagefilePrivilege	3716	chrome.exe
Token: SeShutdownPrivilege	3716	chrome.exe
Token: SeCreatePagefilePrivilege	3716	chrome.exe
Token: SeShutdownPrivilege	3716	chrome.exe
Token: SeCreatePagefilePrivilege	3716	chrome.exe
Token: SeShutdownPrivilege	3716	chrome.exe
Token: SeCreatePagefilePrivilege	3716	chrome.exe
Token: SeShutdownPrivilege	3716	chrome.exe
Token: SeCreatePagefilePrivilege	3716	chrome.exe
Token: 33	2112	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2112	AUDIODG.EXE
Token: SeRestorePrivilege	5056	7zFM.exe
Token: 35	5056	7zFM.exe
Token: SeSecurityPrivilege	5056	7zFM.exe
Token: SeSecurityPrivilege	5056	7zFM.exe
Token: SeSecurityPrivilege	5056	7zFM.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
3716	chrome.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
4892	OpenWith.exe
5904	OpenWith.exe
4892	OpenWith.exe
4892	OpenWith.exe
5904	OpenWith.exe
5904	OpenWith.exe
5904	OpenWith.exe
5904	OpenWith.exe
5904	OpenWith.exe
5904	OpenWith.exe
5904	OpenWith.exe
5904	OpenWith.exe
5904	OpenWith.exe
5904	OpenWith.exe
5904	OpenWith.exe
5904	OpenWith.exe
5904	OpenWith.exe
5904	OpenWith.exe
5904	OpenWith.exe
5904	OpenWith.exe
5904	OpenWith.exe
5904	OpenWith.exe
5904	OpenWith.exe
5904	OpenWith.exe
5904	OpenWith.exe
5904	OpenWith.exe
5904	OpenWith.exe
5904	OpenWith.exe
5904	OpenWith.exe
5904	OpenWith.exe
5904	OpenWith.exe
5904	OpenWith.exe
5904	OpenWith.exe
5904	OpenWith.exe
5904	OpenWith.exe
5904	OpenWith.exe
5904	OpenWith.exe
5904	OpenWith.exe
5904	OpenWith.exe
5904	OpenWith.exe
5904	OpenWith.exe
5904	OpenWith.exe
5904	OpenWith.exe
5904	OpenWith.exe
5904	OpenWith.exe
5904	OpenWith.exe
5904	OpenWith.exe
5904	OpenWith.exe
5904	OpenWith.exe
5904	OpenWith.exe
5904	OpenWith.exe
5904	OpenWith.exe
5904	OpenWith.exe
5904	OpenWith.exe
3932	OpenWith.exe
6040	OpenWith.exe
6040	OpenWith.exe
6040	OpenWith.exe
1216	OpenWith.exe
1976	OpenWith.exe
1216	OpenWith.exe
1216	OpenWith.exe
3132	OpenWith.exe
3132	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2652 wrote to memory of 3300	2652	msedge.exe	52
PID 2652 wrote to memory of 3300	2652	msedge.exe	52
PID 2652 wrote to memory of 4136	2652	msedge.exe	87
PID 2652 wrote to memory of 4136	2652	msedge.exe	87
PID 2652 wrote to memory of 4136	2652	msedge.exe	87
PID 2652 wrote to memory of 4136	2652	msedge.exe	87
PID 2652 wrote to memory of 4136	2652	msedge.exe	87
PID 2652 wrote to memory of 4136	2652	msedge.exe	87
PID 2652 wrote to memory of 4136	2652	msedge.exe	87
PID 2652 wrote to memory of 4136	2652	msedge.exe	87
PID 2652 wrote to memory of 4136	2652	msedge.exe	87
PID 2652 wrote to memory of 4136	2652	msedge.exe	87
PID 2652 wrote to memory of 4136	2652	msedge.exe	87
PID 2652 wrote to memory of 4136	2652	msedge.exe	87
PID 2652 wrote to memory of 4136	2652	msedge.exe	87
PID 2652 wrote to memory of 4136	2652	msedge.exe	87
PID 2652 wrote to memory of 4136	2652	msedge.exe	87
PID 2652 wrote to memory of 4136	2652	msedge.exe	87
PID 2652 wrote to memory of 4136	2652	msedge.exe	87
PID 2652 wrote to memory of 4136	2652	msedge.exe	87
PID 2652 wrote to memory of 4136	2652	msedge.exe	87
PID 2652 wrote to memory of 4136	2652	msedge.exe	87
PID 2652 wrote to memory of 4136	2652	msedge.exe	87
PID 2652 wrote to memory of 4136	2652	msedge.exe	87
PID 2652 wrote to memory of 4136	2652	msedge.exe	87
PID 2652 wrote to memory of 4136	2652	msedge.exe	87
PID 2652 wrote to memory of 4136	2652	msedge.exe	87
PID 2652 wrote to memory of 4136	2652	msedge.exe	87
PID 2652 wrote to memory of 4136	2652	msedge.exe	87
PID 2652 wrote to memory of 4136	2652	msedge.exe	87
PID 2652 wrote to memory of 4136	2652	msedge.exe	87
PID 2652 wrote to memory of 4136	2652	msedge.exe	87
PID 2652 wrote to memory of 4136	2652	msedge.exe	87
PID 2652 wrote to memory of 4136	2652	msedge.exe	87
PID 2652 wrote to memory of 4136	2652	msedge.exe	87
PID 2652 wrote to memory of 4136	2652	msedge.exe	87
PID 2652 wrote to memory of 4136	2652	msedge.exe	87
PID 2652 wrote to memory of 4136	2652	msedge.exe	87
PID 2652 wrote to memory of 4136	2652	msedge.exe	87
PID 2652 wrote to memory of 4136	2652	msedge.exe	87
PID 2652 wrote to memory of 4136	2652	msedge.exe	87
PID 2652 wrote to memory of 4136	2652	msedge.exe	87
PID 2652 wrote to memory of 4020	2652	msedge.exe	89
PID 2652 wrote to memory of 4020	2652	msedge.exe	89
PID 2652 wrote to memory of 2020	2652	msedge.exe	88
PID 2652 wrote to memory of 2020	2652	msedge.exe	88
PID 2652 wrote to memory of 2020	2652	msedge.exe	88
PID 2652 wrote to memory of 2020	2652	msedge.exe	88
PID 2652 wrote to memory of 2020	2652	msedge.exe	88
PID 2652 wrote to memory of 2020	2652	msedge.exe	88
PID 2652 wrote to memory of 2020	2652	msedge.exe	88
PID 2652 wrote to memory of 2020	2652	msedge.exe	88
PID 2652 wrote to memory of 2020	2652	msedge.exe	88
PID 2652 wrote to memory of 2020	2652	msedge.exe	88
PID 2652 wrote to memory of 2020	2652	msedge.exe	88
PID 2652 wrote to memory of 2020	2652	msedge.exe	88
PID 2652 wrote to memory of 2020	2652	msedge.exe	88
PID 2652 wrote to memory of 2020	2652	msedge.exe	88
PID 2652 wrote to memory of 2020	2652	msedge.exe	88
PID 2652 wrote to memory of 2020	2652	msedge.exe	88
PID 2652 wrote to memory of 2020	2652	msedge.exe	88
PID 2652 wrote to memory of 2020	2652	msedge.exe	88
PID 2652 wrote to memory of 2020	2652	msedge.exe	88
PID 2652 wrote to memory of 2020	2652	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/redirect?event=comments&redir_token=QUFFLUhqbnVPa2ZWYVJXZE9FMXlhRElNTW1qdHNvUEpCUXxBQ3Jtc0tuNWNSWU5nSlNqdWtWVUVNN0w3UnJwMTM5V09vZ2dNNmZGQ29YSThUelVkMjJiT1B6dy1sdzNIWHhMVzhVX3Jmcm5jSWRsTkRQQlNoaFVSS2xLc1FZLV9uUFRyOUFEUnM4dU1hMlJuWVRHMGlwNVAzZw&q=http%3A%2F%2Fmediafire.com%2Ffile%2Fdvsa99fe2q8dnzq%2FCounter_Strike_1.6_v23-No_steam_by_Prowees.rar%2Ffile&stzid=UgwNi4cZ5lsJu9jzYHx4AaABAg.9rncVBy5ojp9rx0EMdP-py
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe451546f8,0x7ffe45154708,0x7ffe45154718
  2⤵
  PID:3300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,11529934646364253706,14122617104708592830,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2192 /prefetch:2
  2⤵
  PID:4136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2144,11529934646364253706,14122617104708592830,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2392 /prefetch:8
  2⤵
  PID:2020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,11529934646364253706,14122617104708592830,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,11529934646364253706,14122617104708592830,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
  2⤵
  PID:616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,11529934646364253706,14122617104708592830,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
  2⤵
  PID:1712
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,11529934646364253706,14122617104708592830,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5124 /prefetch:8
  2⤵
  PID:2576
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,11529934646364253706,14122617104708592830,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5124 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2144,11529934646364253706,14122617104708592830,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4460 /prefetch:8
  2⤵
  PID:2224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,11529934646364253706,14122617104708592830,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5196 /prefetch:1
  2⤵
  PID:3320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,11529934646364253706,14122617104708592830,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4464 /prefetch:1
  2⤵
  PID:1408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,11529934646364253706,14122617104708592830,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5612 /prefetch:1
  2⤵
  PID:632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,11529934646364253706,14122617104708592830,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6220 /prefetch:1
  2⤵
  PID:4156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,11529934646364253706,14122617104708592830,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6408 /prefetch:1
  2⤵
  PID:4932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,11529934646364253706,14122617104708592830,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6556 /prefetch:1
  2⤵
  PID:3476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,11529934646364253706,14122617104708592830,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6592 /prefetch:1
  2⤵
  PID:3976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,11529934646364253706,14122617104708592830,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7224 /prefetch:1
  2⤵
  PID:5328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,11529934646364253706,14122617104708592830,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7184 /prefetch:1
  2⤵
  PID:5320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,11529934646364253706,14122617104708592830,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6276 /prefetch:1
  2⤵
  PID:5500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,11529934646364253706,14122617104708592830,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6560 /prefetch:1
  2⤵
  PID:5668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,11529934646364253706,14122617104708592830,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7940 /prefetch:1
  2⤵
  PID:5684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,11529934646364253706,14122617104708592830,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5852 /prefetch:1
  2⤵
  PID:5676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,11529934646364253706,14122617104708592830,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7736 /prefetch:1
  2⤵
  PID:5644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,11529934646364253706,14122617104708592830,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4624 /prefetch:1
  2⤵
  PID:6084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,11529934646364253706,14122617104708592830,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8188 /prefetch:1
  2⤵
  PID:5280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,11529934646364253706,14122617104708592830,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7660 /prefetch:1
  2⤵
  PID:5352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,11529934646364253706,14122617104708592830,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5728 /prefetch:1
  2⤵
  PID:4408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,11529934646364253706,14122617104708592830,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6036 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2144,11529934646364253706,14122617104708592830,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5840 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4192

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2556

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4408

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4892

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:5904

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3932

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3132

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:6040

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\Counter Strike 1.6 v23-No steam by Prowees.rar"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:6036

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Adds Run key to start application
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SendNotifyMessage
PID:3716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffe36199758,0x7ffe36199768,0x7ffe36199778
  2⤵
  PID:3764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1764 --field-trial-handle=1884,i,1404154702192929979,1995664794181280766,131072 /prefetch:2
  2⤵
  PID:6068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 --field-trial-handle=1884,i,1404154702192929979,1995664794181280766,131072 /prefetch:8
  2⤵
  PID:5092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2276 --field-trial-handle=1884,i,1404154702192929979,1995664794181280766,131072 /prefetch:8
  2⤵
  PID:4496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3128 --field-trial-handle=1884,i,1404154702192929979,1995664794181280766,131072 /prefetch:1
  2⤵
  PID:5476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3100 --field-trial-handle=1884,i,1404154702192929979,1995664794181280766,131072 /prefetch:1
  2⤵
  PID:5680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4696 --field-trial-handle=1884,i,1404154702192929979,1995664794181280766,131072 /prefetch:1
  2⤵
  PID:5424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4828 --field-trial-handle=1884,i,1404154702192929979,1995664794181280766,131072 /prefetch:8
  2⤵
  PID:4464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4968 --field-trial-handle=1884,i,1404154702192929979,1995664794181280766,131072 /prefetch:8
  2⤵
  PID:2544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5188 --field-trial-handle=1884,i,1404154702192929979,1995664794181280766,131072 /prefetch:8
  2⤵
  PID:732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5204 --field-trial-handle=1884,i,1404154702192929979,1995664794181280766,131072 /prefetch:8
  2⤵
  PID:5800

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1416

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of SendNotifyMessage
PID:4836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffe451546f8,0x7ffe45154708,0x7ffe45154718
  2⤵
  PID:3392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,16115193200233675454,973331840140173864,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2
  2⤵
  PID:4428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,16115193200233675454,973331840140173864,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2292 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,16115193200233675454,973331840140173864,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2976 /prefetch:8
  2⤵
  PID:6124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,16115193200233675454,973331840140173864,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3568 /prefetch:1
  2⤵
  PID:4536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,16115193200233675454,973331840140173864,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:1
  2⤵
  PID:4524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,16115193200233675454,973331840140173864,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4996 /prefetch:1
  2⤵
  PID:184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,16115193200233675454,973331840140173864,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4984 /prefetch:1
  2⤵
  PID:4468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,16115193200233675454,973331840140173864,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3180 /prefetch:1
  2⤵
  PID:4380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,16115193200233675454,973331840140173864,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:1476
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,16115193200233675454,973331840140173864,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5528 /prefetch:8
  2⤵
  PID:2564
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,16115193200233675454,973331840140173864,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5528 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,16115193200233675454,973331840140173864,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4960 /prefetch:1
  2⤵
  PID:5152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,16115193200233675454,973331840140173864,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2912 /prefetch:1
  2⤵
  PID:5308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,16115193200233675454,973331840140173864,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3820 /prefetch:1
  2⤵
  PID:5800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,16115193200233675454,973331840140173864,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5384 /prefetch:1
  2⤵
  PID:3556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,16115193200233675454,973331840140173864,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6096 /prefetch:1
  2⤵
  PID:3408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2132,16115193200233675454,973331840140173864,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6088 /prefetch:8
  2⤵
  PID:5300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,16115193200233675454,973331840140173864,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6608 /prefetch:1
  2⤵
  PID:2824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,16115193200233675454,973331840140173864,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6640 /prefetch:1
  2⤵
  PID:1808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,16115193200233675454,973331840140173864,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5204 /prefetch:1
  2⤵
  PID:4380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,16115193200233675454,973331840140173864,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2912 /prefetch:1
  2⤵
  PID:5292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2132,16115193200233675454,973331840140173864,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6696 /prefetch:8
  2⤵
  PID:1224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2132,16115193200233675454,973331840140173864,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5012 /prefetch:8
  2⤵
  PID:4916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,16115193200233675454,973331840140173864,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4948 /prefetch:1
  2⤵
  PID:3204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,16115193200233675454,973331840140173864,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:1
  2⤵
  PID:4916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,16115193200233675454,973331840140173864,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6768 /prefetch:1
  2⤵
  PID:5988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,16115193200233675454,973331840140173864,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2060 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,16115193200233675454,973331840140173864,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7000 /prefetch:1
  2⤵
  PID:5168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,16115193200233675454,973331840140173864,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6348 /prefetch:1
  2⤵
  PID:3400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2132,16115193200233675454,973331840140173864,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7080 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,16115193200233675454,973331840140173864,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4252 /prefetch:1
  2⤵
  PID:5016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2132,16115193200233675454,973331840140173864,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5544 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3704

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5116

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2064

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4fc 0x510
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2112

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3664

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1216

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1976

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\BatupeiaV1.rar"
1⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
PID:5056
- C:\Windows\system32\NOTEPAD.EXE
  "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\7zO0C37BCED\batupeia2.cfg
  2⤵
  - Opens file in notepad (likely ransom note)
  PID:4184
- C:\Windows\system32\NOTEPAD.EXE
  "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\7zO0C32BA4E\batupeia.cfg
  2⤵
  - Opens file in notepad (likely ransom note)
  PID:5544

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:3132
- C:\Windows\system32\NOTEPAD.EXE
  "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\7zO0C32218D\batupeia.cfg
  2⤵
  - Opens file in notepad (likely ransom note)
  PID:3012

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Web Service

T1102

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
2118134ba7cbd933857b8cd45c580a22

SHA1
568d3a8ece2a5871cf43f39e9f8d56a9650dc62d

SHA256
6439620f6e55702c272fb701603707aeed5e6081e4b2a88f3fa32d161c0b87d8

SHA512
c885cc6aa65199ba320b06ceae5cd3dd8d4ee192cd446dabcacb0c313adc78bfc7cc63f1683ad55e27ee3f9341b8ca2e274d76ae4e13ba36b21e661ea941b711

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
7e04b557d29425e4b626b1e155a9d3db

SHA1
a6d06c156c5c720200879f3eae5125c2bb241399

SHA256
17d7b4586cb23416134d280dbc8f7770e673e5332a1cbef14481a9fba2082281

SHA512
64d6b47623013e666a5a34620d09361885007041e6aa1cc51ebbaf15754202ee57438e7f7bac108a0ac3fb7f4ba1f35cd10088fa7d29e2368eeebf18371fcc78

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
34320463c05ad422881ac7f31c38b47a

SHA1
e66fc52ef5f5ce401862686706404aca1b162e07

SHA256
8e83285bd12390b50bf670ee7b61310dc070059728466d2a62c0ddcd9d7eb13b

SHA512
50ad2ff2522d25a9e653802c4d93fb99ce146ee809260f196e6061f422243c9924d57f756be2588f913915b39e25c21d1facfa911dd80a085d8577b4f4cd1983

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
176KB

MD5
2899339f345054f88bb63ee7b9626b2c

SHA1
6153fc95c22d4f456e95fadaa6d3b94f2bf057c1

SHA256
f6dce79ecd4fc7f7ef1f9f447b08c175f91552adfb910e4edca15af14477d343

SHA512
9c04e71c80918f7534262b9aba73b17ac039daba37534eab5093498bd769b57f73f1789ff35f4446a77a46653a12e018a61a80aca71c76a610c845030cdcf442

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b950ebe404eda736e529f1b0a975e8db

SHA1
4d2c020f1aa70e2bcb666a2dd144d1f3588430b8

SHA256
bcc60276d7110e8d002f24d66ebb043c5761e2a4b6ae7854983cef4beacd9bf4

SHA512
6ba228e5b6464c9602db81de8e1189302d0b2aed78a8b06248ccd9f095ede8621fc9d0faed0a7d079b8c7f4d1164b2895c4d0ef99c93cb95bbe210033e40295a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b950ebe404eda736e529f1b0a975e8db

SHA1
4d2c020f1aa70e2bcb666a2dd144d1f3588430b8

SHA256
bcc60276d7110e8d002f24d66ebb043c5761e2a4b6ae7854983cef4beacd9bf4

SHA512
6ba228e5b6464c9602db81de8e1189302d0b2aed78a8b06248ccd9f095ede8621fc9d0faed0a7d079b8c7f4d1164b2895c4d0ef99c93cb95bbe210033e40295a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b43708445dbfde9bdece7bbfdb7c2b04

SHA1
d4033f6084d292633a4f61e898d4d0fedd4fc394

SHA256
bccf92e8ce729e9450be23ace818dda275720d94e4e73b6cabc51958144fc105

SHA512
b075488df8605d0754eb8cabd6fdb1a06c06c71da753064a4c6ffdeaec80be9a5567db5e70484b799d03457352a9070d7cbc2f9f54ee91d61b85c4020b1934d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
68e6e325462fddd4e0b06aa17cce976d

SHA1
6b0eb744c256d84e1614eb4ff580c15376ff1025

SHA256
73839c1f5da85de4b6c04fef0682f2d2e478b41bdd4be1bb8d6dfc3f50b1c894

SHA512
2912811f7ad8fa48da4710b1624587efd5d8a793ae9016ed65df6bd5e0b8284e5a1ffd490e55ffd475a94f9362bad0cfea2d4b62e20dad1b0a4de4fceb4df472

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\3f75dadc-6061-49b6-9edd-29069e73489a.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
a7c8dbb9bd24fed6ffaaec5e42b5da9e

SHA1
bf53b3716312d1bac4721895398cd2f5d9a09782

SHA256
1a8d21278af53826e55effa7e2478be3972ec2083fdece7b64a87cc771f2a37e

SHA512
92011100a788a414306dabd053e92eae613551a59b8e90d0862322f1ca94bec5862ddefcc9079b2ebccdeec47b033b0eae2aea0c33810e99a7a03e16c96f2582

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
485738364c3a51cbab00e71570a1ab70

SHA1
465365380c02b72912883e076e779744f9fe2ba5

SHA256
3da0c65e8d943c2682db5cda9d1851d4a6631189f4d8374a2fdd12da736258cf

SHA512
c5283a895d08125045e9b354344d19d93dae292b46348e31857855829c34dcbab3aeb29554943a09f973908e71b004ba4d0e13f11a872ec50e3575e0776b074a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
888B

MD5
e8e8617c69dd9acd66427c9c2b5d422e

SHA1
a45863159d0b7ac533c6b08fde3ded9e50e0b49b

SHA256
086db240bd74c6db09198aa6b60c760c8ef0035bb86d06a31a3d697d556f301e

SHA512
ed2bffb54d7daa7e1ee0f25ab6b93251e0216af0532565af2240b5d6eebf50b2c7e6b842ab00bbaf966a68110d05126a2421a615d261d3c08a1635f60e0d01b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

Filesize
20KB

MD5
cc54d0b6249b76f9334b0546ab376d9b

SHA1
e01488d851433cdb832a022818cbc31251ba5114

SHA256
4031b3e95a28b8cd8cac1b0e395df8c8d06638cbcd4037f203c9204fd63f5447

SHA512
569e0c2c2203dc74bd2cec5b22c4ff9e56a83980ed777d6958acbf5f9f5d677a4eac6407e8fe4bc7d5088300eadb9ffe7fd77377590fb9ed07dd70311579d893

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
aae513ec8fdde11f8c1930195ce8f432

SHA1
05765fad25914ef9ce64dadceb18257b36c1ee79

SHA256
ef45614e95c4ad2816ba5677cc48ef77a53adbc02295d227ba75147eaf7454e0

SHA512
ba564de36c99b6fe2cdf2a2f623b0a5c687d239bb0698c8a70fc252d91e608690842b6f5f06995a9ba4fa52f05a21c1256ef7e7cc67c0cd3af6abd40b62aa7c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
160KB

MD5
e9c258a087e9d82810329c1087d934a7

SHA1
0ee54f66fa7a7919f83ab332e064aaaa69ea668c

SHA256
33cad5c598d650002f66dc560652f6f816953d104af63bb74838763a47b88cf1

SHA512
6e0bd989518f666651229420d2bb85262539908e0e2aec281e8b1000cfe6fefb3cd5bb2756051dcc94e1a2f42f976e8f6422c9975555137e573a8946b023c0dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
17KB

MD5
1f68fd7afff1924f5ed87199729d7842

SHA1
c46b4bc83335a3bfe975bb4b38c8548f6df32af9

SHA256
8c2d839dd330425631f48cb40eeb01cbe0cb7ab51d1bc83cd0a356f0b2318e4f

SHA512
34634e6d3a82a3f911b4d35764397ddcad5ec120678f8a71c1c8a9546c1d834fd1f8843a92b015996873137d5600fb3cefaa1a7a137849562fdfcebc064a33c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

Filesize
3KB

MD5
988a6dbf9a42af1f4cce1032db7b09f0

SHA1
678a3f93c441474104eadf5cdb58574fa864f883

SHA256
cb5b73929aabd3375afa530c5230b3e3e0bf018a4ad88b5b4b6687fef04bf28f

SHA512
64ba404a6ab5c39b01f294cae53983c0eacd2b1def38e9267e84c9629abf6135899f121b34eda2448ebc8b073776f3ff0ed40c1c30869825e4a1dda55471a093

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
331B

MD5
ec30dce6c8aa82b64a54cae5542ea85e

SHA1
b16df747d535e55fcc2b7633784b7fa9a552ffca

SHA256
df6f4847e6f34b2248aa64b771801e13e5d8f0079c2f352d50b13ae17322260b

SHA512
92bb3f6e52c6c37aceb04884ea4c4144941d30d648974f82ec3d52e52a48cff75253ec64dbd500232a03da26031cbe98a5a3764920c4442f7a9f790fa6a646b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
8KB

MD5
e1a3c4152c3ef8a702117b872bde9f0e

SHA1
cf597c9894d34e52fb404aab69f9fdec39689085

SHA256
ec5b986fb18aff8f928b07908e374e32e3d38f999d3fe6843e0a965da956f7b5

SHA512
4166793317febbc32d532ae37069061a2518597b0944e38910c0e7e2879660cbfeb0f6a96fd220184e52c15c4621bf28fc6bb3633aca23e747d55a1fb483c11f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
14KB

MD5
7e29352e66e859ba5a1577d7a4682c32

SHA1
f0029a1405ee93fc1d075607de28f682c8133380

SHA256
25c882a98ad1cd287bcc63fba72d4bd1e014a2da9af95ea7949872fb92d28c14

SHA512
68bac45aceff636c11179a50429ec60ddeb0f354731dcf661e73c3c1f0de667a0642f43df7ede743fe746146938e78f2ffbf4f79b845214da98ba735920576cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
8KB

MD5
bc18ae0dc8cc70a9539d2b5b7a17f61b

SHA1
325e3c398f86b771867024413b3150a4c2bc2ff2

SHA256
bf76edc20f18201bdac8f1d0ff284ae09317345c5b0dff27a7eaa04fc8629476

SHA512
0bb7e68cadc99f46ab059fa37d532539616a206901195f7eaac6f77b0b0d83d258016b2c368fbeb24e15f1cb6ebb0f3e6d4b5dec3b5a878e484daf0bf1406bfc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
7286f98409ff72fbf4e829e40e5e157e

SHA1
6435f041a410bc145b526cc658559ae4b3549d7a

SHA256
7c587068f6163a12797b2f8e6c04615bd706c86bd24429a2509a395e54b99fc5

SHA512
a3bad19cf6347bf4f43bf7460f09b54f36e62609a53272a15761df58828f5563b93700fcf7c09ec2fe70c6b93f5bb895aeab84619ded59411cfd28614c24b506

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
41144450115be0f3603779fcf7c62bfd

SHA1
bdb53792687d59db0196e89d99c6164e9371ccbe

SHA256
2f5d4637c0862326ac232888ac889ddc0ed5f51445d28c5a040af4aad767e62f

SHA512
b8a96688c68809ca9c2fb3c11bbacab02cc5411eaafe0ae8598e38d18e9abccc8667e9d0399ba4e54399c188b6b94c9953ac6b866a1d9daea31112daaddab4ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
6f9e6532c93edfe0fde39704c322a340

SHA1
447ba65c43a22fb6d86f829735977979ab1b34c6

SHA256
7f5322a3566a7e711f074b050373409fd486d47268b65d7e8e3fbddcf1b76086

SHA512
7b675af531216d4f8761d7d3fbac2967be2a339dc53a848558c778b48c5f27b0fa2ccf5bb71c0e5d835713953c41f91476bb11a2ba18ba64931928c9a57a0aa9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
bb99f91faab2118121e2814a59fd6357

SHA1
c65d9e039d9fda2ee2e78367128674f06169651e

SHA256
b28cfa0f9e88e1e93b1e6a3ed4a1c6ae01cd08e64f359ab71f746c6de1a7d076

SHA512
1b2897c461dc2e6d5cb74a346176744de8151f5a591a4d76a5ec73ab925987507c324a865a6ca91e375d132f3934c4b843e704f0b00baa2f8381ca0207704305

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
8cf682c21af8d9536d24cecbeba9e514

SHA1
6ec7548f9f13827b3a591bdfc2d8fa3ee85363e2

SHA256
9466169aa4d6660df9c82a852716487eebab191b1b9289c1cb21c5040179daea

SHA512
9c1ba177f1299c37520953beddf343c848f1012dfbace98ac50103e7df96c4679b73865585081f0af1a61c89f12bfaae14b8fd7f564849697c4ca5db743b08e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
0884faddbb1c2a8545ee75fcaddfd329

SHA1
f333ae2dfcdbd82bc2363d27fb73b0ebb525f19a

SHA256
3b3d05622a730e6653872ccb776498b6b8d239afe8cbbed3de93d0284e6cf3df

SHA512
0c99fab64d7be353e6a7d40cb6a3c530d80e0b9413d62d966801e3e56a78be68e6a84b4c427ab257368dc1570ce6fbc3e0b2f57375ded27b7c0acd9853b89dce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
35822616f85b8c6635aa7c4be3b7c254

SHA1
fb3540cdb3aad20d8fa059cad9354fd50601f749

SHA256
bf26c7e3238f554ebfac71bf65047d5c1a4f1cc4df84916135ab1058b392c26a

SHA512
ba9caa2d868624be3ef6edb1d5913cb587bd582888ece6315c04f4f8599e5b5ec72a38bb441062ec37a44db861bc75bee01aa07fcab6b15ecdb48ea9843db375

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
a64f1f14a2e212cef7b44f70a8088882

SHA1
63942ebf0b6d0621dc7323ab7e5e41e3282f8142

SHA256
d305441502b2933e8593e38744e0a3dce34a0e3e413b2ad464a2867cec0e59db

SHA512
1d6709c554871e288eee4d638747724b8f929a414019eb697595409395e94d430ff36656bb4a55350f52579980ceb35958a64524acb012d5e18b04d140f40e4b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
a64f1f14a2e212cef7b44f70a8088882

SHA1
63942ebf0b6d0621dc7323ab7e5e41e3282f8142

SHA256
d305441502b2933e8593e38744e0a3dce34a0e3e413b2ad464a2867cec0e59db

SHA512
1d6709c554871e288eee4d638747724b8f929a414019eb697595409395e94d430ff36656bb4a55350f52579980ceb35958a64524acb012d5e18b04d140f40e4b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
906713510dae4f030fa69af65ef0ec16

SHA1
a67e98808f8ecb245aa5c5e32d52a602debb4581

SHA256
835444c82287945b9c111cd1cd65e847ee8e7c0f1c608a19b6f43765e0adc697

SHA512
eece0ea2edbc83aef8197c2457018f41465c3df8b042cd76626ef80cd6a6c778916a092321d8fa209e07a6e5713789248ae4bb2ea58823342de15ddcd9d4f1d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
363b20060fa72504998e29026d5e429a

SHA1
c43a0eff5ee52846f75f698508b617f0487ba1fd

SHA256
5d8f22159c7af0a9f9596f9600598db1f5f33dbdf27def0edabceb084b043ad4

SHA512
ae46bb99154bfa1a9b4bd273c380c9fea5f4d77d2196b9b57429fb2cb9e080ec526cb927fff8f120236eac9fcb6fb29438a5d0361e0d0d49d43dfc48cfb50246

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
ca36933e6dea7aa507a272121b34fdbb

SHA1
3b4741ca0308b345de5ecf6c3565b1dbacb0fb86

SHA256
fd14449eb781c58e6e7196a384caf25cba0c59ebdba3b10f8ca0ecfd0c076b5d

SHA512
5a9b186ecf085765caee97a2910008dda926ce412001042e165184083a52fb5fb70f05ca781cd2f7740ecbd938895c77c5aa0f9eb8d812b92f412f336212720e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
a6ceeda956ca757de681a4c10dd860d1

SHA1
05a736e51bf9c1a52ac232f407d313c7bfc321b9

SHA256
47dd8bb6588a4e9ac0ae35aa4ce02136d72348d08aec4ce6729a539e0087d01a

SHA512
df7bb97b6f6961503c12c4e9a8518d631b39467a3d30d9e00100a3115360d2f62158ae9aebb43166ce449df8fe09a17a6feb2ad674e2bdaae3370ec36ca8c005

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\08601068-40a4-4162-9ec0-c036e8c36b15\index-dir\the-real-index

Filesize
624B

MD5
425ba6a273252468ed8c2196cd877212

SHA1
94070987a36ca450bebc2cc9ea8cf02857b44904

SHA256
e3c2230cd500d17cd7f0910c09f4dedba8987d40e4ceb723caba0a713b57b3a2

SHA512
4afb1e5c4796e210a34619e2dc109ae29beb669052c577cdc7b6fc8db2b0cb1d5b1ba6b43738a506a06c1081fafffa57cfce9d5f9dfa320ae3c08cff7810567d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\08601068-40a4-4162-9ec0-c036e8c36b15\index-dir\the-real-index~RFe5cf68d.TMP

Filesize
48B

MD5
f148131a163ea53f02d0512aec24ab46

SHA1
0158e76edc3a02a35cc483be7bd21f8877741d14

SHA256
535d9405f39cbb8a6aa81bdc26a763a1e91da35736535f152eb643ea59ac7c52

SHA512
0f8c03634e844be24696c403c58442a9c09e3de0b22012ec738ddbc673eb4561ebcf97b00343719ba1ac8980c9e0eca6248e46a056423fabfe6d9a552a9f4575

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\a1110f6d-a65e-4665-9a85-a77f69e244d7\index-dir\the-real-index

Filesize
2KB

MD5
4200f36b1a1ac0420ab3afc70d61eb47

SHA1
fff0d547789e7af0aaa84c43d241df287ec36edc

SHA256
9df29238bce6e35841fb851d84f0671c1e0468a79d65c33f02390c0b3cd0f2d0

SHA512
f15762df724286db8f2e9c75cd57bd8f533e97d0dcd01e53089354e6d899b5f60cc890c639d3a009e3db9ea1706fc5525260ccac166f3e03966d20389d7f06d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\a1110f6d-a65e-4665-9a85-a77f69e244d7\index-dir\the-real-index~RFe5d4847.TMP

Filesize
48B

MD5
572fb1476da371f1136e025b1a7bb77c

SHA1
453c7f960b976415f4cb790f396e29de9abec41e

SHA256
ca1c49730c1a1fe1222621c6afba5abefbbee0ac3c25cfbe6ff1674c2d330aee

SHA512
381edb54ba71fc9182cb5bffc743fe3d62f21cee48eb5fd4914f938111bc59c158879c55d3db72b1f90639bbb5e89cde09bd5ec6f9877fd7be08e85049154650

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
89B

MD5
af8886e5c8a73eaa90d15c5c311b4545

SHA1
66217a169689d2dc6ded6f03aa908dc4364b7155

SHA256
741a383f5396ec972654964cf2049c2fad9a4f5ee73a25d6d1bc00ac66ab2361

SHA512
d77cde6f9c206158c7e042d925222672abbbfb19b06eb012689791a7dec1d4493e8fe2c12e123c9ba3b3a6aeefca202f4d1862acfe1902ab43fa9a50f8a3344a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
90d45972d8952d3e95d2a493f5597d82

SHA1
d05ac699d6fafb47b8a0dcc37e1dedb51d96dc2d

SHA256
6bcbe4f7df0f513ac5209f42470db0954295010ddacf69ce3f9e8d07f9953a1a

SHA512
7bf17156637594df8841672986809f37a3714603f9dc1dc0bf0132faf00c64d5680983a5b7ccb3f8c4c888faf4882952659af0629161c894820074bfe8c43749

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
155B

MD5
ceefb7e9fd898faa287d2271b878163a

SHA1
e09da268556b9d16d01825f93dc38331389c9ef3

SHA256
11fbf667286e10e50ecf6a6c871326dbbdb8688ebd70dc5bee15ff380ac704d9

SHA512
95ff8b08dbc9187c1e9fdc6a7a25b8ceb51162c343a55f2bd1e739d81571fd865fae7990d0d5248e6f2c73040400f35faf0bd4c0ebedb5403323b7c065ffa9c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
153B

MD5
a0c87e9877c157e8ecfa23383996941e

SHA1
aa4fd4c806c383c650ab5d9f7113476409d3774e

SHA256
884138d67df6a063d130deae7ae59d53e4f319daa6970579a265c77b4a60b132

SHA512
47ef5d2b79100332ebfffca571d0e83b607f8fd73d00884811b7be56531a9765dc78750968882deb3a5f52d93c795f5da6421b69f0e2df40862c2b2c5d691a46

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
45086b05a7f3ed3e5ee29fcbe7daec7b

SHA1
a268c1fa57ab9f7e55075498348ac7ea560cf926

SHA256
c59ef6c62d8200ca1a44c0f6800e19c6233f7c06102539a835e857be15cea1c6

SHA512
8fa18871400f445b60f63368547fa52ea23177719608babc68cbf6ded7791d8794dd852e39924d84d9c8e39a8523994591ff5a8e6f250e0ec1a7faa0191bf6f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
bd7f701b05b1b9b7b9b5574e5d52ff51

SHA1
ffd38a121deb94ecfb1685a8693b6297cd0c201a

SHA256
c83678af4efbfa561c242ca9eb197811b108cf842c1cc1248087a5c8f085d099

SHA512
084b3d5d3dbe14e9216f727e5186dd874797deb20560fdf91c09106934c960c23b0c71d6b24bce77b0c4bb829d3e6ce0218df5997aa15155cdca26a78bf732e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5ce4ab.TMP

Filesize
48B

MD5
435bd2152614735115c1b74420744f52

SHA1
c7f55946964ca8714bb84621811e9e4836371c6e

SHA256
19ce407200fc330043b034f43e37613b5459168d2a31a0ab9662db3f27efe5d0

SHA512
740d549dd5b6e0c22d59b1981a4ddea43c44b1f1fd1ad8297544d5d6264e41cef5b720988f6f91336bc3ba81f4b1e7a808a756b0b3b643d27163c4a1b284bc6a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13334276219003417

Filesize
30KB

MD5
5b9059c22577629157c9394533838db0

SHA1
f08acc89fcab1acdb3491918a2327e67120f2916

SHA256
a9a879d847804e8cc4964942f217f9a1b39235daa1e58e5e9be45baba37c2521

SHA512
256c2116f866ae7028dd5b30ac2c1ebf1cb6f314e5de3711a6bcec5a3550ee907aa20d33a26b71786344b9ef8a2a63043b59918e7151244e9bae6c33c889c8ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
184B

MD5
d50619aad2344d7c3608eacf6f217945

SHA1
8f8c9f76ce872600218b448b7e0e460dbb689bc8

SHA256
00686237adca1238bff0539dd4dc9fe966d83f7df3af6b6c46993e793e5a855e

SHA512
01cca8f9d0bfd8a8c0aebd7ada59c1dc9fe1df0508d1c61aae0e6254facbf23d270e2236ebcca9a232b425a19ab1427857c50180ddbdf6581f41c966130cfa1d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
350B

MD5
63d81c187d3628bc4204653134f96b36

SHA1
34c4b702e93554a30db7255bd4ff7760681ab8e4

SHA256
6cdc0461527d3791ada2d4d8908da5dfae56f2cd1ed7b8fa7e9b0c6ad7dfaf6a

SHA512
b094801e740919b707ed066d05f93e57e510bc93c38323359866ac38c9343d134c544bd0e737d471e71671d29c3179a02a5b525034d0c42afcc10676b50cd12d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
326B

MD5
7ba6dd9a0043df915f162e1d46ef123b

SHA1
49c9e382207d39a47d27d29b9250730110bb396b

SHA256
a56591e604b6fd13b7d5a61b026397f71f7617a59c5bfff92d91594a0d48052a

SHA512
bc0ca260ad07a11eb00c0f704361cd79e9ae9847cf214a5aa52b815608aaab57d9575c9b0168f0e277e566013ad4140934549378fa98ee910e81bff1259d5718

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
487d396cb087643ea46b222b82e6f7e3

SHA1
84819508a5c4a40a8e4226267b1fb50b112a973b

SHA256
8eb6d764f6928ac93aa340643bf70e6959f8f865e3598e38d3e890be29810c03

SHA512
4549ca09c8809b1b797229088d1dced7d5b01c046b3d916a765fe44c2fa7d19abc27c964220699c07f27a396233e903ef92de4cf7470069e5e87c8bc82430f65

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
6aa7e5852d5a3015bb85910be4eb948f

SHA1
2f3eda630fbc566e2a1556dc9d0cec4da0aa2112

SHA256
897efd6c4d72300429e0c4e1c0ce1bf7751b1d2219aa0981dc0dba238854cde1

SHA512
a2cbc798e445d08160d68ea08cc00014cdb9ffc6e27581357331530807300cd3a14501b38cf402e47d8d91cc1ed6f1a81e5e09c193532b1223046d50816afa0a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
7f81b83d29f815cb60b8902d806a74fc

SHA1
4793e3b681e1d42ceb8d51b9ba157dd5a82e436a

SHA256
32aa068b33b3ff06f79cb5b6f311edd25451b0d9217d847e62aa02e2d85a8dc9

SHA512
1df7e50112d9f7fb2cdaa2de299ba8c97cdd3738de3844a79359df57ac95ad04818493e2e9af09e2354d93fec7934b79b15897d8ec89474da22eb890aa7adb84

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
48ea8efab7c5c6f0bb76c34a58c163b0

SHA1
621eae535c60d8a622da7682a06df6f3288a1f4a

SHA256
3922694d662927145b1b0b23747bf14067be53385b59c5645e7d50c5125a9a34

SHA512
79becee246c48f3d81c714e2e9839c8b43993e95f6cf35cd08a5e4d96ebdc8afffacd38c11962ec1ffe938d82d74bde1fa578d979a4daa841e96d50617ec01c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
bdb85292b6d24064717d2582aded5d71

SHA1
626a7df9849d5b5c7f53d610c3ff328e3a627218

SHA256
9499e294372c467d59ed04687e906ef2288fa234aa82cc176a73babbfc680f79

SHA512
85f01f710d079e1c8cc09598c5033e16db2b870e420282bb16922c7667f4c372dbdbc053ca341c414a73d82ea7d6dd9bfc71b4896d74c0f14cdb2b74b5c7aa11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
2522f6e6ce780da5df50f1882ed2fef8

SHA1
addfb6a420895b292d121480de031151f8b1d427

SHA256
22a7a9dc9a351ac1dda97cf355a81ccad36de6a5bb47f6189e1de8cd60b84180

SHA512
fc693d60c686202b542167496bc93271a7a44d455eb0e7a68b0093f9f1b6c371117d91da8986031a96524ff3608b314fe7442d263554988fb560167726d8140a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
6d3a708dbb43e86e7db0359d004e5ab4

SHA1
da6b29c1e84cd006d36959e7d1bfdad6245eebe8

SHA256
fae901628b34cd2acc1d01eba8248fd75df779cb57f71f09ea63da472979a7fa

SHA512
aaedd76fbfd8b02fa4f05f2fbb5484972349b9a776b93e42e5c0738b9ac04155da0cd5e3fac9d482d061a0cfcae4c07ba2125b0ea13b8e2e0ffd1752958944d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe580b84.TMP

Filesize
704B

MD5
ec8c6d1118842b330cb9574e8fe6e40a

SHA1
a1204389511c2d0d86f3bca3c8bc6e36f8073cfe

SHA256
13beeae0e60780fea5bac7f3ef77645d6480863ecdf0d7f07b1e908a8b749ede

SHA512
52a3c676acfe2b8350e05f2879be736be9e659f34fc26934a431c14881faf50cb094f651615c7721647efed0af14fbdf1889e9c36f291b6c412dae51827701f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
1c368442a1e3dafbcfb50a14ad875c0b

SHA1
dfd154d78ea996edcbc234f484d61a3cfa0c0cdf

SHA256
e681d7cd94fac48ba3e9da08c22b01d367f8d197faf8c799c7908eccb4118add

SHA512
2480136bf38b0ce5d0acb5235aae5898e42fc9ec34605067acf8627db97cf9f4234e19fb9998d5d04150c1b45bbb9dd9cf25b0d4d03a2c41d8a3c089a1b7d810

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\e0fa5004-de45-4451-8758-216eca87a73e.tmp

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
76KB

MD5
1da61882741122c5898416535dd13355

SHA1
5833d04ac2c901721bf459531758cd353420ef17

SHA256
0f64e5178056edf9e5a93230e9d670bf44ba59cd2abd68ab332098585cb7e762

SHA512
eba22850a45009a649961566db76ed1cd99f885b5f47eaf3ee6756c5476a5b26ed192efbc3636ec50fb3e332bf3a5d078c12c1051b54689f51b4531dc6aec1f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
a3d96d1ee6e82fa3be756b454077e10f

SHA1
b9911a1e9b8288874c0642db1a0d25f7981cdae1

SHA256
78edb1a96d0a6b86653d2776fa8a393cea66b2554d508b8f500efe0391098cf6

SHA512
37048faa26807ec986c027947d27de61a705fad4f096f21d5da2903fd4eae6c6340dc61504f66419aa4017f47a0d0539123a3ca286a3f7586986a84969bc684c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
15f2465ec0af5f1491ee73d46d13f400

SHA1
7597299c47fd7f3412ecbebc0781c0aabdd8a499

SHA256
3789928cb01efddd5473cb7e00d46e26bb1a26d819149d09577d680859d800c6

SHA512
f48a2184434d4d211fa68fb319c7f122b15146b3e8b01f055798e5904d704e267a1efc388d9a6ad0202a1ed0549e069d504d9d5166884aae5138675eb5a084ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

Filesize
4.0MB

MD5
bc70ac4893d50fbe71f4484835aab5d6

SHA1
70b195c6853f5f04d4321ba0aa990d13f7568a1f

SHA256
3ff5c17e34bde91fc4fa0164c9027d06411198185de9ec7ab5f93c49f588ff4f

SHA512
346230f797b89db27cb5ebb0584c44573ee9268459d0d834ef45367a81078e12ca6e736753c45932dd0f9b7dc443352b760de83ff22433bd18ab665a808f785b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000002

Filesize
17KB

MD5
fc97b88a7ce0b008366cd0260b0321dc

SHA1
4eae02aecb04fa15f0bb62036151fa016e64f7a9

SHA256
6388415a307a208b0a43b817ccd9e5fcdda9b6939ecd20ef4c0eda1aa3a0e49e

SHA512
889a0db0eb5ad4de4279b620783964bfda8edc6b137059d1ec1da9282716fe930f8c4ebfadea7cd5247a997f8d4d2990f7b972a17106de491365e3c2d2138175

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000003

Filesize
20KB

MD5
e8e1f8273c10625d8b5e1541f8cab8fd

SHA1
18d7a3b3362fc592407e5b174a8fb60a128ce544

SHA256
45870d39eb491375c12251d35194e916ace795b1a67e02841e1bbcb14f1a0e44

SHA512
ca77d40ec247d16bc50302f8b13c79b37ab1fcf81c1f8ab50f2fc5430d4fabc74f5845c781bd11bb55840184e6765c2f18b28af72e1f7800fe0bb0b1f3f23b24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000004

Filesize
20KB

MD5
a4e164f6a15386763f5a9915b9b2abc8

SHA1
8d499d52070f47a4084008fcb8874fb148994d4d

SHA256
dad5ddc6868717a6c955e0c7627f0f93adca70d5d20733c1a98324269fa19f85

SHA512
9ae0dc6c7638553dc8b7c99f0f0b5671901409b50c0cd7666b556a08cb979b4334cee2b10bc826a3d7ce435a84536a0e81d2fbc79104e29588c5b506da97aa0b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
a492346d96b6e9756a6af913800cd241

SHA1
93dfd4eeb80bf62e819f47df24a9dba96eb62c81

SHA256
5e2572ed3a55ed6797557bda5ae3b682ed9861bd7720e3b49ac55887dea51942

SHA512
e3048c6fd88bedee1190f477664717867a32e6bac42cdca6502ab071509e4ceb24cf9307220847c3aa79730b6503ba0cb830409e2323bec4d353eee91f34285f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
13KB

MD5
2874abd998fee30f0ec8ac8999ac7862

SHA1
c844188490f2c63adea5256620fcd765fb60870f

SHA256
dd83334ea123beea7244f127669f1cbd4acf6a99836df2929ce86b41eb3fb81c

SHA512
573701cd8415768c0084d7138595482722511275cb3c7d74987c36d9af94a86c3d844dd7c12399120eb1a05f7a5bc26c2de84ed92774d5214a234a30244aa988

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
676ad603e4e16f54677a3be88bf32f22

SHA1
c57154e9a92164aad471b64571f80dd56d56d10d

SHA256
d7bbb6600b10a63533956b3b49e065e392a3ba764d79653f3b4f804cf1cba676

SHA512
1a61e2913cfb6d832278e14e0da53373b8b093d1be084deb9032d575f04d5d7bc46a152bd5dd0f96d084cfc2a90213f2ec8374e6dad04cc8ba39b8522a02c94c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
13KB

MD5
2874abd998fee30f0ec8ac8999ac7862

SHA1
c844188490f2c63adea5256620fcd765fb60870f

SHA256
dd83334ea123beea7244f127669f1cbd4acf6a99836df2929ce86b41eb3fb81c

SHA512
573701cd8415768c0084d7138595482722511275cb3c7d74987c36d9af94a86c3d844dd7c12399120eb1a05f7a5bc26c2de84ed92774d5214a234a30244aa988

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
aae513ec8fdde11f8c1930195ce8f432

SHA1
05765fad25914ef9ce64dadceb18257b36c1ee79

SHA256
ef45614e95c4ad2816ba5677cc48ef77a53adbc02295d227ba75147eaf7454e0

SHA512
ba564de36c99b6fe2cdf2a2f623b0a5c687d239bb0698c8a70fc252d91e608690842b6f5f06995a9ba4fa52f05a21c1256ef7e7cc67c0cd3af6abd40b62aa7c5

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zO0C32BA4E\batupeia.cfg

Filesize
1KB

MD5
09d89154925fe522d69547d91a5cf90d

SHA1
1c8e07cee3fe7801d8f8188736321e15b0f3448d

SHA256
39b3aafa840108210a0cf244c7d145f61f33cd53eb1ed531ec150b857147d5e0

SHA512
86fc550d49dbe1d2b3ffbc7c37aca41a43929bb48cac0ef9dc96c270e9b1d3d8e8827883d385b88887e35c3b4a106720d57a2e977b629941e9d67a75a566249d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
11KB

MD5
4038b45e62d2ba2471bfef6d3f832cb4

SHA1
13c51e279439b6d546add04a7152e592e5a57ce7

SHA256
624744e85bd33c19ad3c7a89b3e92c3d972ec18a1337cfe67fa0da4c9a0e3e9b

SHA512
4652da08d8c2da813ac428276055df567b28e73f458185f27c4aa6e2857b6609f523e0451be4a546ea9a4e79932a08380011547cba9afcfe0b2791eff7f34e6e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
11KB

MD5
757d826bf7a6eb2c16271125752df135

SHA1
2912eb2efe23d158b0c6f166c3137318a3c204b3

SHA256
69a23131c01c4a11d19c8fe89c8d99cffb33e6bef07ffa40ea9436814716913d

SHA512
1891bdf953d1c6355e05aad70c5ca042a5ee07b83d9757d91f9bbc8e00c914b441c0430a1daefab9707b6e776ed7c1345b96fca82e767661a4113d9102d4ebfa

Download Submit
C:\Users\Admin\Downloads\BatupeiaV1.rar

Filesize
1KB

MD5
ee6676e4bf8f78c39f176a3ae861817d

SHA1
16261e0a9535d198d33b418a366653a06de79635

SHA256
39c9c79981f7e2bf667ee27799a83b0bd064155fe00c1f4635949d80f74bc59e

SHA512
0fdefa52908bf10e92ce3e784ee3dbcb1d6625f8e70f97f4ac2b8f83344ea5758ce810c178230eee9b013ba7e058b1c1fbc9182e3484c29149cddec73a09bab1

Download Submit
C:\Users\Admin\Downloads\Counter Strike 1.6 v23-No steam by Prowees.rar

Filesize
227.6MB

MD5
c15f89baf26e06f62a81543e3e8eb477

SHA1
b20c4dedf2937cd8d5b6df87ac665256c9193430

SHA256
0b46c0423169b1f4599592aabbbd3fcc61335d922e7b3c88853681dfb0babca8

SHA512
7746d6610acbbc4039815662b2e7dbd2e891bdddf25868f76a7124325ef821bc04ae57d6ebea24e32f64268726ccfea2b4de65ce8f317a31a2c8b0b3e06993f7

Download Submit
C:\Users\Admin\Downloads\Counter Strike 1.6 v23-No steam by Prowees.rar

Filesize
227.6MB

MD5
c15f89baf26e06f62a81543e3e8eb477

SHA1
b20c4dedf2937cd8d5b6df87ac665256c9193430

SHA256
0b46c0423169b1f4599592aabbbd3fcc61335d922e7b3c88853681dfb0babca8

SHA512
7746d6610acbbc4039815662b2e7dbd2e891bdddf25868f76a7124325ef821bc04ae57d6ebea24e32f64268726ccfea2b4de65ce8f317a31a2c8b0b3e06993f7

Download Submit