ebb594c347797beb7f75b9dc4991cd0878a49a11d7522b4351d47f03dc88bd9b

Resubmissions

02/09/2023, 11:40

230902-nswswscd6z 8

02/09/2023, 11:37

230902-nq6kbacd4w 1

Analysis

max time kernel
1522s
max time network
1496s
platform
windows10-2004_x64
resource
win10v2004-20230831-en
resource tags

arch:x64arch:x86image:win10v2004-20230831-enlocale:en-usos:windows10-2004-x64system
submitted
02/09/2023, 11:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

SocialClubChecker
Size

177KB
MD5

5e8fb35e53516c2317d0bdf29e3fc4b1
SHA1

d5a3a3d1a40a42deb92fa7d0828476a0babe93d1
SHA256

ebb594c347797beb7f75b9dc4991cd0878a49a11d7522b4351d47f03dc88bd9b
SHA512

2b8a74d664b476eab9ce2afacbb58245a808c49dd7733e6fac3c3e1f62f95ae68fd0c8de5deb542b86ad28de24ed5f7c3a13bcc2e83e9fa5329c94830d3d37d1
SSDEEP

3072:mTRgFlo/MDlxAXjwfd67XIm1rLFceyK7wPSb/b2kHjoTLjNyiDTIDuqJzeFhsVSE:mTRgFloTDuqJiLsVSgE2Sxxspm0nii8s

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file
Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 19 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2848203831-2014322062-3611574811-1000_Classes\ￌ檉⤀蠀⚰Ƶ	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2848203831-2014322062-3611574811-1000_Classes\ￏ檊⨀耀섀	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2848203831-2014322062-3611574811-1000_Classes\md_auto_file	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2848203831-2014322062-3611574811-1000_Classes\Local Settings	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2848203831-2014322062-3611574811-1000_Classes\.md\ = "md_auto_file"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2848203831-2014322062-3611574811-1000_Classes\md_auto_file\shell\edit\command	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2848203831-2014322062-3611574811-1000_Classes\md_auto_file\shell\open	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2848203831-2014322062-3611574811-1000_Classes\md_auto_file\shell\open\command\ = "%SystemRoot%\\system32\\NOTEPAD.EXE %1"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2848203831-2014322062-3611574811-1000_Classes\Local Settings	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2848203831-2014322062-3611574811-1000_Classes\ￌ檉⤀蠀⚰Ƶ\ = "md_auto_file"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2848203831-2014322062-3611574811-1000_Classes\md_auto_file\shell\edit	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2848203831-2014322062-3611574811-1000_Classes\md_auto_file\shell	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2848203831-2014322062-3611574811-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2848203831-2014322062-3611574811-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2848203831-2014322062-3611574811-1000_Classes\.md	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2848203831-2014322062-3611574811-1000_Classes\ￏ檊⨀耀섀\ = "md_auto_file"	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2848203831-2014322062-3611574811-1000_Classes\md_auto_file\shell\edit\command\ = "%SystemRoot%\\system32\\NOTEPAD.EXE %1"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2848203831-2014322062-3611574811-1000_Classes\md_auto_file\shell\open\command	OpenWith.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2848203831-2014322062-3611574811-1000\{CB80AC80-01A2-4139-9A9D-23D0BF453670}	msedge.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
900	NOTEPAD.EXE

Suspicious behavior: EnumeratesProcesses 30 IoCs

pid	Process
2068	msedge.exe
2068	msedge.exe
3796	msedge.exe
3796	msedge.exe
4068	identity_helper.exe
4068	identity_helper.exe
1400	msedge.exe
1400	msedge.exe
2216	msedge.exe
2216	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
1776	msedge.exe
4348	msedge.exe
4348	msedge.exe
1516	msedge.exe
1516	msedge.exe
1288	msedge.exe
1288	msedge.exe
1376	msedge.exe
1376	msedge.exe
1528	msedge.exe
1528	msedge.exe
4700	msedge.exe
4700	msedge.exe
3344	msedge.exe
3344	msedge.exe
4868	msedge.exe
4868	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
3656	OpenWith.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 55 IoCs

pid	Process
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	1996	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1996	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe
4868	msedge.exe

Suspicious use of SetWindowsHookEx 43 IoCs

pid	Process
4924	OpenWith.exe
2804	OpenWith.exe
4924	OpenWith.exe
4924	OpenWith.exe
4924	OpenWith.exe
4924	OpenWith.exe
4924	OpenWith.exe
4924	OpenWith.exe
4924	OpenWith.exe
4924	OpenWith.exe
4924	OpenWith.exe
4924	OpenWith.exe
4924	OpenWith.exe
4924	OpenWith.exe
2804	OpenWith.exe
2804	OpenWith.exe
2804	OpenWith.exe
2804	OpenWith.exe
2804	OpenWith.exe
2804	OpenWith.exe
2804	OpenWith.exe
2804	OpenWith.exe
2804	OpenWith.exe
2804	OpenWith.exe
2804	OpenWith.exe
2804	OpenWith.exe
2804	OpenWith.exe
2804	OpenWith.exe
3656	OpenWith.exe
3656	OpenWith.exe
3656	OpenWith.exe
3656	OpenWith.exe
3656	OpenWith.exe
3656	OpenWith.exe
3656	OpenWith.exe
3656	OpenWith.exe
3656	OpenWith.exe
3656	OpenWith.exe
3656	OpenWith.exe
3656	OpenWith.exe
3656	OpenWith.exe
3656	OpenWith.exe
3656	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3796 wrote to memory of 1700	3796	msedge.exe	86
PID 3796 wrote to memory of 1700	3796	msedge.exe	86
PID 3796 wrote to memory of 2432	3796	msedge.exe	88
PID 3796 wrote to memory of 2432	3796	msedge.exe	88
PID 3796 wrote to memory of 2432	3796	msedge.exe	88
PID 3796 wrote to memory of 2432	3796	msedge.exe	88
PID 3796 wrote to memory of 2432	3796	msedge.exe	88
PID 3796 wrote to memory of 2432	3796	msedge.exe	88
PID 3796 wrote to memory of 2432	3796	msedge.exe	88
PID 3796 wrote to memory of 2432	3796	msedge.exe	88
PID 3796 wrote to memory of 2432	3796	msedge.exe	88
PID 3796 wrote to memory of 2432	3796	msedge.exe	88
PID 3796 wrote to memory of 2432	3796	msedge.exe	88
PID 3796 wrote to memory of 2432	3796	msedge.exe	88
PID 3796 wrote to memory of 2432	3796	msedge.exe	88
PID 3796 wrote to memory of 2432	3796	msedge.exe	88
PID 3796 wrote to memory of 2432	3796	msedge.exe	88
PID 3796 wrote to memory of 2432	3796	msedge.exe	88
PID 3796 wrote to memory of 2432	3796	msedge.exe	88
PID 3796 wrote to memory of 2432	3796	msedge.exe	88
PID 3796 wrote to memory of 2432	3796	msedge.exe	88
PID 3796 wrote to memory of 2432	3796	msedge.exe	88
PID 3796 wrote to memory of 2432	3796	msedge.exe	88
PID 3796 wrote to memory of 2432	3796	msedge.exe	88
PID 3796 wrote to memory of 2432	3796	msedge.exe	88
PID 3796 wrote to memory of 2432	3796	msedge.exe	88
PID 3796 wrote to memory of 2432	3796	msedge.exe	88
PID 3796 wrote to memory of 2432	3796	msedge.exe	88
PID 3796 wrote to memory of 2432	3796	msedge.exe	88
PID 3796 wrote to memory of 2432	3796	msedge.exe	88
PID 3796 wrote to memory of 2432	3796	msedge.exe	88
PID 3796 wrote to memory of 2432	3796	msedge.exe	88
PID 3796 wrote to memory of 2432	3796	msedge.exe	88
PID 3796 wrote to memory of 2432	3796	msedge.exe	88
PID 3796 wrote to memory of 2432	3796	msedge.exe	88
PID 3796 wrote to memory of 2432	3796	msedge.exe	88
PID 3796 wrote to memory of 2432	3796	msedge.exe	88
PID 3796 wrote to memory of 2432	3796	msedge.exe	88
PID 3796 wrote to memory of 2432	3796	msedge.exe	88
PID 3796 wrote to memory of 2432	3796	msedge.exe	88
PID 3796 wrote to memory of 2432	3796	msedge.exe	88
PID 3796 wrote to memory of 2432	3796	msedge.exe	88
PID 3796 wrote to memory of 2068	3796	msedge.exe	87
PID 3796 wrote to memory of 2068	3796	msedge.exe	87
PID 3796 wrote to memory of 5096	3796	msedge.exe	89
PID 3796 wrote to memory of 5096	3796	msedge.exe	89
PID 3796 wrote to memory of 5096	3796	msedge.exe	89
PID 3796 wrote to memory of 5096	3796	msedge.exe	89
PID 3796 wrote to memory of 5096	3796	msedge.exe	89
PID 3796 wrote to memory of 5096	3796	msedge.exe	89
PID 3796 wrote to memory of 5096	3796	msedge.exe	89
PID 3796 wrote to memory of 5096	3796	msedge.exe	89
PID 3796 wrote to memory of 5096	3796	msedge.exe	89
PID 3796 wrote to memory of 5096	3796	msedge.exe	89
PID 3796 wrote to memory of 5096	3796	msedge.exe	89
PID 3796 wrote to memory of 5096	3796	msedge.exe	89
PID 3796 wrote to memory of 5096	3796	msedge.exe	89
PID 3796 wrote to memory of 5096	3796	msedge.exe	89
PID 3796 wrote to memory of 5096	3796	msedge.exe	89
PID 3796 wrote to memory of 5096	3796	msedge.exe	89
PID 3796 wrote to memory of 5096	3796	msedge.exe	89
PID 3796 wrote to memory of 5096	3796	msedge.exe	89
PID 3796 wrote to memory of 5096	3796	msedge.exe	89
PID 3796 wrote to memory of 5096	3796	msedge.exe	89

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\SocialClubChecker
1⤵
PID:2224

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffbe62146f8,0x7ffbe6214708,0x7ffbe6214718
  2⤵
  PID:1700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1996,16692240407015408594,12952593680171549592,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1996,16692240407015408594,12952593680171549592,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
  2⤵
  PID:2432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1996,16692240407015408594,12952593680171549592,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2960 /prefetch:8
  2⤵
  PID:5096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,16692240407015408594,12952593680171549592,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
  2⤵
  PID:548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,16692240407015408594,12952593680171549592,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
  2⤵
  PID:544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,16692240407015408594,12952593680171549592,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4972 /prefetch:1
  2⤵
  PID:4396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,16692240407015408594,12952593680171549592,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5080 /prefetch:1
  2⤵
  PID:4392
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1996,16692240407015408594,12952593680171549592,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5224 /prefetch:8
  2⤵
  PID:628
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1996,16692240407015408594,12952593680171549592,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5224 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,16692240407015408594,12952593680171549592,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3752 /prefetch:1
  2⤵
  PID:4864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,16692240407015408594,12952593680171549592,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5284 /prefetch:1
  2⤵
  PID:2320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,16692240407015408594,12952593680171549592,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5572 /prefetch:1
  2⤵
  PID:4752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,16692240407015408594,12952593680171549592,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5264 /prefetch:1
  2⤵
  PID:3844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,16692240407015408594,12952593680171549592,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5260 /prefetch:1
  2⤵
  PID:3508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1996,16692240407015408594,12952593680171549592,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5392 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:1400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1996,16692240407015408594,12952593680171549592,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5588 /prefetch:8
  2⤵
  PID:3388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,16692240407015408594,12952593680171549592,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5460 /prefetch:1
  2⤵
  PID:4924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,16692240407015408594,12952593680171549592,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5744 /prefetch:1
  2⤵
  PID:1756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,16692240407015408594,12952593680171549592,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5556 /prefetch:1
  2⤵
  PID:1252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,16692240407015408594,12952593680171549592,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5956 /prefetch:1
  2⤵
  PID:1684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,16692240407015408594,12952593680171549592,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5428 /prefetch:1
  2⤵
  PID:2292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,16692240407015408594,12952593680171549592,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5272 /prefetch:1
  2⤵
  PID:4164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,16692240407015408594,12952593680171549592,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1436 /prefetch:1
  2⤵
  PID:3732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,16692240407015408594,12952593680171549592,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1832 /prefetch:1
  2⤵
  PID:3864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1996,16692240407015408594,12952593680171549592,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2056 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1996,16692240407015408594,12952593680171549592,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6192 /prefetch:8
  2⤵
  PID:3432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,16692240407015408594,12952593680171549592,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6292 /prefetch:1
  2⤵
  PID:740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1996,16692240407015408594,12952593680171549592,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6836 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,16692240407015408594,12952593680171549592,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6492 /prefetch:1
  2⤵
  PID:1244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,16692240407015408594,12952593680171549592,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5732 /prefetch:1
  2⤵
  PID:2756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,16692240407015408594,12952593680171549592,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4576 /prefetch:1
  2⤵
  PID:2828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,16692240407015408594,12952593680171549592,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4088 /prefetch:1
  2⤵
  PID:4916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,16692240407015408594,12952593680171549592,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6388 /prefetch:1
  2⤵
  PID:876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,16692240407015408594,12952593680171549592,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4900 /prefetch:1
  2⤵
  PID:3016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,16692240407015408594,12952593680171549592,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5164 /prefetch:1
  2⤵
  PID:3068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1996,16692240407015408594,12952593680171549592,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6276 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,16692240407015408594,12952593680171549592,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5168 /prefetch:1
  2⤵
  PID:4756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,16692240407015408594,12952593680171549592,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6356 /prefetch:1
  2⤵
  PID:4024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,16692240407015408594,12952593680171549592,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6268 /prefetch:1
  2⤵
  PID:2644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1996,16692240407015408594,12952593680171549592,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6828 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,16692240407015408594,12952593680171549592,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1756 /prefetch:1
  2⤵
  PID:3252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,16692240407015408594,12952593680171549592,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6320 /prefetch:1
  2⤵
  PID:4728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1996,16692240407015408594,12952593680171549592,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3024 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,16692240407015408594,12952593680171549592,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6492 /prefetch:1
  2⤵
  PID:4260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,16692240407015408594,12952593680171549592,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7244 /prefetch:1
  2⤵
  PID:456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1996,16692240407015408594,12952593680171549592,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7284 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,16692240407015408594,12952593680171549592,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7184 /prefetch:1
  2⤵
  PID:3940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,16692240407015408594,12952593680171549592,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6832 /prefetch:1
  2⤵
  PID:736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,16692240407015408594,12952593680171549592,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5904 /prefetch:1
  2⤵
  PID:4508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1996,16692240407015408594,12952593680171549592,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7176 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,16692240407015408594,12952593680171549592,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5280 /prefetch:1
  2⤵
  PID:444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,16692240407015408594,12952593680171549592,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7688 /prefetch:1
  2⤵
  PID:236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,16692240407015408594,12952593680171549592,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7560 /prefetch:1
  2⤵
  PID:1396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,16692240407015408594,12952593680171549592,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7400 /prefetch:1
  2⤵
  PID:3452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1996,16692240407015408594,12952593680171549592,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8152 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,16692240407015408594,12952593680171549592,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4824 /prefetch:1
  2⤵
  PID:4640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,16692240407015408594,12952593680171549592,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7456 /prefetch:1
  2⤵
  PID:3296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,16692240407015408594,12952593680171549592,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6724 /prefetch:1
  2⤵
  PID:4556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,16692240407015408594,12952593680171549592,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5612 /prefetch:1
  2⤵
  PID:1948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,16692240407015408594,12952593680171549592,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7988 /prefetch:1
  2⤵
  PID:3860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,16692240407015408594,12952593680171549592,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8276 /prefetch:1
  2⤵
  PID:2824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,16692240407015408594,12952593680171549592,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8404 /prefetch:1
  2⤵
  PID:3360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,16692240407015408594,12952593680171549592,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8640 /prefetch:1
  2⤵
  PID:1736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,16692240407015408594,12952593680171549592,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6052 /prefetch:1
  2⤵
  PID:3208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,16692240407015408594,12952593680171549592,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7684 /prefetch:1
  2⤵
  PID:3540

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3844

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4176

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4104

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4924

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2804
- C:\Windows\system32\NOTEPAD.EXE
  "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\Temp1_Rockstar-Checker-FREE--main.zip\Rockstar-Checker-FREE--main\LICENSE
  2⤵
  PID:2140

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:3656
- C:\Windows\system32\NOTEPAD.EXE
  "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\Temp1_Rockstar-Checker-FREE--main.zip\Rockstar-Checker-FREE--main\README.md
  2⤵
  PID:1588

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4f4 0x49c
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1996

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\a.htm
1⤵
- Opens file in notepad (likely ransom note)
PID:900

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\Downloads\3001-2380_4-10589925.html
1⤵
PID:3244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbe62146f8,0x7ffbe6214708,0x7ffbe6214718
  2⤵
  PID:404

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\Downloads\a (3).htm
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of SendNotifyMessage
PID:4868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbe62146f8,0x7ffbe6214708,0x7ffbe6214718
  2⤵
  PID:1808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2172,15122760597616445089,8403054168283929892,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2300 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,15122760597616445089,8403054168283929892,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2188 /prefetch:2
  2⤵
  PID:4572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2172,15122760597616445089,8403054168283929892,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2924 /prefetch:8
  2⤵
  PID:736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,15122760597616445089,8403054168283929892,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3428 /prefetch:1
  2⤵
  PID:2512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,15122760597616445089,8403054168283929892,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:1
  2⤵
  PID:1240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,15122760597616445089,8403054168283929892,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4884 /prefetch:1
  2⤵
  PID:1244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,15122760597616445089,8403054168283929892,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2816 /prefetch:1
  2⤵
  PID:1772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,15122760597616445089,8403054168283929892,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5180 /prefetch:1
  2⤵
  PID:2528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,15122760597616445089,8403054168283929892,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5424 /prefetch:1
  2⤵
  PID:944

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2972

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1304

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
184c5c7572a6b42b329aae4e94e9b801

SHA1
adc61339fa23296b5271ac2b7e0de1d7390c4e12

SHA256
ce44f115c3b1677a95d69195266225da59f4dd8cd9d57fd713df35b91cc564b1

SHA512
692f524f7b95da9ef6e247772dc5e949fa3aa34a61675fa5c59698583c1708f0aecf454a06f8deb8bdd7690fce5bc9c76bd2a544ea6354fda15a924480eee820

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
db7211e1642aac2373b0e3d404468237

SHA1
dba4700b33b269ef98e5bf97171033c728b720dd

SHA256
f695b247235a6cbad1d888558911a1e6b485367b6ad27748a8634dd5f124c5ab

SHA512
4f4f8c4eb0b5b79bc731063c9bf054f68f429052ca8ae8d4fdb19e0c1060f9e47e949ccacf854ab8ca295f250ecc915609d3a7ceaf02d4ccc77e844f559d3a5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
055ad4a4c912cbb380e14540bee96885

SHA1
8f4ed47a025b6d211be39def324e4b8b4063992f

SHA256
3c315d65856aed99eba8cca018c681d1d6042ec0fcefd80fa9d649b620d52c43

SHA512
c055a10d0433495d3f10deeddc88521bd9194add259571e67e668b43a69ab0cd2ef17fe6423c8b6adda2f9e1c757df0c26161b3d871137bfd9e9134abd36efb8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
184c5c7572a6b42b329aae4e94e9b801

SHA1
adc61339fa23296b5271ac2b7e0de1d7390c4e12

SHA256
ce44f115c3b1677a95d69195266225da59f4dd8cd9d57fd713df35b91cc564b1

SHA512
692f524f7b95da9ef6e247772dc5e949fa3aa34a61675fa5c59698583c1708f0aecf454a06f8deb8bdd7690fce5bc9c76bd2a544ea6354fda15a924480eee820

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
21KB

MD5
f0d11cde238eb54a334858a3b0432a3f

SHA1
7c764fe6f00cab8058caeba38eb7482088a378f4

SHA256
579adf148a5905868140df9075b90a2ff33c9070dfd35b3ab869a2d9aacd9a96

SHA512
b3e590c88b462004b29ced18027f640addd1ea6ce9ae584820054ca508ce7d626acb3bd729e3693b50ccdc5e4694b1aa400cb33a315a475de47f5b25ed964d02

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
67KB

MD5
d8588a7d7bb0b66fb439edf73ee37563

SHA1
a2398d543e3fbeb197e2128654bb5a1afd599585

SHA256
2210c60cbfec62e2bebd2c77783511100072459b3d0cc296216eab8e72d8af35

SHA512
7c87e7b4ec1d643ce2672ef9badefad6832c6fcc4053cedad2d34c52004aed4e0a589e2f839ace7bcdb0f409fff836ca7ce20dc882d9982568176d4b1c830bb9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
19KB

MD5
49c675e52f585f989e6a2979cd19d2f2

SHA1
87c889d43c52fc40bc10ed2ecbf201ef32b033df

SHA256
8adeb66a812c61f16c4d81e10137c5cdc65f0f4bb89f94d558e512b847fd8a96

SHA512
3a27b0cd4734b9d266f9f935f7c21db11a4557839a671f7d153cec656399fa9f72ee1e828cfc70fdd1b4e5ff8d82c2b449bfecb7e7db4af7b0e07bf8998ddb8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
62KB

MD5
c3c0eb5e044497577bec91b5970f6d30

SHA1
d833f81cf21f68d43ba64a6c28892945adc317a6

SHA256
eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb

SHA512
83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
87KB

MD5
3c57b7f2cb0d057fcc4738684f20736c

SHA1
d4aae3861d8bc401290a065dc1dfa06f0a6aab96

SHA256
4408d6e4a2e8e3a301a710895c44177ac8db2baba572eaf3acd9ced75c6ddf29

SHA512
7ba4797eaebdc9d5f5eb53486028c899c1fd910db3f1af8be88f218215148f984ff0443c8bf8cf43e0d148fab4ac6a0b8688b43ea303d9932f21287da908d824

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
19KB

MD5
76a3f1e9a452564e0f8dce6c0ee111e8

SHA1
11c3d925cbc1a52d53584fd8606f8f713aa59114

SHA256
381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c

SHA512
a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
77KB

MD5
6217426699bc239c2e52f414d0b55469

SHA1
3a8eb1f8e766ae61388e4f6133ffaf05a4de71d7

SHA256
ab9db5c4e8003a4a2409deac15507ed742de4995a6a10cd383ae54997f4736af

SHA512
383cc9c39ac8366c38f258b1f1bda80658b960caae64b22fb7bf3bcc89210b01a6453386db2bd86c58548fbbaadd972cb8faefa47bffaa04fed4e2e01198755c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
63KB

MD5
710d7637cc7e21b62fd3efe6aba1fd27

SHA1
8645d6b137064c7b38e10c736724e17787db6cf3

SHA256
c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b

SHA512
19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
89KB

MD5
20b4214373f69aa87de9275e453f6b2d

SHA1
05d5a9980b96319015843eee1bd58c5e6673e0c2

SHA256
aa3989bee002801f726b171dcc39c806371112d0cfd4b4d1d4ae91495a419820

SHA512
c1e86e909473386b890d25d934de803f313a8d8572eb54984b97f3f9b2b88cbe2fb43a20f9c3361b53b040b3b61afb154b3ec99a60e35df8cf3563dabf335f54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
1.1MB

MD5
8aa5bb2a0d9b98b2675880b0766ccc12

SHA1
0a5755317f04b22e3a38b41b0eade4180c2ef2f8

SHA256
cf7cc6ef6cb84b32121f47b10f17a3891ee0c93374f84618b35d8e928cd7b1ae

SHA512
c056230eafe3eb13f01c4b2f7b121945983eabcc87c4b8d6fa4cab63ef7dfaf844812fac3559efa84bf98495de691f2e38c0572b356f23ab16f3f620dfc1f13f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
40KB

MD5
3051c1e179d84292d3f84a1a0a112c80

SHA1
c11a63236373abfe574f2935a0e7024688b71ccb

SHA256
992cbdc768319cbd64c1ec740134deccbb990d29d7dccd5ecd5c49672fa98ea3

SHA512
df64e0f8c59b50bcffb523b6eab8fabf5f0c5c3d1abbfc6aa4831b4f6ce008320c66121dcedd124533867a9d5de83c424c5e9390bf0a95c8e641af6de74dabff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
53KB

MD5
68f0a51fa86985999964ee43de12cdd5

SHA1
bbfc7666be00c560b7394fa0b82b864237a99d8c

SHA256
f230c691e1525fac0191e2f4a1db36046306eb7d19808b7bf8227b7ed75e5a0f

SHA512
3049b9bd4160bfa702f2e2b6c1714c960d2c422e3481d3b6dd7006e65aa5075eed1dc9b8a2337e0501e9a7780a38718d298b2415cf30ec9e115a9360df5fa2a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
127KB

MD5
bf1eb083ccc454810bbcbbb12e45367c

SHA1
c6bcfcb62db572ea1dd842f970de9b1e80feb832

SHA256
2f8216967ea89696c391b3195ced76401a6c216082600f35998386a64972e68b

SHA512
350311a75c22f3dedfd7476cc7f81187ad44ac8e3d9c644c0a286df8c7491a15252bf7cb80eca00f2d3754a07e8f62f09c193f4400ce64245dbf0fe03ee3a3e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

Filesize
39KB

MD5
bfe589d7b7e3f06cee5351e805ea1af2

SHA1
0880735ee4e30ac4dc25fc2d4d03cd5a45bf9c1e

SHA256
2ff2bcbcff531b220ba593814fbaa833de9d1f72d1a8036d46b3f5b766aec3c6

SHA512
dd183e01261385f2d1602561f51253c37e785d7ca8572d1a1a059a6d9ff723baea014fb3cc2ac39918622d0d3db7dace315d472ff1c403fe21c60e691880a1b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

Filesize
32KB

MD5
04cb676d26899df8beca1fb9da675b11

SHA1
ef369339c3643b564d8c5234dc24060c8f027700

SHA256
0112d431af82a350fbbf05dc09f67eb57639e82959d31488fef908cfc4df60c2

SHA512
55579fbad58fb0d45c6b077627954acac1772bfec2ee6b91f03e9ebcca046eee4c1fc5de4abadf4af117a43be25a10384f08689daddd7a2ae88cfb6f7337c5da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

Filesize
44KB

MD5
d716b6013bc03f1e4fe2d5cd719c595c

SHA1
01347f66988db64e410b5ce8b8a8c353ff059296

SHA256
fc8a8b1cf010979eb77a33e4c8fcc744a884fed8147a326bcb39f7ee9aeeb32b

SHA512
cad4f0b076fe741297b4d1845013cdb7e7f092202f1e8b9c23532623d7b73bfe8c7c37af5078bc6d571e4b7276e6510a340838d34e84c470f6405281c7f2e9ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

Filesize
26KB

MD5
03f23dea324e6a2027c146d66037d1e2

SHA1
1ddca456e407fc3d07db78be9decb1bb36ccf77a

SHA256
4ad3cbb2f12576fe8a1250c5688ea8a1c29f120f0755c2f66b76d36c9bd7f05e

SHA512
18320e666de94edbaac8df776b3b762449b3daebddb5e99ccfa25b9c02c217878759d0d586c9d72fe10d29b52cf4fc7e96a00bcf270c2d49de92d919df2c5099

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

Filesize
19KB

MD5
49943bc015e9713f646c021a2f9a7f48

SHA1
7bcd637eb823b04c425775fa8c914e8b8f2ac2a5

SHA256
f6e0b13ad81727a0d9317a3049fd06ecf2c473060e9d6e4f8eb564a1d82ad289

SHA512
2203c2dbe9482b0b351a3f70ea0ba9f63dcc87a66d4a4db63a060dd7dd04cb73a73bced407d57c2bcf26cf7ed78b18c7555c87b22db9bd744cb6491cd040305d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

Filesize
59KB

MD5
6df02575632bb48bc10f831da29d9f5a

SHA1
246f48caa1b19010f66390f4e139ba01ab5888f6

SHA256
1dcfb0bcabb2e70cb297734ffd0d9ab1d5199be56c8fc913240025b060e83c4a

SHA512
731a212bec5eac8e4234fca76b4c85ff16ad975c4e9e3fe220f9df2a485186c03ad0e9c458e8e5390330d0a2bc8bcf363599610dbc25351205624772973afbda

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

Filesize
17KB

MD5
99ebbe83e525652c9732d9bb94fd6a89

SHA1
cb70a4781886ffe5c013d8c23444271a61b0720e

SHA256
b1e3b57191c27079b513a300bac829cd5bcb46d0a644470aebe9d2a6ff70be85

SHA512
bafdfec00e1b0dca441e52d05a414f9f90a1653194c4b29e26a06fad566afb53a17f7c5db40736eae652b4fd2021fa287f2ae61d788e89bbb0c8e01845b87287

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
4KB

MD5
a5e4633d807f03b630d9400c5677c2ce

SHA1
21f5a93167f4b353db2c95293d6774534bb52ded

SHA256
62160f6c34b0dd55fb61df56dfcd008604614e06434253745233246a61a2cd4f

SHA512
1a32c42c83ecd1d640c598f523d9a924005017ed1d9aea5c8dce2e8a0fb1f5efcfd96321b1914468e887fb1d866b028a7a5fde6734e5c4305f2fd4319c515f8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
dbe30f084d8bc57ca83b3a195cfe4879

SHA1
11fca811e4de37983191d5a601f7846daaf444e2

SHA256
83863062ccdf7a853a3a2a190811df15ad6ca74101f899dea06efe4e659daf5c

SHA512
4ada22c98970a101f63435e76820dc69d2b7c789223a8a231809c5644a0425447eca7028d6b0d09d3106b34fbd05cee8ba858380a6bc69b0134a99b9ea50f6ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
1f13341275ed04654f155a8048aba0ca

SHA1
6fdbae60b154ef719dd58b356057abb594c40d04

SHA256
7a209802c20ab1a5a72b16cbdd20e889fb8c2a08df221e3478f879787bd345ba

SHA512
a3f62f56bf9dfe485a72ac21241fb0b3d1ca108f8e0d93c619a7386ce049fcb9207b836faca050c0910424da7ca5dd1dc48b620c6e9bedb31b77321ba562807e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
ceae74778f594f2fc6876510f558a804

SHA1
8779b573d7c7dd25f5dc98113f68c3583464ebb1

SHA256
4f596686536c9e71f0aa1deef2d934531cb3d4d67e1555cdbf3cdd7f6a5e6873

SHA512
a5fc70e804d5feaa587ab5f02b79b00a1949f0cef3923887bf620646a983aad27b3a95a55572f6a6ce2e676bfaccd2dc8cdd5a14553e99c3a7e3391c0f20bae6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
1d0ad83dc8102988d72ad36f5809dcce

SHA1
db8b5c35cbc329c9e7a10601244a0ac3bcd0ca59

SHA256
bd63ce89803792ab4e504a8466f1e3c9bbd1b2bb9bb27afe1d2badcaa0e58746

SHA512
f3d5f2105dbec9a06e7bfd69440399fd3adbf3dfae67c8bc8d7e2525a2a1aca6c33dbc31e19ce0ab68cd48360925c22199ce45b7c7932ec2be54d01f16c17eab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
23370aa14c010f1a118b66d76f7e58bd

SHA1
1da61361c8d2a3c7954916196e397f7d6b3a5676

SHA256
0b235e6426b3a2476cb75b6ffefd60787c50b30f7caa46a98f59a2c9985662f0

SHA512
579549f0aa77b001ee157ccf972da1b8eb3c0caf1ea5b227dff0a7f2c83b0c4badf61e80cca9adca1ac5c9cbd99dcb6883d841bfca06a9773be672ac9ab015d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
4bdcad4479a201e2b6399b15718f8594

SHA1
c264da8f5431e13134d57fd1fed223e882d0bda3

SHA256
0f3cff842e1986b8f311e87a0d0f2b62407fca4539d4e852bd7572e7b3e8c0f4

SHA512
e8b8ee55471f9d05213f8f758cc3e3a32168deb83ce87ad573be8bec305f46c4a38643e697c9b8f3e81687ee3888e5aa0b8ea250650569d2ace0af8af7110d3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
7KB

MD5
ce3a030ab4aef896dea9f6b325877960

SHA1
87b0b42e80f68639c7a274d95a8ed310657de492

SHA256
53d4ea97498165caafd3df9bbb296164c78668e570d5bfd9fff18aae7707fc95

SHA512
d413a2d4cf205eec9252a1a00dc0878f9311faef799f36d6b1cac8a48045d9964f7757c3d432c85a3c6d71df26ca5022be3b328c3a59437ba20732eedb0992a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
b17038bde0eeee9d0f7b65fbd02adf65

SHA1
30d239b51f12fb45c382c04515514e4c1a1e9c63

SHA256
bad55af8aafbdadec6d3473ea4f873272fe63271f991a4da04420b8e992b9916

SHA512
3cb38be0dd17b15143ae19bafbf1d423e01d4a5870e7d2063ba65e04272bbc837269b9593bb48fe80b759102597bba64adec287920403727885184b431e8c9b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
75939a7c025b64285f23ac059180d288

SHA1
8d6b236544f548d3c5e371c82c6f5b0da4da8554

SHA256
393a276baf7ce8d50d3985bb573649f7da5785b5d028410df21eef116951082c

SHA512
7a9c3ce382ee066877372d9c91b9d8f0fb130afa0cc516c206238e8f029f423ba22f254a49135c8ca4c225ddae40e4a6e3ce74d69b5c41ce1a3b99627914f25e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
7KB

MD5
601f743b751332e0e6b4af4f6436fa73

SHA1
4e83ec1f40a17d8a49316c4ae50b1ea8fd75fd6b

SHA256
10c2d322c89322c80085ff625dd7107e80f4546519028812f77930c860dce293

SHA512
fcb5978d4aa63782a9676eeb32e5cc3b734530a12ab9956fad8535f8f12c3e481a26d8e8b6418058f442884494257a41eeaf9ef9639fe22f027f7361d2d6ceab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
794B

MD5
171d340a6e717a0b393afc7807e0d930

SHA1
f2d0ce70c318ec32f550e880eb77cea7e17ed32c

SHA256
4d519386afce72c940c021511f36de22ba9918e2270dc01227c11a65a2218b85

SHA512
cf33a0d3e1d62d3bf4a2ff79ff64b1eff6fc449a89c819d412653bc2b709256f11b12fec070c854aff6cdb0e91b4775cdae2fb876178b3c39fef1564b42c0bb2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
958B

MD5
3cb6c9d7adcc2b51266efb0f7c540765

SHA1
623ead368a762cc2658a3da200186b8845f0b11b

SHA256
e36794ccf682e15ab0278030b51a22833ef4daf77f1f5b3b1023664f574bb1d8

SHA512
abdf3e9689e535aadea3aa65921e11d770fd22f19f7361638a504d7b3ddc249c1885c8023551c08abbe9f9c10d1b8f98ad2a62bc6b6c53d1c13d4ce3f9cb2f36

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
7KB

MD5
3b298baff0f71d2e3b0f66c6c90aa0f9

SHA1
48af4ed990f0ec78b7b3d6ed2160a98f68d83ea0

SHA256
01c6a7b6b01213f94ffdbccbf30b6aaab2be04d4847168061ed5399cf2240f1e

SHA512
e01f6c55d29a590e6d034bfed62094d79a3b568a24346ab2794be1cdde2ffff54257a19d0966051a6c2cd699359d440cf3391cb5114388affefaff15bfa108d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
237397a8371a951a7573319d843cd2cf

SHA1
09775613a253f13940d30f43133acaa98e5b2640

SHA256
2b8b7d6e56afb26aeaad96c35bce292f49c7ab8bfc8da0110b55fa94d4ad1e3e

SHA512
47f3f6f1fa4542f3e7bb902af0e246464b7f03bea88e2f90cb2c7d42705d9d84a43adf209639d1fcd1f72157e99ff826c7979a364291b7d6a4619bbf27424530

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2d8fe1f5dadf363453233f0b6ce35607

SHA1
0183ae64ad4a32d2fdecfeb09e647ed81725514d

SHA256
c6e341e3f968413123043007a7e9ade1384c667199de23a963a6843bb02e8332

SHA512
7a013be94109c419c2891e91445e21150ba5d9deba7f86c0907dea2ce5e995e8860d628f205953d3e043d66788e3ebd9b2090e2519d7b4ba04f1fd60d97a4f17

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
32679d10059835e09ba501414905afe6

SHA1
ba2aac7c5382507f9f28ca87104cae68e420d9bc

SHA256
8257ab9bffc89fed79697b5c8ef17b3723593b630f4b9b9f3e746acb57644b65

SHA512
34b91617d72359666ec9455dcc2f181c7a06387f03d1ab89352e0c870046d8d9c6fb7ee563ddeda1e4e0165678c1ea2eecabab6f00f20e656022cf59e95db8c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
3f20371ef0267f75c963df953d43a1c3

SHA1
1e6116b1bbda2315aea16f70b76376259bbff3fa

SHA256
5ebd3839805e1945a765f73daf7502362a29c3c10388c6c887b5c05cd8f2734d

SHA512
e34d2363979ce914a89260f7bd4fd121e4e2e0d3e31d982e28551eafbdf100195f5d3d8311c3a2ead087a41c0b27f2a79e8f2726c604ac574160d103f32d2cea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
bf7399669db53f84019f0dfce5fdfe1d

SHA1
52cc2b6f284b1e46850b0484c61141cff2b7a319

SHA256
cdf2d5102a4361123087bbc6e3e9d7a4a8352a7ccfa499668e8d17eea6141e63

SHA512
ea3cd68f08228b40ed0c923c811216a282eef65db889665765b84ed7a45e534d7d74f04714f81a5b23d44c508e2b567880677deee93eb228998844b5a7c220b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
6f60e26f198c925d71584397bd35d9f1

SHA1
5a9a8c2cb9fef7b1ba892cceb16d3bb79c79a597

SHA256
c5dcebcac1ca4281c2b114d69081ff2f9d80d555b63cd745163f775afb09c86a

SHA512
9966e4015f21f930c1a70cfcf62875b7434d6b1284f1918498b08a08f6a10905d251c539f7ebf13b53ca2bf5802edcc50bc6d55f14cf7a0b8f4f81516774127b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2d953bc2cebd272b8d21b52320c392f1

SHA1
cd648c6605ac3f7edb90640ccce0ea40b3039789

SHA256
aa34741405b064d9b04679563e0b67f3c017423aebfcc270c2f88a12228e9cb4

SHA512
59abff4bf5b60631956ef5314116dc36980ec0a3bad120f20756a8361fe642c896dca6fb3d001a6aaf6577181f086ca954c35a944d1982390be0fa4376d74764

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
e31d19a1423b312b1b4472717803100a

SHA1
445d060330fe7cdedae1c781dcdbb9388fa96245

SHA256
6e8662dc4f84f0a34c6f2c23f143851f82ebcc0d5d39c46d22cce6e7e8b1f55a

SHA512
62dbf4eae7e3a77a7768090b8e7dd6d5ebaaf37b091bef1673eaa8fcd589bb49912f6666714d4fe8b695f9db722d755be8a851f7403cbfe33177bf8d53965edb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
6368a96050e34d33eafe43c93871cd6b

SHA1
6f7c0d95f953e564985d677cb31cce4ec0cfa5e1

SHA256
e515f6348aed192481e46755550579b8433948b69e2b2fa86a502aa4ab5d9e2e

SHA512
b2837f92c712c8fbb92f5082e12580d2bcf0f31d87bba45a4cae563b5136b0d3615746fa66e7fa0dda75bedf61fd3abef4319f249fac906563d40eb48aff5bab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
7d64fbd3f1a190da6b8a0d50f0d2e056

SHA1
6c952b9d5508c84419cd8e1ee8839f3a3bc0f5a0

SHA256
2b99d9b55baf9d57dfa2645435213255e87c787857b776709f6729aa00f9c83d

SHA512
102628e6ff65e6942ecd77c7a1ca671d1e455a0d84c4020ff882447c6b448b805d3e5d52906966a05e5f926e8d7ed6bfc9594a34ae9571283bac8eb787031a4b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4b3c4678ad33ee1d685af78a05dc5eac

SHA1
f0e7f090bbdb5e5e4e95adb561abce815fa7583f

SHA256
3c50ce115f35f6753953b729f8c93715eed11c5a937ef964df377f83a0a9d6ca

SHA512
9cdfc0b52fd299570d6fa3c9636573f792b4165561364704c973dbfdaa44b7e288629ad2f3fc065ccad688e2c1ff4bf6b7b3f32f9e20549ad2530ebaad591331

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c7bf6bda8a0c14b1513315d0133f024d

SHA1
213934c0908818f6d99d0eca4c57d66a4a1088b1

SHA256
61a6cf43200e2b758f287741e24191a6bb0e4f61fa5a51f1f07a097378801502

SHA512
bbbcc07a4d47d7d67346db7908cc6c298ab5b8c2147f5b069aeb4ed3cae42fdc3c8ede94a7444bebc2ee1b7dd73b036d61910ca2250acac8134af59bf7e7569c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
982362a6e81f05a939338cc8ee4b65dd

SHA1
7d444465508bd9348ffb7f2477550aba0bab23a3

SHA256
7ab01c0fa019f0d6a96c702ff8cd1fab03b4afba7ec0707230b286c1b51a9731

SHA512
77337cc21b1c19f4baaa13ab78281d65ce18527090e94a9a33feb14583b2eddb45beafa4dc195e1a0b0f271b9616b659540110c696d13f2598ea3ea561446132

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7c02f846cff49661b54ea0c8b7ea1d16

SHA1
fd7eae2f9730f96384cbd45cc450fd25cbe207dd

SHA256
bffcf71d70a1a63481e09688806dc4faa3f0ea77b243c84b93b38ca98b8f9457

SHA512
b082f8cc8329e8e93657d3c2693b69c86f5643c1de20f79f8d81bd9050ed29477f39f2f5a8b96037b03da8bbab7e7204ac0e3e923ce1898655dabf5e558ab08b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
14KB

MD5
5757eea509eaf0c1a32f55f44b378853

SHA1
b406abeab00ee4e89e24043fb26e7257848c8170

SHA256
822134751a5a566334fc14837b69f86f400eda61ef52e9396cdf0c44bd7ddda1

SHA512
1fe7e759d704e0db2dad1c4e8520ff503304814d4191b1b3fbe7be69f51433bf174e71e6c51dd6771a247651beb158a6e546699438c8428d6326d93c9784680b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
03a2b89171f6f8af7b3c0addd38bc934

SHA1
1a55f245a5f21f086799360f1422d94f1a316b88

SHA256
3825e86abb1e4bb9a6aafb114c23f63450dfc1ed8c550c83755f6cb7706a8403

SHA512
35be699f10b11f47b71c8c567bc97880bbfba885c48cd071ff35e99abbf88abc70111e1ac0d235cf020b98cfdbe7f371e89d88972778c235a21286b3dec927dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4b1cb780ddcf373306d8c2135e79fab5

SHA1
16232ed997177938212ed5bf77508546b4637a33

SHA256
ee6f2654835f94b36a6d28a407d1687c2f00840cf7c2f9b442a95e150de31169

SHA512
13ebd35afd894822285bb8d2ddb117b1cdf637847600ad6f28f02ada1e14d272dd40a3bc9aee690073d93eb917c9395e44472844f1bd2c266abc8ad5915acc85

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
abdd68fb0b82c4da14272116e5c4d127

SHA1
7475f879ac5681847c2a544b2732da15af1a1b80

SHA256
88fbe0f366533253f00bd2874dab7303a3583a28820d3be1cfe65fcdc8ab11cc

SHA512
c3dbe296af6e9c1bbc34333340bf85d214366406188ac647a2a2e1d0b48918079f84c770620aef3305e2515063626e07b4bff1a9e46ab02051b31046689321ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
2236cc12bac28f32727898f8e798ea71

SHA1
60b010388e64c9c6b7278329c25ef18895c2e4ce

SHA256
fb27de22688cf0240d03864dcf317d31701e0f0da97f5bbe6e545030f5830d77

SHA512
df522872bcf008bd11e85c5155ead36c0bd2e33a0d44bf3c2ac7f52e6e0df3dcc3067165869509a1ac7167919509672fe7c961619a9f833e8a92a59de456ced6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
7fc3ff5a384b88b029b335521be7000f

SHA1
2e8fa0b33106ef41de250ef05f301531ceb72da0

SHA256
4e985d8982dc77735074b3556663d4d1050473e8ede6498ab7b48b50d20005f2

SHA512
dc20f159cfc93f25fc82cedb128acf64999597f543cec937e1b76c84ae6cc2518e1a091daf63b697e30ace157eb4ab8a5b2cef9b7ddac55b35d999c2d1bffaa2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
aa3e121a6bd05a0f7293f1849d418326

SHA1
ede20890cff54ce6d756ce76a600ad33c4009a42

SHA256
e8d1fa48dd1b316bc1eafe8b615a78046cb2c75df31fc611c15ebdf5836fd768

SHA512
e152471810dfe89e946382283cdbdc793c9a57af68be1c94e6dfe10fa458d2966df63ee65f4793d7ce77d79227d64a9a8c7e180254382ee1446ae7b68a41e259

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
7864645b64d8687cc3d58ba8fd11ab09

SHA1
4dd0b76cf69fb60a80b4b5bb086e6c31005c0086

SHA256
5a74e542514999f38f3d3abdda2b7834cd4af9299524ffca57ce6dca3b414f39

SHA512
d85a10bb19fd26831e4b7c0dc621b2ad7e7301666f85a06e2788540ff49072cae8020a936cb6bca5bc874766b2b47ec33f1d66e53db467ee500788f205482fab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
757479b201427c7fcdd3366a264db76a

SHA1
01c4f0ba254656e6d193158087dbcf8fd7d0ebcf

SHA256
540b18ae1f449020378777746e26a87557973c75ae25bd132105b0da9cda9e46

SHA512
f0122220830ca9f39acb2f6198d4f659a0f754822144dbc9801e3f501aedfa173484fecc0a934fd4cf5e6213fe1c5875fa6418aec7d2bfdb2fe088aa53073732

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
b07bd39b52954c2ce8769d98a65d8a60

SHA1
f056e6f6daef341d1568401fc6db257610ac9cf4

SHA256
abca9f7724dad635b37eb1f79ae3633c984ad0b2da38aeebe15311d0910e4c6d

SHA512
7b7e9dde0731f4891a812ea2cc4b973f6ff25e6e256de0e64302a160dd44106387a125dc379d8f08603009ba5dfc27fee0a73f8c2d3ed4a001e20605778bd195

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
5dfe863037214cde3cb19b2383a1ce56

SHA1
bd8cf8d89dd4bc26da7e1a5a6a315b4ccb17c090

SHA256
937997872987ac9f541d30bbb11c690f60778262e73844f042f5f45857abdbe1

SHA512
30e5a412b34fafa3c1e244ad0d9c481bbd7e9e0aeb4f5cd1c52c1bf9189aa056a47ad9f22526f9329a620bd9e258509eaa85eedc7afb2e37e028916f6bbfa24b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
06c7f3da1fc009d336fa97c6c1de2291

SHA1
c181dcf75723652aaa45a046836ca681dffbeafa

SHA256
914c458cbf2d66108ac1864b01d0322e851d8c6e8bdefdfe1f725ff695b33fa3

SHA512
de64ef1b8cfad011d9a089ec05f9b8abb741bed162e523acd1bcacd2e6b0319989ea515e71b748329a5402f0fde726a96c6f639b584f026de0830829acad919b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
2e9f62f1e71a6604467c24137f3cd6da

SHA1
5b60c6dfdcf14a79693d72a89e5bbb8fa3c91040

SHA256
3f7f10e1cad336f4d2c7df1593d6cc815edc5442b04ed967727ac4d610086a74

SHA512
a63af383b81281d46e1ceb22096d4ea9764b4e2201d55acc5ab3c5aed07d77f394266375b006956acb8160b825de18812bc524b7d887bdb451c4d84b126c88c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
d64a657a345dd1f54c8d6aa8c5cd7004

SHA1
57aecdd08159e6ed936204938a8e56b6550e0789

SHA256
1557f8dd22ae29c2687328c3a26436657c4dcf8064848a54900dc189b44c55c9

SHA512
088a22e6ac13d107c133918c6e7230aacf4bc6418c07f39c5c6e07bc08f39296de3f0b01de15d30cfa0c6156257897d263fa5e833e646892213dad9b6d70d7df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
0ce18553181370da85d3679ab6230730

SHA1
3951fe1c3958b4297682f537b4048f4a73c86a7c

SHA256
f574d62362591609f47f4c3dd3663c131fd48ad862d03d907adc1af2de0a8c46

SHA512
cd9d594bf6629c758fee1f4f8e0d1d294c25dce49b00fa06d70959286632e4d179e0f938dd33536c2eb400a47d9c6a122715c09806989806f386c07beac89dce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
72f9a3c4193e210c56a92a6e7e8399a8

SHA1
c7751ebfff38c9822282c635f29148844e22c8a6

SHA256
0ac5cc7fd06053ed5164f365f6326b1fa02e362eafc235bad32e18f274c7bd83

SHA512
2e36e5c8a10b15fa06a19f0ac9d86c8a02a4e5fa2fdc56ae33cdf88e20acb0052fbab3a425a79d32cc2b37348421ddaecf124362dc4b56e3c2232410efa7d711

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
bec7e3811e40b4f22204ca53d458d62e

SHA1
f4cf55b7095761fcf4d4f763a1cc5561c8b0ad44

SHA256
eb521d33b60e5e2752e0c437684f8b973a8ea8b541262709669a803f77bf61a2

SHA512
4108d1b8bba9a112cc03dd238fedb80cc6ec82d9ae99f3bcc79e3f6f0b7ea9236c024b79cae55ced6d08e5cba9f3d711ece942351f252d8a0b6a0c3110799a36

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
e7735db7b79ec6c56497fcf5df60b527

SHA1
2e981d1f88358f8a20eb3d1b475563ae867b4ab8

SHA256
2f8dad9efc40729aaa59410cc81289a8c41ff001e07b8df3f838e6b71d1f4f0f

SHA512
e38fcc31bd5d842f4fad60d697759cd349fc7e350399cbee93d114095a02bdd133a26716d153081d5e20cf0670b9b84e761f22c501bb25439dabfff1ff5e6b31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
7fa2e9b8265d3e5021c99060db006505

SHA1
9a48fa05d04e506a5df3c668da804ed8aab563c1

SHA256
4b96fa4fee62d892d64ed010061711845dbed1b68e857ad05ce4bc9718310ad5

SHA512
511988e3aa54448f2632d5423d0c938ad5649611096c9e74f3896f0a267b71eedbfa134f4e0953ffcc396fef9cd218973371728468018692700535c2fb5f9c62

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
5ff67b2986041855a682f8ad01566d70

SHA1
19a588bb7f453e80c77959e8a31bf27c78306cd5

SHA256
e2377cdea93ab422ab15598bfa05188be5625583309f4a99ce1d5a2bf6bf6a36

SHA512
f83897c5e58faab7cdfc7150cd6cbadc72a5b8cb1fd6b45c6b88972b2554ee4a4248e12cb8fa742d23852e207b4ba34ad2ea67cc5a51ae6687775383468ba353

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58b62c.TMP

Filesize
538B

MD5
8c23c1d5d1a0f1a6279bcf0e1689a1c3

SHA1
bccb6ef4daa4bb1cb58e341d664374c4d40b1a49

SHA256
1443238cc2d6b58fda86566c5651c9df10475909740c3dc840c746ab01599fdb

SHA512
1258299a23df44d097d7bcee593b0985035876baf35b639b9f56fc7eaae31523fb788937aa60a64f7f3606c70a5d187d4fc1b08b5b23d6da95a655206858dba5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
e74631045a6a364d7f3ce4bed76cd712

SHA1
eae79b2d484f19e7c25f9f190b81927aad19dd45

SHA256
9b56b81c06ffa1330e04e309672a3a558da2fa030912aa0273cd110051e633f2

SHA512
bf1c3db43fba36c6aec4e9a0da1947715f4da6144f0376fd3e0725f7db29766d0d666f8f205ae1362ebd2efe1c9789caa9be2043065076e2c2f66d32ef406147

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
3d807e53d3b8493fcf72b39326778b5d

SHA1
c62f37f566709bc904fc1ca1d06d61a449c47cd0

SHA256
1332beb4fbf99de2abea83d4c9f968babbe78fa14326f32a6dde94e4f4f097e7

SHA512
69d7ee25fd9c0e1a326ba3dce45aa0c905349ca9fdc215ba6408b65ec91c4474c9d6bec2200c01731de5ee0b2cfae4c83144efff3e3d831611ce1249f6fa0908

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
1089fd19c099e67bc510cf91ad4ba042

SHA1
73f39ea3141eaeb8744c7e685de527cf8765f23e

SHA256
c845a187b312ba5142fde539476110eabf75f15ebdaf819d64a7c65f8dbbe044

SHA512
7e7b3730b23a5e684293ca8268a90c50394f3615a37735d762d846e3c6984c27925b0f22c320d72cae928eab19ef8e2bbabf457c7b3724619672c49585bffe01

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
8cbf93f58074e3f015fdf73e62eca224

SHA1
d158926e21c162d120816a512de83f0244be4d02

SHA256
468459a04b00c45a36bffe5be0bbffa8dd229973a15860ac24c380276efb6152

SHA512
a494512a9f03d0bbd85e83a4d0415f16aca35acd3cf327d34395d735043b662ff47f1f4a3cc8c13e45a6dd14a71f489ecdedcb42c036fed78c89bc328cc76abd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
f7b044fbcc5a7c99ab0201a983e6fad0

SHA1
6487caa406b478d8f41cca39cef8cdb1a08f6a9f

SHA256
60a2b7e8d6d0e0613e823d8b428cc091082a4635094cc9bb528dd5f8282adcd0

SHA512
1c318e45502cd568b7d7011ab271f64dc00d43305732b2495885e1a693c44dae2cf55a747aa354efeb7f46d0e9d1a587c96902dbff99f239a79c78f196f6b059

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
0f99e209c3fd72abf8dd43ce8257bbf6

SHA1
34f0166bce1c32179518f0d3f0aa490c996c387c

SHA256
e65a8690c7dc8f87404a4712c2f1093fcde5f803dbc62d3efdd1018c18fbe4d3

SHA512
ce70c41c93af63d231b2abb05aca2849de089817a631f4baf122d03950c010cfe599f925209bf0574b48b42a95d5ec3f3bdb3f2ee720be910192440f88049092

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
e49eb0b2bd1c753fbf100064758a7b6e

SHA1
970aa776f86e8afb44de5d34914ca0967f98ff28

SHA256
5836fb514b8bd92d3b617480328e381f30a726cfe12339af661987c040e886bf

SHA512
7682098b74c9e7a7e1a2094adce43b4caf49e87438791395ccd98e3a8a8ee5171e6517a8b64c5fa766c7105df2a68e4689ee5abe2afe7c5a945edf33c9929bc8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
deff3b1fca59f6e531d04766c92516c5

SHA1
fdc8bdd4387aabade7d59992bc9044c12fafc252

SHA256
5be555e826ab82b280a63f210bdad713f29d54de049ae0b217ac7aa4c4dc7a22

SHA512
0e0ea11761184c64ec74778a5caec3fb00139cbc5713ad36a9b11e95c23e82f79b59cfc505e1413fdb08e723b22bd6fea7d15979950efdaec879ee1770e595d2

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
9ec79c2dc584e62e88a24e8e2c36cefa

SHA1
efe781f16548f5a51d34041f71d1f8af56a1b2e6

SHA256
6536c5a4ace33a767cbb70e4b712dc5594783d464c9451a77f2644f82d79d701

SHA512
793314dd2ac0f6ce071b6d1ec2b470dbe31d123632bc0e6597f0e9a39decc856030514424c67f334bfc006ad42b50023c2f3e08aed74411ba98aa5333e9ec901

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
30d1cd19c47993b3a8a86135fd399d3a

SHA1
dfc847816e2b7d1ecbb7a5fb4383f43a8086022a

SHA256
6574ddd8e533bfe5c90aff0e729c86a9b8061b75c458f72039c102942e619c2a

SHA512
6ac94ad0be4d1ea2ce3749fc91b9505af5fa9f07311dfc2e9a28ae62375d9731fe8cba99e3fc91d74df274052cc78fb3ef5869e2d7d91fcdb03c2bf76ae2559c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
38b3a02f88227e2a94af1bf252f7d068

SHA1
1bc41af303e0611cf94f50872bbd090fe1fcf73c

SHA256
7f48e2afcffda9d54fddc506ee4777d727dbe17fe2d9910f0a9b9e9ecc716dcc

SHA512
1c3d049c5eb63d5670547c5079a392bb7bf01a490361e2c1ba3c1efb26047673924cf9a3475eceee118a8c5f7022743ad29d0b9d341af665c6b8c4344efc0038

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
4afbdec7f69912b9640f92766b2b512e

SHA1
61b93e44972bc9e9930c9e4380d894e43bcecd93

SHA256
5c928bb859e616a4fe3da6e218c48fadf22963d546001b0c9de26f2ab30a6555

SHA512
c601607c6e5ef576dac49d71ba5159daf1f2557064a21e886bf7e81961f73b9ef130a42c58b7092f3a3167576aecdf42790d574c4f2428f7a36dec4c4a4f0a09

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
e8d187befe320ba9885cb4db9edd2ea9

SHA1
09a8b40a3bbcacb9d0b73cabf04aaea86fb792f7

SHA256
09da42a3d641d321502c1f8d96c4823506465a139710554cb0117aed9c2e49ae

SHA512
52b75018526106bdbbb37df28023142d1265e42ef0168eccb97b97cd92f633619242eaa44fe9caf78683a968813f34bc650e4decb1bb50bc1fd0bffbb742ca5c

Download Submit
C:\Users\Admin\Downloads\Rockstar-Checker-FREE--main.zip

Filesize
1KB

MD5
f8545d535dde17ff045851d3eaaff3fb

SHA1
fbd224483f5aae5ec018d2ef3659aaf6ca79a4a6

SHA256
867411263064ae15498beea0e0a248d4eee777f6d1c271a8c6528a0e97cce903

SHA512
2491f093b84df42b0409b9e56da634762adb743014ba92ef8e626c7feeff21a4925468473f10a913245c983c4e074aa018e1842af0779345dccd5fb0e57f7f47

Download Submit
C:\Users\Admin\Downloads\a.htm

Filesize
1KB

MD5
3e062428f1131cee58b5aedb86cd8557

SHA1
a8add0f508938b0b6062c204a453ec3f430d3b60

SHA256
fa92403e6b699b8b119a64f608589b00d50b93894357d2caba65ef8575678ae5

SHA512
27903df7b0a2309b1e4e8bcca91b6f2133e86b204609f94ffc8c9099965f4d36b66e7fcc20d5bc49e183ecec6b94cde57d47e0af854d41923521ad5f1a1a7ed6

Download Submit