infinitylock | 55e4ce3fe726043070ecd7de5a74b2459ea8bed19ef2a36ce7884b2ab0863047

Analysis

max time kernel
416s
max time network
519s
platform
windows11-21h2_x64
resource
win11-20240214-en
resource tags

arch:x64arch:x86image:win11-20240214-enlocale:en-usos:windows11-21h2-x64system
submitted
17-02-2024 23:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

AnyDesk.exe
Size

5.0MB
MD5

a21768190f3b9feae33aaef660cb7a83
SHA1

24780657328783ef50ae0964b23288e68841a421
SHA256

55e4ce3fe726043070ecd7de5a74b2459ea8bed19ef2a36ce7884b2ab0863047
SHA512

ca6da822072cb0d3797221e578780b19c8953e4207729a002a64a00ced134059c0ed21b02572c43924e4ba3930c0e88cd2cdb309259e3d0dcfb0c282f1832d62
SSDEEP

98304:NzTZ3cINQscs0m++LNkT6OpwDGUUH57yvZ/49Mr8EO3QhA9Kq:Nzt3cINQscNmvLCwDkHEvZ/4R79x

Score

10^/10

infinitylock macro macro_on_action ransomware upx

Malware Config

Signatures

InfinityLock Ransomware
Also known as InfinityCrypt. Based on the open-source HiddenTear ransomware.
ransomware infinitylock

Office macro that triggers on suspicious action 1 IoCs

Office document macro which triggers in special circumstances - often malicious.

macro macro_on_action

resource	yara_rule
behavioral1/files/0x000200000002ad45-6331.dat	office_macro_on_action

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x000200000002ad5b-6577.dat	upx
behavioral1/files/0x000100000002ad5c-6586.dat	upx
behavioral1/memory/2984-6587-0x0000000000400000-0x0000000000445000-memory.dmp	upx

Downloads MZ/PE file

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
99	raw.githubusercontent.com
152	raw.githubusercontent.com
201	raw.githubusercontent.com

Drops file in System32 directory 15 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_2560.db	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_sr.db	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_48.db	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_1920.db	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_16.db	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_exif.db	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_256.db	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_768.db	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_1280.db	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_wide.db	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_wide_alternate.db	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_custom_stream.db	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_32.db	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_96.db	AnyDesk.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\MEIPreload\preloaded_data.pb.915A7888FA00CD21D5D4C74BF90FE3C4E15016E1963BDD34E330231FBA840072	InfinityCrypt (1).exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\ResiliencyLinks\MLModels\autofill_labeling_email.ort.DATA.915A7888FA00CD21D5D4C74BF90FE3C4E15016E1963BDD34E330231FBA840072	InfinityCrypt (1).exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\images\digsig_icons_2x.png.915A7888FA00CD21D5D4C74BF90FE3C4E15016E1963BDD34E330231FBA840072	InfinityCrypt (1).exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\img\tools\@1x\A12_Line_White@1x.png.915A7888FA00CD21D5D4C74BF90FE3C4E15016E1963BDD34E330231FBA840072	InfinityCrypt (1).exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.151\goopdateres_en.dll.915A7888FA00CD21D5D4C74BF90FE3C4E15016E1963BDD34E330231FBA840072	InfinityCrypt (1).exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\Locales\bn-IN.pak.915A7888FA00CD21D5D4C74BF90FE3C4E15016E1963BDD34E330231FBA840072	InfinityCrypt (1).exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\form_responses.gif.915A7888FA00CD21D5D4C74BF90FE3C4E15016E1963BDD34E330231FBA840072	InfinityCrypt (1).exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\msedge_pwa_launcher.exe.915A7888FA00CD21D5D4C74BF90FE3C4E15016E1963BDD34E330231FBA840072	InfinityCrypt (1).exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\identity_proxy\identity_helper.Sparse.Beta.msix.915A7888FA00CD21D5D4C74BF90FE3C4E15016E1963BDD34E330231FBA840072	InfinityCrypt (1).exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\sl-si\ui-strings.js.915A7888FA00CD21D5D4C74BF90FE3C4E15016E1963BDD34E330231FBA840072	InfinityCrypt (1).exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\fr-fr\ui-strings.js.915A7888FA00CD21D5D4C74BF90FE3C4E15016E1963BDD34E330231FBA840072	InfinityCrypt (1).exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\en-il\ui-strings.js.915A7888FA00CD21D5D4C74BF90FE3C4E15016E1963BDD34E330231FBA840072	InfinityCrypt (1).exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.143.57\msedgeupdateres_sk.dll.915A7888FA00CD21D5D4C74BF90FE3C4E15016E1963BDD34E330231FBA840072	InfinityCrypt (1).exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\ReadMe.htm.915A7888FA00CD21D5D4C74BF90FE3C4E15016E1963BDD34E330231FBA840072	InfinityCrypt (1).exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\LICENSE.txt.915A7888FA00CD21D5D4C74BF90FE3C4E15016E1963BDD34E330231FBA840072	InfinityCrypt (1).exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\SearchEmail.png.915A7888FA00CD21D5D4C74BF90FE3C4E15016E1963BDD34E330231FBA840072	InfinityCrypt (1).exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\en-ae\ui-strings.js.915A7888FA00CD21D5D4C74BF90FE3C4E15016E1963BDD34E330231FBA840072	InfinityCrypt (1).exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\cs-cz\ui-strings.js.915A7888FA00CD21D5D4C74BF90FE3C4E15016E1963BDD34E330231FBA840072	InfinityCrypt (1).exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\Locales\ja.pak.915A7888FA00CD21D5D4C74BF90FE3C4E15016E1963BDD34E330231FBA840072	InfinityCrypt (1).exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\ResiliencyLinks\Locales\sk.pak.DATA.915A7888FA00CD21D5D4C74BF90FE3C4E15016E1963BDD34E330231FBA840072	InfinityCrypt (1).exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\ui-strings.js.915A7888FA00CD21D5D4C74BF90FE3C4E15016E1963BDD34E330231FBA840072	InfinityCrypt (1).exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\root\ui-strings.js.915A7888FA00CD21D5D4C74BF90FE3C4E15016E1963BDD34E330231FBA840072	InfinityCrypt (1).exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\hu-hu\ui-strings.js.915A7888FA00CD21D5D4C74BF90FE3C4E15016E1963BDD34E330231FBA840072	InfinityCrypt (1).exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\tr-tr\AppStore_icon.svg.915A7888FA00CD21D5D4C74BF90FE3C4E15016E1963BDD34E330231FBA840072	InfinityCrypt (1).exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\themes\dark\virgo_mycomputer_folder_icon.svg.915A7888FA00CD21D5D4C74BF90FE3C4E15016E1963BDD34E330231FBA840072	InfinityCrypt (1).exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.143.57\msedgeupdateres_de.dll.915A7888FA00CD21D5D4C74BF90FE3C4E15016E1963BDD34E330231FBA840072	InfinityCrypt (1).exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\generic-rhp-app\js\plugins\rhp\generic-rhp-app-selector.js.915A7888FA00CD21D5D4C74BF90FE3C4E15016E1963BDD34E330231FBA840072	InfinityCrypt (1).exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\lets-get-started.png.915A7888FA00CD21D5D4C74BF90FE3C4E15016E1963BDD34E330231FBA840072	InfinityCrypt (1).exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\ResiliencyLinks\Locales\af.pak.DATA.915A7888FA00CD21D5D4C74BF90FE3C4E15016E1963BDD34E330231FBA840072	InfinityCrypt (1).exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\ResiliencyLinks\MEIPreload\preloaded_data.pb.DATA.915A7888FA00CD21D5D4C74BF90FE3C4E15016E1963BDD34E330231FBA840072	InfinityCrypt (1).exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\base_uris.js.915A7888FA00CD21D5D4C74BF90FE3C4E15016E1963BDD34E330231FBA840072	InfinityCrypt (1).exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\Locales\zh-TW.pak.915A7888FA00CD21D5D4C74BF90FE3C4E15016E1963BDD34E330231FBA840072	InfinityCrypt (1).exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\editpdf.svg.915A7888FA00CD21D5D4C74BF90FE3C4E15016E1963BDD34E330231FBA840072	InfinityCrypt (1).exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\HighBeamCardLogo.png.915A7888FA00CD21D5D4C74BF90FE3C4E15016E1963BDD34E330231FBA840072	InfinityCrypt (1).exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\zh-cn\ui-strings.js.915A7888FA00CD21D5D4C74BF90FE3C4E15016E1963BDD34E330231FBA840072	InfinityCrypt (1).exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\identity_proxy\identity_helper.Sparse.Stable.msix.915A7888FA00CD21D5D4C74BF90FE3C4E15016E1963BDD34E330231FBA840072	InfinityCrypt (1).exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\ccloud_retina.png.915A7888FA00CD21D5D4C74BF90FE3C4E15016E1963BDD34E330231FBA840072	InfinityCrypt (1).exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\bg_pattern_RHP.png.915A7888FA00CD21D5D4C74BF90FE3C4E15016E1963BDD34E330231FBA840072	InfinityCrypt (1).exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\microsoft_shell_integration.dll.915A7888FA00CD21D5D4C74BF90FE3C4E15016E1963BDD34E330231FBA840072	InfinityCrypt (1).exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\img\tools\themes\dark\check_2x.png.915A7888FA00CD21D5D4C74BF90FE3C4E15016E1963BDD34E330231FBA840072	InfinityCrypt (1).exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Download_on_the_App_Store_Badge_fr_135x40.svg.915A7888FA00CD21D5D4C74BF90FE3C4E15016E1963BDD34E330231FBA840072	InfinityCrypt (1).exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\HomeBanner-3x.png.915A7888FA00CD21D5D4C74BF90FE3C4E15016E1963BDD34E330231FBA840072	InfinityCrypt (1).exe
File opened for modification	C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe.915A7888FA00CD21D5D4C74BF90FE3C4E15016E1963BDD34E330231FBA840072	InfinityCrypt (1).exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\sendforsignature.svg.915A7888FA00CD21D5D4C74BF90FE3C4E15016E1963BDD34E330231FBA840072	InfinityCrypt (1).exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\core_icons.png.915A7888FA00CD21D5D4C74BF90FE3C4E15016E1963BDD34E330231FBA840072	InfinityCrypt (1).exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\ResiliencyLinks\Locales\km.pak.DATA.915A7888FA00CD21D5D4C74BF90FE3C4E15016E1963BDD34E330231FBA840072	InfinityCrypt (1).exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\ResiliencyLinks\VisualElements\Logo.png.DATA.915A7888FA00CD21D5D4C74BF90FE3C4E15016E1963BDD34E330231FBA840072	InfinityCrypt (1).exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\TrackedSend.aapp.915A7888FA00CD21D5D4C74BF90FE3C4E15016E1963BDD34E330231FBA840072	InfinityCrypt (1).exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\next-arrow-default.svg.915A7888FA00CD21D5D4C74BF90FE3C4E15016E1963BDD34E330231FBA840072	InfinityCrypt (1).exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\fi-fi\ui-strings.js.915A7888FA00CD21D5D4C74BF90FE3C4E15016E1963BDD34E330231FBA840072	InfinityCrypt (1).exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\images\themes\dark\s_listview_18.svg.915A7888FA00CD21D5D4C74BF90FE3C4E15016E1963BDD34E330231FBA840072	InfinityCrypt (1).exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\export.svg.915A7888FA00CD21D5D4C74BF90FE3C4E15016E1963BDD34E330231FBA840072	InfinityCrypt (1).exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\inline-error-2x.png.915A7888FA00CD21D5D4C74BF90FE3C4E15016E1963BDD34E330231FBA840072	InfinityCrypt (1).exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateComRegisterShell64.exe.915A7888FA00CD21D5D4C74BF90FE3C4E15016E1963BDD34E330231FBA840072	InfinityCrypt (1).exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\SendMail.api.915A7888FA00CD21D5D4C74BF90FE3C4E15016E1963BDD34E330231FBA840072	InfinityCrypt (1).exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\plugins\rhp\exportpdfupsell-app-selector.js.915A7888FA00CD21D5D4C74BF90FE3C4E15016E1963BDD34E330231FBA840072	InfinityCrypt (1).exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.143.57\msedgeupdateres_az.dll.915A7888FA00CD21D5D4C74BF90FE3C4E15016E1963BDD34E330231FBA840072	InfinityCrypt (1).exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.143.57\msedgeupdateres_sv.dll.915A7888FA00CD21D5D4C74BF90FE3C4E15016E1963BDD34E330231FBA840072	InfinityCrypt (1).exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\win-scrollbar\themes\dark\arrow-left.png.915A7888FA00CD21D5D4C74BF90FE3C4E15016E1963BDD34E330231FBA840072	InfinityCrypt (1).exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\it-it\ui-strings.js.915A7888FA00CD21D5D4C74BF90FE3C4E15016E1963BDD34E330231FBA840072	InfinityCrypt (1).exe
File opened for modification	C:\Program Files (x86)\Windows Mail\wab.exe.915A7888FA00CD21D5D4C74BF90FE3C4E15016E1963BDD34E330231FBA840072	InfinityCrypt (1).exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Scan_R_RHP.aapp.915A7888FA00CD21D5D4C74BF90FE3C4E15016E1963BDD34E330231FBA840072	InfinityCrypt (1).exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\createpdf.svg.915A7888FA00CD21D5D4C74BF90FE3C4E15016E1963BDD34E330231FBA840072	InfinityCrypt (1).exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\cs-cz\ui-strings.js.915A7888FA00CD21D5D4C74BF90FE3C4E15016E1963BDD34E330231FBA840072	InfinityCrypt (1).exe

Executes dropped EXE 2 IoCs

pid	Process
1848	InfinityCrypt (1).exe
7452	InfinityCrypt (1).exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 1 IoCs

pid	pid_target	Process	procid_target
8232	8500	WerFault.exe	232

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	Taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	Taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	Taskmgr.exe

Checks processor information in registry 2 TTPs 21 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	InfinityCrypt (1).exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AnyDesk.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	InfinityCrypt (1).exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	InfinityCrypt (1).exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	InfinityCrypt (1).exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	AnyDesk.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Gathers network information 2 TTPs 1 IoCs

Uses commandline utility to view network configuration.

System Information Discovery

T1082

Command and Scripting Interpreter

T1059

pid	Process
5024	ipconfig.exe

Modifies registry class 9 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-751003968-2436847326-2055497515-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-751003968-2436847326-2055497515-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-751003968-2436847326-2055497515-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-751003968-2436847326-2055497515-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-751003968-2436847326-2055497515-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-751003968-2436847326-2055497515-1000\{2238123B-A2E9-4CC3-ABF3-3C4D037A342D}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-751003968-2436847326-2055497515-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-751003968-2436847326-2055497515-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-751003968-2436847326-2055497515-1000_Classes\Local Settings	OpenWith.exe

NTFS ADS 3 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 979336.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\InfinityCrypt (1).exe:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 152677.crdownload:SmartScreen	msedge.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
3328	AnyDesk.exe

Suspicious behavior: EnumeratesProcesses 33 IoCs

pid	Process
4676	AnyDesk.exe
4676	AnyDesk.exe
4676	AnyDesk.exe
4676	AnyDesk.exe
4676	AnyDesk.exe
4676	AnyDesk.exe
4320	msedge.exe
4320	msedge.exe
3580	msedge.exe
3580	msedge.exe
908	msedge.exe
908	msedge.exe
4636	msedge.exe
4636	msedge.exe
5384	msedge.exe
5384	msedge.exe
5140	msedge.exe
5140	msedge.exe
6588	msedge.exe
6588	msedge.exe
392	identity_helper.exe
392	identity_helper.exe
5740	msedge.exe
5740	msedge.exe
6308	msedge.exe
6308	msedge.exe
6308	msedge.exe
6308	msedge.exe
4744	msedge.exe
4744	msedge.exe
1592	Taskmgr.exe
1592	Taskmgr.exe
1592	Taskmgr.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1752	AnyDesk.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 39 IoCs

pid	Process
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe

Suspicious use of AdjustPrivilegeToken 10 IoCs

description	pid	Process
Token: SeDebugPrivilege	4676	AnyDesk.exe
Token: 33	4148	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4148	AUDIODG.EXE
Token: SeDebugPrivilege	1592	Taskmgr.exe
Token: SeSystemProfilePrivilege	1592	Taskmgr.exe
Token: SeCreateGlobalPrivilege	1592	Taskmgr.exe
Token: 33	1592	Taskmgr.exe
Token: SeIncBasePriorityPrivilege	1592	Taskmgr.exe
Token: SeDebugPrivilege	7452	InfinityCrypt (1).exe
Token: SeDebugPrivilege	1848	InfinityCrypt (1).exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3328	AnyDesk.exe
3328	AnyDesk.exe
3328	AnyDesk.exe
3328	AnyDesk.exe
3328	AnyDesk.exe
3328	AnyDesk.exe
3328	AnyDesk.exe
3328	AnyDesk.exe
3328	AnyDesk.exe
3328	AnyDesk.exe
3328	AnyDesk.exe
3328	AnyDesk.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
3328	AnyDesk.exe
3328	AnyDesk.exe
3328	AnyDesk.exe
3328	AnyDesk.exe
3328	AnyDesk.exe
3328	AnyDesk.exe
3328	AnyDesk.exe
3328	AnyDesk.exe
3328	AnyDesk.exe
3328	AnyDesk.exe
3328	AnyDesk.exe
3328	AnyDesk.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe
4320	msedge.exe

Suspicious use of SetWindowsHookEx 20 IoCs

pid	Process
1752	AnyDesk.exe
1752	AnyDesk.exe
4324	firefox.exe
3716	OpenWith.exe
8112	OpenWith.exe
3268	OpenWith.exe
3104	OpenWith.exe
5200	OpenWith.exe
6072	OpenWith.exe
6072	OpenWith.exe
6072	OpenWith.exe
6072	OpenWith.exe
6072	OpenWith.exe
6072	OpenWith.exe
6072	OpenWith.exe
1020	OpenWith.exe
6072	OpenWith.exe
6072	OpenWith.exe
6072	OpenWith.exe
6072	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2284 wrote to memory of 4676	2284	AnyDesk.exe	76
PID 2284 wrote to memory of 4676	2284	AnyDesk.exe	76
PID 2284 wrote to memory of 4676	2284	AnyDesk.exe	76
PID 2284 wrote to memory of 3328	2284	AnyDesk.exe	77
PID 2284 wrote to memory of 3328	2284	AnyDesk.exe	77
PID 2284 wrote to memory of 3328	2284	AnyDesk.exe	77
PID 4716 wrote to memory of 4672	4716	msedge.exe	94
PID 4716 wrote to memory of 4672	4716	msedge.exe	94
PID 3176 wrote to memory of 1260	3176	msedge.exe	93
PID 3176 wrote to memory of 1260	3176	msedge.exe	93
PID 4320 wrote to memory of 4736	4320	msedge.exe	92
PID 4320 wrote to memory of 4736	4320	msedge.exe	92
PID 4952 wrote to memory of 4880	4952	msedge.exe	96
PID 4952 wrote to memory of 4880	4952	msedge.exe	96
PID 4220 wrote to memory of 3364	4220	firefox.exe	95
PID 4220 wrote to memory of 3364	4220	firefox.exe	95
PID 4220 wrote to memory of 3364	4220	firefox.exe	95
PID 4220 wrote to memory of 3364	4220	firefox.exe	95
PID 4220 wrote to memory of 3364	4220	firefox.exe	95
PID 4220 wrote to memory of 3364	4220	firefox.exe	95
PID 4220 wrote to memory of 3364	4220	firefox.exe	95
PID 4220 wrote to memory of 3364	4220	firefox.exe	95
PID 4220 wrote to memory of 3364	4220	firefox.exe	95
PID 4220 wrote to memory of 3364	4220	firefox.exe	95
PID 4220 wrote to memory of 3364	4220	firefox.exe	95
PID 4708 wrote to memory of 3084	4708	msedge.exe	97
PID 4708 wrote to memory of 3084	4708	msedge.exe	97
PID 4324 wrote to memory of 4296	4324	firefox.exe	98
PID 4324 wrote to memory of 4296	4324	firefox.exe	98
PID 4320 wrote to memory of 2276	4320	msedge.exe	106
PID 4320 wrote to memory of 2276	4320	msedge.exe	106
PID 4320 wrote to memory of 2276	4320	msedge.exe	106
PID 4320 wrote to memory of 2276	4320	msedge.exe	106
PID 4320 wrote to memory of 2276	4320	msedge.exe	106
PID 4320 wrote to memory of 2276	4320	msedge.exe	106
PID 4320 wrote to memory of 2276	4320	msedge.exe	106
PID 4320 wrote to memory of 2276	4320	msedge.exe	106
PID 4320 wrote to memory of 2276	4320	msedge.exe	106
PID 4320 wrote to memory of 2276	4320	msedge.exe	106
PID 4320 wrote to memory of 2276	4320	msedge.exe	106
PID 4320 wrote to memory of 2276	4320	msedge.exe	106
PID 4320 wrote to memory of 2276	4320	msedge.exe	106
PID 4320 wrote to memory of 2276	4320	msedge.exe	106
PID 4320 wrote to memory of 2276	4320	msedge.exe	106
PID 4320 wrote to memory of 2276	4320	msedge.exe	106
PID 4320 wrote to memory of 2276	4320	msedge.exe	106
PID 4320 wrote to memory of 2276	4320	msedge.exe	106
PID 4320 wrote to memory of 2276	4320	msedge.exe	106
PID 4320 wrote to memory of 2276	4320	msedge.exe	106
PID 4320 wrote to memory of 2276	4320	msedge.exe	106
PID 4320 wrote to memory of 2276	4320	msedge.exe	106
PID 4320 wrote to memory of 2276	4320	msedge.exe	106
PID 4320 wrote to memory of 2276	4320	msedge.exe	106
PID 4320 wrote to memory of 2276	4320	msedge.exe	106
PID 4320 wrote to memory of 2276	4320	msedge.exe	106
PID 4320 wrote to memory of 2276	4320	msedge.exe	106
PID 4320 wrote to memory of 2276	4320	msedge.exe	106
PID 4320 wrote to memory of 2276	4320	msedge.exe	106
PID 4320 wrote to memory of 2276	4320	msedge.exe	106
PID 4320 wrote to memory of 2276	4320	msedge.exe	106
PID 4320 wrote to memory of 2276	4320	msedge.exe	106
PID 4320 wrote to memory of 2276	4320	msedge.exe	106
PID 4320 wrote to memory of 2276	4320	msedge.exe	106
PID 4320 wrote to memory of 2276	4320	msedge.exe	106

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
"C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe"
1⤵
- Checks processor information in registry
- Suspicious use of WriteProcessMemory
PID:2284
- C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
  "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe" --local-service
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:4676
- - C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
    "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe" --backend
    3⤵
    - Drops file in System32 directory
    - Suspicious behavior: GetForegroundWindowSpam
    - Suspicious use of SetWindowsHookEx
    PID:1752
- C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
  "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe" --local-control
  2⤵
  - Suspicious behavior: AddClipboardFormatListener
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:3328

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004E8 0x00000000000004D8
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4148

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Suspicious use of WriteProcessMemory
PID:4708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe55443cb8,0x7ffe55443cc8,0x7ffe55443cd8
  2⤵
  PID:3084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1736,6766843906660232052,4151723037271654799,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1736,6766843906660232052,4151723037271654799,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1852 /prefetch:2
  2⤵
  PID:4564

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Suspicious use of WriteProcessMemory
PID:4716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffe55443cb8,0x7ffe55443cc8,0x7ffe55443cd8
  2⤵
  PID:4672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2000,9132480039095157061,10108254523084634721,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2084 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2000,9132480039095157061,10108254523084634721,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2016 /prefetch:2
  2⤵
  PID:4056

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4220
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  PID:3364

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Suspicious use of WriteProcessMemory
PID:4952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe55443cb8,0x7ffe55443cc8,0x7ffe55443cd8
  2⤵
  PID:4880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1656,2919831833546129145,5079475435896304405,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1972 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5140

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Suspicious use of WriteProcessMemory
PID:3176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe55443cb8,0x7ffe55443cc8,0x7ffe55443cd8
  2⤵
  PID:1260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1848,11177422839929599941,6678728961195023101,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1892 /prefetch:2
  2⤵
  PID:5148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1848,11177422839929599941,6678728961195023101,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5384

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4324
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4324.0.652249660\237871713" -parentBuildID 20221007134813 -prefsHandle 1772 -prefMapHandle 1664 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {597433c0-da22-44a1-8c37-dba87ad3f1fe} 4324 "\\.\pipe\gecko-crash-server-pipe.4324" 1868 216e8bd7058 gpu
  2⤵
  PID:4296
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4324.1.1399011088\284764714" -parentBuildID 20221007134813 -prefsHandle 2264 -prefMapHandle 2260 -prefsLen 20783 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {38b9e4e8-d502-4660-8151-ca9fba67a537} 4324 "\\.\pipe\gecko-crash-server-pipe.4324" 2292 216d55e0958 socket
  2⤵
  PID:5832
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4324.2.1610883205\354759311" -childID 1 -isForBrowser -prefsHandle 2712 -prefMapHandle 3060 -prefsLen 20821 -prefMapSize 233444 -jsInitHandle 968 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d0302a6a-37dc-4d9a-915f-b266a9436d49} 4324 "\\.\pipe\gecko-crash-server-pipe.4324" 3160 216ed7f6658 tab
  2⤵
  PID:5420
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4324.3.159568833\1786740475" -childID 2 -isForBrowser -prefsHandle 3516 -prefMapHandle 3512 -prefsLen 26064 -prefMapSize 233444 -jsInitHandle 968 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {209bebcc-4c80-413c-a03e-c675c5d5734b} 4324 "\\.\pipe\gecko-crash-server-pipe.4324" 3528 216eb1b3f58 tab
  2⤵
  PID:5852
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4324.4.841295779\1311261464" -childID 3 -isForBrowser -prefsHandle 1512 -prefMapHandle 4872 -prefsLen 26202 -prefMapSize 233444 -jsInitHandle 968 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3b961c8a-13d1-41d9-9cdf-99441d7cc4d8} 4324 "\\.\pipe\gecko-crash-server-pipe.4324" 4820 216d555cd58 tab
  2⤵
  PID:6512
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4324.6.2063828193\120949558" -childID 5 -isForBrowser -prefsHandle 5388 -prefMapHandle 5316 -prefsLen 26283 -prefMapSize 233444 -jsInitHandle 968 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5a1fbb67-e7c7-4c3e-9984-ef8d06067378} 4324 "\\.\pipe\gecko-crash-server-pipe.4324" 5396 216f2e84c58 tab
  2⤵
  PID:7112
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4324.5.594756675\1411800606" -childID 4 -isForBrowser -prefsHandle 5176 -prefMapHandle 5172 -prefsLen 26283 -prefMapSize 233444 -jsInitHandle 968 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1bed6462-033c-42be-99c2-c1adf0b4e7d2} 4324 "\\.\pipe\gecko-crash-server-pipe.4324" 5144 216f2e83458 tab
  2⤵
  PID:7104
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4324.7.105959446\29808492" -childID 6 -isForBrowser -prefsHandle 5196 -prefMapHandle 5488 -prefsLen 26283 -prefMapSize 233444 -jsInitHandle 968 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {aa921125-ceb8-4fd5-b5c5-9db06f4fdbc1} 4324 "\\.\pipe\gecko-crash-server-pipe.4324" 5584 216f2e85e58 tab
  2⤵
  PID:7132
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4324.8.1620802914\1179557995" -childID 7 -isForBrowser -prefsHandle 5888 -prefMapHandle 5892 -prefsLen 26283 -prefMapSize 233444 -jsInitHandle 968 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c37f0d6b-80aa-486e-ad89-e20e48f5ecc2} 4324 "\\.\pipe\gecko-crash-server-pipe.4324" 5912 216f3a1d458 tab
  2⤵
  PID:7068
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4324.9.1153576429\214344748" -childID 8 -isForBrowser -prefsHandle 5124 -prefMapHandle 5108 -prefsLen 26723 -prefMapSize 233444 -jsInitHandle 968 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {710899c9-a1c2-4e92-ac72-f97baa120b6f} 4324 "\\.\pipe\gecko-crash-server-pipe.4324" 1676 216f0abb658 tab
  2⤵
  PID:5264
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4324.10.715603186\1467776790" -childID 9 -isForBrowser -prefsHandle 2796 -prefMapHandle 4040 -prefsLen 26884 -prefMapSize 233444 -jsInitHandle 968 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {83ead691-90e6-4c2d-a7eb-a22d7efdf580} 4324 "\\.\pipe\gecko-crash-server-pipe.4324" 5444 216f2678158 tab
  2⤵
  PID:5524
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4324.11.1319675138\181308974" -childID 10 -isForBrowser -prefsHandle 5448 -prefMapHandle 5452 -prefsLen 26884 -prefMapSize 233444 -jsInitHandle 968 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3bbbf514-7dd1-4d86-9851-b24a5bd0c35b} 4324 "\\.\pipe\gecko-crash-server-pipe.4324" 5300 216efe41858 tab
  2⤵
  PID:3776
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4324.12.760856847\861054475" -parentBuildID 20221007134813 -prefsHandle 6660 -prefMapHandle 6652 -prefsLen 26884 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b34424c9-d9a1-46ac-8a4c-1511af08617a} 4324 "\\.\pipe\gecko-crash-server-pipe.4324" 6664 216f0cd0d58 rdd
  2⤵
  PID:5424
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4324.14.294255989\539216471" -childID 12 -isForBrowser -prefsHandle 7028 -prefMapHandle 7032 -prefsLen 26884 -prefMapSize 233444 -jsInitHandle 968 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {795a2097-3384-40bc-8336-e1e37836253c} 4324 "\\.\pipe\gecko-crash-server-pipe.4324" 7020 216f4224b58 tab
  2⤵
  PID:3760
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4324.13.596934986\625665749" -childID 11 -isForBrowser -prefsHandle 6852 -prefMapHandle 6640 -prefsLen 26884 -prefMapSize 233444 -jsInitHandle 968 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {28f2f7c4-e01b-46a7-acb6-15b1236b920e} 4324 "\\.\pipe\gecko-crash-server-pipe.4324" 6884 216f41ec858 tab
  2⤵
  PID:2428
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4324.17.2067291015\322309478" -childID 14 -isForBrowser -prefsHandle 6404 -prefMapHandle 7288 -prefsLen 26884 -prefMapSize 233444 -jsInitHandle 968 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {35549a73-7a61-4c96-a5a9-0a8c942bf38d} 4324 "\\.\pipe\gecko-crash-server-pipe.4324" 7472 216f631e258 tab
  2⤵
  PID:5252
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4324.16.1847109146\997446641" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 7308 -prefMapHandle 7312 -prefsLen 26884 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9ef7c861-707b-47d5-ac54-77d2e4b8cb95} 4324 "\\.\pipe\gecko-crash-server-pipe.4324" 7304 216f3a47c58 utility
  2⤵
  PID:6388
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4324.15.1623155971\695700984" -childID 13 -isForBrowser -prefsHandle 7216 -prefMapHandle 2856 -prefsLen 26884 -prefMapSize 233444 -jsInitHandle 968 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5c92769b-19b2-4689-b914-01d799888630} 4324 "\\.\pipe\gecko-crash-server-pipe.4324" 6344 216f0abb658 tab
  2⤵
  PID:6376
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4324.18.1551345014\754622062" -childID 15 -isForBrowser -prefsHandle 7336 -prefMapHandle 7340 -prefsLen 26884 -prefMapSize 233444 -jsInitHandle 968 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e92da007-4b08-4876-b7ea-aa51aef4971d} 4324 "\\.\pipe\gecko-crash-server-pipe.4324" 6348 216f6442258 tab
  2⤵
  PID:5688
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4324.19.228695389\1732796702" -childID 16 -isForBrowser -prefsHandle 4592 -prefMapHandle 4364 -prefsLen 26902 -prefMapSize 233444 -jsInitHandle 968 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f8356efb-59ee-4691-9088-bb2bc7b7f816} 4324 "\\.\pipe\gecko-crash-server-pipe.4324" 4608 216d5530558 tab
  2⤵
  PID:4604

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe55443cb8,0x7ffe55443cc8,0x7ffe55443cd8
  2⤵
  PID:4736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1952,9778002853172908319,12144390510558192683,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2576 /prefetch:8
  2⤵
  PID:4344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,9778002853172908319,12144390510558192683,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:1108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,9778002853172908319,12144390510558192683,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
  2⤵
  PID:2088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1952,9778002853172908319,12144390510558192683,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2084 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1952,9778002853172908319,12144390510558192683,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1964 /prefetch:2
  2⤵
  PID:2276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,9778002853172908319,12144390510558192683,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4952 /prefetch:1
  2⤵
  PID:6084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,9778002853172908319,12144390510558192683,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4932 /prefetch:1
  2⤵
  PID:6048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,9778002853172908319,12144390510558192683,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4940 /prefetch:1
  2⤵
  PID:2040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,9778002853172908319,12144390510558192683,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5212 /prefetch:1
  2⤵
  PID:1388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,9778002853172908319,12144390510558192683,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5436 /prefetch:1
  2⤵
  PID:6676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,9778002853172908319,12144390510558192683,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4896 /prefetch:1
  2⤵
  PID:6812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1952,9778002853172908319,12144390510558192683,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6208 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6588
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1952,9778002853172908319,12144390510558192683,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3312 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,9778002853172908319,12144390510558192683,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5388 /prefetch:1
  2⤵
  PID:4992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,9778002853172908319,12144390510558192683,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3704 /prefetch:1
  2⤵
  PID:3284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,9778002853172908319,12144390510558192683,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6380 /prefetch:1
  2⤵
  PID:7128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,9778002853172908319,12144390510558192683,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5964 /prefetch:1
  2⤵
  PID:5216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,9778002853172908319,12144390510558192683,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6160 /prefetch:1
  2⤵
  PID:6796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1952,9778002853172908319,12144390510558192683,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5964 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:5740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1952,9778002853172908319,12144390510558192683,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6688 /prefetch:8
  2⤵
  PID:5800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,9778002853172908319,12144390510558192683,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5388 /prefetch:1
  2⤵
  PID:1544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1952,9778002853172908319,12144390510558192683,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4896 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,9778002853172908319,12144390510558192683,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6012 /prefetch:1
  2⤵
  PID:1636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,9778002853172908319,12144390510558192683,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3608 /prefetch:1
  2⤵
  PID:5532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,9778002853172908319,12144390510558192683,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3956 /prefetch:1
  2⤵
  PID:768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,9778002853172908319,12144390510558192683,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5668 /prefetch:1
  2⤵
  PID:1696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,9778002853172908319,12144390510558192683,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6984 /prefetch:1
  2⤵
  PID:6416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,9778002853172908319,12144390510558192683,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:5156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,9778002853172908319,12144390510558192683,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5672 /prefetch:1
  2⤵
  PID:3656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,9778002853172908319,12144390510558192683,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7164 /prefetch:1
  2⤵
  PID:5000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,9778002853172908319,12144390510558192683,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1056 /prefetch:1
  2⤵
  PID:6392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,9778002853172908319,12144390510558192683,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2480 /prefetch:1
  2⤵
  PID:4976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1952,9778002853172908319,12144390510558192683,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7324 /prefetch:8
  2⤵
  PID:4500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,9778002853172908319,12144390510558192683,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6748 /prefetch:1
  2⤵
  PID:5140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,9778002853172908319,12144390510558192683,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5528 /prefetch:1
  2⤵
  PID:5564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,9778002853172908319,12144390510558192683,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7220 /prefetch:1
  2⤵
  PID:1760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,9778002853172908319,12144390510558192683,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7160 /prefetch:1
  2⤵
  PID:5136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,9778002853172908319,12144390510558192683,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6124 /prefetch:1
  2⤵
  PID:4608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1952,9778002853172908319,12144390510558192683,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6896 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:4744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1952,9778002853172908319,12144390510558192683,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4056 /prefetch:8
  2⤵
  PID:5184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,9778002853172908319,12144390510558192683,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6652 /prefetch:1
  2⤵
  PID:3656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,9778002853172908319,12144390510558192683,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7008 /prefetch:1
  2⤵
  PID:5304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,9778002853172908319,12144390510558192683,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7416 /prefetch:1
  2⤵
  PID:4960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,9778002853172908319,12144390510558192683,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6928 /prefetch:1
  2⤵
  PID:3268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,9778002853172908319,12144390510558192683,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7432 /prefetch:1
  2⤵
  PID:5516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,9778002853172908319,12144390510558192683,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5824 /prefetch:1
  2⤵
  PID:5184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,9778002853172908319,12144390510558192683,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3752 /prefetch:1
  2⤵
  PID:4176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,9778002853172908319,12144390510558192683,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5036 /prefetch:1
  2⤵
  PID:7500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,9778002853172908319,12144390510558192683,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7196 /prefetch:1
  2⤵
  PID:8144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,9778002853172908319,12144390510558192683,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7352 /prefetch:1
  2⤵
  PID:7636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,9778002853172908319,12144390510558192683,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6924 /prefetch:1
  2⤵
  PID:2984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1952,9778002853172908319,12144390510558192683,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7048 /prefetch:8
  2⤵
  PID:7948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,9778002853172908319,12144390510558192683,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5692 /prefetch:1
  2⤵
  PID:8808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,9778002853172908319,12144390510558192683,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5260 /prefetch:1
  2⤵
  PID:8960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,9778002853172908319,12144390510558192683,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7456 /prefetch:1
  2⤵
  PID:9152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,9778002853172908319,12144390510558192683,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6896 /prefetch:1
  2⤵
  PID:9108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1952,9778002853172908319,12144390510558192683,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7384 /prefetch:8
  2⤵
  PID:8560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1952,9778002853172908319,12144390510558192683,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2772 /prefetch:8
  2⤵
  PID:8972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1952,9778002853172908319,12144390510558192683,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7660 /prefetch:8
  2⤵
  PID:8540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,9778002853172908319,12144390510558192683,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7204 /prefetch:1
  2⤵
  PID:8016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1952,9778002853172908319,12144390510558192683,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4980 /prefetch:8
  2⤵
  PID:7912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,9778002853172908319,12144390510558192683,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5800 /prefetch:1
  2⤵
  PID:4636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1952,9778002853172908319,12144390510558192683,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=7664 /prefetch:8
  2⤵
  PID:8388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,9778002853172908319,12144390510558192683,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=83 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7960 /prefetch:1
  2⤵
  PID:7472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,9778002853172908319,12144390510558192683,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=85 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7552 /prefetch:1
  2⤵
  PID:2324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,9778002853172908319,12144390510558192683,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=87 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3556 /prefetch:1
  2⤵
  PID:7672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1952,9778002853172908319,12144390510558192683,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7540 /prefetch:8
  2⤵
  PID:8224
- C:\Users\Admin\Downloads\Ana (4).exe
  "C:\Users\Admin\Downloads\Ana (4).exe"
  2⤵
  PID:452
- - C:\Users\Admin\AppData\Local\Temp\AV.EXE
    "C:\Users\Admin\AppData\Local\Temp\AV.EXE"
    3⤵
    PID:8932
- - C:\Users\Admin\AppData\Local\Temp\AV2.EXE
    "C:\Users\Admin\AppData\Local\Temp\AV2.EXE"
    3⤵
    PID:8500
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 8500 -s 512
      4⤵
      Program crash
      PID:8232
- - C:\Users\Admin\AppData\Local\Temp\DB.EXE
    "C:\Users\Admin\AppData\Local\Temp\DB.EXE"
    3⤵
    PID:2984
  - - C:\Windows\SysWOW64\mtxlegihm.exe
      C:\Windows\SysWOW64\mtxlegihm.exe
      4⤵
      PID:7344
    - - C:\Windows\SysWOW64\ipconfig.exe
        
        "C:\Windows\system32\ipconfig.exe" /flushdns
        5⤵
        Gathers network information
        
        PID:5024
  - - C:\Windows\SysWOW64\cmd.exe
      /c C:\Users\Admin\AppData\Local\Temp\~unins8296.bat "C:\Users\Admin\AppData\Local\Temp\DB.EXE"
      4⤵
      PID:8124
- - C:\Users\Admin\AppData\Local\Temp\EN.EXE
    "C:\Users\Admin\AppData\Local\Temp\EN.EXE"
    3⤵
    PID:8944
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\system32\cmd.exe" /c del C:\Users\Admin\AppData\Local\Temp\EN.EXE > nul
      4⤵
      PID:6040
- - C:\Users\Admin\AppData\Local\Temp\SB.EXE
    "C:\Users\Admin\AppData\Local\Temp\SB.EXE"
    3⤵
    PID:9048

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Checks processor information in registry
PID:3552

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5848

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6116

C:\Windows\System32\DataExchangeHost.exe
C:\Windows\System32\DataExchangeHost.exe -Embedding
1⤵
PID:7124

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4236

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3208

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3716

C:\Users\Admin\Downloads\InfinityCrypt (1).exe
"C:\Users\Admin\Downloads\InfinityCrypt (1).exe"
1⤵
- Drops file in Program Files directory
- Executes dropped EXE
- Checks processor information in registry
- Suspicious use of AdjustPrivilegeToken
PID:1848

C:\Windows\system32\launchtm.exe
launchtm.exe /2
1⤵
PID:3420
- C:\Windows\System32\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe" /2
  2⤵
  - Checks SCSI registry key(s)
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:1592

C:\Users\Admin\Downloads\InfinityCrypt (1).exe
"C:\Users\Admin\Downloads\InfinityCrypt (1).exe"
1⤵
- Drops file in Program Files directory
- Executes dropped EXE
- Checks processor information in registry
- Suspicious use of AdjustPrivilegeToken
PID:7452

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:8112

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:5200
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\Downloads\Unconfirmed 152677.crdownload"
  2⤵
  PID:9144

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3104
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\Downloads\Unconfirmed 152677.crdownload"
  2⤵
  PID:8300
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\Downloads\Unconfirmed 152677.crdownload"
    3⤵
    PID:2496

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3268

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:6072

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1020

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:7560

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:932

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:7672

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:5280

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:2372

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:3300

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:5816

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:8104

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:6416

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:7300

C:\Windows\system32\launchtm.exe
launchtm.exe /2
1⤵
PID:9004
- C:\Windows\System32\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe" /2
  2⤵
  PID:8152

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\Downloads\Unconfirmed 152677.crdownload"
1⤵
PID:8552

C:\Windows\system32\launchtm.exe
launchtm.exe /2
1⤵
PID:9008
- C:\Windows\System32\Taskmgr.exe
  "C:\Windows\System32\Taskmgr.exe" /2
  2⤵
  PID:7548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 8500 -ip 8500
1⤵
PID:8436

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\icudtl.dat.915A7888FA00CD21D5D4C74BF90FE3C4E15016E1963BDD34E330231FBA840072

Filesize
16B

MD5
f736dd12793712b71d0db75a62c0c91f

SHA1
745d06cab92135b2b572b54a320f575383f67ce1

SHA256
c384bb55543b076e3dddf655ef348aed43370c507a46959b9878b65e592f60b1

SHA512
a3ea33cdce4ac38c5b35bc917191ee65960ef645442adc83a53e5c047bdf31789c4c3eb3bdbdb529e38a5b5050629fc7484db45498c21c0e462446ae109bcbde

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_remove_18.svg.915A7888FA00CD21D5D4C74BF90FE3C4E15016E1963BDD34E330231FBA840072

Filesize
720B

MD5
a4e7d417d678d62d5167da46753d2c64

SHA1
b662005cd12eb5297a37c004ac9b332c4f4fc83d

SHA256
3dbd8130278906afb1ec9f5552e079a8b391f057487e1949fd3552474317489d

SHA512
aab6a5803e0e3085d65ad495d8a0889029f4fc5c1b8fc4b8cc4301e94e3ae083de80f04057f02ff516c7ef18948365d3619a8bb54b6acc9a30b5492fe55375a4

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\images\example_icons.png.915A7888FA00CD21D5D4C74BF90FE3C4E15016E1963BDD34E330231FBA840072

Filesize
688B

MD5
aaba4ceddbcf5d646f6b807da7622183

SHA1
b099df4fe9b254cc9c72fddf9e67148882a00c3a

SHA256
1be238329df8cce67ef0da39b1a9344ae4851874bef51977c0fbe5c4d9ef88b9

SHA512
5aa9cb8c8c4f8745b33544d3ae0f9eef7558f7cc1abc743154ceaf20e51c3ae2349d62262adc09975c8ea804758ba6b7cb310cc0816760db235e3d68bc3eed56

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\images\example_icons2x.png.915A7888FA00CD21D5D4C74BF90FE3C4E15016E1963BDD34E330231FBA840072

Filesize
1KB

MD5
2e82c1aa69e9d3a3fe8cf9d4a6683b8d

SHA1
1377ace7edc8c045bff94aa15556a2c7a18e8f53

SHA256
491cf9445538a5df85f9f213dc6db11a7bb8c815093b9fccf18d4930424f967f

SHA512
dba40204b305f672b9f088503eb4b8f2774dd7a659d70aae91aefccec3412e9858ca7010617c34adff6faccd0808388e2e2a975850f402945a5aa476faca5534

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon.png.915A7888FA00CD21D5D4C74BF90FE3C4E15016E1963BDD34E330231FBA840072

Filesize
448B

MD5
e45eaf1257abd7bc63146d39a9571f75

SHA1
87013354b3e6727dabdd38eab9c86c49a3321745

SHA256
715db8cfeba48525bac7f2af7f345dbdf167c86bc96abd397fba9b5e42a91363

SHA512
ca4a872f041c67b0017af95dd394f41b9a0aeb1c5847c3b7efde7d5ec60bdae6553a3ee1712f3fba4c9372516c84575982e8c97988d0e2b6c91494d65c9cc884

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_2x.png.915A7888FA00CD21D5D4C74BF90FE3C4E15016E1963BDD34E330231FBA840072

Filesize
624B

MD5
032cdd65a5727f3781eb1253108ebf8a

SHA1
7a6042ab1cbf2332138b72d7acbd8a502a31614f

SHA256
d96a45792670f68991352aa2c677fc7c85c967663b389358c3479271fe02711e

SHA512
8e1f465f7780c45b6c18341ed23ef0e2c365ea310432ffc507764c76d4a2691b3f89448a840dfbcf3bd92c15db975426b8bccf2a6885edc89536eb82c472ebdc

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_hover.png.915A7888FA00CD21D5D4C74BF90FE3C4E15016E1963BDD34E330231FBA840072

Filesize
400B

MD5
10a18c04828adaa49369c41ac50e44d2

SHA1
31316094d0dff95a17521f4a67394f9df58d5ef7

SHA256
6188560098c09c900a9816af0b78da810535c6c793d2bb4bbdb3df05174d9b94

SHA512
01a054657826bb3627a7bbbe5fb0ea2158f8a9e84bdb5a32b21174a79aeb7de43aba907c8e94d09242da13b92b65cd29ff91ae78d4e7de3a7a0063669bed178c

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_hover_2x.png.915A7888FA00CD21D5D4C74BF90FE3C4E15016E1963BDD34E330231FBA840072

Filesize
560B

MD5
1da5d61f235e58f94597d44eaefa6026

SHA1
0600622d55dbcbb7b309e903686fb004b232119e

SHA256
50353a37193796907d3676d2e1f2569be25d7dc7ec115aa17cc0027e256a32e3

SHA512
64223126bbd0de16759288a6f11e979ba871b50e6e2d2aa41a3748d5ed97b33d7285297f905bc996c2dfcaaa0d39ccaf3bd8fc2d35b5071290ece972decb9775

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon.png.915A7888FA00CD21D5D4C74BF90FE3C4E15016E1963BDD34E330231FBA840072

Filesize
400B

MD5
8f4e722516eba830d36de2c5cae3f2fb

SHA1
6ced63f35054feb1623b292bd25900f9a9e3e111

SHA256
509684418014fcb0a594fe0649bd8acfdf41ca8b37a5dc44f0693b439efa45ef

SHA512
0ddef75ed85c223f0d7097de8304ced4c2a63e893ecff0d4f9b041aab8fca9f203c44faa6938ad18bd9390f58ca41988474a1a8687dd8ba8d64bba22a9f506d7

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png.915A7888FA00CD21D5D4C74BF90FE3C4E15016E1963BDD34E330231FBA840072

Filesize
560B

MD5
e7a910468652da44df2914397f13de12

SHA1
de1782f944eed93ebaf9b8781bf4ca520592360f

SHA256
9bd54f8652c578d373d539656ee2707b0402845f43c4e792b16c81d3c42679c2

SHA512
9740c711964628839adb70bcd4fce259bcef6692c7148960539de02fecab683b3575477aa1708ad2b8305245bd01cd1388b089306ca1d4564be3ced0468c9fc5

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png.915A7888FA00CD21D5D4C74BF90FE3C4E15016E1963BDD34E330231FBA840072

Filesize
400B

MD5
fe37bb2e9fb409230ed18915b0176578

SHA1
f81df3586400a271fe15759c05a71f5685fa6e48

SHA256
8ffb487da75d2bdaf8e1d42e42e895de757b641e4ca594ed0e86ff14d5232c24

SHA512
c8dbade322619fc5d358c777aff616edeb5c222fb2fd22adf777e95aeb61e4f161417ab313ba74be4958dc3db09811d9fc3c0e45c56e9fb93b2707df22252cc2

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png.915A7888FA00CD21D5D4C74BF90FE3C4E15016E1963BDD34E330231FBA840072

Filesize
560B

MD5
eee60bd2ba97fa56b51d59a788feb9bd

SHA1
77c20dd9a0f10fdfde477bd8d68c3c131ce56642

SHA256
c007c0353965dffbd145785499ba465bc3f5cdca3cecc556e34a5525e7b3c6e9

SHA512
041523f7083b5ff1f22d599937de8422f3c9695e6dab6e06fa2ed566019d285cf354068dbb423f416a5b8bfd62693984e2fb1aac2c1168843148a62aeb2a84d8

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\icons.png.915A7888FA00CD21D5D4C74BF90FE3C4E15016E1963BDD34E330231FBA840072

Filesize
7KB

MD5
427d0798715ab48c8fee4cdeba92c52b

SHA1
36393997f4c6407d1d9287e5efc3539dbe38de58

SHA256
9527602d17951939ede2f2e326e98fb329855f52a466098eab054b02c113491a

SHA512
c58680e5125ce9d58a448b40e452b793295cf4b44cc30f7d17f53b458034975e319f38a3df3b0043956d60a276013ee5e003a47208a0b1d424b918ee63bfd2cb

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\icons_ie8.gif.915A7888FA00CD21D5D4C74BF90FE3C4E15016E1963BDD34E330231FBA840072

Filesize
7KB

MD5
ce231189ef460152ae77721e84eb2101

SHA1
5423d70c12775897bcae1b1e435eb070da9df39f

SHA256
2470d1728b8c32d7ee05db7a3c7bf68d9e3730bbce5b88156527624a1dcabe3e

SHA512
fe9e810b1369d7c01544f092195b414dc386b3538d9d13fc61e9511da7d395e55eb37c2f31c1749187949d7e9a7294deea49f6ce8a585c6b9ef8ae0d2d14f9ad

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\icons_retina.png.915A7888FA00CD21D5D4C74BF90FE3C4E15016E1963BDD34E330231FBA840072

Filesize
15KB

MD5
d7e2eff1e4c952050f15a34b7979f330

SHA1
e1a001a8f053de6453b0518fa79a4feef3ad4eac

SHA256
ef7363b97db3e9ab7d8498b925786fd0837f52769ac53cf6b12f53601f366ccf

SHA512
4b0fa64187e26a9347e46de2277b37274b77fef8a49c1c41643e007c8140e31b8692360df7ac883e6379837505e4eb51bad16fad66220fab8c38a4c46f67326b

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\new_icons.png.915A7888FA00CD21D5D4C74BF90FE3C4E15016E1963BDD34E330231FBA840072

Filesize
8KB

MD5
6792f1885a7b4537b8703600129eef37

SHA1
8aec9970c36a9433239598dfda6087aafea6fb75

SHA256
77265c2dd00e2a390e67076902979c5efe130b18b8aba2ee7d3491c52dacc6eb

SHA512
bc520ba83de72b0728f3a973a31ac4bb0a1a862b63f6f83efa2eea5315137e845d133bedff60928f21b58287a2ad942c618dd65534d8410608b6d6877a0d6df5

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\new_icons_retina.png.915A7888FA00CD21D5D4C74BF90FE3C4E15016E1963BDD34E330231FBA840072

Filesize
17KB

MD5
bcee30c57c5123e6c9caae0a3dc3796c

SHA1
75176aa917ad72eaf096ac9443e93eaf9cc55216

SHA256
4b80f2fe762b7f638a2831a380bab5ebe1443e4021093b3c57888e2415653477

SHA512
078dd3956dcf6bc31dde8e406e4bf6894f4bfead592a25387a7ebaed6dec585e185c7531fba9742d8fbb86d912238c9f3d2e915408c2c6547328272425dad6ba

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\bg_pattern_RHP.png.915A7888FA00CD21D5D4C74BF90FE3C4E15016E1963BDD34E330231FBA840072

Filesize
192B

MD5
9460f710a1dfa8806d0092683793c769

SHA1
6ee231c2f1d6200785876bab9b7155b908f7291f

SHA256
f6814a2f87343ceeddf571e7cccb442ceef55e9631c1e4bf78d660a6072ccb07

SHA512
3ff58b54d5df5c718ace6ce4692373a0b5c67ac8d2e90207906ed0dc7120aaa9630db5e10f1bbc211bc17713ee907a4deefbc2012aeb71611bc1ebdc4bd02832

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\bg_patterns_header.png.915A7888FA00CD21D5D4C74BF90FE3C4E15016E1963BDD34E330231FBA840072

Filesize
704B

MD5
b631acd1ce3c66df3d33544281918192

SHA1
6245b0108922dfc694f0b0a4ab3c47c3373377e2

SHA256
044c57c9d8d3082fd577f4a96d8b3698482f76dd3b1a5f5c9f02904800124052

SHA512
86154e45b31f1d2297dfbc369c482656098a73ebb1cf6f4cba5b439f8d464dca8f6f5c42cf8cb573831c38b864dde75393f4eae53603be7e0f1f20e0d3cd6031

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\illustrations.png.915A7888FA00CD21D5D4C74BF90FE3C4E15016E1963BDD34E330231FBA840072

Filesize
8KB

MD5
6ed263bd85649b6d7c7a549f66b429ca

SHA1
63b0fcc0a51351c4202905b8c75048efd0fa1fd0

SHA256
90ca50b094c220f24a21b2af916dd2a5335b75968e3a31f32d02f46b1b2f33e1

SHA512
7ffaa466321b07832fddecf1a255e3d5f861bb8096e8d0362fe79abac8596b472e5a9e6762a38ec6ee0b6e8e9687fc2625e61bed8e54a6bb80b3c217803037aa

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\illustrations_retina.png.915A7888FA00CD21D5D4C74BF90FE3C4E15016E1963BDD34E330231FBA840072

Filesize
19KB

MD5
78defd5e668d9aef34994c4b17b1bdb2

SHA1
b73c608076ecec00217ebf390dd871d38b96b08e

SHA256
6a64d9092a5ed2a2aa0c29008b146f0ffab2123533188310cabf25c95116bb19

SHA512
7936e6bae5a35d66d622f127347e74028d44a5c5457d410542ac78f8c3726e4e2da4c8d3e40a2b005da208e1a93118f826eb49d175ed2335bd2156609eea89fc

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\en-gb\ui-strings.js.915A7888FA00CD21D5D4C74BF90FE3C4E15016E1963BDD34E330231FBA840072

Filesize
832B

MD5
3a78c6ddbe336dd6d2c26934e6683985

SHA1
cad4c886d50dd45db40bc2ac1631ddadaa225298

SHA256
ca67bd225f238fdbefe54f175be6b98e4d913894c7297c5c5ebc699c553566e1

SHA512
78669a1c08f68a227b78be484194364ef4df4a25f57143c0643b300205d45be34988fafdbd506195029b763cee4a11a00363e317aff49d7b35edce1d7ad18cac

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\ui-strings.js.915A7888FA00CD21D5D4C74BF90FE3C4E15016E1963BDD34E330231FBA840072

Filesize
1KB

MD5
7b6683b50c3a2636b2b4bec4033a37b5

SHA1
32c1aa0c351269b98064f151dee6ad90b8e4baba

SHA256
43c7b9bbbab8fcbf09db155fd2a3bbde363a04c37971c270ab51012da61796b8

SHA512
7304f15ba71aec0ed4123e28d0d7340df89850c4c12855a19fdfc98964b8706f2744cf79832483de9523bef4460b519ca8123a25a1ab7c877c7e3fc533531a2f

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\ui-strings.js.915A7888FA00CD21D5D4C74BF90FE3C4E15016E1963BDD34E330231FBA840072

Filesize
1KB

MD5
2a761133316017446746abdd7279b35d

SHA1
8d807f96c334f4f0fb388ccbab7b8cafe4877d34

SHA256
4293fd38142a9f6cb25280a128e1599db966b2058b93d7a2ba5bad72dde305ca

SHA512
65f62f10e086bfa659392e402f08b95fcebba3ae452317d98df3d1d7aa25364561668794729d8f8495cae3b81d87ccabc13fbe4d2e27a671e09b08054d949925

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\task-handler\css\main.css.915A7888FA00CD21D5D4C74BF90FE3C4E15016E1963BDD34E330231FBA840072

Filesize
816B

MD5
a242917959d252ba7f560f3949d6b809

SHA1
7401e531b153dcfcfa04793d2fa6984501ec4015

SHA256
7403c27866047c2a2435b8bc1075228aa9eea3ee26220c8ab74c1c9db760f688

SHA512
d873b998f0ef33ccf3ae9f3e8eae624077e75b3828fdfac240975d47bc647be8e61b778b5a6c4e00de6e73ee748f22fe29f66baa36f7cf73677b0ba59c6f262e

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\bun.png.915A7888FA00CD21D5D4C74BF90FE3C4E15016E1963BDD34E330231FBA840072

Filesize
2KB

MD5
5adb9595fa6358c46c6b500db42b46ba

SHA1
cd15f2a3e66d38961c023c478af8c18dc8495886

SHA256
13710110e5534928aeee8c6b871b5c2701d0f27f4b0d77b22a9484919851ad43

SHA512
efe84ad106a409f8b9c57aabf4a2c3403217f9b3ceb40e0279db387be3b9a1e2000ceae938274b745748530adb7df2ad39cb03efca2553fa942f440c14c02d87

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\cstm_brand_preview.png.915A7888FA00CD21D5D4C74BF90FE3C4E15016E1963BDD34E330231FBA840072

Filesize
2KB

MD5
506624a992f33750afd513352c9570d0

SHA1
4349ff178794316a11c3d46ad4592a3e1bd09c1f

SHA256
94504ce790a3e63b62dbb389a42d0560520c69010ac97672c6c296130e464223

SHA512
79017cf77713fe9f2f32b25d52825576972b77b15f6352b9612d110d4edcec60a077a2397f5955e1010f30387da29e46a8d22f651f39cbcdb6e45e833ee074d6

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\cstm_brand_preview2x.png.915A7888FA00CD21D5D4C74BF90FE3C4E15016E1963BDD34E330231FBA840072

Filesize
4KB

MD5
0f93d232c1789493dda567b918583db5

SHA1
b3b5a0337cfc604ff953823c71edfcd8b59f1601

SHA256
dc1f1b9f130508e7fbdb5558bce11e8f4f4418c45ab751970d7d5efccaa7d344

SHA512
2609e573b964420e064b141c7dd1d9d4b6344585929a9decdf757d433de55bae38429d84bc6ae7cda6b24c8d24de79258abedc4c858028e45be2324d11faa206

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\dd_arrow_small.png.915A7888FA00CD21D5D4C74BF90FE3C4E15016E1963BDD34E330231FBA840072

Filesize
304B

MD5
c548314e76dd07bc19b3062748e24397

SHA1
37e1c33f6f5290b3c2e7d878151a0d2ce4e32f0b

SHA256
8169b807c900a88783fbbecc8293b69a5084cc5dbd3b9b28df7ccdd2994243c3

SHA512
a45aa2de565535f3d326bbbc67de9103abc171384f36278ad9bb27debafe4431d24e30808a5557f20a775c39512f7477ce326f89cb72dd0aa4ed02f37abf0470

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\dd_arrow_small2x.png.915A7888FA00CD21D5D4C74BF90FE3C4E15016E1963BDD34E330231FBA840072

Filesize
400B

MD5
5be3673286e1fc7e9ba3d0804ecde50a

SHA1
02a78ad1c92479b9e223c58f1d49e459780c1d44

SHA256
7ad5dec3cabe9a0eed1297bc2d7c701353c6f9f3106810b0afc5419e7fcd1e77

SHA512
3b5713b29137d3e0057d5257df75730ddcb1aa5369bd370ea50c171887c4e2b4f742fdcd0780ba3eea98bb63a2c27d8f605ea82f6abba45135b0d083511a5f84

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\nub.png.915A7888FA00CD21D5D4C74BF90FE3C4E15016E1963BDD34E330231FBA840072

Filesize
1008B

MD5
70603663c84679d9017f351d99d426c0

SHA1
0730e1fa7978bea19e7fc23cdbe7e8f1bc6485a2

SHA256
082439481c43018b6ee00c562a8273aaaec051138a6a10dbff856e63bc9bac71

SHA512
37d694d5e5ec3c215d723652aaf9f114d0527976ca1ce79e97fe1981c519e2ae19d8e1634c5f25591892394e113899918246647c1fe2aaf0971d4f556c3b5575

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\share_icons.png.915A7888FA00CD21D5D4C74BF90FE3C4E15016E1963BDD34E330231FBA840072

Filesize
1KB

MD5
24d4072b2fff408873359e9d07867783

SHA1
811871de5bfb37462793d1cd723f49f7e9068005

SHA256
eb5c0b3acf31b21f4b80b51b699c654237a7b1bfa18f760cbce3adc47e15e039

SHA512
706956b1a7f2fde3affbb741b1fb394e197a5dee301bef1f7f174c22b9e311b96be261b02d3001dcd836dcc3b90c70f4f8fd6af097a5efbef98085a67a883171

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\share_icons2x.png.915A7888FA00CD21D5D4C74BF90FE3C4E15016E1963BDD34E330231FBA840072

Filesize
2KB

MD5
43619abe01714b86209569326d73ac62

SHA1
1824d6ba12edb271325941811e7a773e65ee20ae

SHA256
17ecbb78a6c6e2a4c2195ca44eed1066a34c5da484cf764435cd3aa457e1e0c5

SHA512
8488e82fa91a9ea8bf3b556876831c5d1303a83a285f91fa65e0efb59a0eef3a131230137284262fec4bb238e05bea439d92f19d54c13173491cc5a7b05d191a

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\nl-nl\ui-strings.js.915A7888FA00CD21D5D4C74BF90FE3C4E15016E1963BDD34E330231FBA840072

Filesize
848B

MD5
e719dcc18d873ddc23f83302b211a8fb

SHA1
a216dc9b0ec690419a6e04bcd976c032ef3026a0

SHA256
6face3869bfd601517a61ac26f7a474e03a127100388d5e2d33d585da2ce4e95

SHA512
5bc30c5ca61aabca5e8701a7d00250bc7a436080d304497ff0b9207a905aa30d0ac635f3f581dc2569618a373df43ac948628f1bf0ae167f2054ab66fedb8c66

Download Submit
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_US_POSIX.txt.915A7888FA00CD21D5D4C74BF90FE3C4E15016E1963BDD34E330231FBA840072

Filesize
32KB

MD5
9f3c56279455bd719d4eecfc218f71cd

SHA1
7a82b3f71a8aa9408f261a090324be8e3aed57f9

SHA256
8030934b217ef97b8a62558af8d43a20c65f63a8f6ab6ca21d54ea6996b0cb9f

SHA512
0b0befcd165518f7867b14ed8a56124ab4f60f87091baa52d9b9110675858b4e724043a97dac69191a14ef28417dec6e2c7080124b782cc55f37524455e2cd38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6ff146e3107c095e59b937d50f5c0075

SHA1
59c8796c474b4fceb92738a571eaadb00303d813

SHA256
2fb5f89bb2ad5d109283461f0c21efa5dcf1c8c459378dfb7e898d015a29304f

SHA512
9675ce3a1421d936d6126db44cbb59d7f3ade471f063f6f5f82117e638352a4605bdaf0c7299b85ae96752a6a77a7280f7ee0b20bed89ee55510e649a42f6205

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
cd0e8690afb6cc94da2feb0e0443dc81

SHA1
ece9da10c445c54071e1224bb1dc25e8a15b089f

SHA256
14d81c4f4672dd9503f4d137a36a107f1b662cff748a1edb15b53aabcec2074e

SHA512
c04a5aa810668fc5549961c866e18ad6d3e7bc7cd252239713cc0dda77266267f008d3b452d4afb91695a2ff44c30eb727a8ffcbb38ce7e75085461f617ddf5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
62KB

MD5
c3c0eb5e044497577bec91b5970f6d30

SHA1
d833f81cf21f68d43ba64a6c28892945adc317a6

SHA256
eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb

SHA512
83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
67KB

MD5
88a552e6be1ac3978c49143983276b3a

SHA1
dbf4f4dc62a3da564b1a87b5191dc9a72a9b9423

SHA256
927121d8118a41fa3460b9ad84daeae59ea60dc9607e462b7e1341bea60da8d5

SHA512
125b13be3d209ff5cc12d8f9f12d01d271cd50c2800059241ebb419167c21adfa9d979ff6b8d88052f5d302e98090b7c8ceff4894b397168d8ba6d8a6204fb9a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
29KB

MD5
ecc66f2230357c37527a8b438d137940

SHA1
9f50933ca4610ef8a5e2ecf403e7bd1019b48afd

SHA256
7dffbd6247a1e87a4e47462e270c37a50e21c551972ff2f808837f4db5762182

SHA512
c688d7f38d71af3435bfc74c6b3d0e5e5d0bf81593b05630bb2d1b2b51752dab5a7b2f9464bc9341c1310bd5f556649c948af58f7230a16bb975f92c30897682

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
88KB

MD5
b38fbbd0b5c8e8b4452b33d6f85df7dc

SHA1
386ba241790252df01a6a028b3238de2f995a559

SHA256
b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd

SHA512
546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
1.1MB

MD5
553607a217f5690f25ca573eff560552

SHA1
2c43c80713cfb777ffa069117c78071b8037d2a0

SHA256
fc95537de8395307f9bbf48ed935102b27e443f3f5b981d3faac93ccf9231590

SHA512
43b9854b6087866ec7bd5b1490e7437ab724c6ae115ba2cfa3f76a5582978391f908a950ee6a137697a05987375403f8e8030f24455df4859af09dbe71bc9ef9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
33KB

MD5
3cd0f2f60ab620c7be0c2c3dbf2cda97

SHA1
47fad82bfa9a32d578c0c84aed2840c55bd27bfb

SHA256
29a3b99e23b07099e1d2a3c0b4cff458a2eba2519f4654c26cf22d03f149e36b

SHA512
ef6e3bbd7e03be8e514936bcb0b5a59b4cf4e677ad24d6d2dfca8c1ec95f134ae37f2042d8bf9a0e343b68bff98a0fd748503f35d5e9d42cdaa1dc283dec89fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
74KB

MD5
bc9faa8bb6aae687766b2db2e055a494

SHA1
34b2395d1b6908afcd60f92cdd8e7153939191e4

SHA256
4a725d21a3c98f0b9c5763b0a0796818d341579817af762448e1be522bc574ed

SHA512
621386935230595c3a00b9c53ea25daa78c2823d32085e22363dc438150f1cb6b3d50be5c58665886fac2286ae63bf1f62c8803cb38a0cac201c82ee2db975c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000038

Filesize
2.1MB

MD5
f571faca510bffe809c76c1828d44523

SHA1
7a3ca1660f0a513316b8cd5496ac7dbe82f0e0c2

SHA256
117d7af0deb40b3fe532bb6cbe374884fa55ed7cfe053fe698720cdccb5a59cb

SHA512
a08bca2fb1387cc70b737520d566c7117aa3fdb9a52f5dbb0bb7be44630da7977882d8c808cbee843c8a180777b4ac5819e8bafda6b2c883e380dc7fb5358a51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\53ac5abc87e80789_0

Filesize
2KB

MD5
8ffe59fe82f35e93e9af73cfa44dc932

SHA1
ed1a627114bddfb2479abf8b54769aa9ad834f19

SHA256
63c4c052b0d8de73e106b8fa816d163289f75a61d39798c08be698b9493f71ed

SHA512
c7d496e4aef8464644baf45ca475133894806511f181ff760161b67d348df117d0e71512c0147630953b91481facb6330cd4816236aec9ed7c2754fb03d5745d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\570b9373b56aa1df_0

Filesize
1KB

MD5
5427c610879e831e43b7425701e1b686

SHA1
a11ee0be6a6b9c07e637b64e70659ff3becc629b

SHA256
07eb306a50231a665d10f65610c93ae265a9defde8e2eb51363d3833ec35fb83

SHA512
8f23fad0416868d8578caec36597561ad0358dc7970a2134c092b8235f1fc24ef18c71f1050a0b099e3c819db5c178d9aab0a7d55b63f5cf2f707534e28a7019

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9412c8b664751f90_0

Filesize
1KB

MD5
3116771298f0394531049c75bf789046

SHA1
00123cd8c4acc92ac2029580a6df734853de959e

SHA256
0b142aa8fbbf2f8e097085b8c85e74d68a045e255ca716550bd683b69f521329

SHA512
fb8e90088dcad4299dcbccc0fe14fe1acd1455155728622dd7021d8611bfe52eaff9bb7403a38ba2b2a15030943a5f035d348a71b1c6af163a884df69195dd68

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a6591353e7e8bb2c_0

Filesize
3KB

MD5
05c3ded3f7d2f0a76d5acf48b7aabfa1

SHA1
0f85da136371355c65e582e27368437c20d38d32

SHA256
b4ef8bcedbe980456e986bdc0b6fbeec318d7948dad7efefaa4d72f00f263d24

SHA512
214f6efd59fe0d80f762687f117bc6c84705063fff34e3f115bdf2a46f126909fa6cf20b3b443bc10554cee654965a4935a5c1d7779c28f56a3f1b019ce7c290

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a9a5b2100abc1a1d_0

Filesize
6KB

MD5
0f542f9cfca4b4ffc638ec2f1dfad62f

SHA1
120958b62f94bb0fe5b6e9ba0e0d88a576bd1579

SHA256
80e4dba3e467b4807f3a61b2caae224a37ef7678a742b5f9e82a293e362e70e4

SHA512
44369deba556325b9bfd02ad9cc87fb186ba849775d906eaa39af696ae55618bf1ee98ed0b5ed6f8c1ba6121ea2bcea50d1fd7e432de299b460660a93d13af8b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
2134da37cc53b905231192cc48a9a9bb

SHA1
097619d9119962a4cf987193b0f56bc723264628

SHA256
e5be31e6bf31036ce87c714ed026d9f77b92735f57a25ee231131e6f40f59c27

SHA512
90cda40e05482cc09c197787a88a9b606dc6b8b31c2a9b53b6584667af0e8e6dda7f846f31c259c4ecad65d4d66c4343219339e7d3873095d1d2ef7aa319a319

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
21a9248d4892fe67337ea69ee73486ad

SHA1
c464bc21e699926326b16a30c9b3a54ae44e2d93

SHA256
6947fbf1f0e6908e100f75348c46ef5aa947110ba920d0f06f28e563e9fb69d6

SHA512
bdafc753fb3edcde4653050df9a9a8a316fe28e07aa1bbd31cdd9d3925d0522d56fc0c90a0ded66227640b61c5ba04083bff08c616f71afc609b457c064fbfd8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
39c27e61dc23f7b21322324b92869365

SHA1
7f6009d86e10de52ce2c38ac9c329af7299b2393

SHA256
181f8b8ecceaa0bcb2ae559d24f5b263cd3bad5667ea1a56dc08bd8fdbc52361

SHA512
65043cd010a837c612aa178352921ec6b7caa13c3b9ebbc57e8e889a4530c34da48101c09aae09e89ed05ab32313f2e2886fd15f5334b94482a7563a7a22d730

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
d3a15744bcdf2df3ef374a5714721715

SHA1
f80c0e782320ef969e53c7e4ec4dedacd2126aa4

SHA256
9ff965af59802341925d5a41487650ea7c293ecae3510eb909593e386ee4fb1b

SHA512
196b0361a8da75648af6e09adfbda23da67e2904326da0045a30aa479996ee0646874802a31a29bb16f049b0ca3469887cfeec8e82984568c863ba2cce054348

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
31a1e1fa4bea1fde4e61512a92071248

SHA1
74f971a6f3786becbdf1f670cf404a9da651c9ec

SHA256
647337040031e35c18a9570512d181883a1cefc365674f04269e2172f908f8bb

SHA512
f2b5f524d9e431afc397d2da72bf359ba69d4025f5e5b48d22837ec4933665955bfb1497641e6a89742e722a0b2ab32f2e49e1d96317e8ff8279e0dd250b4ba3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
0589587020b6305994b3eea3842d3b64

SHA1
0e9fdf914bab92112ed965f216212c1ac4bae303

SHA256
711bb0b2aa76fe2a786015ae62ebcfe0e99e8e3a516dfa77d3d8a3cf48743d9c

SHA512
508ba4029f3c035e41241394ea8d75f318d6121f9621b33ac6d14a610441e8fcea678fdc559ff71b6876750a7830862b4bab816f794a795def68c3f831211c58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3407b260117500ca11893c3dd19510cb

SHA1
8563c0ab8fabb63370cf034985fd7b30c02864c2

SHA256
82978c43de14fa18745210bfc6d43039da521a85a77e33c2e2e64937bfd97397

SHA512
00367636c36facd758aba0c9cbc6c4144b1eb092a5100780c4dd6fc11ac72b4812f0f0258bac895beb2f9c14950e38146a5cb89eb8c264056ac100c51208ed29

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d4ebec9495a1248bc20cdf0799e67008

SHA1
7310c2947ca8da180eef78c12986d384d2ce7648

SHA256
e920a80204d726821ed14a7f2c95da2e918a8d567995077a520b3f234f7db79e

SHA512
e77eafdaae390aef283cf8478714bd05c04b916dfcad970f0c6fb3a62d7dce82d112bd07be2117762db0b3d1360e5e21dd77e21abb4d8425f885fec6bfe0785f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
b5175f860e39567c275e3d8a026c503a

SHA1
bc078dfb261533d54d6ff2b6d6755d5dbff4e4f5

SHA256
734d8671c59cc7d1e8b4d8b7441057f24d2b698289edb735f1b6d287d1c1c90c

SHA512
873df58cccbc2381c973edeb27b9a4a5321bf98b5271bf8357a45400db41dd646685f5b857b906ef74e77f83c1c73f56cf5bd145d6803493178c80cee673e6a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
27c244823246bdf83ed14b1e82b5538e

SHA1
9f8c70b60ab84f30bdf7a35b6055fe314a1e37f7

SHA256
4fc7995d84ec7ea7e5e0e33edd2277fa5942a63502669c1b98cbc6ec547ef0f1

SHA512
17b92c0db3cac03b0e43dee74b413c6351161f8b46d5bc41ba91b5396ae9de8616bc53e3b071549d42b248d5c6c3f4f76c1e417987342b9f980ce9f200c18011

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
25KB

MD5
ee749e7f1e4889f30e18bcf8097ffcd5

SHA1
85630218fd3fccc00faaa4ad98595cbeefe0c026

SHA256
69279ff724bf5c30735b79d0ed740d89a9fae97514bf98924e258d6bd1b24c12

SHA512
60d13b2dda4d06b5150ccfa41b2b69eceaba6be608068546ac47cfe7e0a701736d097a5ef8b7614800b55efd273fe480f34f43d75e68e83573169b86e3a19284

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c1fefbe679e5da9998ba7f51ba45c5eb

SHA1
94de829fa1f34e7b6f8fc1e7b6df832ea2fc1602

SHA256
9e158c8441c9f625057a44a87988bbe42085c5fd412e332fb032887ef492657d

SHA512
4eca02545a1b66643a9256838d8a6bf2edc3c5f926f85cacd2afbd8f70faa5851683297f40e16b00ba9a4451a465e91166a928118e288a4f0625a64bf7b6d03d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
d60da7f00e05007383dcb668a626e223

SHA1
7f10ccaa9bea9113d4ec8e0a8d7b539fce6af887

SHA256
72e86a5ec5bd8764ae7a7fb94aa79f9eb9f0a7f9698808bb5d4f20ef070cee91

SHA512
40abc5b25ea9cc62ce12602ab2869ef638dfdffe402c9e40e26ae1109e04125f6e011fa509ebfb00343968fd1f9037809e7bafca20489bf81dae7e038621bafd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
d0eceffe7beb676b8773ea81677fa077

SHA1
bc0b8b7925815c45061d952cc485d810d285f350

SHA256
b2329dcb14a0b9e92b9f418edaad7f5ee79719eec0970e2886e6cfe2281a5485

SHA512
8cd620ee82010a7c114a70417a1a9e03b24f6a92f450c1a8b28fd65d29836db44783d532dccd7c783ca00be39bec3c9c8362189673f96a094db3797103bfea45

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
2f59599824bce3632c8bdcba2de1b5e7

SHA1
8cdc12e64cb2dd8d4d57705184fdb43ce8d4a6be

SHA256
b41b7d732647df8481c299c65413c3fbc41029b3fb6fcb98406877bb38daf8e4

SHA512
4ba74ad17eb4fa15a2e5d61f01de106164f2df930e2bd756d1d79685e0bcca47d6168472ab45cf09cfab87043f82470da28fad15e205d3da22a1aca80bf4fd69

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
536B

MD5
71557b7259234dd6b66c8efcccb4b23c

SHA1
e051afaf66050c53df5aabfcf31bd81015b0e279

SHA256
e4bdf5c244e2a21157ba929f3a6a45fc5f29d8febbe4714f99e59b2d5cd1fb53

SHA512
cf5b58f7a1b73057a61867e28ec4fda7cab4921a3005cf5eed498efd6abf208fbba05a64ca97fffe2853a3031a2893d67fe773d55e3926bda09be9bbd50321bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
41d6c0981d676a71e887efda65d9ff34

SHA1
07b75fc5eb5eb8bf18220b0e1fa56cfc15cbbb9c

SHA256
a867cc1609bbb817850b551ebdf8f583d401d9ebc8703ba46b9b90687914e521

SHA512
2b90c6845e375973cc8f2ae7ebfdc9c93cd69562c7b3dd42199ed51dac3d8e629a9df3f0505fedfcb84cf15c3d51cee75bf14f902ce3e5fa73bdeac6fc1b15de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
6c0b7a72ad19496d6e84dbb6942580ae

SHA1
6a2610abb4a41a4e22524f3f1cd8b7084c049c70

SHA256
6fc6c1405ca88284cb9a69e8eed79c90e5f24f02306bb7b0d75055eb840c7249

SHA512
6efc200e9b192932327dcfc6eb597eb381934718c21ef5b75ea8f08d10a7c311f329ce2571e5fd9c8393f113d34aebb22a391dffaf8dc020a241fd72715147d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
7a9eb71884ab8f91315cd42b0cdfc350

SHA1
7c8e5041f2e1a093905e8c7c5649f51c08f83ed0

SHA256
91e21a1ce8316a117484a6ddb2a22c6346feb5cd1edde587d7675ddbc8377da1

SHA512
815cf30378b335f55179f9299bbc840f4c74b0e2a5b4dcb21d65cf05c719cdbae3e13bbf0b44614c735d09defcb84c72d5154b16a2840507773197945804369f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
51d05b0297354b976a2a6d57efb6254b

SHA1
a5edc6ecc7da268e9b56430f8855df726d6abd67

SHA256
4ef9dba2ade79db95573e825fe9abd4878ae56a389e95fd0e7061a2d6706b5bf

SHA512
6ca09c1d7f00fad07ca2d69f9e95566251bd6b6bac9fb574b8cb8dac71c5882afd85498740365a61a915ad06593183737e0ee5ff73643f44e33b5dca721c651a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
fc671460773a2b164386a1062f248301

SHA1
f7dc48927f008859cc8c3c736ec80b338dbdc3ac

SHA256
909dc9e4a4243e10ec10dfde7aba4cbe6f04f6f473d927fe00c5a91d8ae96c99

SHA512
79bef59237452f8395c53826359a24b6dacaf3fe59eafe4001239a3f108a1de6d480be3b400f34f10305d9ea140f95f39b7303120146e77994cd71d6be0adf6e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
2fb8ab4d7c59074e17eea86fe87da951

SHA1
34cfcf41719805eb2456918596e8282fb92051f6

SHA256
fac03e8ce07589ab048d96f4a488f1ae6c9b68ca3391ff9842f474d1bd53a981

SHA512
61395239cd1c4ad9ca290afb88e3b7a1b0c385ca1423d78ac997bf2d5c6140675470f76a65ac240128e2179d84d6be235af03e9df53c686153a3f275844716a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
065c55a9848374ce390f91c1a08b44f5

SHA1
3f1f423b8edb5c5d1c610af54554e2288071832e

SHA256
f608b35ff46ae390ddc15d43100dfb42d2fb900a751ee7e26ee48fbe644b8f28

SHA512
ee3f24d8a259fb1a6d93c869176ff24151f809d5c0e375bb40fd07047c721e230de608989a8667890407e5cbf7d971b534b5a0d4aa23076899d8b376b2d46806

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
5d84d8319ff52cd63127b487f825b27f

SHA1
e356bfeec14605f63b7a1b92dc008378942ce824

SHA256
75eae1ecb06ff7ce72d76f3d8bbceb1a2c2014f805ca2c7672a2eff8a185faaa

SHA512
b602feb1e98c4a1129054c9f373fdc96b6ecfde87fe78bba438d9c8158408964230d6b47090228330572d11a04f798cf08a53dae5fc97a93e944d45098e91019

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
95333633632d63e049d8875b9a6e30bb

SHA1
6be63353d8fcfda87f026e3a5914a88182dd68b1

SHA256
afcc2e629368c87ba94acf5631444d51c6023cc83b3b829c24d81341019de1a0

SHA512
267400bca96b715571ddb5328c76cb1fbb78a1e2e0d5c51a314a396274d9c695ee5cd856fe72424fc209aa0d83cba1310fe37bc71ff4ec48ebd36cc2cd1929a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e1f1c9d1cabfa818a67d5524a9f2d0a8

SHA1
1774b541aa06001b96e53e69eeb46f6d258472a5

SHA256
95159c102993fa29e47403d4e116e3ece4906884bdae542b0a7da096c0658fbe

SHA512
779b6c33065c6ea469b018cdc76098f419321339db0acf3ae6d5750bfcc2652412a8782f5e95ca5a2463b0ba822908cc36e97002852c119330abd461d7113856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
88cfcf92aada7290843a1ebfe15da2e3

SHA1
2a4b497ae2a7bf4f3f878bfeb03b8126b6367c88

SHA256
79599ac880d8d1ee577b5aa6b68c352f9b20384a0f6950f87887ad61c3f2383e

SHA512
349cb237324712ca031fc697802d1172edb759297175cf90afa657846430b3adadb5574d3320bd48d455afaea7eb1dcaa42031bf07fd9aa90a4d9da11f9ad2ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5bd8b9.TMP

Filesize
368B

MD5
386dee6ed53d2047860243d60b0c092e

SHA1
40b0f01dd678f4309761b30069f441507531c08c

SHA256
5efa48407bdb63291ca9e38ef303e83b77a4d20593ceb86376d22c92f698c6d9

SHA512
36c54d3dc2249ee4554cbee6937aab5ea4f8d772b61d92abda7696a0be7cec561b62dbf2d988138879bc4e702d8701b2becd0b6a0065739f0372161b13b8f993

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
c5db700c331ac3bfb09cfba3ad175965

SHA1
b91bc9a64e4108b6a33fc7bc391095a65720b756

SHA256
a7e5483ed34b9e6ec9dfb429215173771fd80bf87943ba6180883f7d9f5c8fa2

SHA512
6b381629e2599035cead9bca43d413aa14b74534fbedd5dab8735f67b5b9bd8056420e3e9333e304dbfa82c621b0999152eba75e2514dc138e8c0e452717f2b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
8c605f220882b23494c96bebc0678a0a

SHA1
8eacde304e860716a96bdf004468b102402c2840

SHA256
aa7f75782a68bfb70202f4a0d8dfee17c89f023d13aba90deae81f5e140a343a

SHA512
cab7dc063f356ae7e48626dc8f200664592d2dc4bde9b0a471041c8caea7c27ea6685e3ee7a64c6bf6fd2f072e3c23d817d48a492f0b8a66b7f858ad4910ade2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
502a5a6cc5cb37b89bd15fbeddd9e766

SHA1
8f53db25753a54f152bf75b973fdb969c51f2b96

SHA256
9a5fc630f78882c5eb9162fcd49735f182dda933b632376611bef34adc489f08

SHA512
9e0d3e2e84046d8933abb17713ad02ce0d1bdd454776d2d5d201149b481efd5e60d7ab2a90d3dca133d98d88e05d536141ef55b35b9ee9c734a5d5998bed6929

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
08f5f00ea4f3e2b06909aa6bae67e794

SHA1
c751b7822089bc553e7c7c5bea0d6bb8c67986ba

SHA256
18e405cf45dd92da5a5b9a2288de568bfa3200bd56fb7ab863fed3836c72ab04

SHA512
4bc4b96a2160f0040a6b9d20fb92ed063768a1a023ad10a418ecec26412db254069bd664a67b378121c8c638d8d2a119bdfe65f0cc86296e00f066f6b95b47d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
ee13ec89e822bdeea71825350d3774c4

SHA1
745f371a4c81d4500796fe66fd84bb98c2447017

SHA256
6d0bb3a494f3e8b2d1b359401fd17f52ac4921b188b5edf1603d95c1e225b73c

SHA512
55932bcae8a26bc1e1f92e10a7faf98758b7096d9044cc0eaa74b9c106f1d3655c440b4a9f50a592bff03bf449eac3c5a5b7410e5b730501f5e8a6891b691ceb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
c7ad99da58bd70cbebb18ac3d564247b

SHA1
cbf0aa682e770d21fd6782219085dca10ba78c0a

SHA256
45143707747f9a96c7002557bce2dbae6375b71e3541bea18de729c476e282d3

SHA512
162fba0bb2c77a887a1f99847a61117a21de02bb75f2d62ee1d4161cfdf647ca5c1fb05b4aaf8407b0959a7c967f8e977576fc98d66f48fd3d8bad77634644b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
c71fab759124246ed808ae26ed6ec64c

SHA1
b3ab7aabf48276cf163dff846ba1bab589e85f9d

SHA256
3f52a77a47ebdafffe764641ca1cb7890d612ee5aa71e6ba24fda9ae986069bc

SHA512
1da3bcb5b07c8edf1f5160f2c7586c79fb125e41435a170d27e8ac9686a0e4f084626650e99529be48e95373ba3b9279b1524c3390b6b890c8c91f9610cc60a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
4e2eb58f49a193173ea84543a3dc0690

SHA1
f1f1af8998b93610d3242cae0a99cc60a66b6e65

SHA256
ed1d650ccf6bd94bb7feae5288ab6a6283933fe5744f7ff0f2c80a5da0d27f46

SHA512
a4e55536138e6e6649d3765aa715f2a0569215b0049d4d882cb0c669b6a3308a1af294873c73f91fa99ce30de2e982ee551983fcd6874d404f8b7894018d90a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
a5d96ba8ff78d866bd7979de2228849f

SHA1
0811a23576a4d21051d636fd0b5ef5d087dd6c15

SHA256
75683ec6d28c363de638f97b0b7b6d0a38ffd3e868679a4e33e24ff6022cf9b7

SHA512
683c294f98b0ddd25efa85a92c2c779e9746bf296219e2be558369ed315568d932d9acea32a17d62064da3ab93240ce3df9deb50ba54268bf44e3dbe39da92ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
8e2b119770c7908ce4bfda543bde63c4

SHA1
70f86dcad37134988cad840fb983501c487c3796

SHA256
60ee3cced90da43a25b4aaaed93aed3635c0795cdb11c0b29c38fcb8bc80fdf5

SHA512
9fc27c4de53d9254d6c8cb3aa7c3956650a673e3c7e983b69830af2a02fefcfbf4ebeb9c5567e854ed33a9f90333938d4b2580051df2c44d2280d83869688311

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
d2a4cc4b7e4de0d371da069e31997e86

SHA1
fd7ba07f41375583086e33033dc322740b4340ba

SHA256
bc2afa7f1daaaa8b9e45f0950d11b9a18d797f471d2bd0adc9c765f5673a4a96

SHA512
4fd616c4f54b07e0e57dd929323c1ce40f8546399dad6235d3f1abd3e39da478683cd0fefe49bc8200af1e10fa10a350300f95d2a4a860da90b24d3394d4077e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
cc1f198b5ce6c9c5c901c1f180e2eed3

SHA1
087f56e9192a65578accb508f9bd473ac56aaf5a

SHA256
74637b5313b84032bcb17e58626993c297661d8096f71ec1c3f4daad51e35aee

SHA512
a173322bb8084ed0d793ebe54790d3957b97f77e9bb6c56913c0bc6b78212f4d608699c38c53f9bfce7c7bff714f0c639fb1c24d1699d2a41209ad150332545f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\sxl3jpn4.default-release\cache2\doomed\7787

Filesize
8KB

MD5
23872ab35b69a35aece8183184bea803

SHA1
e9d49326428c0db903fbdb7085f06c6af68b91a3

SHA256
6c97fcad22a5c2cb014ac2bb440edbd0391297f42422c3a9c7cc4770d654f4b1

SHA512
0a60867477130a5add67c34293609a398a45c46d3c33afd0558b8e8ca2d17c36dc422b049e2aab86695c28105fd06a6872232d2099e01acc22d1a32312072c12

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\sxl3jpn4.default-release\cache2\entries\3E3D54C94B0CE5FCE30D871AD2708F2C6738D8AE

Filesize
57KB

MD5
fe6dc06d7c886a2d8d52b8005d73e813

SHA1
31891261747b7820b725e35b4f55b52cd420fa46

SHA256
c6c3304a9cbd0e17d1ec2078aa59696019a4d6f895c83a68d3205605978c6144

SHA512
a9dd6343f31970856f8be298be72a5bf19f9537c7609d658f60c8620d2a48d485f7e737c3ee690a970a8b236428a8061137f8a647189a9f32689004fafc838b0

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\sxl3jpn4.default-release\cache2\entries\4DA9C528416A77B90E10C4E946B9623AB3D72891

Filesize
203KB

MD5
3a3948d851ae4a17af50e3b565049897

SHA1
207f1745e905bcbbfdd7f4f852d115d0ce775a4a

SHA256
e3c3f87d1d7a40183cbf28df98efb11def164edd64fa45a1682d8d1575e541d9

SHA512
6ca8e5f13426c4a66d15d7ccff82e5389e050faad42c730c15fb49bc367d0e50fab0ec2f371e38459a7637faeb9f36c5d5a03c839470bc9148e16b556a9c3265

Download Submit
C:\Users\Admin\AppData\Local\Temp\AV.EXE

Filesize
1.1MB

MD5
f284568010505119f479617a2e7dc189

SHA1
e23707625cce0035e3c1d2255af1ed326583a1ea

SHA256
26c8f13ea8dc17443a9fa005610537cb6700aebaf748e747e9278d504e416eb1

SHA512
ebe96e667dfde547c5a450b97cd7534b977f4073c7f4cbc123a0e00baaefeb3be725c1cafbfb5bb040b3359267954cd1b4e2094ef71fc273732016ee822064bf

Download Submit
C:\Users\Admin\AppData\Local\Temp\AV2.EXE

Filesize
368KB

MD5
014578edb7da99e5ba8dd84f5d26dfd5

SHA1
df56d701165a480e925a153856cbc3ab799c5a04

SHA256
4ce5e8b510895abb204f97e883d8cbaacc29ccef0844d9ae81f8666f234b0529

SHA512
bd5159af96d83fc7528956c5b1bd6f93847db18faa0680c6041f87bbebef5e3ba2de1f185d77ff28b8d7d78ec4f7bd54f48b37a16da39f43314ef022b4a36068

Download Submit
C:\Users\Admin\AppData\Local\Temp\DB.EXE

Filesize
243KB

MD5
c6746a62feafcb4fca301f606f7101fa

SHA1
e09cd1382f9ceec027083b40e35f5f3d184e485f

SHA256
b5a255d0454853c8afc0b321e1d86dca22c3dbefb88e5d385d2d72f9bc0109e6

SHA512
ee5dfa08c86bf1524666f0851c729970dbf0b397db9595a2bae01516299344edb68123e976592a83e492f2982fafe8d350ba2d41368eb4ecf4e6fe12af8f5642

Download Submit
C:\Users\Admin\AppData\Local\Temp\EN.EXE

Filesize
6KB

MD5
621f2279f69686e8547e476b642b6c46

SHA1
66f486cd566f86ab16015fe74f50d4515decce88

SHA256
c17a18cf2c243303b8a6688aad83b3e6e9b727fcd89f69065785ef7f1a2a3e38

SHA512
068402b02f1056b722f21b0a354b038f094d02e4a066b332553cd6b36e3640e8f35aa0499a2b057c566718c3593d3cea6bbabd961e04f0a001fd45d8be8e1c4e

Download Submit
C:\Users\Admin\AppData\Local\Temp\GB.EXE

Filesize
149KB

MD5
fe731b4c6684d643eb5b55613ef9ed31

SHA1
cfafe2a14f5413278304920154eb467f7c103c80

SHA256
e7953daad7a68f8634ded31a21a31f0c2aa394ca9232e2f980321f7b69176496

SHA512
f7756d69138df6d3b0ffa47bdf274e5fd8aab4fff9d68abe403728c8497ac58e0f3d28d41710de715f57b7a2b5daa2dd7e04450f19c6d013a08f543bd6fc9c2e

Download Submit
C:\Users\Admin\AppData\Local\Temp\SB.EXE

Filesize
224KB

MD5
9252e1be9776af202d6ad5c093637022

SHA1
6cc686d837cd633d9c2e8bc1eaba5fc364bf71d8

SHA256
ce822ff86e584f15b6abd14c61453bd3b481d4ec3fdeb961787fceb52acd8bd6

SHA512
98b1b3ce4d16d36f738478c6cf41e8f4a57d3a5ecfa8999d45592f79a469d8af8554bf4d5db34cb79cec71ce103f4fde1b41bd3cce30714f803e432e53da71ea

Download Submit
C:\Users\Admin\AppData\Local\Temp\gcapi.dll

Filesize
385KB

MD5
1ce7d5a1566c8c449d0f6772a8c27900

SHA1
60854185f6338e1bfc7497fd41aa44c5c00d8f85

SHA256
73170761d6776c0debacfbbc61b6988cb8270a20174bf5c049768a264bb8ffaf

SHA512
7e3411be8614170ae91db1626c452997dc6db663d79130872a124af982ee1d457cefba00abd7f5269adce3052403be31238aecc3934c7379d224cb792d519753

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace

Filesize
8KB

MD5
497a41f4873500f9b0c412edb704a149

SHA1
746c3ab0b1f1909e3aa4c0626ef7140e81ca61ec

SHA256
4d270dc77b8a60d76783763b95821beab59885817ac66ded88bca1f9d972d265

SHA512
38df996f986218414329c223472f3d4ae9e2377762206c0aa28742c8f84d0b62a49c4069d078a91ed0526bc0db5b13bf4a344f728484167a1f09344a99d8cf86

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace

Filesize
9KB

MD5
89e15ff8f22ffcc6e1a667b6fbb113ec

SHA1
7511e317d2bbd2fe40453c11fbb7acb7f5d94ab8

SHA256
685ba845948ab433e0842b7dbc6c85c323c8b497c88fe70ae9ff8a8568c51eb9

SHA512
692227312cb08634f277a02fffb0df543386cff0a9e651af518d6e015c60099de5fe9adc70aeed11ff4f2a2a11de8375f33e9a4e809ae7a3c38d59b33df6f555

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace

Filesize
41KB

MD5
4a29e6514cb8aa2e57e3c32c62748f0f

SHA1
6f7bfea48d2d2cde1342888d8c4e9799ba5b1760

SHA256
78ef1557541bd45e17af4c1caec2323a6bcb56f5093f34dbbb75d13213b2abc4

SHA512
758c57564364eb17aec8d99e9eab61a30d8dddf8640c4c8407044d520d583b0161534baf9d232c4a793d28b38027255c08ee37a6e0f52f8e010d6960cef52664

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\service.conf

Filesize
2KB

MD5
98efcd351add89b6d654a5cb59791a68

SHA1
e74dac2e800bef557052f94581afdbb5d02cf3d3

SHA256
fd24c4aa87f40970304c9ac3b5f825a403cf06ca59ae18cc6ce0e13067c3806a

SHA512
a2e5b52d38654a61585828b63bf7b8fd2bb06d71a9345e7790143d41dd3faf4debc57c846c618b452493d06ac5bb8e04530ca4e431bccb5b48179e575019b3cd

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\service.conf

Filesize
2KB

MD5
26f541dad2b8144330cfb797dc7067f4

SHA1
3c5d1254b2a274b0d876cece702cfdb1f4882e5f

SHA256
d78758b9e3f7bae8358fa52b8544638db2f9bafa2f511ddcee887faa7ed53ed0

SHA512
d1f605fd6b6f8642934bbb5827d65d909913e84704a50c70ea7710ff0dd3a9573dc24b83c6a69b4f6aaadecb49e18289fd1a17f0f56a4e72ad3c52813b20eec5

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
681B

MD5
4c02c98d4e9639a5c484e00c8d54dab9

SHA1
503c73af918a636d8b5ed3b13620e47757755ead

SHA256
6989c8d33d5d1cf875a144767b19e14b5b3ce1c59b975fd940368af415eaf853

SHA512
e03bbaa413bd8db69b0973eeb69d671b4280d827d96bfc3c7108a565a852132ca17827e9228d8dca3f43efc45fbd2bcbd2fb10f3a871648fb0e36c1816f2b9bd

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
802B

MD5
b892eecafe9e5b2214a9af8f5b810c85

SHA1
4ddc71d36bd147af5e946d72f66191dad47b1f39

SHA256
c239d129f357ad0d3b7be69ac8a7cc6736c15658c8bbb18fbe005cf3989d94d4

SHA512
6270434e8c710ce60055dc5dd42b7418b63a5524c4d0dc6e85b98f5780f47780f4af3643f3195d3c5fdd7c71b6cac2a846cd4f8c79d5ffd2256e033c77c28a43

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
312B

MD5
0c04ad1083dc5c7c45e3ee2cd344ae38

SHA1
f1cf190f8ca93000e56d49732e9e827e2554c46f

SHA256
6452273c017db7cbe0ffc5b109bbf3f8d3282fb91bfa3c5eabc4fb8f1fc98cb0

SHA512
6c414b39bbc1f1f08446c6c6da6f6e1ceb9303bbf183ae279c872d91641ea8d67ec5e5c4e0824da3837eca73ec29fe70e92b72c09458c8ce50fa6f08791d1492

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
424B

MD5
67ebd3a8cb2eafb793d3d621c2c65c39

SHA1
417658629622ff1dc173bda8dfbecd03060f374d

SHA256
821dfff369a9ef34caa152bed6655a0f893b3abcb4ff402a30540e07b26360b0

SHA512
8cedad08377375f5015cfd566b74ef34d66b5775da023a19964f54a5b65069c13232fe5e73dab1e40453f2de5f7f5df91e8bcb5938b72cc890483d588444d64f

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
424B

MD5
d3f1d2d228eeadc62cffec88e284eda2

SHA1
9ac7a07420b8839d7c3dcb0674048bf74a31f98b

SHA256
49772393ae2e72e8ed79785d9063d55fe4b095f2803ac08d5e2194205a8ce7ef

SHA512
eb67d0474166e2ad087d202af49a375b3efaae47fb1a78968ae99f9d3258b2180c0ece96431827b92b81219ef926365099b3233fb35132e684e2221e6c87bd83

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
2KB

MD5
28463d6d79f2e9ddd32c64f5628231fc

SHA1
0107d4f1178a0d45f1b2ffb52a4b43875bfdd1bd

SHA256
7ca4987469e9905bdbe2047fd140489a05bf52dc72f7176c6fa3e4e92ef77c72

SHA512
82864555d152589a9882e6be26c6bf71b5b675e5dc0614372d74e3ae6f492c9897276f3ef96df40d85a49282f5603a3ff64da954145395d76b66e734e980d3ae

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
3KB

MD5
a9272643bef70a3b74a8fb4de71d2d45

SHA1
f5f7d0654a677952fc69c9c54af1fc2ef8292c72

SHA256
919ffccb14ff8af286d2a2c367074a5551bb095ffa8f410b1aac32209f8cba85

SHA512
57e106dc64f3e8aaa40560ecdb15077472e2da6c1fda2b7732a981cc50c977f2a5ac80fbf11b6115cfdca4f7bfe62b259bdd938b4f73ac66436603175940bbab

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
df6090588e90f77e9dda1ffa24ba2e3f

SHA1
3fa429ff9378cb8727fb18c7f3e9bfa891dd9dcd

SHA256
4a526cfd66a8dd4b20a634b3af515232567cc59fd7f9913e3ccd9257b39bbd35

SHA512
eb8645368f6bc69ca4ddb210cd5cc292a8de6d4970fac687e8bbc83a7e0a37acf55dd3879540bb288712331cd68664472f28bb5120c6d7deafa4d71899f4295f

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
637e0e4fd5b20ec4bea038b99e213a9b

SHA1
3779b3d3329735f401d95761ee039e3a086eb6e8

SHA256
0fcd65f36d9d96fda4359bbc60a5abf9bccbf9e0a263a1bd1354ed9b79e82ad7

SHA512
46a336248eebbac077c35ff90286fef05d86446940098757d66d008286a584f336414a019321335a3d2b7afaaacbe23e0e70b25d61a5376539991cd031e101c1

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
4294990c71757ac6b0adf5ee9c250ce6

SHA1
d7601ad1ad0ebd63145d336686e7aa079406eee7

SHA256
208fda3e7e06b50e2eb70fec8710a17f91627324cef63366f150c86d07e8dc9b

SHA512
033d4d324553d83d333307b1e64cdbe82cfa8b7d8bb72bd96780b0ef0af7c455724cbbed4926f6dd896011baf656689d598949dc7087ea9e6fafbf18684e909e

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
fd1f00c20bce869bfc816951aaecdedf

SHA1
0f3c2a4568eb6917e049dd12cc08aed4ee794a5d

SHA256
e8497d35b072c8e5b4ebe34b95448459317451d49ccadecdf92ea75838fe2b18

SHA512
477a9f389b9722b11ef9bceaabb66196a99013a7105831fac50ac8cbe22cad2eae7b35940e721b8fc5cce01d1aa12542e79e664234a7c74d9f54219f29cefb8a

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
7KB

MD5
bcc3a1ecb7baff528fe317d3c5e8a374

SHA1
6a3903b3414935b564e37a2a12cad6a3352217c3

SHA256
2bebe61586e1e178cf60098254d7bb7df3de7caa232efec4816e35394d2236cd

SHA512
07904533c08d304132c7b53514e7faf8b93be67f5d57638f4dc2bc5663c53ba48e787b4ed58056314eecd1209111e6281e1c10fe50d40bd34b9b6473a847dd9e

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
7KB

MD5
93da99f13e21ddc805eabeea900c961c

SHA1
32281456460a5e2549a84b4df46c842453fbf220

SHA256
2bfaa302269357387ac084d15e1ed0c1c573ac0f0247e9259cec25919ed4dae3

SHA512
814e4ec7b948e27c19c8abb6dced74e2d4da57f5e5cd964873772c12eb39a4bc29d00a8661b49f601a89fa38ae1db1edb7e1546546e9cbfa5fdaa0f103819fd5

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
7KB

MD5
80e6b63f00ba79a93a9ccb03d1982630

SHA1
5803c745b3eda5716b07adb26f0f2c464c9201a6

SHA256
f66ca383781f3e54f4306ae61c98279c1ce3bb9f05adcdc1f23601387af688a3

SHA512
db0f7303486b0510dca4bc79103bf530a26cdca37558fd8c5121be19b07e1096c5d6dcf81378fe3d03ef4a40ad42c43a29d0acf319037a1d69dd8463b6602cde

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
7KB

MD5
2bf13ab568305d80624332879eaae5b4

SHA1
a24d1e009ad62f29cd267c43e4e7b50eddc19caf

SHA256
0dde8203341bd1eaf53ec5a4bdbcc773efafe88f0912d9b8a3578f3281d79dc5

SHA512
9d9927975152794c19ba0d9556ce5e124fb911220069d139b6fd76b81cacf44eee04fb49c6111d883bd7d8b9cdf1ef9334dcf62e9878bfa6dc44eeffcaf7b9f8

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
8KB

MD5
f3eaa1022580b750bb5c814b6456a708

SHA1
a18be1cee39e7d1f87b4bb30f5709d909be8bbc6

SHA256
28d45eb26a7261ff6e01d73faef833b49c37f52be546819b494a55fb04bf33a1

SHA512
0de3158f9ae8e93c5c05d0f4a83224b0b53ca3d9b49c5286da96c927524926b8f86c694af44dcfbc1bbd90ed1ed84a72199f5ccbe06d5f2e9f9f3f1a071235cc

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
781778041830d2cddece28f9e20eb857

SHA1
3f633d9c2f8589de96bda8a61a867b3f3ee7c958

SHA256
7ff61f65e46d262b5ae9d19ef5c9f4d299fe1437ffd059435092f277731c4149

SHA512
cb0d59f056f32f2a22a6a07df692abc89b634fc8b5263a6ba9ce34bc19d4a7e309745b7a24796fb455ce2dfcee3c853ff47aeaceff0ad2260d874d0df5fd1cb8

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
cf7f3bb966545d2a4d53489f3261524b

SHA1
fe1af730e2e5cfaea9afe9a5db861894b07db97b

SHA256
ecf6988fd2c01abce6660b2c85362fa9bcebb0d818f1997bc45bbd65f2e8d3cb

SHA512
326560975c88872738c42c2be99335495618bf7222dcbc910129aa05d9c4e21cbae40f4852b5ecee9a805ad5f51829e93f6570db7c5cf22be4fe1b66464b6e11

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
20KB

MD5
13ce572010ff3ade9a2e38bfadf377e8

SHA1
3a98876d82958ca3bc4d8d10ab7e5aa9b9d13b4d

SHA256
18fcd12d06cdc183bc958198982e5c1c7f7a86598b74508fb16ebadb458beca7

SHA512
f3156734e0f1b8dae5b63baf86634dd6aaedf121a63de24547a6b4e4c0e46c8961ceed0a8399668afeba575b19c4e442577703583f343278bc054efe9e5883a1

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
21KB

MD5
9721f0add5a066329fdde25ff9bffc23

SHA1
4ae9f4a5a6522c89efd4fba2d582d9834faf6e4e

SHA256
f7262ac0377c4c1dac0f8f59310d9ff42fb7f44ef1339717fe9cdc151d09393b

SHA512
50ec37aeb32cf33afd5875540d0547f1c44aa429f232770c019c978761fbbb425bb1fc3d8865519451d74b58038fb6e3d6bc9ade32204091638aa78a476d7f31

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sxl3jpn4.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
34de419898f320ca1522ac91df99dfbc

SHA1
0af936a40be501a452a1a8e361ef5775f9732e1b

SHA256
de9e6307b61e62c538ba34db262114b7e80372afd68e5c7c0809d871fa6289fa

SHA512
9b9f919446f00dd97a560ba1a0a18634a5d8334afc38eebc160ab6f365679d9057f59555cadac2b2f058553a3112ecd592b097c9344836e4d8614f33929d2b99

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sxl3jpn4.default-release\datareporting\glean\pending_pings\9b329f5e-a5c2-4613-aa2c-715d01ed0294

Filesize
746B

MD5
0e8d891b747b4c9388fd533ac396c7c8

SHA1
8080bb543ffcc74e7277ca05a997121a8e725120

SHA256
8b76f253305441a9f2a681a18c3bb22bd4c24b17c2c20c2b4bb87bc219df1219

SHA512
00192f139dc6b08cdb317fc15eda76147560b8d1467b0137b0cd74b945a5822164bd6af2a3ff389f3581af2442ebac754e2d46884ffea6878ab1a7af8ebe6d1f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sxl3jpn4.default-release\datareporting\glean\pending_pings\9bd72a1d-fe9d-4c23-84cf-4acda16ebb29

Filesize
11KB

MD5
b8c1188cd1f534a85c62daaf514730cc

SHA1
d0422c8063651310e598d4d6c4c8823c63bedf56

SHA256
5847ef6e8f9628d7c518426a37b41f6919a3ff6fc678ee7e09dee3b7b0440b06

SHA512
9ab4a02619222963a5979c4260250c10c7a992617099765b7460d94e04c1f1666844a09c4e120202c5bfbfe739e934665036dc1432e242e6290d2ff09318af96

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sxl3jpn4.default-release\prefs-1.js

Filesize
6KB

MD5
9ae095071f35cc1d10ccef74338409f2

SHA1
4de6059d26b6ab06a785f6b9d0eba4dbc5aa45d9

SHA256
48b4acd1800a1e04b83d37d47908384dface53b6e081a9e49d005069e5472de0

SHA512
f50726d3c017d519518646e44ba9ed8b8bc5ccb6f863ecabf3807525841e4ea3c7286a08fbe5d64c1ba05a84485bdd209f1e5bb354a407cf76faf92c8492089b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sxl3jpn4.default-release\prefs-1.js

Filesize
6KB

MD5
fb20eab264c83365b2846405183e14d9

SHA1
1f840336ea07a0c16a402f433860d668817ed2ba

SHA256
46748b970fc52473472c0e4d04f42f0680b77598c9d8585b5eb5d8cbccb06f48

SHA512
2b8f6e1fff03d0889a3f8feb9383e6c3078a0653467a1b5c8339fee5e880cc376069a781d92c8f19f79b68d467edeb0b32dc13d7912a7271487d9d1a501ee7c2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sxl3jpn4.default-release\prefs.js

Filesize
6KB

MD5
0b8fff22ba20e51848c434507a638565

SHA1
f97187fac450c0bb70214f88acbf81997b29d46e

SHA256
7d700f7f011e9f6835054678985c403981f6dcbee8aeba47877dcfe45391da2e

SHA512
30e698a72ef5da974fb2aedf604e5abb546669a4896b7c97014abd97ec5899653ee43f699ca4de24897ea93969ba647206a37c455ce738428f011ff021b63f52

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sxl3jpn4.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
2bfa1472e272c027761f50a0d9e55a47

SHA1
816c80f4b34ce55a8a423d123f64a34639985251

SHA256
4d2f1e1277740e85711b2e84bb9c3dd7221531f014bf7f7e54f27dc0565cd069

SHA512
aad69fd1f4b0e606c30defe8cd5ee377561c5a425d0730317e31ecbe805cf67c326de00d3204d2c4bc9ec5924c6afd6ca89d9cdd570e603c2adf4616bd3075f8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sxl3jpn4.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
5KB

MD5
4f03f0c162123a66ee70d4d773067860

SHA1
725f1511bb4b8a38935a5ee3ec4cb858c93fd083

SHA256
ccbd352f17ac98c844848586fa68d677f9af58a506cfc9adb9c902d8a90091be

SHA512
e23d3d8d0dce95fb9d2727941e1a6dd718970c12585eb1f32b564802a73cc3da7b5b5f233f0f1fa26d33f6f9e00703ddf8a395bcb4ec022e69219671198b6511

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sxl3jpn4.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
1e4208217644a9ce817cd52f43a40e3d

SHA1
72abb971c77b69859eb0d248849753f5e1446bac

SHA256
83391a86c69cd0d2b29fe7a4de80c45292782ed5f7d81e238c10c806799556e9

SHA512
ee2a4791dc7275311e414fec175870e08c7d8c6e23cbf4ff00c58de0495a6d97a578dfc2bb5b59500f7eef05e0f317abf73436314d6ddd81ac71fda6bf78e6e9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sxl3jpn4.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
10KB

MD5
9deec313ac8c6528ef6780869e11e93b

SHA1
29158f35ab66c6b7583e9e84fa937230bea4a59d

SHA256
7e2bdd98096acb874219a82099f4d2105f953f6f2220fcec881d0730a9721d34

SHA512
19005547c1efaff5ed803b6aa50a9355148fd215ef6852040bab3d87e963db99322665ee225a3cac83337647266e6158bd304ed44b9daa922349f94c76ef496f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sxl3jpn4.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
5KB

MD5
38039acc77a9505b58cca662cfe641b0

SHA1
0c39ae93d3931f3220f4404a0447ddb5b809b649

SHA256
7f19babbfa66da6ef8b25d2f2f92719dd88907d7a502e8ca438034fd6a7b19ea

SHA512
06b983baacd316fda408a27c45bd95629113318da17fe1fac5f4347dc08e2f67afe2cb606f6529da72961e0f16f1a3e3f8b135f4b1ca891f881897f5f86848d5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sxl3jpn4.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
14KB

MD5
5dded0e33b5038a4e7212699a099002e

SHA1
903e9c2d4ac1af4fc61b75e8f1962b1931bd4ab2

SHA256
8c3caf75aa03e35cd7dc9e973e41498abddf33d534e2ecf4e98ecb49dbe10133

SHA512
0e3b2eea6a9e278a9f8d562eb37e898e6abdda0d30d18d43d504b17c93287e3cc32cef31300f1b47e8a11398c2156bb70e9c20b69b61909fb3c9796959991b8c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sxl3jpn4.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
8KB

MD5
d07ee6b5e5c2c9fe2d6f90e4214ad835

SHA1
da0bd8c24c46e61b73cad9c3a0799e3eed418b86

SHA256
421c2c43739f8ce7395672e8690ae3b6cbf761dd7666aa73446a10e734da4f8e

SHA512
400aba59af812c00275177ec2688a422d0c436491245b57f971b29e35065aa3d971dee11e98c69d9cf9c284d7ff51e94beb54b75e0987c0444b3ddd75f9dbf0e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sxl3jpn4.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
14KB

MD5
ed40815145aae21ff2a6fa3ef4b36922

SHA1
9a9ab9a79ce4237f6d4680b5784b03cf9d2a12c8

SHA256
eada661868c57bc9d0c55b7f66eb9a5394e37d401a23b09548791f914977a9e5

SHA512
5ed8cb8de407ef1b13953537ea89f0427d448d44bd56ebb410805757c0203e2ba81226f5581a4918f1d418c9170bec0f410a8902b3da064e4814afd86e91a1f9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sxl3jpn4.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
14KB

MD5
b1558a6857e4ae218e52b0bef9294584

SHA1
5bbbdd77d62d284cfe926efe79e90c975d67eb3c

SHA256
7cc03344cef2061be7e4baaee9b3d738b47caaa565683823035061af66809c61

SHA512
d3ffb9196c9f9d6fa2ae921218f2d7265b14ba20f60cc9df47628701e31c643823e976fe72b974bf5c6518a7550a8daaa80b2be07c07d46541f278ababd27c96

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sxl3jpn4.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
15KB

MD5
c481ff25e37ce471bea344ca6379d7a8

SHA1
a0823c5243011a980d96f78295587fa4dd1c09b8

SHA256
9136f735cdeb19a5137484ea1fbe6453580c84e898feff65185b2d2c9d26fef0

SHA512
f6afe1d1e849638a564defe8a371185d2438bfab80adde680c3407180be513ffb5ebc590e484f1f3c3eb235dd24bb4f856aa50aea904c8d147364145066047a5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sxl3jpn4.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
14KB

MD5
dc7d8f539ce43ebd3a0852e09077d73c

SHA1
580ce196061b0064b5ab7def70b3e8620fb968af

SHA256
d33b3b6c00bd31dae3cd2c9c02f7456c79122e8c9562e06237cb7808babd2cac

SHA512
81e3cbb28cde88ae106d2b4678fca0808630ae4594727f6d8a6720e898567063b015f8a616bad7129b623354a6cfbc4cbc4bce158b0b60bb1f7a5158583757a8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sxl3jpn4.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
15KB

MD5
201f49abbd217ac4d548e2150bacc0b1

SHA1
442eb72800c8be62546321b15a249092e5a45776

SHA256
ebfb391d4d7d7e22b25746ecf6bd534c59fe1442b386f779c55da3769bfba9ce

SHA512
5d55f23a84910c9d000535cfc1ff29b86f6e11a12c535ff3b6652cff096c4b0d05412f51a1b3a28d7220a0df004cac61ae4b49ba8194dc112461d3fd2b95fa9e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sxl3jpn4.default-release\storage\default\https+++www.pornhub.com\cache\morgue\11\{9fd1ea04-89cd-4276-989c-d476ea75c30b}.final

Filesize
456B

MD5
4849126d62348e96de9f534891ee372c

SHA1
04208116ad7cb0edcb2c7c754042554104172d10

SHA256
92930e52c17a5e42a09f648d090ba0e48384fe2b6f4f6b3e3fc70bd8a0e6ac5d

SHA512
bd7769637a8707a21027e442faf6911019a2c731bff17fc11b9da0b74490162ea4eba2fca41942a7c114cc75ab1941f208c1fcc789bdc0a594b5ed269f6e6f25

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sxl3jpn4.default-release\storage\default\https+++www.pornhub.com\cache\morgue\131\{20551f27-98c3-4565-9479-ddf54f002383}.final

Filesize
1KB

MD5
932479fe19d996a5e8f139bf51085149

SHA1
da374dfebb658802ee62fc8ec320c3442fc93192

SHA256
c57de29d8406c0e2534d96c4c23199b127d8ee9bb86dce5230bf8157894b4f84

SHA512
ddbc216c01474d8ccc4f73fc78d228e68600b2bc148cdf3b7d12108b9fbdce3f2c91fdddce4841e669b1a2a609a8fae927e2a551efd11877e6513f7849edc05a

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 152677.crdownload

Filesize
211KB

MD5
b805db8f6a84475ef76b795b0d1ed6ae

SHA1
7711cb4873e58b7adcf2a2b047b090e78d10c75b

SHA256
f5d002bfe80b48386a6c99c41528931b7f5df736cd34094463c3f85dde0180bf

SHA512
62a2c329b43d186c4c602c5f63efc8d2657aa956f21184334263e4f6d0204d7c31f86bda6e85e65e3b99b891c1630d805b70997731c174f6081ecc367ccf9416

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 409012.crdownload:SmartScreen

Filesize
7B

MD5
4047530ecbc0170039e76fe1657bdb01

SHA1
32db7d5e662ebccdd1d71de285f907e3a1c68ac5

SHA256
82254025d1b98d60044d3aeb7c56eed7c61c07c3e30534d6e05dab9d6c326750

SHA512
8f002af3f4ed2b3dfb4ed8273318d160152da50ee4842c9f5d9915f50a3e643952494699c4258e6af993dc6e1695d0dc3db6d23f4d93c26b0bc6a20f4b4f336e

Download Submit
C:\Users\Admin\Downloads\metrofax.doc

Filesize
221KB

MD5
28e855032f83adbd2d8499af6d2d0e22

SHA1
6b590325e2e465d9762fa5d1877846667268558a

SHA256
b13b29772c29ccb412d6ab360ff38525836fcf0f65be637a7945a83a446dfd5e

SHA512
e401cbd41e044ff7d557f57960d50fb821244eaa97ce1218191d58e0935f6c069e6a0ff4788ed91ead279f36ba4eddfaa08dc3de01082c41dc9c2fc3c4b0ae34

Download Submit
C:\Users\Admin\Downloads\tsa.crt

Filesize
1010B

MD5
6e630504be525e953debd0ce831b9aa0

SHA1
edfa47b3edf98af94954b5b0850286a324608503

SHA256
2563fe2f793f119a1bae5cca6eab9d8c20409aa1f1e0db341c623e1251244ef5

SHA512
bbcf285309a4d5605e19513c77ef077a4c451cbef04e3cbdfec6d15cc157a9800a7ff6f70964b0452ddb939ff50766e887904eda06a9999fdedf5b2e8776ebd2

Download Submit
C:\Users\Adminxplore.exe

Filesize
89B

MD5
2bd83f0dd1740fff26d071dcdd59af56

SHA1
221e9e64a79255053a9e4da65957a7bdd6bc045b

SHA256
70a676e21716581858de2753ea5eec8befe6741ed299216f65a13c3853805c05

SHA512
fe632b63b8b850cc83f0eb2a114de60693ec0dd8b62fe8f0938b42526557889f48357da0ca3bb06bed1ad68562280023a69b54d93cff8b7266bb8ebb63ac903c

Download Submit
memory/1752-303-0x0000000006200000-0x0000000006201000-memory.dmp

Filesize
4KB

Download
memory/1752-304-0x0000000006210000-0x0000000006211000-memory.dmp

Filesize
4KB

Download
memory/1752-768-0x0000000000DB0000-0x00000000024E7000-memory.dmp

Filesize
23.2MB

Download
memory/1752-283-0x0000000000DB0000-0x00000000024E7000-memory.dmp

Filesize
23.2MB

Download
memory/1752-286-0x0000000002880000-0x0000000002881000-memory.dmp

Filesize
4KB

Download
memory/1752-292-0x0000000006070000-0x0000000006071000-memory.dmp

Filesize
4KB

Download
memory/1752-294-0x0000000006140000-0x0000000006141000-memory.dmp

Filesize
4KB

Download
memory/1752-293-0x00000000060B0000-0x00000000060B1000-memory.dmp

Filesize
4KB

Download
memory/1752-295-0x0000000006150000-0x0000000006151000-memory.dmp

Filesize
4KB

Download
memory/1752-296-0x0000000006170000-0x0000000006171000-memory.dmp

Filesize
4KB

Download
memory/1752-305-0x0000000006220000-0x0000000006221000-memory.dmp

Filesize
4KB

Download
memory/1752-387-0x0000000008580000-0x0000000008581000-memory.dmp

Filesize
4KB

Download
memory/1752-382-0x0000000000DB0000-0x00000000024E7000-memory.dmp

Filesize
23.2MB

Download
memory/1752-301-0x00000000061E0000-0x00000000061E1000-memory.dmp

Filesize
4KB

Download
memory/1752-378-0x0000000000DB0000-0x00000000024E7000-memory.dmp

Filesize
23.2MB

Download
memory/1752-377-0x0000000008D40000-0x0000000008D41000-memory.dmp

Filesize
4KB

Download
memory/1752-302-0x00000000061F0000-0x00000000061F1000-memory.dmp

Filesize
4KB

Download
memory/1752-374-0x00000000085A0000-0x00000000085A1000-memory.dmp

Filesize
4KB

Download
memory/1752-373-0x0000000008590000-0x0000000008591000-memory.dmp

Filesize
4KB

Download
memory/1752-353-0x0000000000DB0000-0x00000000024E7000-memory.dmp

Filesize
23.2MB

Download
memory/1752-299-0x00000000061C0000-0x00000000061C1000-memory.dmp

Filesize
4KB

Download
memory/1752-390-0x0000000000DB0000-0x00000000024E7000-memory.dmp

Filesize
23.2MB

Download
memory/1752-328-0x0000000008590000-0x0000000008591000-memory.dmp

Filesize
4KB

Download
memory/1752-326-0x0000000000DB0000-0x00000000024E7000-memory.dmp

Filesize
23.2MB

Download
memory/1752-298-0x0000000006190000-0x0000000006191000-memory.dmp

Filesize
4KB

Download
memory/1752-297-0x0000000006180000-0x0000000006181000-memory.dmp

Filesize
4KB

Download
memory/1752-320-0x00000000085D0000-0x00000000085D1000-memory.dmp

Filesize
4KB

Download
memory/1752-300-0x00000000061D0000-0x00000000061D1000-memory.dmp

Filesize
4KB

Download
memory/1752-314-0x0000000006090000-0x0000000006091000-memory.dmp

Filesize
4KB

Download
memory/1752-315-0x00000000061B0000-0x00000000061B1000-memory.dmp

Filesize
4KB

Download
memory/1752-313-0x00000000062A0000-0x00000000062A1000-memory.dmp

Filesize
4KB

Download
memory/1752-312-0x0000000006290000-0x0000000006291000-memory.dmp

Filesize
4KB

Download
memory/1752-311-0x0000000006280000-0x0000000006281000-memory.dmp

Filesize
4KB

Download
memory/1752-310-0x0000000006270000-0x0000000006271000-memory.dmp

Filesize
4KB

Download
memory/1752-309-0x0000000006260000-0x0000000006261000-memory.dmp

Filesize
4KB

Download
memory/1752-307-0x0000000006240000-0x0000000006241000-memory.dmp

Filesize
4KB

Download
memory/1752-308-0x0000000006250000-0x0000000006251000-memory.dmp

Filesize
4KB

Download
memory/1752-306-0x0000000006230000-0x0000000006231000-memory.dmp

Filesize
4KB

Download
memory/1848-2543-0x0000000004B30000-0x0000000004BCC000-memory.dmp

Filesize
624KB

Download
memory/1848-2545-0x0000000004C80000-0x0000000004D12000-memory.dmp

Filesize
584KB

Download
memory/1848-2547-0x0000000004EA0000-0x0000000004EB0000-memory.dmp

Filesize
64KB

Download
memory/1848-2546-0x0000000072140000-0x00000000728F1000-memory.dmp

Filesize
7.7MB

Download
memory/1848-6349-0x0000000004EA0000-0x0000000004EB0000-memory.dmp

Filesize
64KB

Download
memory/1848-2548-0x0000000004C10000-0x0000000004C1A000-memory.dmp

Filesize
40KB

Download
memory/1848-6329-0x0000000072140000-0x00000000728F1000-memory.dmp

Filesize
7.7MB

Download
memory/1848-2544-0x0000000005230000-0x00000000057D6000-memory.dmp

Filesize
5.6MB

Download
memory/1848-2542-0x00000000000A0000-0x00000000000DC000-memory.dmp

Filesize
240KB

Download
memory/1848-2549-0x0000000004F10000-0x0000000004F66000-memory.dmp

Filesize
344KB

Download
memory/2284-6-0x0000000002A90000-0x0000000002A91000-memory.dmp

Filesize
4KB

Download
memory/2284-81-0x0000000000DB0000-0x00000000024E7000-memory.dmp

Filesize
23.2MB

Download
memory/2284-257-0x0000000000DB0000-0x00000000024E7000-memory.dmp

Filesize
23.2MB

Download
memory/2284-0-0x0000000000DB0000-0x00000000024E7000-memory.dmp

Filesize
23.2MB

Download
memory/2284-258-0x0000000007BA0000-0x0000000007BA1000-memory.dmp

Filesize
4KB

Download
memory/2284-1-0x0000000000DB0000-0x00000000024E7000-memory.dmp

Filesize
23.2MB

Download
memory/2284-23-0x00000000063A0000-0x00000000063A1000-memory.dmp

Filesize
4KB

Download
memory/2284-316-0x0000000000DB0000-0x00000000024E7000-memory.dmp

Filesize
23.2MB

Download
memory/2284-259-0x0000000007B90000-0x0000000007B91000-memory.dmp

Filesize
4KB

Download
memory/2284-88-0x00000000081A0000-0x00000000081A1000-memory.dmp

Filesize
4KB

Download
memory/2284-22-0x0000000006390000-0x0000000006391000-memory.dmp

Filesize
4KB

Download
memory/2284-99-0x0000000007A60000-0x0000000007A61000-memory.dmp

Filesize
4KB

Download
memory/2284-262-0x0000000000DB0000-0x00000000024E7000-memory.dmp

Filesize
23.2MB

Download
memory/2284-254-0x0000000007A70000-0x0000000007A71000-memory.dmp

Filesize
4KB

Download
memory/2984-6587-0x0000000000400000-0x0000000000445000-memory.dmp

Filesize
276KB

Download
memory/2984-6606-0x0000000000790000-0x00000000007C1000-memory.dmp

Filesize
196KB

Download
memory/3328-352-0x0000000000DB0000-0x00000000024E7000-memory.dmp

Filesize
23.2MB

Download
memory/3328-325-0x0000000000DB0000-0x00000000024E7000-memory.dmp

Filesize
23.2MB

Download
memory/3328-389-0x0000000000DB0000-0x00000000024E7000-memory.dmp

Filesize
23.2MB

Download
memory/3328-256-0x0000000000DB0000-0x00000000024E7000-memory.dmp

Filesize
23.2MB

Download
memory/3328-31-0x0000000000DB0000-0x00000000024E7000-memory.dmp

Filesize
23.2MB

Download
memory/3328-12-0x0000000000DB0000-0x00000000024E7000-memory.dmp

Filesize
23.2MB

Download
memory/3328-32-0x0000000000C40000-0x0000000000C41000-memory.dmp

Filesize
4KB

Download
memory/4676-33-0x0000000004500000-0x0000000004501000-memory.dmp

Filesize
4KB

Download
memory/4676-738-0x0000000000DB0000-0x00000000024E7000-memory.dmp

Filesize
23.2MB

Download
memory/4676-324-0x0000000000DB0000-0x00000000024E7000-memory.dmp

Filesize
23.2MB

Download
memory/4676-598-0x0000000000DB0000-0x00000000024E7000-memory.dmp

Filesize
23.2MB

Download
memory/4676-255-0x0000000000DB0000-0x00000000024E7000-memory.dmp

Filesize
23.2MB

Download
memory/4676-375-0x0000000000DB0000-0x00000000024E7000-memory.dmp

Filesize
23.2MB

Download
memory/4676-380-0x0000000000DB0000-0x00000000024E7000-memory.dmp

Filesize
23.2MB

Download
memory/4676-21-0x0000000000DB0000-0x00000000024E7000-memory.dmp

Filesize
23.2MB

Download
memory/4676-351-0x0000000000DB0000-0x00000000024E7000-memory.dmp

Filesize
23.2MB

Download
memory/4676-388-0x0000000000DB0000-0x00000000024E7000-memory.dmp

Filesize
23.2MB

Download
memory/7452-6327-0x0000000005260000-0x0000000005270000-memory.dmp

Filesize
64KB

Download
memory/7452-5316-0x0000000072140000-0x00000000728F1000-memory.dmp

Filesize
7.7MB

Download
memory/7452-5317-0x0000000005260000-0x0000000005270000-memory.dmp

Filesize
64KB

Download
memory/7452-6295-0x00000000062F0000-0x0000000006356000-memory.dmp

Filesize
408KB

Download
memory/7452-6456-0x0000000072140000-0x00000000728F1000-memory.dmp

Filesize
7.7MB

Download
memory/8932-6620-0x000000006E470000-0x000000006EA21000-memory.dmp

Filesize
5.7MB

Download
memory/8932-6604-0x000000006E470000-0x000000006EA21000-memory.dmp

Filesize
5.7MB

Download
memory/9048-6621-0x0000000000400000-0x0000000000464000-memory.dmp

Filesize
400KB

Download