ploutus | hxxps://mega[.]nz/file/46VWRYjA#dlF1KwNPbcK3zVHghOuMRHrI7GPR348IwX5kRynL-mM

Analysis

max time kernel
1036s
max time network
1008s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
20-02-2024 17:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://mega.nz/file/46VWRYjA#dlF1KwNPbcK3zVHghOuMRHrI7GPR348IwX5kRynL-mM

Score

10^/10

ploutus atm backdoor discovery evasion trojan

Malware Config

Signatures

Detected Ploutus loader 2 IoCs

Processes:

resource	yara_rule
C:\Users\Admin\Downloads\Unconfirmed 124181.crdownload	family_ploutus
C:\Users\Admin\Desktop\LANC Remastered (lancremasteredpcps.com)\LANC Remastered.exe	family_ploutus

Ploutus
Ploutus is an ATM malware written in C#.
backdoor atm ploutus

Disables RegEdit via registry modification 1 IoCs

evasion

Processes:

Ferrum1.0 (1).exe

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-21-2398549320-3657759451-817663969-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1"	Ferrum1.0 (1).exe

Disables Task Manager via registry modification
evasion
Downloads MZ/PE file

Drops file in Drivers directory 6 IoCs

Processes:

NPFInstall.exeInstaller.exe

description	ioc	process
File created	C:\Windows\system32\DRIVERS\SET92FD.tmp	NPFInstall.exe
File opened for modification	C:\Windows\system32\DRIVERS\npcap.sys	NPFInstall.exe
File opened for modification	C:\Windows\system32\DRIVERS\SET66EC.tmp	Installer.exe
File created	C:\Windows\system32\DRIVERS\SET66EC.tmp	Installer.exe
File opened for modification	C:\Windows\system32\DRIVERS\Win10Pcap.sys	Installer.exe
File opened for modification	C:\Windows\system32\DRIVERS\SET92FD.tmp	NPFInstall.exe

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

tor-browser-windows-x86_64-portable-13.0.10.exefirefox.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-2398549320-3657759451-817663969-1000\Control Panel\International\Geo\Nation	tor-browser-windows-x86_64-portable-13.0.10.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2398549320-3657759451-817663969-1000\Control Panel\International\Geo\Nation	firefox.exe

Executes dropped EXE 30 IoCs

Processes:

LANC v2.exeLANC v2.exeLANC v2.exeLANC Remastered.exePCPS (1).exePCPS (1).exeNDP452-KB2901907-x86-x64-AllOS-ENU.exeSetup.exenpcap-0.9994.exeInstaller.exeInstaller.exeNPFInstall.exeNPFInstall.exeNPFInstall.exeNPFInstall.exePCPS.exetor-browser-windows-x86_64-portable-13.0.10.exefirefox.exefirefox.exefirefox.exefirefox.exefirefox.exetor.exefirefox.exefirefox.exefirefox.exefirefox.exefirefox.exefirefox.exeFerrum1.0 (1).exe

pid	process
4208	LANC v2.exe
3476	LANC v2.exe
908	LANC v2.exe
4316	LANC Remastered.exe
4912	PCPS (1).exe
412	PCPS (1).exe
5084	NDP452-KB2901907-x86-x64-AllOS-ENU.exe
4668	Setup.exe
4308	npcap-0.9994.exe
4880	Installer.exe
2244	Installer.exe
1164	NPFInstall.exe
3128	NPFInstall.exe
1240	NPFInstall.exe
2920	NPFInstall.exe
4688	PCPS.exe
3148	tor-browser-windows-x86_64-portable-13.0.10.exe
5392	firefox.exe
5996	firefox.exe
956	firefox.exe
6136	firefox.exe
5028	firefox.exe
2084	tor.exe
5560	firefox.exe
3972	firefox.exe
2540	firefox.exe
3864	firefox.exe
4188	firefox.exe
4192	firefox.exe
5576	Ferrum1.0 (1).exe

Loads dropped DLL 64 IoCs

Processes:

LANC v2.exeLANC v2.exeLANC Remastered.exePCPS (1).exePCPS (1).exeSetup.exeMsiExec.exenpcap-0.9994.exePCPS.exetor-browser-windows-x86_64-portable-13.0.10.exefirefox.exefirefox.exefirefox.exe

pid	process
4208	LANC v2.exe
4208	LANC v2.exe
4208	LANC v2.exe
3476	LANC v2.exe
3476	LANC v2.exe
3476	LANC v2.exe
4316	LANC Remastered.exe
4316	LANC Remastered.exe
4316	LANC Remastered.exe
4316	LANC Remastered.exe
4316	LANC Remastered.exe
4912	PCPS (1).exe
4912	PCPS (1).exe
4912	PCPS (1).exe
412	PCPS (1).exe
412	PCPS (1).exe
412	PCPS (1).exe
4668	Setup.exe
4668	Setup.exe
4668	Setup.exe
4668	Setup.exe
4668	Setup.exe
3936	MsiExec.exe
4308	npcap-0.9994.exe
4308	npcap-0.9994.exe
4308	npcap-0.9994.exe
4308	npcap-0.9994.exe
4308	npcap-0.9994.exe
4308	npcap-0.9994.exe
4308	npcap-0.9994.exe
4308	npcap-0.9994.exe
4308	npcap-0.9994.exe
4308	npcap-0.9994.exe
4308	npcap-0.9994.exe
4308	npcap-0.9994.exe
4308	npcap-0.9994.exe
4308	npcap-0.9994.exe
4308	npcap-0.9994.exe
4308	npcap-0.9994.exe
4308	npcap-0.9994.exe
4308	npcap-0.9994.exe
4308	npcap-0.9994.exe
4308	npcap-0.9994.exe
4308	npcap-0.9994.exe
4308	npcap-0.9994.exe
4308	npcap-0.9994.exe
4688	PCPS.exe
4688	PCPS.exe
4688	PCPS.exe
4688	PCPS.exe
4688	PCPS.exe
3148	tor-browser-windows-x86_64-portable-13.0.10.exe
3148	tor-browser-windows-x86_64-portable-13.0.10.exe
3148	tor-browser-windows-x86_64-portable-13.0.10.exe
5392	firefox.exe
5996	firefox.exe
956	firefox.exe
5996	firefox.exe
5996	firefox.exe
5996	firefox.exe
5996	firefox.exe
5996	firefox.exe
5996	firefox.exe
956	firefox.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Checks whether UAC is enabled 1 TTPs 1 IoCs
evasion trojan

System Information Discovery
T1082

Processes:

firefox.exe

description ioc process

Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA firefox.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	firefox.exe

Enumerates connected drives 3 TTPs 46 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

msiexec.exemsiexec.exe

description	ioc	process
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service
T1102

Processes:

flow ioc

801 raw.githubusercontent.com
802 raw.githubusercontent.com

flow	ioc
801	raw.githubusercontent.com
802	raw.githubusercontent.com

Drops file in System32 directory 64 IoCs

Processes:

NPFInstall.exeNPFInstall.exenpcap-0.9994.exeInstaller.exeDrvInst.exeDrvInst.exeInstaller.exe

description	ioc	process
File created	C:\Windows\System32\DriverStore\FileRepository\c_netservice.inf_amd64_9ab9cf10857f7349\c_netservice.PNF	NPFInstall.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{90c53866-5eb0-ea41-a6be-414f05a45e7a}	NPFInstall.exe
File created	C:\Windows\SysWOW64\Npcap\wpcap.dll	npcap-0.9994.exe
File created	C:\Windows\system32\Npcap\NpcapHelper.exe	npcap-0.9994.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netip6.inf_amd64_f29ffcd2b14f21f5\netip6.PNF	Installer.exe
File created	C:\Windows\SysWOW64\Npcap\Packet.dll	npcap-0.9994.exe
File opened for modification	C:\Windows\system32\Packet.dll	npcap-0.9994.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{7daef008-e6a1-2e48-80f4-5ba113bc0f49}\SET906E.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{90c53866-5eb0-ea41-a6be-414f05a45e7a}\Win10Pcap.sys	NPFInstall.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\win10pcap.inf_amd64_8b58282ea1bec642\Win10Pcap.sys	NPFInstall.exe
File created	C:\Windows\System32\DriverStore\FileRepository\rspndr.inf_amd64_4e80c2bb5314f071\rspndr.PNF	Installer.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{90c53866-5eb0-ea41-a6be-414f05a45e7a}\Win10Pcap.cat	NPFInstall.exe
File created	C:\Windows\System32\DriverStore\FileRepository\wnetvsc_vfpp.inf_amd64_9ce6f68c11eede58\wnetvsc_vfpp.PNF	Installer.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netbrdg.inf_amd64_8a737d38f201aeb1\netbrdg.PNF	NPFInstall.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{90c53866-5eb0-ea41-a6be-414f05a45e7a}\SET61CC.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\FileRepository\nettcpip.inf_amd64_96215b82eaa40fd5\nettcpip.PNF	Installer.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{7daef008-e6a1-2e48-80f4-5ba113bc0f49}\npcap.sys	DrvInst.exe
File created	C:\Windows\System32\DriverStore\drvstore.tmp	DrvInst.exe
File created	C:\Windows\SysWOW64\Packet.dll	Installer.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{90c53866-5eb0-ea41-a6be-414f05a45e7a}\Win10Pcap.inf	DrvInst.exe
File opened for modification	C:\Windows\System32\CatRoot2\dberr.txt	NPFInstall.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netserv.inf_amd64_73adce5afe861093\netserv.PNF	NPFInstall.exe
File created	C:\Windows\System32\DriverStore\FileRepository\wfpcapture.inf_amd64_54cf91ab0e4c9ac2\wfpcapture.PNF	NPFInstall.exe
File opened for modification	C:\Windows\system32\wpcap.dll	npcap-0.9994.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\npcap.inf_amd64_47a1d461362892df\npcap.sys	DrvInst.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netvwififlt.inf_amd64_c5e19aab2305f37f\netvwififlt.PNF	NPFInstall.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{7daef008-e6a1-2e48-80f4-5ba113bc0f49}\NPCAP.inf	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{7daef008-e6a1-2e48-80f4-5ba113bc0f49}	DrvInst.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netpgm.inf_amd64_e099e4a7092b374c\netpgm.PNF	Installer.exe
File created	C:\Windows\system32\Npcap\Packet.dll	npcap-0.9994.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{7daef008-e6a1-2e48-80f4-5ba113bc0f49}\npcap.cat	DrvInst.exe
File created	C:\Windows\system32\Packet.dll	Installer.exe
File created	C:\Windows\SysWOW64\wpcap.dll	Installer.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{90c53866-5eb0-ea41-a6be-414f05a45e7a}\SET61BC.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_nettrans.inf_amd64_b6d30279f382fa4b\c_nettrans.PNF	Installer.exe
File created	C:\Windows\SysWOW64\WlanHelper.exe	npcap-0.9994.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\npcap.inf_amd64_47a1d461362892df\NPCAP.inf	DrvInst.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netpacer.inf_amd64_7d294c7fa012d315\netpacer.PNF	NPFInstall.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netnwifi.inf_amd64_a2bfd066656fe297\netnwifi.PNF	NPFInstall.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{90c53866-5eb0-ea41-a6be-414f05a45e7a}\Win10Pcap.inf	NPFInstall.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netlldp.inf_amd64_fbd4bbbad72f0e6b\netlldp.PNF	Installer.exe
File created	C:\Windows\System32\DriverStore\FileRepository\lltdio.inf_amd64_4faf5a37ebdbec2b\lltdio.PNF	Installer.exe
File created	C:\Windows\system32\NpcapHelper.exe	npcap-0.9994.exe
File created	C:\Windows\System32\DriverStore\Temp\{90c53866-5eb0-ea41-a6be-414f05a45e7a}\SET61CD.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netrast.inf_amd64_935f1046c28ea0dc\netrast.PNF	Installer.exe
File created	C:\Windows\System32\DriverStore\FileRepository\ndisimplatform.inf_amd64_b6b644565437983a\ndisimplatform.PNF	Installer.exe
File created	C:\Windows\System32\DriverStore\drvstore.tmp	NPFInstall.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netirda.inf_amd64_186702cd081cddb0\netirda.PNF	Installer.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{7daef008-e6a1-2e48-80f4-5ba113bc0f49}\SET906F.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\CatRoot2\dberr.txt	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{90c53866-5eb0-ea41-a6be-414f05a45e7a}\Win10Pcap.cat	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{90c53866-5eb0-ea41-a6be-414f05a45e7a}\SET61CD.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{90c53866-5eb0-ea41-a6be-414f05a45e7a}\Win10Pcap.sys	DrvInst.exe
File created	C:\Windows\SysWOW64\Npcap\WlanHelper.exe	npcap-0.9994.exe
File created	C:\Windows\System32\DriverStore\Temp\{7daef008-e6a1-2e48-80f4-5ba113bc0f49}\SET906D.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netnb.inf_amd64_0dc913ad00b14824\netnb.PNF	NPFInstall.exe
File opened for modification	C:\Windows\SysWOW64\Packet.dll	Installer.exe
File created	C:\Windows\System32\DriverStore\FileRepository\win10pcap.inf_amd64_8b58282ea1bec642\win10pcap.PNF	Installer.exe
File created	C:\Windows\SysWOW64\NpcapHelper.exe	npcap-0.9994.exe
File created	C:\Windows\System32\DriverStore\Temp\{7daef008-e6a1-2e48-80f4-5ba113bc0f49}\SET906F.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\npcap.inf_amd64_47a1d461362892df\npcap.cat	DrvInst.exe
File created	C:\Windows\System32\DriverStore\FileRepository\npcap.inf_amd64_47a1d461362892df\npcap.PNF	NPFInstall.exe
File created	C:\Windows\System32\DriverStore\Temp\{90c53866-5eb0-ea41-a6be-414f05a45e7a}\SET61BC.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\win10pcap.inf_amd64_8b58282ea1bec642\Win10Pcap.cat	NPFInstall.exe

Drops file in Program Files directory 34 IoCs

Processes:

npcap-0.9994.exemsiexec.exeNPFInstall.exeNPFInstall.exeNPFInstall.exeNPFInstall.exe

description	ioc	process
File created	C:\Program Files\Npcap\LICENSE	npcap-0.9994.exe
File created	C:\Program Files\Npcap\FixInstall.bat	npcap-0.9994.exe
File created	C:\Program Files\Npcap\CheckStatus.bat	npcap-0.9994.exe
File created	C:\Program Files (x86)\Win10Pcap\Win32\drivers\win78\Win10Pcap.sys	msiexec.exe
File created	C:\Program Files (x86)\Win10Pcap\x64\Packet.dll	msiexec.exe
File created	C:\Program Files\Npcap\npcap_wfp.inf	npcap-0.9994.exe
File created	C:\Program Files (x86)\Win10Pcap\Win32\drivers\win78\Win10Pcap.inf	msiexec.exe
File created	C:\Program Files (x86)\Win10Pcap\x64\wpcap.dll	msiexec.exe
File created	C:\Program Files\Npcap\npcap.sys	npcap-0.9994.exe
File created	C:\Program Files\Npcap\npcap.inf	npcap-0.9994.exe
File created	C:\Program Files (x86)\Win10Pcap\x64\drivers\win78\Win10Pcap.inf	msiexec.exe
File opened for modification	C:\Program Files\Npcap\NPFInstall.log	NPFInstall.exe
File created	C:\Program Files\Npcap\DiagReport.bat	npcap-0.9994.exe
File created	C:\Program Files (x86)\Win10Pcap\Win32\drivers\win78\Win10Pcap.cat	msiexec.exe
File created	C:\Program Files (x86)\Win10Pcap\Win32\Packet.dll	msiexec.exe
File created	C:\Program Files (x86)\Win10Pcap\x64\drivers\win78\Win10Pcap.sys	msiexec.exe
File created	C:\Program Files (x86)\Win10Pcap\Win32\wpcap.dll	msiexec.exe
File created	C:\Program Files (x86)\Win10Pcap\x64\drivers\win10\Win10Pcap.inf	msiexec.exe
File created	C:\Program Files\Npcap\DiagReport.ps1	npcap-0.9994.exe
File created	C:\Program Files\Npcap\npcap.cat	npcap-0.9994.exe
File opened for modification	C:\Program Files\Npcap\NPFInstall.log	NPFInstall.exe
File created	C:\Program Files (x86)\Win10Pcap\Win32\Installer.exe	msiexec.exe
File created	C:\Program Files (x86)\Win10Pcap\x64\drivers\win10\Win10Pcap.sys	msiexec.exe
File created	C:\Program Files (x86)\Win10Pcap\x64\drivers\win78\Win10Pcap.cat	msiexec.exe
File created	C:\Program Files\Npcap\NPFInstall.exe	npcap-0.9994.exe
File opened for modification	C:\Program Files\Npcap\install.log	npcap-0.9994.exe
File created	C:\Program Files (x86)\Win10Pcap\Win32\drivers\win10\Win10Pcap.inf	msiexec.exe
File created	C:\Program Files (x86)\Win10Pcap\x64\drivers\win10\Win10Pcap.cat	msiexec.exe
File created	C:\Program Files (x86)\Win10Pcap\x64\Installer.exe	msiexec.exe
File created	C:\Program Files\Npcap\Uninstall.exe	npcap-0.9994.exe
File opened for modification	C:\Program Files\Npcap\NPFInstall.log	NPFInstall.exe
File opened for modification	C:\Program Files\Npcap\NPFInstall.log	NPFInstall.exe
File created	C:\Program Files (x86)\Win10Pcap\Win32\drivers\win10\Win10Pcap.cat	msiexec.exe
File created	C:\Program Files (x86)\Win10Pcap\Win32\drivers\win10\Win10Pcap.sys	msiexec.exe

Drops file in Windows directory 22 IoCs

Processes:

NPFInstall.exeNPFInstall.exeDrvInst.exemsiexec.exeInstaller.exesvchost.exeDrvInst.exe

description	ioc	process
File created	C:\Windows\INF\oem4.PNF	NPFInstall.exe
File created	C:\Windows\inf\oem3.inf	NPFInstall.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	DrvInst.exe
File opened for modification	C:\Windows\Installer\MSI5CF9.tmp	msiexec.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	Installer.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	NPFInstall.exe
File opened for modification	C:\Windows\inf\oem3.inf	NPFInstall.exe
File created	C:\Windows\INF\oem3.PNF	Installer.exe
File created	C:\Windows\Installer\e605b07.msi	msiexec.exe
File created	C:\Windows\Installer\inprogressinstallinfo.ipi	msiexec.exe
File created	C:\Windows\Installer\SourceHash{B5B58F8A-1984-4F3E-B400-235A6E005002}	msiexec.exe
File created	C:\Windows\Installer\{B5B58F8A-1984-4F3E-B400-235A6E005002}\Setup.exe	msiexec.exe
File created	C:\Windows\inf\oem4.inf	DrvInst.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	svchost.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	DrvInst.exe
File opened for modification	C:\Windows\Installer\{B5B58F8A-1984-4F3E-B400-235A6E005002}\Setup.exe	msiexec.exe
File created	C:\Windows\Installer\e605b05.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	NPFInstall.exe
File opened for modification	C:\Windows\inf\oem4.inf	DrvInst.exe
File opened for modification	C:\Windows\Installer\e605b05.msi	msiexec.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	msiexec.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 6 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
1424	4208	WerFault.exe	LANC v2.exe
3016	3476	WerFault.exe	LANC v2.exe
1784	908	WerFault.exe	LANC v2.exe
5060	4316	WerFault.exe	LANC Remastered.exe
4412	4912	WerFault.exe	PCPS (1).exe
2076	412	WerFault.exe	PCPS (1).exe

NSIS installer 2 IoCs

installer

Processes:

resource	yara_rule
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000b8	nsis_installer_1
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000b8	nsis_installer_2

Checks SCSI registry key(s) 3 TTPs 64 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

svchost.exeNPFInstall.exeInstaller.exeDrvInst.exeNPFInstall.exevssvc.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Phantom	NPFInstall.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\CompatibleIDs	NPFInstall.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\	Installer.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\CompatibleIDs	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Phantom	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001	NPFInstall.exe
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters	vssvc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A	NPFInstall.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A	NPFInstall.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom	NPFInstall.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001	Installer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A	Installer.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\	Installer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters	vssvc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\CompatibleIDs	NPFInstall.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	NPFInstall.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000	Installer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A	Installer.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\HardwareID	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A	NPFInstall.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs	NPFInstall.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A	Installer.exe
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 00000000040000006c2b12180e4adb550000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff0000000027010100000800006c2b12180000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3a000000ffffffff0000000007000100006809006c2b1218000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000000005000000ffffffff000000000700010000f87f1d6c2b1218000000000000f0ff3a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000006c2b121800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vssvc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002	NPFInstall.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\	NPFInstall.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000	NPFInstall.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Phantom	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002	NPFInstall.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A	Installer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002	Installer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A	NPFInstall.exe
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr	vssvc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID	NPFInstall.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	Installer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\ConfigFlags	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\	NPFInstall.exe
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vssvc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs	NPFInstall.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Phantom	NPFInstall.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	NPFInstall.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000	NPFInstall.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom	NPFInstall.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\	Installer.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\	Installer.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\	NPFInstall.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\	NPFInstall.exe

Checks processor information in registry 2 TTPs 14 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

firefox.exefirefox.exeSetup.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	Setup.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Setup.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Creates scheduled task(s) 1 TTPs 1 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
persistence

Scheduled Task/Job
T1053

Processes:

SCHTASKS.EXE

pid process

3840 SCHTASKS.EXE

pid	process
3840	SCHTASKS.EXE

Enumerates system info in registry 2 TTPs 12 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exemsedge.exemsedge.exemsedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 64 IoCs

Processes:

NPFInstall.exeDrvInst.exemsiexec.exe

description	ioc	process
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs	NPFInstall.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\23\52C64B7E\@%SystemRoot%\System32\ci.dll,-100 = "Isolated User Mode (IUM)"	DrvInst.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\23\52C64B7E\@%SystemRoot%\System32\wuaueng.dll,-400 = "Windows Update"	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	NPFInstall.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates	NPFInstall.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates	NPFInstall.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates	NPFInstall.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs	NPFInstall.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates	NPFInstall.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs	NPFInstall.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	NPFInstall.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	NPFInstall.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates	NPFInstall.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs	NPFInstall.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs	NPFInstall.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	NPFInstall.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs	NPFInstall.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	NPFInstall.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs	NPFInstall.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs	NPFInstall.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot	NPFInstall.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	NPFInstall.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs	NPFInstall.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs	NPFInstall.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\23\52C64B7E\@%SystemRoot%\System32\fveui.dll,-843 = "BitLocker Drive Encryption"	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	NPFInstall.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates	NPFInstall.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates	NPFInstall.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs	NPFInstall.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs	NPFInstall.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\23	msiexec.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\23\52C64B7E\@%SystemRoot%\system32\WindowsPowerShell\v1.0\powershell.exe,-124 = "Document Encryption"	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates	NPFInstall.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E	msiexec.exe

Modifies registry class 30 IoCs

Processes:

msiexec.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exetor-browser-windows-x86_64-portable-13.0.10.exemsedge.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\A8F85B5B4891E3F44B0032A5E6000520\PackageCode = "19CFB9270DFB77E4BB9D4490358720CC"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\A8F85B5B4891E3F44B0032A5E6000520\AdvertiseFlags = "388"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\EB6AC1171586DF5479E63C6998009CBA	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\A8F85B5B4891E3F44B0032A5E6000520\SourceList\Net	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\A8F85B5B4891E3F44B0032A5E6000520\SourceList\Media\1 = ";"	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-2398549320-3657759451-817663969-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\A8F85B5B4891E3F44B0032A5E6000520	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\A8F85B5B4891E3F44B0032A5E6000520\ProductIcon = "C:\\Windows\\Installer\\{B5B58F8A-1984-4F3E-B400-235A6E005002}\\Setup.exe"	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2398549320-3657759451-817663969-1000\{1BB04DC5-B191-4A33-97EE-88C709D4B30D}	msedge.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\A8F85B5B4891E3F44B0032A5E6000520\FeatureWin10Pcap	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\A8F85B5B4891E3F44B0032A5E6000520\ProductName = "Win10Pcap"	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-2398549320-3657759451-817663969-1000_Classes\Local Settings	msedge.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\A8F85B5B4891E3F44B0032A5E6000520\SourceList\PackageName = "Win10Pcap-v10.2-5002.msi"	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-2398549320-3657759451-817663969-1000_Classes\Local Settings	msedge.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\A8F85B5B4891E3F44B0032A5E6000520\AuthorizedLUAApp = "0"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\EB6AC1171586DF5479E63C6998009CBA\A8F85B5B4891E3F44B0032A5E6000520	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\A8F85B5B4891E3F44B0032A5E6000520\SourceList\Media	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\A8F85B5B4891E3F44B0032A5E6000520\InstanceType = "0"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\A8F85B5B4891E3F44B0032A5E6000520\SourceList	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\A8F85B5B4891E3F44B0032A5E6000520\Clients = 3a0000000000	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2398549320-3657759451-817663969-1000\{488E3DFA-2F68-4DA4-B3C9-2FE5E61F503F}	msedge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	tor-browser-windows-x86_64-portable-13.0.10.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\A8F85B5B4891E3F44B0032A5E6000520\Language = "1033"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\A8F85B5B4891E3F44B0032A5E6000520\SourceList\Net\1 = "C:\\Users\\Admin\\Downloads\\"	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2398549320-3657759451-817663969-1000\{92436A33-9518-4BF7-8B19-A681CF629D04}	msedge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\A8F85B5B4891E3F44B0032A5E6000520	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\A8F85B5B4891E3F44B0032A5E6000520\Version = "167908234"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\A8F85B5B4891E3F44B0032A5E6000520\Assignment = "1"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\A8F85B5B4891E3F44B0032A5E6000520\DeploymentFlags = "3"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\A8F85B5B4891E3F44B0032A5E6000520\SourceList\LastUsedSource = "n;1;C:\\Users\\Admin\\Downloads\\"	msiexec.exe

NTFS ADS 8 IoCs

Processes:

msedge.exemsedge.exemsedge.exe

description	ioc	process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 235265.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 211019.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 926746.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 919041.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 790916.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 834571.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 378164.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 124181.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exemsedge.exemsedge.exe7zFM.exemsedge.exemsedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exemsedge.exemsedge.exeSetup.exemsedge.exemsedge.exemsiexec.exeNPFInstall.exemsedge.exemsedge.exemsedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
4548	msedge.exe
4548	msedge.exe
5104	msedge.exe
5104	msedge.exe
1008	identity_helper.exe
1008	identity_helper.exe
1560	msedge.exe
1560	msedge.exe
3480	msedge.exe
3480	msedge.exe
4344	msedge.exe
4344	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
1484	7zFM.exe
1484	7zFM.exe
3760	msedge.exe
3760	msedge.exe
2156	msedge.exe
2156	msedge.exe
1596	msedge.exe
1596	msedge.exe
1740	identity_helper.exe
1740	identity_helper.exe
4708	msedge.exe
4708	msedge.exe
1048	msedge.exe
1048	msedge.exe
1048	msedge.exe
1048	msedge.exe
2452	msedge.exe
2452	msedge.exe
3464	msedge.exe
3464	msedge.exe
4668	Setup.exe
4668	Setup.exe
4668	Setup.exe
4668	Setup.exe
4668	Setup.exe
4668	Setup.exe
4668	Setup.exe
4668	Setup.exe
4604	msedge.exe
4604	msedge.exe
3416	msedge.exe
3416	msedge.exe
4412	msiexec.exe
4412	msiexec.exe
1164	NPFInstall.exe
1164	NPFInstall.exe
5484	msedge.exe
5484	msedge.exe
5892	msedge.exe
5892	msedge.exe
5932	msedge.exe
5932	msedge.exe
5040	msedge.exe
5040	msedge.exe
5072	identity_helper.exe
5072	identity_helper.exe
2836	msedge.exe
2836	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 3 IoCs

Processes:

7zFM.exe7zFM.exe7zFM.exe

pid process

3032 7zFM.exe
1484 7zFM.exe
3836 7zFM.exe
Suspicious behavior: LoadsDriver 11 IoCs

Processes:

pid process

656
656
656
656
656
4
4
4
4
4
656

pid	process
3032	7zFM.exe
1484	7zFM.exe
3836	7zFM.exe

pid	process
656
656
656
656
656
4
4
4
4
4
656

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs

Processes:

msedge.exemsedge.exe

pid	process
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
1596	msedge.exe
1596	msedge.exe
1596	msedge.exe
1596	msedge.exe
1596	msedge.exe
1596	msedge.exe
1596	msedge.exe
1596	msedge.exe
1596	msedge.exe
1596	msedge.exe
1596	msedge.exe
1596	msedge.exe
1596	msedge.exe
1596	msedge.exe
1596	msedge.exe
1596	msedge.exe
1596	msedge.exe
1596	msedge.exe
1596	msedge.exe
1596	msedge.exe
1596	msedge.exe
1596	msedge.exe
1596	msedge.exe
1596	msedge.exe
1596	msedge.exe
1596	msedge.exe
1596	msedge.exe
1596	msedge.exe
1596	msedge.exe
1596	msedge.exe
1596	msedge.exe
1596	msedge.exe
1596	msedge.exe
1596	msedge.exe
1596	msedge.exe
1596	msedge.exe
1596	msedge.exe
1596	msedge.exe
1596	msedge.exe
1596	msedge.exe
1596	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

AUDIODG.EXE7zFM.exe7zFM.exe7zFM.exe7zFM.exemsiexec.exemsiexec.exe

description	pid	process
Token: 33	2916	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2916	AUDIODG.EXE
Token: SeRestorePrivilege	3032	7zFM.exe
Token: 35	3032	7zFM.exe
Token: SeSecurityPrivilege	3032	7zFM.exe
Token: SeRestorePrivilege	1484	7zFM.exe
Token: 35	1484	7zFM.exe
Token: SeSecurityPrivilege	1484	7zFM.exe
Token: SeRestorePrivilege	4836	7zFM.exe
Token: 35	4836	7zFM.exe
Token: SeRestorePrivilege	3836	7zFM.exe
Token: 35	3836	7zFM.exe
Token: SeSecurityPrivilege	3836	7zFM.exe
Token: SeShutdownPrivilege	228	msiexec.exe
Token: SeIncreaseQuotaPrivilege	228	msiexec.exe
Token: SeSecurityPrivilege	4412	msiexec.exe
Token: SeCreateTokenPrivilege	228	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	228	msiexec.exe
Token: SeLockMemoryPrivilege	228	msiexec.exe
Token: SeIncreaseQuotaPrivilege	228	msiexec.exe
Token: SeMachineAccountPrivilege	228	msiexec.exe
Token: SeTcbPrivilege	228	msiexec.exe
Token: SeSecurityPrivilege	228	msiexec.exe
Token: SeTakeOwnershipPrivilege	228	msiexec.exe
Token: SeLoadDriverPrivilege	228	msiexec.exe
Token: SeSystemProfilePrivilege	228	msiexec.exe
Token: SeSystemtimePrivilege	228	msiexec.exe
Token: SeProfSingleProcessPrivilege	228	msiexec.exe
Token: SeIncBasePriorityPrivilege	228	msiexec.exe
Token: SeCreatePagefilePrivilege	228	msiexec.exe
Token: SeCreatePermanentPrivilege	228	msiexec.exe
Token: SeBackupPrivilege	228	msiexec.exe
Token: SeRestorePrivilege	228	msiexec.exe
Token: SeShutdownPrivilege	228	msiexec.exe
Token: SeDebugPrivilege	228	msiexec.exe
Token: SeAuditPrivilege	228	msiexec.exe
Token: SeSystemEnvironmentPrivilege	228	msiexec.exe
Token: SeChangeNotifyPrivilege	228	msiexec.exe
Token: SeRemoteShutdownPrivilege	228	msiexec.exe
Token: SeUndockPrivilege	228	msiexec.exe
Token: SeSyncAgentPrivilege	228	msiexec.exe
Token: SeEnableDelegationPrivilege	228	msiexec.exe
Token: SeManageVolumePrivilege	228	msiexec.exe
Token: SeImpersonatePrivilege	228	msiexec.exe
Token: SeCreateGlobalPrivilege	228	msiexec.exe
Token: SeCreateTokenPrivilege	228	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	228	msiexec.exe
Token: SeLockMemoryPrivilege	228	msiexec.exe
Token: SeIncreaseQuotaPrivilege	228	msiexec.exe
Token: SeMachineAccountPrivilege	228	msiexec.exe
Token: SeTcbPrivilege	228	msiexec.exe
Token: SeSecurityPrivilege	228	msiexec.exe
Token: SeTakeOwnershipPrivilege	228	msiexec.exe
Token: SeLoadDriverPrivilege	228	msiexec.exe
Token: SeSystemProfilePrivilege	228	msiexec.exe
Token: SeSystemtimePrivilege	228	msiexec.exe
Token: SeProfSingleProcessPrivilege	228	msiexec.exe
Token: SeIncBasePriorityPrivilege	228	msiexec.exe
Token: SeCreatePagefilePrivilege	228	msiexec.exe
Token: SeCreatePermanentPrivilege	228	msiexec.exe
Token: SeBackupPrivilege	228	msiexec.exe
Token: SeRestorePrivilege	228	msiexec.exe
Token: SeShutdownPrivilege	228	msiexec.exe
Token: SeDebugPrivilege	228	msiexec.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

msedge.exe7zFM.exe7zFM.exe7zFM.exe7zFM.exemsedge.exe

pid	process
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
3032	7zFM.exe
3032	7zFM.exe
1484	7zFM.exe
1484	7zFM.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
4836	7zFM.exe
5104	msedge.exe
3836	7zFM.exe
3836	7zFM.exe
1596	msedge.exe
1596	msedge.exe
1596	msedge.exe
1596	msedge.exe

Suspicious use of SendNotifyMessage 32 IoCs

Processes:

msedge.exemsedge.exe

pid	process
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
1596	msedge.exe
1596	msedge.exe
1596	msedge.exe
1596	msedge.exe
1596	msedge.exe
1596	msedge.exe
1596	msedge.exe
1596	msedge.exe

Suspicious use of SetWindowsHookEx 7 IoCs

Processes:

npcap-0.9994.exeNPFInstall.exeNPFInstall.exeNPFInstall.exeNPFInstall.exefirefox.exefirefox.exe

pid process

4308 npcap-0.9994.exe
1164 NPFInstall.exe
3128 NPFInstall.exe
1240 NPFInstall.exe
2920 NPFInstall.exe
5996 firefox.exe
956 firefox.exe

pid	process
4308	npcap-0.9994.exe
1164	NPFInstall.exe
3128	NPFInstall.exe
1240	NPFInstall.exe
2920	NPFInstall.exe
5996	firefox.exe
956	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 5104 wrote to memory of 5108	5104	msedge.exe	msedge.exe
PID 5104 wrote to memory of 5108	5104	msedge.exe	msedge.exe
PID 5104 wrote to memory of 4948	5104	msedge.exe	msedge.exe
PID 5104 wrote to memory of 4948	5104	msedge.exe	msedge.exe
PID 5104 wrote to memory of 4948	5104	msedge.exe	msedge.exe
PID 5104 wrote to memory of 4948	5104	msedge.exe	msedge.exe
PID 5104 wrote to memory of 4948	5104	msedge.exe	msedge.exe
PID 5104 wrote to memory of 4948	5104	msedge.exe	msedge.exe
PID 5104 wrote to memory of 4948	5104	msedge.exe	msedge.exe
PID 5104 wrote to memory of 4948	5104	msedge.exe	msedge.exe
PID 5104 wrote to memory of 4948	5104	msedge.exe	msedge.exe
PID 5104 wrote to memory of 4948	5104	msedge.exe	msedge.exe
PID 5104 wrote to memory of 4948	5104	msedge.exe	msedge.exe
PID 5104 wrote to memory of 4948	5104	msedge.exe	msedge.exe
PID 5104 wrote to memory of 4948	5104	msedge.exe	msedge.exe
PID 5104 wrote to memory of 4948	5104	msedge.exe	msedge.exe
PID 5104 wrote to memory of 4948	5104	msedge.exe	msedge.exe
PID 5104 wrote to memory of 4948	5104	msedge.exe	msedge.exe
PID 5104 wrote to memory of 4948	5104	msedge.exe	msedge.exe
PID 5104 wrote to memory of 4948	5104	msedge.exe	msedge.exe
PID 5104 wrote to memory of 4948	5104	msedge.exe	msedge.exe
PID 5104 wrote to memory of 4948	5104	msedge.exe	msedge.exe
PID 5104 wrote to memory of 4948	5104	msedge.exe	msedge.exe
PID 5104 wrote to memory of 4948	5104	msedge.exe	msedge.exe
PID 5104 wrote to memory of 4948	5104	msedge.exe	msedge.exe
PID 5104 wrote to memory of 4948	5104	msedge.exe	msedge.exe
PID 5104 wrote to memory of 4948	5104	msedge.exe	msedge.exe
PID 5104 wrote to memory of 4948	5104	msedge.exe	msedge.exe
PID 5104 wrote to memory of 4948	5104	msedge.exe	msedge.exe
PID 5104 wrote to memory of 4948	5104	msedge.exe	msedge.exe
PID 5104 wrote to memory of 4948	5104	msedge.exe	msedge.exe
PID 5104 wrote to memory of 4948	5104	msedge.exe	msedge.exe
PID 5104 wrote to memory of 4948	5104	msedge.exe	msedge.exe
PID 5104 wrote to memory of 4948	5104	msedge.exe	msedge.exe
PID 5104 wrote to memory of 4948	5104	msedge.exe	msedge.exe
PID 5104 wrote to memory of 4948	5104	msedge.exe	msedge.exe
PID 5104 wrote to memory of 4948	5104	msedge.exe	msedge.exe
PID 5104 wrote to memory of 4948	5104	msedge.exe	msedge.exe
PID 5104 wrote to memory of 4948	5104	msedge.exe	msedge.exe
PID 5104 wrote to memory of 4948	5104	msedge.exe	msedge.exe
PID 5104 wrote to memory of 4948	5104	msedge.exe	msedge.exe
PID 5104 wrote to memory of 4948	5104	msedge.exe	msedge.exe
PID 5104 wrote to memory of 4548	5104	msedge.exe	msedge.exe
PID 5104 wrote to memory of 4548	5104	msedge.exe	msedge.exe
PID 5104 wrote to memory of 3580	5104	msedge.exe	msedge.exe
PID 5104 wrote to memory of 3580	5104	msedge.exe	msedge.exe
PID 5104 wrote to memory of 3580	5104	msedge.exe	msedge.exe
PID 5104 wrote to memory of 3580	5104	msedge.exe	msedge.exe
PID 5104 wrote to memory of 3580	5104	msedge.exe	msedge.exe
PID 5104 wrote to memory of 3580	5104	msedge.exe	msedge.exe
PID 5104 wrote to memory of 3580	5104	msedge.exe	msedge.exe
PID 5104 wrote to memory of 3580	5104	msedge.exe	msedge.exe
PID 5104 wrote to memory of 3580	5104	msedge.exe	msedge.exe
PID 5104 wrote to memory of 3580	5104	msedge.exe	msedge.exe
PID 5104 wrote to memory of 3580	5104	msedge.exe	msedge.exe
PID 5104 wrote to memory of 3580	5104	msedge.exe	msedge.exe
PID 5104 wrote to memory of 3580	5104	msedge.exe	msedge.exe
PID 5104 wrote to memory of 3580	5104	msedge.exe	msedge.exe
PID 5104 wrote to memory of 3580	5104	msedge.exe	msedge.exe
PID 5104 wrote to memory of 3580	5104	msedge.exe	msedge.exe
PID 5104 wrote to memory of 3580	5104	msedge.exe	msedge.exe
PID 5104 wrote to memory of 3580	5104	msedge.exe	msedge.exe
PID 5104 wrote to memory of 3580	5104	msedge.exe	msedge.exe
PID 5104 wrote to memory of 3580	5104	msedge.exe	msedge.exe

Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://mega.nz/file/46VWRYjA#dlF1KwNPbcK3zVHghOuMRHrI7GPR348IwX5kRynL-mM
1⤵
- Enumerates system info in registry
- Modifies registry class
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5104

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcb2bc46f8,0x7ffcb2bc4708,0x7ffcb2bc4718
2⤵
PID:5108

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,4377221361061519328,16104247164585679642,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4548

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,4377221361061519328,16104247164585679642,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:2
2⤵
PID:4948

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,4377221361061519328,16104247164585679642,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2908 /prefetch:8
2⤵
PID:3580

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,4377221361061519328,16104247164585679642,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
2⤵
PID:1044

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,4377221361061519328,16104247164585679642,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
2⤵
PID:3520

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,4377221361061519328,16104247164585679642,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4120 /prefetch:8
2⤵
PID:3660

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,4377221361061519328,16104247164585679642,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4120 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1008

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,4377221361061519328,16104247164585679642,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5924 /prefetch:1
2⤵
PID:1812

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,4377221361061519328,16104247164585679642,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5732 /prefetch:1
2⤵
PID:3952

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,4377221361061519328,16104247164585679642,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5668 /prefetch:1
2⤵
PID:3628

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,4377221361061519328,16104247164585679642,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5968 /prefetch:1
2⤵
PID:4340

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,4377221361061519328,16104247164585679642,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5732 /prefetch:1
2⤵
PID:440

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,4377221361061519328,16104247164585679642,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3972 /prefetch:1
2⤵
PID:1004

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,4377221361061519328,16104247164585679642,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4904 /prefetch:1
2⤵
PID:4412

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2084,4377221361061519328,16104247164585679642,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6008 /prefetch:8
2⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:1560

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2084,4377221361061519328,16104247164585679642,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3540 /prefetch:8
2⤵
PID:4456

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,4377221361061519328,16104247164585679642,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6288 /prefetch:1
2⤵
PID:4032

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,4377221361061519328,16104247164585679642,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5564 /prefetch:1
2⤵
PID:3520

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,4377221361061519328,16104247164585679642,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5448 /prefetch:1
2⤵
PID:1108

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,4377221361061519328,16104247164585679642,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5520 /prefetch:1
2⤵
PID:1280

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,4377221361061519328,16104247164585679642,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5624 /prefetch:1
2⤵
PID:4600

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,4377221361061519328,16104247164585679642,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6324 /prefetch:1
2⤵
PID:2428

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,4377221361061519328,16104247164585679642,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6764 /prefetch:1
2⤵
PID:4368

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,4377221361061519328,16104247164585679642,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6792 /prefetch:1
2⤵
PID:1560

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,4377221361061519328,16104247164585679642,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6804 /prefetch:1
2⤵
PID:3596

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,4377221361061519328,16104247164585679642,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2228 /prefetch:1
2⤵
PID:3276

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2084,4377221361061519328,16104247164585679642,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5580 /prefetch:8
2⤵
PID:4792

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2084,4377221361061519328,16104247164585679642,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3408 /prefetch:8
2⤵
PID:2740

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,4377221361061519328,16104247164585679642,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3132 /prefetch:1
2⤵
PID:2752

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,4377221361061519328,16104247164585679642,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3580 /prefetch:1
2⤵
PID:1768

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2084,4377221361061519328,16104247164585679642,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6796 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3480

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2084,4377221361061519328,16104247164585679642,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7400 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4344

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\Lanc V2 (lancremasteredpcps.com).rar"
2⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:3032

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,4377221361061519328,16104247164585679642,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5048 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:456

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,4377221361061519328,16104247164585679642,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7620 /prefetch:1
2⤵
PID:1048

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2084,4377221361061519328,16104247164585679642,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7944 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3760

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,4377221361061519328,16104247164585679642,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7828 /prefetch:1
2⤵
PID:1648

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\LANC Remastered (lancremasteredpcps.com).rar"
2⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:4836

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1100

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3972

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x424 0x4c0
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2916

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4832

C:\Users\Admin\Desktop\Lanc V2 (lancremasteredpcps.com)\LANC v2.exe
"C:\Users\Admin\Desktop\Lanc V2 (lancremasteredpcps.com)\LANC v2.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:4208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4208 -s 932
2⤵
- Program crash
PID:1424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 4208 -ip 4208
1⤵
PID:4804

C:\Users\Admin\Desktop\Lanc V2 (lancremasteredpcps.com)\LANC v2.exe
"C:\Users\Admin\Desktop\Lanc V2 (lancremasteredpcps.com)\LANC v2.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:3476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3476 -s 904
2⤵
- Program crash
PID:3016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 488 -p 3476 -ip 3476
1⤵
PID:1204

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\Lanc V2 (lancremasteredpcps.com)\README.txt
1⤵
PID:1736

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\Lanc V2 (lancremasteredpcps.com).rar"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:1484

C:\Users\Admin\AppData\Local\Temp\7zOCC57FD89\LANC v2.exe
"C:\Users\Admin\AppData\Local\Temp\7zOCC57FD89\LANC v2.exe"
2⤵
- Executes dropped EXE
PID:908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 908 -s 836
3⤵
- Program crash
PID:1784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 908 -ip 908
1⤵
PID:3380

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\LANC Remastered (lancremasteredpcps.com).rar"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:3836

C:\Users\Admin\Desktop\LANC Remastered (lancremasteredpcps.com)\LANC Remastered.exe
"C:\Users\Admin\Desktop\LANC Remastered (lancremasteredpcps.com)\LANC Remastered.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:4316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4316 -s 1444
2⤵
- Program crash
PID:5060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 4316 -ip 4316
1⤵
PID:2564

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Modifies registry class
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1596

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffcb2bc46f8,0x7ffcb2bc4708,0x7ffcb2bc4718
2⤵
PID:4892

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,1120195536939889400,15256847992308259628,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
2⤵
PID:932

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,1120195536939889400,15256847992308259628,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2156

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,1120195536939889400,15256847992308259628,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2884 /prefetch:8
2⤵
PID:3752

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1120195536939889400,15256847992308259628,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
2⤵
PID:1748

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1120195536939889400,15256847992308259628,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
2⤵
PID:1008

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1120195536939889400,15256847992308259628,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5044 /prefetch:1
2⤵
PID:788

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1120195536939889400,15256847992308259628,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4632 /prefetch:1
2⤵
PID:3608

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2108,1120195536939889400,15256847992308259628,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3360 /prefetch:8
2⤵
PID:4836

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1120195536939889400,15256847992308259628,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3460 /prefetch:1
2⤵
PID:400

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,1120195536939889400,15256847992308259628,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5420 /prefetch:8
2⤵
PID:368

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,1120195536939889400,15256847992308259628,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5420 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1740

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1120195536939889400,15256847992308259628,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5528 /prefetch:1
2⤵
PID:404

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1120195536939889400,15256847992308259628,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5460 /prefetch:1
2⤵
PID:3700

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1120195536939889400,15256847992308259628,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3500 /prefetch:1
2⤵
PID:3596

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1120195536939889400,15256847992308259628,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5208 /prefetch:1
2⤵
PID:1872

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1120195536939889400,15256847992308259628,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4704 /prefetch:1
2⤵
PID:3600

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1120195536939889400,15256847992308259628,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6092 /prefetch:1
2⤵
PID:412

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1120195536939889400,15256847992308259628,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5080 /prefetch:1
2⤵
PID:4668

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1120195536939889400,15256847992308259628,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5100 /prefetch:1
2⤵
PID:1548

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1120195536939889400,15256847992308259628,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6316 /prefetch:1
2⤵
PID:972

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2108,1120195536939889400,15256847992308259628,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5424 /prefetch:8
2⤵
PID:3160

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2108,1120195536939889400,15256847992308259628,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=4784 /prefetch:8
2⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:4708

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1120195536939889400,15256847992308259628,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3452 /prefetch:1
2⤵
PID:3172

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1120195536939889400,15256847992308259628,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5584 /prefetch:1
2⤵
PID:4844

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1120195536939889400,15256847992308259628,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4604 /prefetch:1
2⤵
PID:4312

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1120195536939889400,15256847992308259628,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5792 /prefetch:1
2⤵
PID:868

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1120195536939889400,15256847992308259628,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5936 /prefetch:1
2⤵
PID:4824

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1120195536939889400,15256847992308259628,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3560 /prefetch:1
2⤵
PID:3512

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1120195536939889400,15256847992308259628,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5836 /prefetch:1
2⤵
PID:3684

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1120195536939889400,15256847992308259628,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4504 /prefetch:1
2⤵
PID:2712

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1120195536939889400,15256847992308259628,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5620 /prefetch:1
2⤵
PID:2908

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,1120195536939889400,15256847992308259628,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6452 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1048

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1120195536939889400,15256847992308259628,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5496 /prefetch:1
2⤵
PID:2636

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1120195536939889400,15256847992308259628,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5936 /prefetch:1
2⤵
PID:4368

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1120195536939889400,15256847992308259628,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5964 /prefetch:1
2⤵
PID:3668

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1120195536939889400,15256847992308259628,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6464 /prefetch:1
2⤵
PID:1304

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1120195536939889400,15256847992308259628,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6992 /prefetch:1
2⤵
PID:2940

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1120195536939889400,15256847992308259628,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4948 /prefetch:1
2⤵
PID:4988

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1120195536939889400,15256847992308259628,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6772 /prefetch:1
2⤵
PID:1980

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1120195536939889400,15256847992308259628,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6568 /prefetch:1
2⤵
PID:1716

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1120195536939889400,15256847992308259628,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2436 /prefetch:1
2⤵
PID:2152

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1120195536939889400,15256847992308259628,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6716 /prefetch:1
2⤵
PID:3528

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1120195536939889400,15256847992308259628,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6920 /prefetch:1
2⤵
PID:2032

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1120195536939889400,15256847992308259628,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4820 /prefetch:1
2⤵
PID:4248

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2108,1120195536939889400,15256847992308259628,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6320 /prefetch:8
2⤵
PID:3660

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2108,1120195536939889400,15256847992308259628,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3576 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2452

C:\Users\Admin\Downloads\PCPS (1).exe
"C:\Users\Admin\Downloads\PCPS (1).exe"
2⤵
- Executes dropped EXE
- Loads dropped DLL
PID:4912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4912 -s 1112
3⤵
- Program crash
PID:4412

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1120195536939889400,15256847992308259628,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1828 /prefetch:1
2⤵
PID:4712

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1120195536939889400,15256847992308259628,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6128 /prefetch:1
2⤵
PID:3660

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1120195536939889400,15256847992308259628,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6948 /prefetch:1
2⤵
PID:4264

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1120195536939889400,15256847992308259628,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2068 /prefetch:1
2⤵
PID:1560

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1120195536939889400,15256847992308259628,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5824 /prefetch:1
2⤵
PID:2120

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1120195536939889400,15256847992308259628,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4988 /prefetch:1
2⤵
PID:1112

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1120195536939889400,15256847992308259628,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6676 /prefetch:1
2⤵
PID:368

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1120195536939889400,15256847992308259628,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5780 /prefetch:1
2⤵
PID:4724

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2108,1120195536939889400,15256847992308259628,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7216 /prefetch:8
2⤵
PID:1176

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2108,1120195536939889400,15256847992308259628,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7160 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3464

C:\Users\Admin\Downloads\NDP452-KB2901907-x86-x64-AllOS-ENU.exe
"C:\Users\Admin\Downloads\NDP452-KB2901907-x86-x64-AllOS-ENU.exe"
2⤵
- Executes dropped EXE
PID:5084

F:\d804ac1aa293e2e3af\Setup.exe
F:\d804ac1aa293e2e3af\\Setup.exe /x86 /x64 /redist
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
PID:4668

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1120195536939889400,15256847992308259628,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7336 /prefetch:1
2⤵
PID:3212

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1120195536939889400,15256847992308259628,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7472 /prefetch:1
2⤵
PID:3564

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1120195536939889400,15256847992308259628,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7576 /prefetch:1
2⤵
PID:4344

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1120195536939889400,15256847992308259628,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7716 /prefetch:1
2⤵
PID:4520

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1120195536939889400,15256847992308259628,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7756 /prefetch:1
2⤵
PID:1976

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1120195536939889400,15256847992308259628,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7928 /prefetch:1
2⤵
PID:1740

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1120195536939889400,15256847992308259628,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8064 /prefetch:1
2⤵
PID:5036

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2108,1120195536939889400,15256847992308259628,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7956 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4604

C:\Windows\System32\msiexec.exe
"C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\Downloads\Win10Pcap-v10.2-5002.msi"
2⤵
- Enumerates connected drives
- Suspicious use of AdjustPrivilegeToken
PID:228

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1120195536939889400,15256847992308259628,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8120 /prefetch:1
2⤵
PID:368

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1120195536939889400,15256847992308259628,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7832 /prefetch:1
2⤵
PID:784

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2108,1120195536939889400,15256847992308259628,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7928 /prefetch:8
2⤵
PID:4416

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1120195536939889400,15256847992308259628,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7568 /prefetch:1
2⤵
PID:3724

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2108,1120195536939889400,15256847992308259628,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7632 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3416

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1120195536939889400,15256847992308259628,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4844 /prefetch:1
2⤵
PID:3176

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1120195536939889400,15256847992308259628,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6436 /prefetch:1
2⤵
PID:6024

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1120195536939889400,15256847992308259628,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6168 /prefetch:1
2⤵
PID:4876

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1120195536939889400,15256847992308259628,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
2⤵
PID:5048

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1120195536939889400,15256847992308259628,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6668 /prefetch:1
2⤵
PID:1748

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1120195536939889400,15256847992308259628,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=81 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8156 /prefetch:1
2⤵
PID:1744

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1120195536939889400,15256847992308259628,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=83 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1740 /prefetch:1
2⤵
PID:4564

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1120195536939889400,15256847992308259628,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=82 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:1
2⤵
PID:3108

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1120195536939889400,15256847992308259628,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=85 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4500 /prefetch:1
2⤵
PID:2104

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1120195536939889400,15256847992308259628,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=87 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7364 /prefetch:1
2⤵
PID:3312

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1120195536939889400,15256847992308259628,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=89 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7088 /prefetch:1
2⤵
PID:4356

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2108,1120195536939889400,15256847992308259628,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6716 /prefetch:8
2⤵
PID:4600

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1120195536939889400,15256847992308259628,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=91 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5212 /prefetch:1
2⤵
PID:2020

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1120195536939889400,15256847992308259628,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=92 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6420 /prefetch:1
2⤵
PID:5360

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1120195536939889400,15256847992308259628,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=93 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4984 /prefetch:1
2⤵
PID:1164

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1120195536939889400,15256847992308259628,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=94 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5652 /prefetch:1
2⤵
PID:3724

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1120195536939889400,15256847992308259628,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=96 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7472 /prefetch:1
2⤵
PID:1452

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2108,1120195536939889400,15256847992308259628,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3256 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:5484

C:\Users\Admin\Downloads\tor-browser-windows-x86_64-portable-13.0.10.exe
"C:\Users\Admin\Downloads\tor-browser-windows-x86_64-portable-13.0.10.exe"
2⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
PID:3148

C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe"
3⤵
- Executes dropped EXE
- Loads dropped DLL
PID:5392

C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe"
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks processor information in registry
- Suspicious use of SetWindowsHookEx
PID:956

C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="956.0.127992954\1219376868" -parentBuildID 20240213172118 -prefsHandle 1604 -prefMapHandle 1596 -prefsLen 18663 -prefMapSize 243513 -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {e11870d6-9d09-48f1-a0ed-54ec507e5222} 956 gpu
5⤵
- Executes dropped EXE
PID:3864

C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe"
3⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
- Checks processor information in registry
- Suspicious use of SetWindowsHookEx
PID:5996

C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="5996.0.464746994\1569827791" -parentBuildID 20240213172118 -prefsHandle 2132 -prefMapHandle 2064 -prefsLen 19246 -prefMapSize 243693 -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {3f20eb7d-078b-4e38-9ffb-bbdb575e6304} 5996 gpu
4⤵
- Executes dropped EXE
PID:6136

C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="5996.1.35972236\45531071" -childID 1 -isForBrowser -prefsHandle 2892 -prefMapHandle 2888 -prefsLen 20123 -prefMapSize 243693 -jsInitHandle 1300 -jsInitLen 240916 -parentBuildID 20240213172118 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {dcfb32fc-1ceb-4ffe-9fa9-db7b1ce68761} 5996 tab
4⤵
- Executes dropped EXE
PID:5028

C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="5996.2.655855765\2350082" -childID 2 -isForBrowser -prefsHandle 2080 -prefMapHandle 2784 -prefsLen 20895 -prefMapSize 243693 -jsInitHandle 1300 -jsInitLen 240916 -parentBuildID 20240213172118 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {50251465-8525-48c2-90d7-0c7460bc3afc} 5996 tab
4⤵
- Executes dropped EXE
PID:5560

C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Tor\tor.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Tor\tor.exe" --defaults-torrc "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\torrc-defaults" -f "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\torrc" DataDirectory "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor" ClientOnionAuthDir "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\onion-auth" GeoIPFile "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\geoip" GeoIPv6File "C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Tor\geoip6" +__ControlPort 127.0.0.1:9151 HashedControlPassword 16:e56644ce32552b736002f916df3feaadaf4226d3abea1ecfab6af71f45 +__SocksPort "127.0.0.1:9150 ExtendedErrors IPv6Traffic PreferIPv6 KeepAliveIsolateSOCKSAuth" __OwningControllerProcess 5996 DisableNetwork 1
4⤵
- Executes dropped EXE
PID:2084

C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="5996.3.838952858\1401188120" -childID 3 -isForBrowser -prefsHandle 3612 -prefMapHandle 3608 -prefsLen 20972 -prefMapSize 243693 -jsInitHandle 1300 -jsInitLen 240916 -parentBuildID 20240213172118 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {a174917d-4b36-4ed8-a07d-c99b27ea9be2} 5996 tab
4⤵
- Executes dropped EXE
PID:3972

C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="5996.4.1210122882\1657338864" -parentBuildID 20240213172118 -prefsHandle 3492 -prefMapHandle 3228 -prefsLen 23866 -prefMapSize 243693 -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {89f6a36b-b87e-4b33-af0a-afd33f7bb74a} 5996 rdd
4⤵
- Executes dropped EXE
PID:2540

C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="5996.5.371964581\670813608" -childID 4 -isForBrowser -prefsHandle 3628 -prefMapHandle 3592 -prefsLen 22396 -prefMapSize 243693 -jsInitHandle 1300 -jsInitLen 240916 -parentBuildID 20240213172118 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {e51c1b58-afb5-4a6c-b08f-be741ad995ac} 5996 tab
4⤵
- Executes dropped EXE
PID:4188

C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
"C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe" -contentproc --channel="5996.6.1682262072\1821324361" -childID 5 -isForBrowser -prefsHandle 3252 -prefMapHandle 3272 -prefsLen 22396 -prefMapSize 243693 -jsInitHandle 1300 -jsInitLen 240916 -parentBuildID 20240213172118 -win32kLockedDown -appDir "C:\Users\Admin\Desktop\Tor Browser\Browser\browser" - {910f6bfb-63fc-4640-8db3-a1076eea9f70} 5996 tab
4⤵
- Executes dropped EXE
PID:4192

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2196

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4912 -ip 4912
1⤵
PID:4260

C:\Users\Admin\Downloads\PCPS (1).exe
"C:\Users\Admin\Downloads\PCPS (1).exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 412 -s 1116
2⤵
- Program crash
PID:2076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 412 -ip 412
1⤵
PID:2768

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:4412

C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding A3D2E3AB3CFE17EAA065100D1484297A C
2⤵
- Loads dropped DLL
PID:3936

C:\Windows\system32\srtasks.exe
C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
2⤵
PID:2752

C:\Program Files (x86)\Win10Pcap\Win32\Installer.exe
"C:\Program Files (x86)\Win10Pcap\Win32\Installer.exe" /install
2⤵
- Executes dropped EXE
- Drops file in System32 directory
PID:4880

C:\Program Files (x86)\Win10Pcap\x64\Installer.exe
"C:\Program Files (x86)\Win10Pcap\Win32\..\x64\Installer.exe" /install
3⤵
- Drops file in Drivers directory
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Windows directory
- Checks SCSI registry key(s)
PID:2244

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Checks SCSI registry key(s)
PID:3812

C:\Users\Admin\Downloads\npcap-0.9994.exe
"C:\Users\Admin\Downloads\npcap-0.9994.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
PID:4308

C:\Users\Admin\AppData\Local\Temp\nsl5D87.tmp\NPFInstall.exe
"C:\Users\Admin\AppData\Local\Temp\nsl5D87.tmp\NPFInstall.exe" -n -check_dll
2⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:1164

C:\Program Files\Npcap\NPFInstall.exe
"C:\Program Files\Npcap\NPFInstall.exe" -n -c
2⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
PID:3128

C:\Windows\SYSTEM32\pnputil.exe
pnputil.exe -e
3⤵
PID:1748

C:\Program Files\Npcap\NPFInstall.exe
"C:\Program Files\Npcap\NPFInstall.exe" -n -iw
2⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
PID:1240

C:\Program Files\Npcap\NPFInstall.exe
"C:\Program Files\Npcap\NPFInstall.exe" -n -i
2⤵
- Drops file in Drivers directory
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Suspicious use of SetWindowsHookEx
PID:2920

C:\Windows\SysWOW64\SCHTASKS.EXE
SCHTASKS.EXE /Create /F /RU SYSTEM /SC ONSTART /TN npcapwatchdog /TR "'C:\Program Files\Npcap\CheckStatus.bat'" /NP
2⤵
- Creates scheduled task(s)
PID:3840

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch -p -s DeviceInstall
1⤵
- Drops file in Windows directory
- Checks SCSI registry key(s)
PID:5024

C:\Windows\system32\DrvInst.exe
DrvInst.exe "4" "1" "C:\Program Files (x86)\Win10Pcap\x64\drivers\win10\Win10Pcap.inf" "9" "4639508bf" "000000000000014C" "WinSta0\Default" "0000000000000164" "208" "C:\Program Files (x86)\Win10Pcap\x64\drivers\win10"
2⤵
- Drops file in System32 directory
- Drops file in Windows directory
PID:1164

C:\Windows\system32\DrvInst.exe
DrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{83232c03-71e2-684f-8908-2979f112c628}\NPCAP.inf" "9" "405306be3" "0000000000000100" "WinSta0\Default" "0000000000000178" "208" "C:\Program Files\Npcap"
2⤵
- Drops file in System32 directory
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Modifies data under HKEY_USERS
PID:2712

C:\Users\Admin\Desktop\PCPS.exe
"C:\Users\Admin\Desktop\PCPS.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:4688

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://psychocoding.net/APP/PartyTool/XBL%20Party%20Tool.exe
2⤵
PID:4764

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffcb2bc46f8,0x7ffcb2bc4708,0x7ffcb2bc4718
3⤵
PID:4536

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x424 0x4c0
1⤵
PID:4976

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:384

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Modifies registry class
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
PID:5932

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xdc,0x108,0x7ffcb2bc46f8,0x7ffcb2bc4708,0x7ffcb2bc4718
2⤵
PID:6044

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2056,17286710914182911872,2514225314744264536,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2292 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:5892

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2056,17286710914182911872,2514225314744264536,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2852 /prefetch:8
2⤵
PID:5912

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,17286710914182911872,2514225314744264536,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2240 /prefetch:2
2⤵
PID:1684

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,17286710914182911872,2514225314744264536,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
2⤵
PID:2572

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,17286710914182911872,2514225314744264536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
2⤵
PID:224

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,17286710914182911872,2514225314744264536,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4536 /prefetch:1
2⤵
PID:4560

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,17286710914182911872,2514225314744264536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4988 /prefetch:1
2⤵
PID:4828

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,17286710914182911872,2514225314744264536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3984 /prefetch:1
2⤵
PID:784

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2056,17286710914182911872,2514225314744264536,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5292 /prefetch:8
2⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:5040

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2056,17286710914182911872,2514225314744264536,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4448 /prefetch:8
2⤵
PID:2084

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,17286710914182911872,2514225314744264536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5624 /prefetch:1
2⤵
PID:3120

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,17286710914182911872,2514225314744264536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5636 /prefetch:1
2⤵
PID:3152

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,17286710914182911872,2514225314744264536,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4056 /prefetch:8
2⤵
PID:652

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,17286710914182911872,2514225314744264536,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4056 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:5072

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,17286710914182911872,2514225314744264536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6036 /prefetch:1
2⤵
PID:2680

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2056,17286710914182911872,2514225314744264536,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4992 /prefetch:8
2⤵
PID:1148

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2056,17286710914182911872,2514225314744264536,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6312 /prefetch:8
2⤵
PID:5384

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2056,17286710914182911872,2514225314744264536,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6288 /prefetch:8
2⤵
PID:4176

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2056,17286710914182911872,2514225314744264536,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6000 /prefetch:8
2⤵
PID:4020

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2056,17286710914182911872,2514225314744264536,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=1292 /prefetch:8
2⤵
PID:6084

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2056,17286710914182911872,2514225314744264536,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6780 /prefetch:8
2⤵
PID:6096

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,17286710914182911872,2514225314744264536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6948 /prefetch:1
2⤵
PID:5400

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,17286710914182911872,2514225314744264536,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6764 /prefetch:1
2⤵
PID:3760

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,17286710914182911872,2514225314744264536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6520 /prefetch:1
2⤵
PID:5060

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,17286710914182911872,2514225314744264536,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1860 /prefetch:1
2⤵
PID:3884

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,17286710914182911872,2514225314744264536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6156 /prefetch:1
2⤵
PID:4192

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,17286710914182911872,2514225314744264536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6372 /prefetch:1
2⤵
PID:5964

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2056,17286710914182911872,2514225314744264536,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5148 /prefetch:8
2⤵
PID:1124

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2056,17286710914182911872,2514225314744264536,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5836 /prefetch:8
2⤵
PID:4304

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2056,17286710914182911872,2514225314744264536,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2060 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2836

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2056,17286710914182911872,2514225314744264536,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5600 /prefetch:8
2⤵
PID:5580

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,17286710914182911872,2514225314744264536,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3000 /prefetch:1
2⤵
PID:4980

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2056,17286710914182911872,2514225314744264536,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7136 /prefetch:8
2⤵
PID:3180

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4956

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1644

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
PID:5564

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ffcb2bc46f8,0x7ffcb2bc4708,0x7ffcb2bc4718
2⤵
PID:6032

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2160,2629652661771202149,1769514628343950102,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2828 /prefetch:8
2⤵
PID:4700

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2160,2629652661771202149,1769514628343950102,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:3
2⤵
PID:4328

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,2629652661771202149,1769514628343950102,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 /prefetch:2
2⤵
PID:5544

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,2629652661771202149,1769514628343950102,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
2⤵
PID:5416

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,2629652661771202149,1769514628343950102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
2⤵
PID:2780

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4268

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5628

C:\Users\Admin\Desktop\Ferrum1.0 (1).exe
"C:\Users\Admin\Desktop\Ferrum1.0 (1).exe"
1⤵
- Disables RegEdit via registry modification
- Executes dropped EXE
PID:5576

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\↑♥9ě¤εč¾Æ√♣1ÿ♫.txt
1⤵
PID:4548

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

T1053

Persistence

Scheduled Task/Job

T1053

Privilege Escalation

Scheduled Task/Job

T1053

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Peripheral Device Discovery

T1120

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

T1102

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Config.Msi\e605b06.rbs
Filesize
9KB

MD5
916beea023273f973ef1ff7bb925a4b8

SHA1
d5732ba30d55fc3bfc8b04e542f6f19dc7b7f634

SHA256
4efc3823ece588ee211b49ac0cdb91d55fd11b287f85c72b449a45dad9a5f048

SHA512
5facd8f40ac343259a58dd01e7cff9e58670d55dfafa8b887238d386905d32eb501bfd76ed867928b0fdba48e6968838c0ad8651d6a408ca09bb0bc179d545db

Download Submit
C:\Program Files\Npcap\NPFInstall.log
Filesize
318B

MD5
20b874511eb626824e2abe2a603b17fc

SHA1
765004248c7ca1746d043a511f3cd13b7cebd912

SHA256
80fa3d28935b0b9cc09511723c51ede2874833e39847519935a316cb13c4a525

SHA512
cc00a5329614479cceb8784976b80010d7330197eb8b65a0837d7adfd433bd1492584ab9ef88fef92f8317165e1f6f819c1fba918a95a09d2fc549229349023e

Download Submit
C:\Program Files\Npcap\NPFInstall.log
Filesize
1KB

MD5
eacd03794b3e71121e8d1566a7580c4b

SHA1
625f1a0f0aebc203612fb3d9d6beb86abd7f42aa

SHA256
29446abd4bf0a31db8a0d49be16c3df3a01ff1115472940369a6023224d9470c

SHA512
5c081d630b9565614d03db29248adb781b73b3e22b287525d8ab81c9d6be2ba8915436bece5a27ce6ce1a4b68f99c852f4ce5869500f1e2924b7312849b5bb27

Download Submit
C:\Program Files\Npcap\NPFInstall.log
Filesize
1KB

MD5
5d96e050cf25adbe675d6bc720feeb83

SHA1
182d181fe158de16d30c2d4da24f8a442f975949

SHA256
e9f3238a06460c0851444105ebcf9ba869511c31af47c5a74c75b8990dc57f3b

SHA512
a39327b09d80bdc38b0d148284ca49dd565b21927bfe9a5a812c537280ae676041fd1068cf6f2bf0cc13ba011573bcefec0141cb7bd02c10313f8b3c9f7a0926

Download Submit
C:\Program Files\Npcap\NPFInstall.log
Filesize
2KB

MD5
2fc975bc8166ef0f7759b7d43c4156b1

SHA1
176b40f962df56272e7d4f878a75c6f3b161e794

SHA256
626f4081f4a61849067c44bb1bfb1842a04c664a40103d610ba8b0e6f4f86366

SHA512
9248051f8a90466a2ef9e14ebd7beb90364b041868629fbb411e2cea045db00d0ec37086ccc1e7a76ff51a36020ef43f43f5d5c7fbdcea7679cbea616441c58c

Download Submit
C:\Program Files\Npcap\NPFInstall.log
Filesize
3KB

MD5
fb5482814fd0f97d1bbe32d83b3af84d

SHA1
fed18c22d0d7c309bec0e0846306164bb3f2568c

SHA256
cf32eaec65f4731482adbb49d08192c1974982a70e35d401cb2523149026b66a

SHA512
d4e334906b0c8c8c298c73d6c904a07dde84fe07a21c14503226096c0ad1a5dc00f14d8b43bfca70020062386967962527d0ce3b74ccee72f037f8993fe94cc0

Download Submit
C:\Program Files\Npcap\NPFInstall.log
Filesize
3KB

MD5
5364f0a4c972c7e4eeb0cc14abe1ee58

SHA1
9b9d50165a783f7690c7e27d1013ec7241d6090c

SHA256
e458a48f06bea1ec68f80b98a1dc65bd83167915147ba1e687cd7c7b15a250e9

SHA512
962de9a65feb52f58d5cba57556eeeb19086e58b5e0b53687cb3f92b798234dda097c94ca119c3cdf510f63a25da71105e21d0236b265c211f36c71e8d207414

Download Submit
C:\Program Files\Npcap\NPFInstall.log
Filesize
4KB

MD5
31bd55fbfcfd0d1e8bbdebca2ffb5846

SHA1
6cda82461bdad217dc5785929d6b7b0b9e023199

SHA256
150b9251607fe42e977a2d73a846c56451d52f43e26829c3823061b64708221d

SHA512
cd477d0c29f63d6f4c8c7de66758176da3b9f1f7d12ba53819d48dc542905300d0cc5e2c3362b5cc0e14d2a92051a076ffab8b6b8b85d0217c95902cd2386156

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
19e4f9dd4db211d4ed6bdaf6f7de98db

SHA1
c8ec90d7229af595f49b3c0e9bdf0e24f0b1fc6e

SHA256
2a4d51e6f89ecfc24af48a73ed92f9d1bdf6177a081113e4d4ff7e3f87cc2895

SHA512
b0de5342fc0535da7fc7b3d5f514a4645d4ffc7c0cb4be76b4472d06b4664a2073392935718f17fcf8d5a3c0cbb549ad5f7610be26f3d2693f732e889026d69c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
15d3875422ae32e1e1be7a273890f8c1

SHA1
dc71b74344641e71bb8beff1483c42c2010afe6d

SHA256
7a907d980dcf448c792b77c51050db7097637c5e0089eb854df7fa60c0ad91a4

SHA512
a8d605bf5f20fd2f44c1334152c64abd87f2b6e8d67bc4b34c627da35ee841871cca1bd659288da9aa18751f44d9f94aefe2bfe4429d6288b084342076ce2ff9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
7a5862a0ca86c0a4e8e0b30261858e1f

SHA1
ee490d28e155806d255e0f17be72509be750bf97

SHA256
92b4c004a9ec97ccf7a19955926982bac099f3b438cd46063bb9bf5ac7814a4b

SHA512
0089df12ed908b4925ba838e07128987afe1c9235097b62855122a03ca6d34d7c75fe4c30e68581c946b77252e7edf1dd66481e20c0a9cccd37e0a4fe4f0a6fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
ec5016c8351c90101477763f322d114a

SHA1
56bec10f36e33ebe8a00e747ce9b00f5bf24c361

SHA256
ac011929737f777dbbb4e533523a32b8f98a3bda4b23f282e83e2f072c775417

SHA512
9d3457ee8b10299b79c8c27fd3b70fd7468dd4578db571a530d083a87c8c322388b512e2c435158e413b4c9cd342bb4fb9ea8575bc3d3e0ebbe62d3466bf3cd7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
e2727cd3ee6d5ee67a73b4d82defac05

SHA1
74a2a02ebaba5d382e2c8b5f616f52e652d88ac8

SHA256
8794aa7b36189d7640466dbc80fddbf58d212ca77f5a8818496ca5e3a4c5fafc

SHA512
5ce0e1b5ff28e1d938358baf58942bfcb05998941857f56fb5d9c1ac72bb909485f311ca9f2840f93ab3da5496a56ef09de860364a0d996b6fd312949e57ee55

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\70c18d25-b362-4c67-afe0-97542cbbee24.tmp
Filesize
3KB

MD5
30cb3e24c83c364d0db71136a634a359

SHA1
fa16d126389c976e6f1e39c87b8081c2378a8580

SHA256
96eda139d67b2f1a286aa181b33616f9069d5010998f28878414d7d45fa42ec7

SHA512
03ff0a0a3e6cb80c8f7141cc40f2abcb29ce0e06e8b3b4e560b77f459cc8839c257ef0f099423d80c089d7a9118be8fb379dd042a5fb35741d2c94b9e260049a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001
Filesize
93KB

MD5
0c31bd1e74c07a2d7728a8b35a12a784

SHA1
85b9d54402d91923374e84ff97e92f3c8c1fce54

SHA256
4ba39b3fad088658eb4caab27ec6ac6d37b0782e9549c1c8ea3a7868825377ad

SHA512
c254465e6238f06b202fd8129f532bb9fec0045c33f587941867496842849a3632a0d87944edb4e2db8f8e2bd51dc2e2340bfd50b83dfb94e34283411bde69ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002
Filesize
112KB

MD5
75f5c08f3a3f7563067ae88a48b670a1

SHA1
406ffdf8c50888d214369884734eebdcd0e1cfac

SHA256
47cc9b50c73b434238ddd63daf09ac002f898a3c7311856e871d55b10573c617

SHA512
505e70525897bfb89cafbf16b501985e40bcf9384b27888766ad2dfa79997b23e2349c409483f672d9eeee42bc3996ee2e5e454d907e2607dd88accef634b1d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003
Filesize
109KB

MD5
0b8432ef29f2e7f8ec90f184a6960900

SHA1
1a67b2b0114fbbd242bc64927fa131f72a173f13

SHA256
dcbd3546a38da05e05c984d3487e78f6ae04e23d37442132d3a7e7747a561942

SHA512
df592ac5e3080a3acb4a7d3ccd6c1735429a0723448725d41d4f35721dacdf2b28f69e78266c97e0bd883c4baa95fbb14d920309ce5eee20713b7aaa33ff244a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004
Filesize
111KB

MD5
ff842ed4e32dcec579b712c30ed6fe46

SHA1
26ee3860c8c8913be4c47c9dab269c2d043c7f40

SHA256
b8b14f375401394f256769848dae84ee881bcc014c821a41ab459a0c0d88d9ad

SHA512
d34be5b60015facd46615c85a7789162d0d06ac4101ebdbcac1e910248b3a8da3c667af44e90c0f7e48c1fd5132dfce3192bc093a894e4f50a9ef28b702fd969

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005
Filesize
109KB

MD5
f20f25573cf88b5424b5008f32b1c7b9

SHA1
57508dffd14e2e8976c248bddcd97e07e2446051

SHA256
b0742c55213e5363495d68379da562d10cdffd5678560bab8ce00f5879207751

SHA512
770fe1e32d9d5ceeadbe6cd09de0c7f7e8537bcd617fb98527fdf6a2ecc8653cfb80b2a544bc761a4ecadce0855ba3767084670a9abfb86fe20ef363337c8c42

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006
Filesize
103KB

MD5
d9335a85c6393054814afa19446e2ce6

SHA1
21fd3fbf83d5ea610bb19f15d4d498afb48946bc

SHA256
f05b3601b107c80ef5e6ba26ee93ca0306ed6249e03381b6089d13962904915b

SHA512
637ab2afc3549644c9e99cbbd366eea03a39a9311badb41bc44a709438e1164c6304646dd8103628b94675d2767a22d5b2196ebaf4eb2b7047f5458b7433adc8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007
Filesize
113KB

MD5
eb7dcfbab1396e0f6f29e29e563e4f90

SHA1
460976a12ed2082d26c709b21d2e81c0200c7f11

SHA256
6297872894f71c259e6c63568d05a534d9dec35f808f72b8f9d00076f9908446

SHA512
da7e925efed6ba6c794d80af508306dcd5bdda3025d10386bec3242d2dc70dc9b77ca2eb9889dd3050d8bfdb5a3dfcb1a91cb7a21c39493b8abdff16d0c66ba1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008
Filesize
84KB

MD5
22f17fdb7d1fac7d49a73543e69085cd

SHA1
6e6a55c24ecffbc272b66139967e135a264c38e7

SHA256
04a724efac1272fce70331102f709345d6fc644a6c83e97db3fc7eb52270eb25

SHA512
7417b7e335709d35db159c1568e485bf7207e4cf61fe350830a68d729b81a41401a0687a8a98cdd8bbad495a9878ec949a43aa548e5d60f6c573cc989ff27a9a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009
Filesize
75KB

MD5
b61793faaad45a3d17d4bda61bf7e5b6

SHA1
ed2ec1e2026791c3f8d0339b3e8654aec6942b62

SHA256
9d28bd72b2b3e188ad8cc19c5f2957e0335164df799435815d7151e5b2ccad57

SHA512
6afd189dfba546aad6cea938b4cb5d386660c4017d2a11f8dbd4ad6ee6094e10453e0a3754be80e5f7c820276a50341e4427f79c5f5bc3055725af2a12234894

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a
Filesize
104KB

MD5
4202ae30aacd1eb9fa9304d317fcac04

SHA1
6b4645ac724c48d7d01d21054989bf11eb15c345

SHA256
6f360408248bf99335f7288dfcd4145baded041db2b47fc3f48d637c797e29fe

SHA512
9b81c70478401de79e39447c7d09830f25cb5b665471002e1d9ca08e321f46335b1d7bdadf8e8f7ba50f8090277755dd6b62abe2c5ca31447fc8e6d55465537b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b
Filesize
82KB

MD5
aff13797f2f2d2fcbf309180223f421d

SHA1
1fa253fb805a515e99d0a3d5379ce9effee8396b

SHA256
d98ea3ffa19e6b7490e13ae1edb9de1985f676efc1ac3f1d7ba74e8f457d629b

SHA512
045deb1a092d76b4350eb8db115ac61042fec34fd656af27e263cfa79708b5c180e82bd04cf3591fe98aad8e4e37c380404e7c097752f804d0260b3698ef620b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c
Filesize
26KB

MD5
931ffe22755a0fb20cfee6d1c2464371

SHA1
d5eafcb723cccfa362a069f7403be16ae449968b

SHA256
0e891aa89ce480e1df2c144c6d06120501a352c41a380b9454478547ec8dcf5e

SHA512
ce88e7f850b87faf82ece8b03902f3b02e6f5af16e226fa2ff3da35f3226ebd524770e7f942824e069296c79d31b3656567a4025ccbcf360334bcfacceb75c8f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d
Filesize
117KB

MD5
bd24070cc015f2b8cc3a5a429a4bbf8c

SHA1
7474ac3d2b60c4aa0ab69410aa7ebac4c53c58ba

SHA256
ac2f2ccd3e70d7cbc6ba09a662b5ad8097a27df470b5932a15ae76b6d6f91bfd

SHA512
d5f60cefd5e0cc5c92faba3ba1888b844dfe949c6b05b3620631ada3ec75455d6cf6816ea6545af76adce6882b9d72fdb21bc447ef3b4d057ca75411d7a7eafb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e
Filesize
60KB

MD5
6121d4b516f55a413c91e6ce19b35201

SHA1
efd8339cb4d638624b61785aba3e310c6b94ee6e

SHA256
f8fc1262e64ea757bacfda9094e51c52394acf06a439d192edc15a03d5af6a60

SHA512
059954b9ccaad64599de48f08672d875340281d8ca55156a6334cde58ed7e63e1d16208d1af7ef6e0b80750c5307fa2330f86928fe74df868c6232edc3e1e657

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f
Filesize
100KB

MD5
b4a80dec3ce0b72cd57c11f4c1ffef0d

SHA1
7190e094e786079b0097f8730d3b559813667e24

SHA256
fe57fe52b43ffea35fecb5005adc78f139695ad74c758772b9ad35d719e633bf

SHA512
6a29cc801f82cc2801cdb5bd447e8f1de325e4ffbaf03ebfbd85285749869d88dfdc1084c090c0e829770377f26e2abdbdb88553d1ceb366fe1167539e47321f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010
Filesize
120KB

MD5
9e225edc0595b0ba6896930d22db9f70

SHA1
4645233458b237e0659af31b17ed00f8592686c5

SHA256
fed4edf8c499119e994ea141d8fd1ab3b6f82165f7177a75e6a31d2d2748cf5d

SHA512
667c19a657ca387461e26e91f4b60216c1ab231c7844a3a2aa58af1df337b0216e812c77c222134d525450637160e2e7166ee31bffefddb438a4b9aa1e5f1e44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011
Filesize
100KB

MD5
592d2128187d6179ae4944fa6e736c11

SHA1
d1d0d493ca4b59019f6b894502bf370a2ea169f3

SHA256
d1a2ca515855f22ee19f62f097a2683a5866f89722b2c2b391b622079eb2c2e0

SHA512
a83a8b92e72f2241ca3c864be0bbf48c747363c7fe3982b0f523577e077be5764e220c8abc524672d83bf9008ee720efdcf48d949725a128eeb48e0e5848d5da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012
Filesize
84KB

MD5
74092c4e8fd59c3a91b3ea1ef06835a3

SHA1
232f9fe625e5e62db123bf48b578f93dc11c93bd

SHA256
eb82032be0833a768bac64fcd1a5dc325dbe6ab12cd02600e4f46508d2050c80

SHA512
0a86c011d52f5a3d16320309947b67a8b352d49da328f41de12a19bda92205ff13fde99c5b55141c4e9637876fca98dbfe978a9c5dd40f7d9373bc848ee0a3ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013
Filesize
79KB

MD5
bdf7a73db7f4702fc0054d517d11a0b3

SHA1
d2b2e5b562c1a926d43c01a940739d80ceb34604

SHA256
5c9d196306a56d392b74680fe9d7ac5eb1d370b056009da4f62c0558fe7f72a3

SHA512
52fc704d6ac91f2115e74308ca1e945bf9c13465ae85badb3157de3beec80ac7be00a1c71af6102938a5011d7acb5df26b529b47218759cf4ab3f2c45506f3ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014
Filesize
38KB

MD5
74badddf82591c1d4b215ef17d67c39f

SHA1
29a3af9e7aa5f0845bc07628c5f900ab26681196

SHA256
7e916ef2739fe12c4933785a0aa3d69b10875e886d34f214c759c71a105b9ede

SHA512
a34580e96d5d33e434eeb5c987d3927904f5cbae53368976b7ce59c30b53e2fc41f496834c62e92cb5994f896ebf451e3c0a742c66bbc4b5639f87980749e7ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015
Filesize
116KB

MD5
1230d0f2bc1de064051e85cc7be114eb

SHA1
fba14785ce34efb169eee754103ab882ffce268a

SHA256
0b7f4627a55b875fd3a308df7a5a8e6ed7388116225d778827446d5e6ac6b7ae

SHA512
1b25c3fb7863fa077416cf84ed8558fcd8de60e6e31cabd41f5c61f4a1a8999b0f76733913a5799c5a215da059345a90e285309bafff62cad56d6d8149eaddb7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016
Filesize
65KB

MD5
e04e29128e52878f6633a7d3c99acbe5

SHA1
bfc7d1aac96be90f050085ce88b4d921e397e4d1

SHA256
f02157141df4f9ce62410b8f5661da55adaec0186072afbe9fe7edf6bb505763

SHA512
6c69a27abfeb11f015a5affe8410843ceb3ac250c70e9083eb32dec0242ed20698fb33cf16ef7a61eb050b9a690d33b6b3eec8f5912f2f6d810849ab9ceb0510

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017
Filesize
48KB

MD5
924c29b198b5119726bbcde22a0f3785

SHA1
bfd5fd1815d52c7089349bf00133665f06a8c789

SHA256
ca51cd7e14dbc4459af94e15858a343f1005667bf5d8a0e445a53b8da24b46c7

SHA512
4ff525ac65e2cc4815b6ec3a3352f16b24e291ac4b7d1f2b0d654ef4435845fced88762af512012b02d57b7ca20bee2303e568b4740ef371872851edf079c866

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018
Filesize
87KB

MD5
a0be78e86424c26106ea2fa5c3264393

SHA1
32d0550421d434a4b61d8ae1e5ea2383ec403ce3

SHA256
571b4ac1212e81c7fbaebb13ebb8b12ce366a9b8728803a0167a7d5ad080c747

SHA512
a61e046bc07f45d392faf2e1a2e2a2e5014054cb76a2bda0560458e8a50f8fa3a75f75993f62874910f4c0157bf6f6e96eb58ab7b6a3e6f6860cadf97acaee63

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019
Filesize
21KB

MD5
94830acfe605ac390475d8204e909d79

SHA1
ab0b7bb883ed214185f9b68a6b278100c74fcbe4

SHA256
562be63735f4f92e09ad1f6e5cf59bd3146cc1526f15f72893427df03c0d9a53

SHA512
23b2be91c22163b2215e5b35116ff798446ea53fa8ac64114e6d7a20e6d0c3357bff638d7481ab843dceff57f3088afe5a03efb73e5ac06d26f410fdbd672831

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a
Filesize
107KB

MD5
26c0770685349ad6bc47fef24d5c9d4b

SHA1
9a77f9b2f578eb3cf2c999e5a808ac2c84e4fe80

SHA256
90b96dc86c550b8aa664c7a82f61411ace0834c3f59f024a2c57541954ed137d

SHA512
9db888d176d30bf6fe62a31258a6c9cc600d49596172214ea7647f04e2ec18643e0d81b2ef4e718dd3e2e6c52e0a5a2077458fe2e305f609ed2a334344aad45b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001b
Filesize
29KB

MD5
c53c4b781f53b21562990926425abfd3

SHA1
fff91c4acd5d0c187ad634b79b2619dae9af58ad

SHA256
1692f9c36f3aaa9d3e251a92fd2615b55d6f8e8e0bb286fa87184ecb4e20525c

SHA512
85041e7dd1eff82db0355a471ed64114d214bbf5d9b6b54f5f741e7a83b56f38dd591c854dc16c748db806ffedf896076c8a31af7664429c373497f68323c7b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001c
Filesize
68KB

MD5
d74c0efac1a9c59152b0325932d399f1

SHA1
a472eadb5b431a4ef40e78ed79eaed9bb8fc8135

SHA256
e8bedfbc203b2d09457d44a4ddfaadfb770d637e332f41487438fa9a7f5352f5

SHA512
8b54060e0a7fa219fb96ada3c4beae832727540d8872a231f71c2a0cddc3abaf061eb2687595be3f4fbfd996bbe0488f44e1e042b28c2aaa45d51f03d0b4e689

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d
Filesize
76KB

MD5
0205e5a3acf02774a8c2e78f25c2dbd9

SHA1
955f3dae810319f4ee7a96c114c5c7a2c3469d1f

SHA256
eb71a9c6195cff9a67761d91a4bbd4006aca00089bcbc7edcdf13f363809ef04

SHA512
03f9b51ad84cc11fdb7e0c890f3618d0e7f1355431d0367bcec3cca6a249889044a2cb5c2d97c81d5ded40b979e39c9c066542c2fbcc7b2c139c0af3adefd91a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001e
Filesize
61KB

MD5
3f967b4fe8d6f78d317f71ee12fec356

SHA1
ea7ba6e0b550b0105ab80a96337dd7eb765a48ba

SHA256
4ded40acf4742b434475fb13a472abe56da11fa25492d0a8c35964fc5e447e1b

SHA512
1b42859a8e87d00c9c78e4f09f3cb6245b1c7ce0521065775eb98022c19187d9ef6628ef5793478c60ecf5c7a3201b274877155a567cf35f7c3885fdac60579d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001f
Filesize
175KB

MD5
75f0b0436c11f6a07466c6da72f326ad

SHA1
d1041e5020c65dc8492f477cce31153852c312d3

SHA256
892648fae18931dbef99a5d868179de13cb8142256590cc5737638e3d2110559

SHA512
580c391a2f849c4fe8d4655b90541094f24127679ae598e2eb607d0db6fc62d5fbc13e6e6d78b86a4d95a89fc04858c0b4ac628b08283cfd5a19d493abbb6945

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000020
Filesize
176KB

MD5
c5037f5851c684ab7eba57f83fa75bbf

SHA1
1600b6700578e4917220a86c9c6c617bb3607460

SHA256
8613900a7ba81fa38d9e77db6136115f9d98f21d0376c7f73a54c91ff32abc85

SHA512
2de13380f3fd8898144b59dfd5a79c47b32cb298a97a3c6c0e6651fba77dee931904a297224b031c5a33b94803ad2b5f5a9df0046bd758a41fa7a0cb1bcea3a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000050
Filesize
17KB

MD5
950eca48e414acbe2c3b5d046dcb8521

SHA1
1731f264e979f18cdf08c405c7b7d32789a6fb59

SHA256
c0bbe530abfce19e06697bc4358eb426e076ccdb9113e22df4a6f32085da67a2

SHA512
27e55525ade4d099a6881011f6e2e0d5d3a9ca7181f4f014dc231d40b3b1907d0d437b0c44d336c25dd7b73209cd773b8563675ac260c43c7752e2d2d694d4d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00006d
Filesize
19KB

MD5
2cf9df4d427447dd00b9566db8465de6

SHA1
8087616509700002b3364e20c748888ab581b42e

SHA256
8008577b4c52cbdb4883d39192b6dbef37e006851cb0415c4752dae24b985783

SHA512
ea36bafecde55be1ffa649f4f873e2267f2a7633d9fbf9c43bc6ed1d7076761e167ca4944ddff9f26630f15266fb26237288dfeefcf2b1d6f59eabedff9c89f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000070
Filesize
19KB

MD5
1d757185702fbe7fa84a4111f5181b71

SHA1
698a8aea1e118511ca54889f14b87a8d1b60027e

SHA256
fc97c936be26233cf9bb68bb5d7e7b9fedf1c21ac186e1b837b7077dc39b3c64

SHA512
42e5b81dd11ef0632174dbecb3fb161e15f204e9160082d9911675e7914ed20c8b8c136d9a8322c5f4d61882f87651470dbef7fcbfba2046c53d6ad035688148

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00008c
Filesize
194KB

MD5
ac84f1282f8542dee07f8a1af421f2a7

SHA1
261885284826281a99ff982428a765be30de9029

SHA256
193b8f571f3fd65b98dc39601431ff6e91ade5f90ee7790bfc1fba8f7580a4b0

SHA512
9f4f58ab43ddadad903cea3454d79b99a750f05e4d850de5f25371d5bec16fc312015a875b8f418154f1124c400ae1c82e2efd862870cd35c3f0961426c8cd82

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000b8
Filesize
776KB

MD5
5891ebabfbfa7a3ec54165a9e42db25d

SHA1
5d17404b58a5f0890d82bbd48c296e2d834439cb

SHA256
2d9335373378aebe416c682b6f80fe0357a11d1c9921f3a3e95bc6ea9e288262

SHA512
472b12f0e64f16172028571fb6a0316a598f7be6c0dfc3d383a9d83a1ab7a931c29dc179e5f1095709259c43d39df8f029dda02dc6075797a2f313d5b3b50646

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000c1
Filesize
40KB

MD5
3051c1e179d84292d3f84a1a0a112c80

SHA1
c11a63236373abfe574f2935a0e7024688b71ccb

SHA256
992cbdc768319cbd64c1ec740134deccbb990d29d7dccd5ecd5c49672fa98ea3

SHA512
df64e0f8c59b50bcffb523b6eab8fabf5f0c5c3d1abbfc6aa4831b4f6ce008320c66121dcedd124533867a9d5de83c424c5e9390bf0a95c8e641af6de74dabff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000c2
Filesize
53KB

MD5
68f0a51fa86985999964ee43de12cdd5

SHA1
bbfc7666be00c560b7394fa0b82b864237a99d8c

SHA256
f230c691e1525fac0191e2f4a1db36046306eb7d19808b7bf8227b7ed75e5a0f

SHA512
3049b9bd4160bfa702f2e2b6c1714c960d2c422e3481d3b6dd7006e65aa5075eed1dc9b8a2337e0501e9a7780a38718d298b2415cf30ec9e115a9360df5fa2a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000103
Filesize
37KB

MD5
d7cadefb4ae7a76cd9f704aa609abeac

SHA1
8949b858cbf55c2ab23c4470287cea5b5341b312

SHA256
fab148c086da8a67f1f4f71e2b810b5cd31cf0643e8fa20d3c06709acb4b61e2

SHA512
0ccef25717d672af58a93696dd51341b980ee58e267a0e164459029c5cb6cde0176a569c778823c231305fe650237deb8f71c8d0391ffd850940eadba3073e40

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0035fab76dcac224_0
Filesize
2KB

MD5
1699381db6553602ef162917c5f2ed1b

SHA1
ce031947339e9804c9806a5847bc82b6117de39b

SHA256
e7f3bb9ecf885734bc5dcbec860eae48ebd2c4b5825ba443c7ca378cf06b0718

SHA512
421eb9bb70f9e482be6462b58661a4290c734114ca97b707973837a090c7f7a0c7144ecd84d445a6778ea31ff41fb7ddd34664e3ddc782a89b3f941c1f494b59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\025318283c95f20a_0
Filesize
2KB

MD5
007884a2274cdcf48cd0c3f88a2df9aa

SHA1
b0eabc1bbaad09669bd8226b4c4e05e9a4c8eb10

SHA256
1de02da14ec62564ee958de7e77e96cecbda4d511b3c484600f06e754a7947f2

SHA512
e9dd594fdaeebddd5f74ffde0ba0015f2254c43ddb1a9eb157d97596cd21f7c77b377463ac3140103a5e51aee89d141e6a6c3051bb168710823b82c042f26fdf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0580a8e1646d7bcd_0
Filesize
14KB

MD5
047614940553842a7bbed8467483a2c4

SHA1
c113645bd32138541f6e349f354d1606d3e274a9

SHA256
7bbe5d3072657559d64b4ba28a5614108a3ac9ca442bedc4bfbbf246ba13b820

SHA512
d9413e597cf7c7d500ae10dc4c514771a018e7b13faefc9725985234850b43b295b0df79db63cd9c1e6e7038249f425f4a95632da5f5d03243bda22189e01345

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\06450eb6a7b09545_0
Filesize
2KB

MD5
e2fab7a5ccc621d8b61045113cd30656

SHA1
27953c7e5b4dcec552698beec0acec88b50d1d48

SHA256
7d7523dcc463f595af87fbd858393b8fe4841cb3728bbe6478c489e46dfe56c0

SHA512
e795cac54671a518986d83bbf6472174baa45f1643357b70d28f1831df749313a8f8055849f0f13e60d0e1817d6ef707f56bad8d6318452dc5e723f4b16870f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\12ad61b37cdecd56_0
Filesize
12KB

MD5
312d6546f1aa47972b13a7cbfb55215a

SHA1
adb06a83984f3c881b9130a07d71aa4d51a2dee3

SHA256
8a833d689e24d2d04441759d45ea8e5a16b0eace582b8aa60bdf253395dfd6ff

SHA512
b71f06cc70952a432b2b2535b253a4adc306cd2c7ce72a5f842c20c3da4673645db850d2cb431000276503826d42ed04646914920889a48377f7f40b4ab4fcc9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\1bc53205118b9d5b_0
Filesize
2KB

MD5
c7098b07753623f1036f3c61f68c1f44

SHA1
8259bfa57457921176a5650ab559794c04689c07

SHA256
c2cf345230245fd7111468f1626596fc21d94280f0c383e697298cb7c18f1764

SHA512
299159a75cfad874f3f6a2b7332def8ab8075ca1f2e6e0465050abb132db1442c6fdd7583a6b71d81e96762f4d488504ba8e1f94e95ef5c748a329da080d76ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\249d2b1b9e5362e5_0
Filesize
3KB

MD5
a8c5d3087d46a63f17119aa9861c98d4

SHA1
a9e7acf23834ac39a9dcb2f15000133e2d26583d

SHA256
d64eaa43cdff93031e9548b8375200dd4646eb7f1375cff130b3406d385dd379

SHA512
7fc52d2a1cbb55f5c7c120dcda425e636491748e9b1b56139c618fee90e8912a91c0ff5e1ec7e2de4dbb0733034e993e75bb4ab62f858cefcdc1127975a0eecf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\254dc46bec84a06f_0
Filesize
289KB

MD5
7b6c984cb19af58627e9e3e84b785a0f

SHA1
719bb7869530fad22a1da09f7b714e4328db39e7

SHA256
d27dddd650f544d04ff871155194f765fb2864e7e4836a2599122af7c8e9d118

SHA512
73072bcd2d959f0bcf20de23381715888fedb61c2c11d0bb3aa29476a209bc023b632b216dad3a5ad8ceb817a94b38ed019fb41e5703cdfb565c2c943dd0587b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\25c90b4fb1c6ef85_0
Filesize
1KB

MD5
934e131af01e0dd47f8c534e5465e84d

SHA1
f1a1213f2d57a90874055a51570f3ac928e4e225

SHA256
648816ff51a8ac2fddf32a89806a2ea7423f4c8db268bca27f7795a3379dc9ee

SHA512
8a8b990ede5f59b1317d8dfb212f84b8c691893b9c79f2d15c58d6f53d6f0f075225e8373f6df064410e0d5fce13d7d4c21c06194bb2f8a57308fe60b7f4d8da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\2afa7f5e16482c99_0
Filesize
110KB

MD5
97cf17770d876da2fb88938c6af48c51

SHA1
6241c9b00dea4a06fa308f34e49e412994320860

SHA256
2314184ef16177b26099207682b57ef7728dfe28dea15ef8a0e0ed3ed4096295

SHA512
1466a6670c0b19f99a9cdfebfce7c2edf267a9aea61846bb10bdb9bed7ce3181542014a4404b9e7e5b5cd3b9adb593ec063ed9da2124277fa8d9c73ee5724564

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\2d48a9106aefde63_0
Filesize
10KB

MD5
ec4ebd664bc970a0f2d0f200c29a62d8

SHA1
21e19e4fb046edcb9c74a6f9a0c29b5de9305a4f

SHA256
e5326c1deb4fda3963c53d171f3983a3e3d7134b1504c5d2d682a41552180bbf

SHA512
7cc8117d355ebf33b987a4e6183ea15ae708fbde70de4b1db693abe9fab4f32750df16c92d276d9f63c017b407f592461cb4ee5e310a1fdb0756e1a92fd6e80d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\45a16ff6d0d9ab5f_0
Filesize
1KB

MD5
5b44999a9aeb853493d55a0a680a3080

SHA1
0ac3fb4d86dbeb909f772180d09c3eb4a52a9daa

SHA256
ebb127780e30c4552ebb8dbb7e294e00b188d6364d956ac5c96fe1b45ee7997c

SHA512
459f76a564d02307df1467885043bb4c67ddbb9f3e613c70bf1331d4f608e49d1c779bd1c47f356d8b31b1a1576e48d43008dd1c7794ab57951b4905ba05c699

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\47d4e623e47f5bdd_0
Filesize
262B

MD5
80ef7400aa39cf0b912c1b580d3e74a6

SHA1
73436b03afc606e2034336b29ce0f890c9474fca

SHA256
7a4f3e64efd345f0b8d9aa53f23001c59ac5412d5d90db648872d997217becd3

SHA512
4c061dabc1a7d2c41f8fc2224e1e44a788225d4a7830ffc44116187e95a60a7e4050eb7888219b07f673ebab3a3f128a83919302bc6022ce1073e4f7678d7076

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\47e5051cb297755f_0
Filesize
26KB

MD5
f5a360ded31586e05b7627a7ef1e9477

SHA1
3241c5434475ec692e547aa78c8846b2ef1a9858

SHA256
31f7665ff6073f49edab22b1996153c5ff90f3f220ba137fd70703dc5fae3c6d

SHA512
03f4e3c4e324849fbb067562b544fffb650f6f1c7b2a43bac9cf84544142ef8d20808d34e7ad0d7a03dfa793b25742911a449d3366e6d64ae5a509c78812a47e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\49068cad27a10083_0
Filesize
433KB

MD5
0568b91f4edc148c1ff3ce10512e4999

SHA1
ddec4bfed3a24418b3392b27642503d9dca729d6

SHA256
62ebc0ae2fd40efce4d21501b2b1da3ad8f751ecc3fa490ca68a81791ed0c3d9

SHA512
40a9df2037d56387afa74dabebaab3e95244dde8c2d8ba73bd1b17ff74d830f95654a1a2411dbadec3d32f7187deea63bda796eef53cf804e6066af5a62486bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\4c693273baa0190b_0
Filesize
5KB

MD5
a1284235832deca8bc0781d10b5d7be0

SHA1
9c60390b4f2984ab7801dc0d9545ad48b9e24ecf

SHA256
abf3dd80dc78d67e81d132af8cfe4a673dc86b9d85d210b1145528369a51cf4b

SHA512
eef12fa3bf7f81463149cfabe370cdda502bb56091a978155969c7a5e9d4149f62869a0da0ce9f72a92339322ccb966bcdbb4f9a1d7dbeac86a0d51e72541ffb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\4e6742505c79459c_0
Filesize
2KB

MD5
0b93bd6e00bee26a8467f101c309f2fc

SHA1
baefcfa680fee27b680fb980dde5a0a6f7204abb

SHA256
6401b6ed1947aa0e5dc3ef55029b3a6acd59bc608616685855bf1bc30c71858b

SHA512
50f489955fb5798cc54b0164fbf9e7d109ab9d9c676551f42875d9e53a9fe76860627861b97ed1a0c42ecf12e6d2e2085366df2cb820769eac33721ea4106ce5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\53ac5abc87e80789_0
Filesize
2KB

MD5
f0a97f4e8e7caa4488e68fe1147707e9

SHA1
c2bb53605c156e4952359a0273657256fc1f64dd

SHA256
c997d2d423d0aa0b7552fc579e0538cbf51bcd9adc80813a80763bc1f3380f93

SHA512
f77dba76f9f35b7f3accc96dc5d75302a0b5fc62c87b26c734b3fabb4ffdfe93c1c5dbfe314d1885a68610452a96790a0a07c96ead67187637da823152331fff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\570b9373b56aa1df_0
Filesize
1KB

MD5
2a20fbdb0294813b92895721db9b34cf

SHA1
677e25c0c1f080fd714e3999c16fdddad25b33ed

SHA256
bdc8bc06c6690c688a4239ef7e7743e75fa2fa65beeac15332ae28f14831c04a

SHA512
dbae67f838e73acac7562cacf69df7ae7a2ae37378b3b72f4973aa355fc4a208cc932db0a8d98357aaf77e3174515abb9915b1f8edcbb1cc8824abc77f335985

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5761ba72d084a14c_0
Filesize
4KB

MD5
6cf6218d02669a9b82d4a7cd0d4360e9

SHA1
a0227e6371cd111f8b137f045aa0905a8351d447

SHA256
455b05fe95716253bab385df7350d9a132495c27488ed155e5520f8dd64af9b8

SHA512
60657b8abf96c3459e7f95ec77c3ca457b35ccc1d26b2f765807fa643ec9e6abc9744bddb2bfc15a8397185001ca0a0a512853ba5b73789554f67227f1857bef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5801d3329fb36c59_0
Filesize
2KB

MD5
c9f3fa17278f4feba88924595480cfaa

SHA1
38c3e8c4b121f44101136c56e2ce12fa697e59a7

SHA256
dd860f5ed9a8b1d0ec37f83dd90f0933995d742d7489ad0ab5adb8b212e0d728

SHA512
daebea9655653db582ee7542bedbb2ebabf51fb5b02f1ec5a679bdad09b5446fc73b610531e1068eb1d88f0c198ae5b73ca07298a1d7ed844d4c130b404f71e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5901cd6815f5b8c7_0
Filesize
10KB

MD5
672634d02691fb1b443cc67cdda19760

SHA1
ff43fc9136cbca4e12b0385091e31d236619cf73

SHA256
96bc01a16244aa76e5d41a8fd59a24b4c030c8e3dff3aaf577a2b6d4218fd857

SHA512
e2afa326118752bd5486f5cf04893176d4924d2b3f7e93cc91dace954e2c41fc967d64573e307607364b54a989759d1a06bbc0d177398796ffb8c99af6c3054f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5be1c88c17c9dbbe_0
Filesize
2KB

MD5
8387fbf05a1bb6a6071079681f5b4371

SHA1
d0da03d105ab72e5004bc0571257bc141526be4d

SHA256
65f4fbbc5060a7ccb7646fec2c9a84222adb5f21e8b903cda1896ddce6ddf0c1

SHA512
db23f5814b80c938767a71e332065cf9509e553e70a0da192ebb845965d4f67bc7af9edb6ebc2e8e9ad41d7e509682ab4ec31632d01a461d385fdf1b2251bcdd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5ebae3eea1f01edc_0
Filesize
2KB

MD5
dfbfaebeb874cedb3ab26ebac85ae837

SHA1
e0481f6e607831d9fbe869a04a124572980a6558

SHA256
68b1636e0e1103f007109c6b55f11fc56c0e21b5be8fa7faae2ee064c360b4ba

SHA512
cac59b9d8b892874b12e8a9b56d1838f8c160c845536c4af4cdef26907c9a926235bf8bb4fee875ffdad1e2fedab1951c28fb435daa47c798c4e0f923041d800

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\635e64b37935c888_0
Filesize
1KB

MD5
1af4f94e619470abfda8be63c6b48d75

SHA1
5ee250cbb59bc1944f8646a3df99d4f563f484fa

SHA256
cd0b039109e33e8dd68c0086cdc4302bde52ff3caf9f90b9c4ad7fd5600d9222

SHA512
4ded95447b04e021c3d5afbcb7ad4b7b5f0a52627d6127f183fb3c0998d7a2fadca18ff616373035d3cc06000e85dc17a3d907ffbe73296e2e4f31b6fa236d57

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\63c6995fb9eb98a2_0
Filesize
1KB

MD5
4ccf64be464d18fab7e7a64ea6a938fd

SHA1
068073844dd292d7159ee5dc3ea753d985dd85b7

SHA256
e2b23db6a1f5df846e0584a973f816e1cf498f22f5a5dfb6017fc8047a19291e

SHA512
db776291b39a94d0f2706f168e7f9fadabb81fea2e2388784aaf39b05b0a0f0ba3c4a612667569e00099e5a7d3cda2e818b1f7c51d0654d0c17d7438b671d361

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\693a63a9fc641d93_0
Filesize
3KB

MD5
55e1eaf9cd1743e81ed8673893aa7a8d

SHA1
2b7e90af7c49b28a9e566757d85b5e1bd8722932

SHA256
b9948ade97ba494be26becc5b220fc7ce8dbe0acc4ae0e81791bc834ea0c4cc4

SHA512
a5ad0e4f4d4fd183f973f7dbff87e997a568e6d4f58a6a7030f0c54ac64d4a18b55126ee9dfbe59e3112ca0dee0f3a71c013225904843b75b95d1e652d9892a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\695c42f61090a800_0
Filesize
5KB

MD5
3b38f76926ad237d6f47b7e5e99f67c2

SHA1
9a8a4670cbda0478f1aed33b158ac0d99bd59ac9

SHA256
7027aa2b5905b1186614f7cdca4936136168044c47a7e672d2a12ee1d5b22233

SHA512
b12471dafa2fb9f51ad6d7ed0943a93d2b31a1b6ca0eb7adda986f08ca3f8a6ff7022c0685032a9cd7a15cf504b5a994fff27b4339894ef28fe8ec33c5ab9c42

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6d3b0ad57bdf7db9_0
Filesize
1KB

MD5
a8ea9bdd24f68e96a36464326518dae7

SHA1
f94bff868b1819ac232abd35ee499952bec3bd03

SHA256
a3df06e587ed154f5324547a8bd571fb57a190781a95feb845fbfa1294091459

SHA512
3ea471ece3c01eeee7a81a7bc2db7375493a72f7c7b4687ef46175df53edf507530b9b566ce2137bec1c732ff5f29e354f2f0343f8cb8a31198b30efffdb92d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\70d430d5566e91f9_0
Filesize
20KB

MD5
623196f06e6afb33fdbfd18c05ed4646

SHA1
7dee48c8ec4cf1397fb4e32e41c351efbd85ac79

SHA256
bf45bc06ebc2492beb73ac875c2f080097d25dc03e1f3d0b25294dfdb9252d4d

SHA512
65e3b70e6e3a2286efae8f16214da00088e06bf0e2b77a0022c5db949653a6e0ada2af64470cb0a6cc353ab3347d014692cdc807539f229cfa15471d20ecd628

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\718aba49c9504085_0
Filesize
2KB

MD5
0505eee015b4b3950138f4ab956c4897

SHA1
d6a68598bf79a1f500f0501c29fb747137d26dd2

SHA256
0645d995fd40d29b99af4f21e14bc6381c16d905f4bbdd0ea6a6fd24920dcbbe

SHA512
476715b09b3ec110591c37a7cbdd42b9c2120de2fe546f0943e8fbf51555f76dd00aefbef41c12d1c8de1ee80c39d6fbd2afc7431c620eb81187e876fea5ee00

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\74b88724f60b0383_0
Filesize
1KB

MD5
34e9ab184c7ce3ebe8ab381dcf39e9b0

SHA1
b2153ccb9a14c4af82fabcc3b8982e0e6586e2f5

SHA256
3f64337290d0d43e9a3af1310d2729f5cbe29b5c5f1e5f2c1f04d218b7c6ed1b

SHA512
e9484b8b6010407978adaeeb3885eda69fe4a687c1ec4e4a4f23b311911e98b7a6720e2a5b4dde880f96beda7ced387bf0566745de611a8d85fa809d5d47f7b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\75ffcd5862ddad45_0
Filesize
2KB

MD5
21c6c62e8c7116be9ce60b086bdd4ae5

SHA1
91a8e83e55b2bdd12540795424bbe2cdaee0ce40

SHA256
758e7199383837c98d540b211579107d5b96f8b1885bff37e752449d57425e95

SHA512
d96c742bd6197644acb8eda694b139ef0686921fabd4566f27550c6e6d867a68980a4803728ca5d8e6ed6ebb241e14b7f3c4ae6a97f7b48ffe0c31d806c2976a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\776b7a9456712bfe_0
Filesize
411B

MD5
9ad9c29f29cb10ff3e35ce7a2910370e

SHA1
9dea2126b4174aded2f3e0b8637ecec80a9c2674

SHA256
05ef64d27e2c28429b1883aedd852ca395f030875a624d1c24fbe94ac99bcc24

SHA512
26df45d69d1f0579315c1e29a6650be4d215b139d942779e0a07dfab0a9ba7d9ac9d1d1af70500a6603730ca349c1144b34b85c5941f5e74df2f955d0b31ecda

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7886da83218d1858_0
Filesize
310B

MD5
786638f6160a335ea4e0bfad537516d5

SHA1
5b3c1dbaf59dbb1bc7d6b7f1745e128337d414f2

SHA256
038f431ae10217fd2623078be9608532c7ad8a3fccb41204c9c54df43e3ee3fa

SHA512
20039100f0cc6df003d244e1ae53a45878a401995af9c459c076ba68f7fa833b31ce0ad25a962e3fe4179a19a5aa3ef94b55aa9270432da36c8f550790bcaa34

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7a66a1246c4f29f4_0
Filesize
9KB

MD5
d71d3a5d83190466238b055129231fab

SHA1
f34bb747085c0f9494ee7eb372334bc01dbc6e0a

SHA256
abe16849db2125f4b62207303a9e1d8c80c6dbd7a2ca23d3332c385b9d606d6a

SHA512
d3870e0c2a636ff3d8370f80aeb7b67df34240fd9d03ecf171536e374ac6c9d94040f24049afc8ac3dc0a817b322f9ee86459ae6b8b52f1d20b01c871fa0963c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8781fa41e6538ca4_0
Filesize
4KB

MD5
3387e18b3e77ab364e67d3efff2ec756

SHA1
0094c014e44fd7ff2b3df3df3ff6be13aa0fc9b9

SHA256
d5f8668f2fb81ba36ce91c334d83790819215749eb248d3385ad27078bc274d4

SHA512
e09f2fd102c2840f188335ab12cf9be04954ccb0191bb3a3dc521e2188e61beaa0b2563579aeb7b4370151403b7f1869ca7f18d5429dacffb1e61e4c0be78aff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9412c8b664751f90_0
Filesize
1KB

MD5
9bf408c072b5563dff9b0c590eb7cd75

SHA1
88fedd5f5cb8c8d6fe352919d2459ab9b836b100

SHA256
bc5dd27c31e0a5031880b1af6511c169dfc1c13ac56f37f3765cf74624b1c428

SHA512
c0794d694c0dc8c1b67586058a3902e6bc9f092a5b26451d65e8ac51884ac70b4ac7ffdab31192429f52de306fabfcec5b7cd2b1194e307a79d01d91c9f835ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\94ebe1630900d094_0
Filesize
7KB

MD5
3bd654c39f1d88160d8b7fe2c2bd119a

SHA1
76e2e2741e0511fc0db86c99832ac2983867047d

SHA256
2fe3016c4a950800014a7c125481b85f430e08643a988555b2bcdbfba88bc029

SHA512
5ce0600c3e2782133e598b4cff0c8b1aac23822c06848d7075d22d54cc90e7710e691c2d98e36986f79ac79714baee36f2f3a5e7456925c1a122b8c995a0ecb5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9828bc726d9cd134_0
Filesize
17KB

MD5
bfabb9926dcb3eb39286faa718c8522e

SHA1
32a5d2f5e774cc844d58e21bd973650a3b3e2e4b

SHA256
9a579e4720cb26aab89b5b0d570f1d19c3eaa2403a3ae92c57b5a3cee4215a20

SHA512
358766a64b0c8f3067cf7c549da6f23ad4a93f91e570d78c80233eca89022788aea2867220f1cf718c77d29d4b3514fbe864a869ac8aa4014a996d281ff0fe8f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\99110e9a19c3c06d_0
Filesize
4KB

MD5
72ce7830ae60db1bb4cf05cf7b209f94

SHA1
bb08bc28cdd1c3549b2aa9d8648f829f1dbf932d

SHA256
5d1fcfe9203db3443be419bc3bb6e39b04df27240c931441615e9e3f929a0f57

SHA512
e934713713b658a2e22ab593d6aae854220f72362cdc3f5e707f30ef454aa3c8b638ff6e8848c5d4597fc38c782dae6844d2963962adc93862bcabaafe14313a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9eb49b832d016644_0
Filesize
262B

MD5
f22a9d4faa6ef2415ece45d32e97973c

SHA1
f2754765e3f362c0bfc586d5e0ff7ac2fddbd3be

SHA256
f3a237b6a8f506e60198f88ce1a446c7edba0c37c2ef542f790ea34331954d36

SHA512
20ec604486b0fdd24ebf961706acd14b98ac6dab4f3608d2c72660d969ed12e244b446c2156c9341d91d0a0f3fc8babd984c22f3d47a5661ce4947fad924177f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a09f6271ad0c4092_0
Filesize
47KB

MD5
9bd3022252d88a9f014f8ce7dae71841

SHA1
634e976be767bcb5ed816fc4762c426c980a0247

SHA256
ab400fdbb7c124271bc784e2b4e7326d0a8312fcd730d69c8dd5e5cac8246bc1

SHA512
fbd245b55699d178228bcaf6534c78f1c6362ed7494f5b4f155eb429bf1e8f68ccff163659cab8c37c2448862497b9516e542bf4b44f14e7a2d28f51ee0c1f4c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a0bf23602ca1ab29_0
Filesize
6KB

MD5
880925f25297e2e8c43ccff9320808ab

SHA1
02e1bdab06524ab8ceeaed06a2f172897c6d9135

SHA256
7993d9e72e0fe9527a6442ed1e63e9ce438ebfc72e752f86896dbd793bb569bd

SHA512
880c9a31df7416fda077360f3cc993afa63014a61957152926174a7ec9b65a2f3344123485cbf7129074364c8c61d57d8941ff486a83b2ef586f19200ac13874

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a0d3faeddd553747_0
Filesize
207KB

MD5
d1771c63735356d7c1181f9d5646138c

SHA1
5637a61bc0fc6c86ede83cb53ec8123c823072db

SHA256
db4c02c020bfbb826c1e2a7584f9e7a93d8650d35037997ec4c0d5191604ec21

SHA512
872d205fc69a08deeb32353e12d3d6c0054efdf0b6193f5bc73ca3715efe5a6c5015dda7e0b03a4d2693b39b64e161aecef3ac41d661e3a890d86fbcdded4661

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a37ad9a49149528a_0
Filesize
6KB

MD5
2eecb967019a021fcbce364476e05cbb

SHA1
a22e0df59938c1150b89b106057214c33f27c918

SHA256
7155acd2f1189d8ecc8a5de40eb61ca6e542572d688586ed88338e22866a19ad

SHA512
438e99b25787b13d761f83b54030bb73d4ed0801b0b2ac8b6818c2f0c76607409ada428e3bebee646c9f60b3efa258f3c975d23a275739bfbe408fac7b6dd5d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a4092163faed376c_0
Filesize
351KB

MD5
98832add0f039a5ff97fe40d55486df5

SHA1
cafb38ebd24439621abe7660a54473efbfb760eb

SHA256
e56f7a764d4e477a37d68a720c3fd499e2f16dae8f9db44e35d4b6133ad4f843

SHA512
9dd9abd702c64342ec12cd6fd5a4e2bc53d82c0e00360e4af523a0ab59c90f82795e53e5dc13410d3e2de64e9f5961a6c0a51a8f6912de2e2d83181a503f66bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a6591353e7e8bb2c_0
Filesize
3KB

MD5
5eaea5801d54845d6929161df50debc1

SHA1
f18263859ac0e4177af0f78e758753417d2b019c

SHA256
2c0b0878fef627ebdc8c3101977ac8a2cb6d9b8a7db19699082621c20d2743ce

SHA512
a8b6746ad8f37fdc6445ff09352e2b6cb168650a4020de2692bdbb339cb443e88c74e507e950da625b4131bd54b67ee86ec0fe7e0882a1db25fb3dd752fd4108

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a9a5b2100abc1a1d_0
Filesize
6KB

MD5
a0ec303980ba3a38df2c32bd80284965

SHA1
02744b35b9b1dd2d95456d8e798b3b850ed2e0c3

SHA256
102977ec9184927bcc1134f1486d6a36043b5154ae9af95303aca0f020a80138

SHA512
81df28815ebede236aee245e7b2d4c3eb32141c831de7031a133f653f9e5b40cacb2a235853a7073c4907c98ff83e3f1b370570759c57786545a4ed4e97ee905

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\aaeb9d091ab6187c_0
Filesize
3KB

MD5
8dcb10bf90d50a56c6edc2720550b4ed

SHA1
e21b155c9a4c474efcbb9c0d04fdd727d5faabef

SHA256
44eb97a72a4b62d272d324b62ba8e693fd00e5583d4018551119a3732ee10fc8

SHA512
d8ab8f82d98f3267035016aa7b42c303f6fea5ddbfee8d18d6bb6c877353059373dabc533a108125676ef2225ed9468ac78ec9b5311f17fd00594d73f3a5744b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ac9b40a0411376f7_0
Filesize
1KB

MD5
6c18f5699b628fe7211b073d71b89908

SHA1
9f1199d7dd7b0183fa1664e563c68f0bddcfb97e

SHA256
00fd84b3150a4bb16193838f46a5754498f8ac38833cd19275f0635b376c7416

SHA512
b0537e98ed50689505c7d3b4edf5138985a2325d186cb4f1adc03d18e6d744140585ef6442a170e521aa9eaa25f9d5b546d8927a53a8483dfa746ba3ced0384a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ad24adfdc0f573ff_0
Filesize
262B

MD5
df784e9efa0b6bdbc9cd30e0f19320ee

SHA1
658ec36e799f4be6c7dbe98159c5046f88982d96

SHA256
c1120879e8de1743eb59020669a619c0f30895df453d3ca387a129060fdb59bf

SHA512
b364a17b1fa8443bd18dde3f5fcaacd5b02770899913503bc4f5338e32703971d928b3e4c8b65c14795761f8a1b54fb0bde01db60230150cab42197ec471a180

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\af48edbd3578ee3b_0
Filesize
2KB

MD5
8ab1892c9e9766ab43bc8f5fc4f958e9

SHA1
9bb76eb4ec815afddd2c0fae9c62bfa6a0480710

SHA256
dd0953fbda4bbdef5de54047897bbdba4a26e517e578802f902bbef56a35ccf2

SHA512
1f7e494c67391e93a1f467e9c43a395d7aee89b1199e322cdf6edc8a13bd570f6073e31b905ad01f737a436cfd0f84cb01790421c9af326f38288b3b6dc94163

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b4c0f674f08ebd72_0
Filesize
6KB

MD5
76adcc7d0bc723069daadf7f0999f32c

SHA1
2599b35f4ece0f92522b24d20cae25da886a963d

SHA256
d7a10a2dd2fc3bae3eb6fa19b6c85a2caf51f4fc32a72c9b43b54699d10f7964

SHA512
dc1c26dd4fe958614b2e411039e24826414608d8eda23c7a7c47774a996e6808eaab2c787f36686eb24e67a2c33c3f452ec9ec64fc37ccf5ad87095dd43ca1fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c354c61369a7b1d8_0
Filesize
175KB

MD5
a81b7862f59db0039bc3241374f207fa

SHA1
6ef78bfe3c3ab6e384a2ec2d8e25c0202731608c

SHA256
0fc41179bb9d0930817bf919ed9217eacffc68106475074df098554d49c83efe

SHA512
c4a34a30cae8165b9a11e4e77fa69588fabe9a557507fa9c9840ecc5423be628a492f06f4b252c843c7be8e141afde9c1aafa63ded4c8dd0d44106c39f7ee678

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c37dfb5671a046f1_0
Filesize
2KB

MD5
ab6597623199b9a5820bb95aceba42fe

SHA1
118430ba7693076c63b7187b9d321bc14bda647b

SHA256
15eaed00b8705623b67e813e60a099cc21a172a5504e919fb2ed4f5a6ae3f41c

SHA512
1680ad60633ff1e7ddfa3275a9f4bca71535a7d6de551086a02d96b45f00a28c0320981750e246b2236a6577710e8626929eafc2a3b06bbf6209b5f7472b2ec0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\cca6dff0f171f457_0
Filesize
26KB

MD5
3b3c75c58f84482a70d96e5ce9b01f12

SHA1
ebdb7e14b69b0f78c02d73f8b674643654517138

SHA256
4008fe74665237578157fe9d7ed52a0dcb9216ddb69ac259a69740574ca817cc

SHA512
5c187f0194c62d98c3c7ebb055f1c0e94fb58d56bcb9aa1198a39657ce6305e972ba47621c8dbb7094b3335f2e4982bff8ff201d8b1097d81ded866835df50c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d3dbb3008455b523_0
Filesize
262B

MD5
f0d8f7296836f68eeda4e2f0369035c8

SHA1
4f762c1cd3f45fc1b9c076acfe403c5ce1ae8ee7

SHA256
87f00c13288d937d80104b32631bfbf526080fc0479a4637d80e060958d12c56

SHA512
596d8ea68ed5fdec4331e32781e19c1b1927417fa44ceaefe10bdaee91fa84f49265723ca8fc76fbf807e80755dda0ada91e47fe9fc5ca31cb4525e24ab394b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d7a29efad91a1117_0
Filesize
262B

MD5
010e77ccdbade6b4f3cd030339a4d717

SHA1
f6d651a458850037520a88b71d4c753559a0015e

SHA256
a249781545af0270c2f87975b594d0b118eea1b4897cd2c48018654bdaf3f519

SHA512
ce8fc3427ece30abe6449dcbc455cd60c1ba9e62b2fb99986090733289b957c0ce477c608b845edf999701d29d1992af72e1e4f1f0374e87b349b70645188550

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d8ef02cd46c582da_0
Filesize
307KB

MD5
6c0e992250272b4601ef5fe8d76822a7

SHA1
bca22546b230c9d7e4067cd0e6474e3f4d09dfa6

SHA256
642e0fca6fe23d706e85b025c4ab470aaeab60c3fdaaf98aeb53c6911b0455b3

SHA512
1ee485c60b0be7010b40d6ff2f517f4a870e937448e01e624d61362dd1b3de9991b9ad84a83042f64d0271a413535cfb6742a79fcd6c259e4f749da6fd062691

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\daea348421cbc209_0
Filesize
2KB

MD5
8cc28de2120d7750bca9703879a8a7a7

SHA1
45a542d0c7d91894a22d7e99ae14fb8852e40218

SHA256
29d3f7eef48fba0a5e152159d0173914dc8b720dba0a0c385a36e0c27a88fe0d

SHA512
239d78bd4ab90466178dde28535492d21b313f0c2d7eb7ebc91b2970fa7ce5c6175cf5ab63a78a5b65c250e8fb810babba838b88358232f899b240098523ed41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e03b071f9ae0499c_0
Filesize
4.4MB

MD5
98c46c537f8d5865b4e41fb149c97811

SHA1
f013cfacebea370f84ed87b7d78330557a491feb

SHA256
35108c0e445f984def811e927ae5ce224a2d14dbb72d6d404513939dd1161524

SHA512
54fe5e168c878161b5d490ffe6c96b0c26bca92cc731e37ae05c9de71c84ce740113effd2591da65e655bdee07a348978ce4757f486d88fac6c17987d93d0ca7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e52ae3fb759a78f0_0
Filesize
262B

MD5
bee9e3888a254340dcd8ca4b0235e8d7

SHA1
93207458f21403a69faf6700d6c475167c1e64f1

SHA256
e9b349e1602f44b11d2bc613cb30cd9468e1a8b623b8a620a61e4559c8464922

SHA512
5bd63efc5844de1eb5e2c8f84730f116ed0d8e42d8dc079c8ef98fd52c73b9cd7c6d5031b3ab5217af188394cb3f10e5b87d8c5ea2e84fe87eeda7e8f11a8bea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f078f5fb70fd150f_0
Filesize
2KB

MD5
a4daf11cc5944382d786523acc2f6168

SHA1
f756385e414398e352499f2e85c5ef343c401d32

SHA256
ad5f237a9a5d8c2e71a896b36d46b0a498811f31def90811728aad8bb007b763

SHA512
64f4ce0c0734142c9f8837c92cb63f031d4208521e31d701dbffa7ffdc316ed2ee18067342448db08fa90f156235e3e93d4034c5796a8692d2025b8a4da7044d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f89251fac2b69325_0
Filesize
3KB

MD5
33ea307ded6edad135ce2b589a61a795

SHA1
a77e443a31d4feab112384c1efdb7f8d6cc2dd9d

SHA256
3a4480e48947da6ef643e981c7574a0b154c2a0ce1f0b6599337b408ff8e0d1a

SHA512
db7cf937c6dec7800dcfdc1534d5bc59606fb0762f3ba1ed0399273769ed958677b878685fb0acdc867511d7826005b3c00d1bca0b8d7671272846ec11f03acd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f91005797e8140ad_0
Filesize
7KB

MD5
a7e639e0f55842dc30fd44dacbed3993

SHA1
2cef815b801d81fb7cbb467f964ea647decc3592

SHA256
35b8eb110892b2ca968025ea549ccc79105827a904407eb065824074c5a34a5c

SHA512
bbd4cd5d6a7d3db36dcb21b3e9137eb6a4be8733a158ab637787d96a60299f5fefa549f7f1f46d3604dc7affb756574e8e779f65dfcb707bb6e0e74a72817df7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
3KB

MD5
a983309f08bf171ecf2fff85d761d4e3

SHA1
430a6645d5a471789f73da67a0daf78996d5f025

SHA256
b44e0f93cf6474600d9fb6ace6f098d34d3940339a6633d190e2711c91f3977e

SHA512
ea88ed8961c47b138659c1ea511b0d2b28464559e8f37c6c3ae4fe43dbc93f4d1f2b4be925fb0696564b66aae81f082f1bb57fe50e25e8500da70d9b793a83a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
3KB

MD5
896b46eafa1caa5899af298d2a721474

SHA1
f7ec6233f08834ace6ec6853688483e9eb2e33e0

SHA256
7249adb49c9f5e4b82ae01eecee9c2a35358d19ea99c250bed72e1f912321cd0

SHA512
bd61129451df501164d097a283fc47b3b5c82aa8ed376e9443f361500cb136c0cc314240f9aed279cd6242ae537df9ef99b6976cd3540eea4a75b3314aecc099

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
3KB

MD5
5327a6d716c6aa45a21ce73948c37a07

SHA1
d66c1521e58244d74d2283fe0a936f76df93df91

SHA256
e3c77758917eeaf22e82614f3cc0bef977734412a7c76f986519b35c5aa6c1a7

SHA512
cb4c736dd496c7bb7bdbea8d362fb6c593c04ec07f713b23188beeb49c4e8d5d1f21e709ec63ee61d4650044039264922b15a2b4302f49ced6c84c91475b103e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
6KB

MD5
ef0f32ee99f6c1a9d9b2a78bd3fd1bb0

SHA1
4d5b1f3a18c8c9cc1ab3b3aedb64e437bbc89378

SHA256
f056a96b7eb53e0afd2ce3f0bfe72b8f8c72ae577816211ecdf69292fc4a25d4

SHA512
937c4a5398790361c8999854f90922fa13e95df593a8125fcf3bede85468bc1b71b038258c847d1a0d5908550a42b73d65caa98ce79bb01c3cb827ebdfbe9623

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
6KB

MD5
41d7017e1634852cf89ce374268c4f9a

SHA1
bd13492330f5c20c1c44ad50431ed33ed558da3f

SHA256
b3b2df850e81d05bd43dc6b3753d641ad3da3542359e4046cb22aac6bcf0ebb1

SHA512
d460977c5e154563210990d2e94fc00e2f9ad20b0ebc86f43e3a009ceb0b29190273a09bfd442930f7e494c9ec7b6d1bdac3ff1fd1a6e705b1d71f43d41ba99a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
7KB

MD5
a1083d82792c33e124db89ab15bf7e2a

SHA1
f5fdc9ec05c032d5fdf1ad59db133e6b7b6e9c86

SHA256
d27989a7a5cd74549ea4dfad0b25a78c3681adf258c38b2a8b25f942d37a461c

SHA512
423633e7af71139d5b577a1507e65f0db74f443e94be55effc5317526a9ff0b6cfd48df349899c511a9f7d330c7c3f4068be251f48bb2e35808e821f387b99c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
9KB

MD5
4b9d674e96095da9f3f71d1e6d635057

SHA1
13cfebec7eecf33a48979fa2cc106c9dd969217b

SHA256
6b5d1ad189153d5107f647a850402e973bea8b24bbff5e0baa7171a8f4c6e768

SHA512
d520bf8f800d72cbbea4996406700e5d55aac01a06bf85cf32d142b8f60d390aa31e7b9a25af716678f349438f189223c6590d34ad470b55680a79ee5210dade

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
3KB

MD5
61ca6976e3b7d430863e2278675922df

SHA1
8bc5f62eedeb9d92295b50616fffa0b625afad51

SHA256
bf121a684af46e3b86ddcede678b3a2219fb63af70204fbae18123ea9a94c7f9

SHA512
b01a1265d281fb48436342846b802cc86673418f34581a99e9eaa2ecece91e5a1af0eef2d0d071468e8c7abfa9ec57dee33abb773fd5fe34c7a9f028729b8539

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
9KB

MD5
450b60294ab7022f9e06680b23279347

SHA1
096184bfb5471b183db270569c5a8908344354c7

SHA256
a9c38f5ae59cd7fb0716d42134616e4d3df0cfaf51e79cb19d7a6183d3454837

SHA512
51ef40e5877d443e5aeb69cde11bdb7eaddd3bbc3ae5d4c3b8785956315e36d8522c49c5d941edd2637d14e1bd254a3212a3dbc9e2160b07c71c92075c50cd9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
6KB

MD5
c508198d08b775d8530ededd4baf5967

SHA1
30bf7155c41cfb7033320b8f7f371e2049908b60

SHA256
2104d1d1d0b499bcfb59b9ae4fda783af23f42f607e95f086d1336576a2dbe78

SHA512
70d838d853595f84ffec0bb6e505db0020496b0e42c651ff7a877d38d95832d4493e8d17cdb832aaa7f0d884a6885767b2027b42635f09189c46690e2cd51275

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
4KB

MD5
89ec7bf34fa6cf71ff87f00daa1ac27a

SHA1
bfd18b71076409a90804e1d9e66fc756f4b395c9

SHA256
6307f82c7199c30e91d752a55064a469b1b6a0e5bc8a66cafad60a6fef68a9ce

SHA512
e147ccf8008902dd45eab7d95482b918afa56e24619c577669001a8c8455b9ba669753b907b7b9cab386c006ad6683eb3fa8bce8ff3b5079d14e31e21d0bda8f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
8KB

MD5
f1860f7ef67ae18d4db840a16e3209ea

SHA1
aca45cf46dc3dd3dcbe3201bc487b693d4590394

SHA256
5e2cf60524911749479a0ff994d8c39bd81e9fe180af1a12d60d7714f8998ed7

SHA512
6dcbe834e048f46dee6117d8deb4e3e7ee5ec16d721d2668b7cc8df918a07ac1f678f677c6ba1da48002ef431c270e597d1bb048be0d7c812991c2b57379a247

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
8KB

MD5
6c72c58540a82610afbf64bc10961f54

SHA1
5788646604847b21f80ecdba5512f9bd8e219c36

SHA256
9a9549768393714c58bddcb55d9ce364ea07c53762a380767839e6d915bdb4e1

SHA512
c426d007310fbe30fe0c75e49f102167334beb8328ad731d638d1213d6ca682926bcbf293b8fa0480b9545638f463bfc6ef605a816b03eede38c41e11298595c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
7KB

MD5
03d4cdda0b38ce748f05067b29edd66c

SHA1
37d4a345b19ae9d86084a0f688ccb194613093d8

SHA256
80d6bec06cd6083e914bfc2c687e58d8c03c07fb9c124790479935072e549b09

SHA512
bb5d387925064b4438dd4275f54383ad9ab2fca8185514319b71b8e3d47e07290e52cb12796ba6b52f8ca78db1ad3bc10335c791419b1ad39e4bf87409649230

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
9KB

MD5
6bffa960b7dbf613d2bee7b01f043bc0

SHA1
07025f60cc8481d08751df9d90a424bbf041692d

SHA256
b74a134ec0e66745d4583b6f98efc4d77a9af829a19e9a468ff074d41e359e5d

SHA512
1a316dd5be21f4e7f2aeff7d58f2c017e3e575bf0db4c790448fdfe9866254bda15929360e67225a7775ebd8ce7b708dcdc737c2f942b0b2e9f3e8a1278a2a3d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\Paths\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\LOG.old
Filesize
378B

MD5
bd9917253cee4d11db0b485a93c9b087

SHA1
80f8c389e7825149c34858887e6583d9c2551e86

SHA256
4bb58fe3c6efa6b42a7757d917ccef5212c084ef23ef4c8f657638456893f6d6

SHA512
d08feff5755880cde2e303addca3e90a0810cd064f0e1116161d3c46135b12b44b5a2eeae1321d402dbbf4b354461fc7e6f7c72873c17e3e285b96a9f8deeb7a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\LOG.old~RFe5a1e86.TMP
Filesize
337B

MD5
d25ef3e5dc67bfb3ad59ff7a90257a24

SHA1
4fe86edb0e084bc4ab0ac2d90bc591733ef5f865

SHA256
2b213e3512a72d95c74a223a92ef98580c4c00135fc43271c77d7f222462991d

SHA512
1a2c908107f3d9da45c0163862201619ed354d583189ceb13497fd5db47cb6291e840585c7c0eef5d7259fc6b947a89c1892bcee47bda618986c7183d5e1d47b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\MANIFEST-000001
Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\JumpListIconsRecentClosed\623d1e4f-2b83-47a2-a716-6630b35c4db0.tmp
Filesize
25KB

MD5
a36e9e4606a1a5ee16ea8104cf1a5c7b

SHA1
e9fdbd0d5e058441e42da0a9443c10b08b4501a1

SHA256
226522107a0e534d988a5cdff6b410f66d4f26b03ce28ea915041920f7f4047b

SHA512
12ed66f9f12dcbac9bdfa98c5ec58ee6d6abe8327cde11fdde47e838ad0dfc21ae37f48d0bea85d6aa126553e560e2de0433151f6a5d2dd3223850423f931ce7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
2KB

MD5
e7d694a7bd017dd763715b9da8ce997f

SHA1
617f996f52b02d52e7db3697b82573968fbfbb70

SHA256
a5251dd9f5045d738865b82e6cb32630828ac610f8c755e624bcbc905886cbd8

SHA512
e79500a112b633ad6cdf6df8679f2c695b9b6fe502f3c2deb7faecd14b4ad1bf18d17c837085d4aea9d7bb88144b4412f01252a0c3df1d9caecb95244f0bbf8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
3KB

MD5
8c3107bc8e93f3538aeb0d588982dc46

SHA1
a3bd2e68def2edd8d0902426735a2e4b925a8975

SHA256
f96097e920ab98e746e554606cd924300dd7befb2dae0cb0a395e6a57d9c8ecb

SHA512
3207123d5956c8af0c03011eb3f7c8da30ef518416426d682002861e06f19bd27bebeefdf3e8b7757f5ee7b76300a9e22440876b0ef669ffe0a82bb20767271d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
3KB

MD5
47b030bf4252fdedfeb246b0461f8219

SHA1
2b4fc0e004cbdea13f12b5f503af1765035353d6

SHA256
9f68cd77bc7b399042a83261f39a321fef346c3571f85dcd4a283e7960d131fe

SHA512
d398a7a98168f4fc8f0bed81fc915ed428b3112042de0915b5ce6b881b543a3017dfb907034071b08bbf755707528e70227c6ef75c82e38816f45d4b09f493f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
8KB

MD5
660bc59a4c312cbd2faf8ae24c231a2e

SHA1
b17d4600f6f90d4be62223e4caf63702c15f4f6d

SHA256
e9eb942a15b83c4132f147fb181d3390443f0737e706b2d4212f4117b41b5201

SHA512
db0e7731917d44446a6097cf6f5884c3af41364dc47cfd1dfedc955f7b1bc56b72565697842ac000a67115134f90ff4c6f575048ea88e4385c1048383f92bf86

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
13KB

MD5
badf01d01982101f682cdeea5d86ca4d

SHA1
4a5e1011b7b99eda230826eb898170f986841f9b

SHA256
353350cee4624c8f2e9f0d7103e5b0cf08807c821be56159db8ef62b83693522

SHA512
39543bca51eda6b4cf0870890fdc3967abf104224852031e4537f47fb4c624aec271e0e75d0ac41c03633f8a4344741ca0c87c929e18f16b29a1455b2554c8b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
10KB

MD5
e2fb92bb2fd39eb50153dec6f80ba68f

SHA1
4658d1de488ab7c68ee49f5e7b00d803275e9a5e

SHA256
c7aaa159071e6568ba0f2a7a6ea36c876eb35196139441c61aee8bfa9c767055

SHA512
eaac4d4ab95813c90babe9862807ddebc8724dd4e9a99ad5fd2e3121b238979b3e0a51da2cfbbd3910bbe67ce2122f43b96c2367adb688171a71a21fd57dae69

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
11KB

MD5
54ad7af1d9485ed3382c3eb07a81dba7

SHA1
65ce2a83c18f59e35bc8d76f1a5744531c61fee7

SHA256
3d56169b9c579dcb0f003930c124739ad5c88c722c49644837728d40d46b98f7

SHA512
21e79fe9838d1cc6ab8d3668df6ea773d81e80705522e86db0d20c12c11d86f121bf33df6bcd4fcc0bba859da95030f90dfb6f507f63ace8c87d0b03d71f9cce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
14KB

MD5
08ba297fb1e723f23d4ad27a44f7862f

SHA1
7b98c8f2300f9adb3f0c8f65f25e71cf2fbdc4ca

SHA256
3a1b620710b2e21ff1bc148165e81f901871e78061d40d149569f720b0b4341a

SHA512
8a2e0072394c2bff6dac8e94fcdca840bff5d82af7af730e212cddab16a558c59e7cfcd5b8f368d602009a7d02cb4c74d2cbeff93afd3ae274091be0f3ddad01

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
6KB

MD5
d063d36262a5736f00e4a71eda93d65e

SHA1
85108b7890a7a24167e4eaa81b085a349284b922

SHA256
d002741587b03b0b782fa2766ee4655d990b0078ed4923b05611e75e685e1245

SHA512
dffe95bc1ef04b3a6332c99ebaf50670435bf01a6f891a34340f11f2b48c290f022575233b3981272c28a3ec61c644346c3ec9026ab1ca7e161550ee2e779843

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
7KB

MD5
ad098731f3ef752d150afd060b4cc52d

SHA1
56380245b454346687794cc4e9e2a30ebf81bd26

SHA256
5ba447559f1960da11fe840e35d8e56ed0256e0e1ec2478b79b7f0e5e8bedee4

SHA512
a7b5ceecdf514f27711013884384e1507d80efed2c6894e69c44b598c202b773c64044325d913961fcbcee69776b961aa84441a5c87f991ee00ef310097dd602

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
61B

MD5
4df4574bfbb7e0b0bc56c2c9b12b6c47

SHA1
81efcbd3e3da8221444a21f45305af6fa4b71907

SHA256
e1b77550222c2451772c958e44026abe518a2c8766862f331765788ddd196377

SHA512
78b14f60f2d80400fe50360cf303a961685396b7697775d078825a29b717081442d357c2039ad0984d4b622976b0314ede8f478cde320daec118da546cb0682a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
14KB

MD5
2ea48a8d54894061c6f657ddc8f0d5d5

SHA1
ecb209ffb2b3e288af388ecbdfcd36211f794261

SHA256
8a3a60744ffe28359eb7b88d9db5ae282bca055e403fac4783047eacc22e969b

SHA512
20fdfe4dd645d8b213afd3e97c3d53e0c2a5299cb85b010f2721019b93ecbcb146979f4f09230f476a5813c06f8f76c59bf06207f1d4f47dd5308ccd8ceb795e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
e7b645a5ea857035cfc80adadb6e7f4b

SHA1
43cad1f7aa6dfdcdf4a88783425028300866b044

SHA256
8b511b38e14a82f26aedafc9f681f32e0f57f341aeb0cbb173bb6ef211988718

SHA512
e6cf939032c37afaf855a8a926a310214709ba4043cf8f1617fefcdbce2aed753936318a53dae04ff44f8726ab8718fc86e2b648e281790dc9f1f483c42a0c41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
7aee47771370883dc2b5ae5482905684

SHA1
cc53e4fb52038c2c7ba0b41ab0ac4b4212fa81b7

SHA256
fe1ffb77138850477eee658b2c68bed10d729543baf8f196a59b7050e9792fb4

SHA512
3461b1bf80a9c3246a7f9db0b5904c606b01fd4e09a6a87b0c551b2e704ced8fcf91e2d861d7742e38bd46f6d205f83e38147a82cfd479f4d7e6b959a037f9ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
8KB

MD5
78471e3b926b4744f255102118ad47ba

SHA1
99dbcea53dd2ddc3c74dc0a1a658b9ed89799e42

SHA256
b5d7561fb7b445c9a86fe279245020d65bcd7cfcc09dd7340779e240907b80a8

SHA512
35a1fdef3ccf97e46a68aa736fbdaaf9bcb6345abe11102bb9b96bdc72b0c23bf62e1aa48d87a8dfcbcea28f08164ed739568c62ebb5893d66a12bfdf4bab257

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
64b470cfc797f2b8688de600e3920d45

SHA1
ddc701c23fb04a611c743188ed584172d9062ec8

SHA256
eda21fa069fef7dc79f56f8a8f50e50a88da6f1e071d9f5caf5a22694a06863e

SHA512
73057bfd9f5f84b6b9f0fa8f2d001b6a9bbba1a48e2f8a85e73b935daaa791704784350debb32559243bab06d803af62962319d22eacb66aff5730c81c630158

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
ab9f5f86c07250df452e9054b87d6986

SHA1
476b809b13eacf381fbe2f06c5e30fdfb4379a1b

SHA256
8c07453c8a99f7fcf304d377e0b6565b4ef7dc700b96b9e7177d4a87a299aa2b

SHA512
2e32f43386a1441c7ce28e02d89b5487d474679a428d7e36a282d1487a616f78b2e293899f7b4dd02f9a80c08f29e46312a57ebc4b5dc3c675d22acb5f6a316f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
11KB

MD5
e02995e20abe7442349ae16ae93dd4f6

SHA1
6e786a27ab3b9f3bd9f0358a003a95fd06fadd14

SHA256
2ab6f8b5f15d46fca54a06a170b732bab27b35db5c4c006259f60f785c34fa8d

SHA512
02bd41ec679a94ee461f95d81a8121e022ca1fea05f2ed2e17013b8b0498c8b36258ee0b1c6eb2ae2fde057ccd10b919facf3de574fd395e55fc5f88598a9d64

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
12KB

MD5
880d3710c96e4a94c901655447c9ad43

SHA1
8f665fc14e56c64b027316f176b9ec4d25c45e57

SHA256
a03501033bd9ba35caa028f120072b08f6ddf834d6d6d2c0310afc95eb6d5d85

SHA512
eb591827cefaf2a21da6e33cf6623f78c2b0234f2e49f9de7752d6c35c9194b21c95ee3a3b95f0a25ad79ebd9559532f40060583c2d6f10b0181b717730a76be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
13KB

MD5
4ea0d89ca2d5df5faf2966b6a88faa29

SHA1
3cb07a80080706b9ba567969df732f8bf5ab7229

SHA256
fb89964b376e03083c45864cf093694fc1b7a8920a842d0874094a52e4699449

SHA512
3b901f94a8d9614d85bc3f1297f01b95c2217c1cf38ca531bbb60a66f3d9bb58e976c9b74dffdb23477e2cb9e4b21e75c8e396d398a901520146efa8858faf49

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
13KB

MD5
a825de798df4a9cc8e3ab4a6c18c04bc

SHA1
5f4c4fa1fd23a025eacb4da85b1bd35e7f7bc7d6

SHA256
b1e60a5c4f63047efdeb69fd27f10c9b5778e02b1c7c37be243a0bfdb0df8c88

SHA512
f49b2f00368eeeb3401cb63cd0a85bd93c62ce68db6ff4c05a55c94e4bf602e6db7565410bcbc8253ea006e5e50453e98968cc3eda8098f45700bff8c716722e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
14KB

MD5
24e469e3098fd201a1e5e06526a696ea

SHA1
b57179e729dea67371e54e5166f7491da6212638

SHA256
63d604f35dbfead462756a043f539333b31a01c5820a1664916b71b3a20b8553

SHA512
397dead4d2d35ac97dfec2cec367fa7e3ef97c6702a76750265e223d27347af4a4d7a04b66895dc6adffa068d25d802696e253a5ff5667589219e1bba42553ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
14KB

MD5
4187a2ef3af178be94fbcc3cada3fe1e

SHA1
736e6358c011ab8ea9e5c850626abe291730f161

SHA256
8942f5ecba770979121e7fdbc15995c952581fbc1fe3d74a434e8db561c8c2e9

SHA512
f810ef228ba04cfa1c1a558a151c15e4b15b90c478413c1fe984a8102e9d71b33f3f67d75cceebd56ff13d1dcb2faeeec2568443ce11a2e7b2591b35c495d5ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
8KB

MD5
c15ebc6d04b2ddb1ba06cae8b75b4802

SHA1
d5b4163f0f1758c3f6f86ce2285689e7d1d3c13b

SHA256
70adc3670e59ea90e819883e7b65567b02ead3cbc09bc140637c2e394452f38e

SHA512
14bf3ecdd45c5649e8670631824c3e345c1af99e302eff944064651e7be74a06022c401f300418ccb4c87893ba0d60b41a66320389cea5b61fc0329d9728db1e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
8KB

MD5
d0cbde9b3eb8bb2bf9b84cf3ac57dbe6

SHA1
834936feb2ab04e8253e2ed782dd06c034948d14

SHA256
29407684fc35ca63352a2856bc6ffd0e06c0cd684e733f9a87b8c86abfc8fc0a

SHA512
810a77a18b4bf03057e7a476a49ee58b10a672252be494cf91e8c6ec2a7e6d5dcff94a968eaec50f1d922477a6ddf09ecc10a352e2ffb8765ac1f97c19cb00e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
9KB

MD5
bb9b00219445e835e4c2dd248c47fd66

SHA1
c1f20540cc23a6508b711f88b761c6849b331d1c

SHA256
0ccb72735623c1f559c05524c742a9abc49bd8ef6633d57ed10cc7e434df803b

SHA512
5273690b55590d24255632835cec8b7d285f6ee0897b60c22848f965193df3643561aa60e970d7c568e2c15b5a468b44a76c45845c85122f1db7eb83a67d8714

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
13KB

MD5
b460e2a97929bdfcea1ca6a23d4e6001

SHA1
f34ef591615ba36f9c60ded0fd56e71eb2d58b1d

SHA256
f706e255b347fb8923d3bc9d664c099fd93f88b0184420e36a6dce37359d1b5d

SHA512
f8b1b991916e0e4a487eeba036f1f2ea4afe305e0dfa4b46bb06d02e63b89a7ef8e7f98411f9aa1ea03e5afef69ebed733b81cadd94009c60983e30a6014a1f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
13KB

MD5
f6ac6782f5fcc8dd0889fd533f0884af

SHA1
59fd955e03f985975fefba060afab124ba3dc31b

SHA256
9c82672afd4d0b0b06cc54de85563f29444fa367895f9197259939f32b144440

SHA512
2a94703ea4bd0c334ea0846f2810a3b3963fa399b92ba5c0200707311e4690c83cabbc6c86373a67302d7f8fbacb466c420a575e2644de5326ac010370129df5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
14KB

MD5
77e3d20f0deb134a04b459f95f1f5f0b

SHA1
348cf49e613000d881ca30a2a9e73efe17e9207a

SHA256
6a1bed765d709cbcc8207fc3e19fc343acb26d7235662498fd3463172b4a7e53

SHA512
d4bea9113535dd46bf41e5e4878beb6d2bbc35e0038e06bf441b83fbd274515ba9e72df56462d3d4ac282b8fdd5f7c4c7e8d637cf205e55e37cef13e5490c8c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
f67abe776d367f5f9ec534c97330a39d

SHA1
dada95104ed828e3cd75deee415d4b5804cd1de5

SHA256
adee6a77572f1128bbf3a819e8feb5be469c3c70e7e5d45f9aef90f363f25d79

SHA512
d5edce8effed5b297b225de3f2cd952e3c37491bb99f2279739ae5647597f76ce9f3703f6a51b7d50ba991f87cfd9ff83acbf5a25b7d47964397423833820604

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
b2ddeee7016ce39db43ccf4d6936a0a3

SHA1
e9fea573e90c88abc068de45496204665532f852

SHA256
c45428da7e7ce994f567e89d40594c42b950543975177191021bc43fbce1085d

SHA512
d47accc72af1efd096558ca5eed2abd5503279393aafc10762d21361d58afdaa459fdc9d1fb3a6c93e4f304e9c9e32765eeddd58580ed1afa61c28ab60d74b18

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
10KB

MD5
111030431c10ec7ea20fa9ec4454cfaf

SHA1
08a35afc7b312ff52f24f31d83c89da8e69104c8

SHA256
d94e1cccddb0c5e4f7faf66c0f5df0e135342efa52981dc468b74ba49ec65fa9

SHA512
b82a7a67b627d4fa961785e8cbddd2ec1d0e66f8dd116b55e2b82b493358210d68842a57f9e245161095fad3eb17d650a8ad53a9696288ee901df4fb5b4a78a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
13KB

MD5
f8e3b63416b437866f368cdcac6df1a2

SHA1
467c07855182285a538900d94131fd60de964383

SHA256
1f53c20c18b3cc1bcd9aaa2c3fe732b3d1f3041f7bc69eb311d8440613e9a7dd

SHA512
96d363343d25049ccafae639046c3379b79df61a55dc010781ac1b7c17950aa9ff9d3f40a810fb020c543e32765872f97159a7f21b49c0796df64f424127d90b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
10KB

MD5
895f65de2630fa8a0cddaf9da84b3f45

SHA1
d27b9e280d424709da0ac39f61d1dd4d77a05810

SHA256
92ca6ba903d76105850af68baa2b7b3879e50bdf032a0d6f9590a54e1f9ec41b

SHA512
8a85b56bdc9c9d345d9036425c52e8fd472046209880244a3822afacdf9b1feb31c3da7b2a35f97541ba5bb3746dd69cc431f7dd19e0d4b0fc73f1799b151540

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
9KB

MD5
8d0418212349894435e3f357cf37571b

SHA1
f9dda2b750346f939078783cfaad1d63ad44debe

SHA256
cdf9c2de1082c8bb2648bfde7b0e7e333e88500c696038e44f80b2e83049df83

SHA512
59fa2a83ff286df5c4b1ad6fb03365171713f392886314160b4a76f77bab083a1ff6628f9c784d9994cc73298bee8a68a31793429fdce0c4c684f3d3deb4e802

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
14KB

MD5
ca0ba2aaeaac9eb6e2c0aa14338642e4

SHA1
4eb2640955efbb301ad5d4bf1ef914be06c9638a

SHA256
56bb5f2c7625f176677e0f7f62107fa8dc7db48aad7d0a7f635414c3e146bf5f

SHA512
7ce746fbfe0b87869fbfac420c9c7659367f259b263525ab0b6b7ad58116680215b0f0c0d8e07aebadd2f7ab19bee58777c8cef4668bec44f778d6fc887bfc40

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
8KB

MD5
8f26b8ebc07c5fbbb2f6e6cdc6c3fb97

SHA1
234d28838f8ac95fad0dc82ace16bda3d53be0e6

SHA256
5ad1df896a67fc9c43234b0be70c330438c8b0428e98d6c405e8e71717d33fbb

SHA512
6b850f2f250f0ec631266b91b5d52aa638065ec420db70485df99a082b0d818d0ee835fe24358b63dcb980a1ef72bbeb5d7cdd184a583b3468b4abef76a4c40d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
10KB

MD5
4a1f14af3ed88ad99789c9173f35a979

SHA1
530dc946f5a91febea01ad982b1d9d7e7ac0c232

SHA256
1defb62a2727b41fc70e39bb800d752ec1b779f18f2a1de2a49cc4d932ebb84f

SHA512
2fe70f8188fea905b3254d6c8e0e9aa3ad99adee0993cc1bfcb391cebf629061fe0f860cea31b9348dcd6b6352eec0b5a04d5ad7a09f285ac7dae4553193c109

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
10KB

MD5
543bb3775a4c5ada72f0fac096c47392

SHA1
9759532be485b72a4f7a1c6690489f0a076b85fb

SHA256
e15b32590e08fab6521aa72624504176a1f13ea3622f3d31830d42e87ec71766

SHA512
e4879de351b8cb4f4ba75a0f9e44a77763ce2063054a26a9abd8d902eb7ee6a4031aaac7753636f728e1aff59ed5f352151767af9b0cb0ce20961c6e1f680e11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
13KB

MD5
a67ed56b4a728abc4929c09b91596969

SHA1
62852ead5ab9fa5f0bec7dce6d3f629cd6f9512c

SHA256
93b32f4ede8f1b2baab57700150e22650e6193725394c9ecdf6e58ca9d55da93

SHA512
652b0957573f06cfe154ea8365709915d02664ad910aa5e9d33e21252e3005e5476dbb63cabc5ccef8191b2fc653d5753c6b005339f8b135e1eda878ea65a581

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
10KB

MD5
c0320844a41f18e513ab616e05c9ca79

SHA1
ced1877f61b551398cbd864634415d18f65d776f

SHA256
05e4749087ae73ca443a6d223c6b7829e9f4545007010914e49a46cc022f6cd4

SHA512
c2129a90628344f3796e31b207040c3e1cb6e643295355eb014b3809c923aa0cbec057475f4869c82bef5db51d9126bc4fe5e7b58445410a9954aeaed86eb7c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
14KB

MD5
d0de7db27cd5faaa6751cef6d054a1ce

SHA1
44b415740bfaff2f95a095132e59b5bbf1e27c83

SHA256
1e9dd2bd68b3ae1116c28f8a42324ee0ccb22763aebea4842f7f53040e6ffb2d

SHA512
0c66c61df745fb137ea70143ebf5cebe6e80f21280d2b484e1724e6549ad35e8841095eabdf701d8c83a6e5ee440a6b519136b5bf6f256ce58212e02280720ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
ec85cf7f9bc6838f04ec31b266f9ff54

SHA1
42d841c3e8a8e0eaace76b0d4d4d08d7542eb6a5

SHA256
580e05112f64224cb2b7e97c40b8124d3f211bc96f5e054096a4ad640febc204

SHA512
8962fe89fb8b842568361bf746f949a667be4eb1cef20e8caafc579e6e857b440ca2fe061736a2765730ea768d79c3c5122c2af71356941f73fdad1ca4707b2b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
12KB

MD5
630daa43428a54fab660b970ddc1dea5

SHA1
1b9f70ceaccdba2885416ef123708022148def24

SHA256
9794e5baeb9cd988906f4f8382918c8ba28e128edf16854b8837a0e19a2b3dde

SHA512
7d5e60b053c291c22fd6d266b3194dad70e01018239b6d6ca798d9adec7c7d7ea0f6932d057d3339ddf5d2753dea7888790e1163fbea13155319418a3a38f0d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
14KB

MD5
3e2c14eec9cc30f57e0a29fddc9e6f7d

SHA1
a036a8f54d2247bb296170b0d39ffdd541f99410

SHA256
a8cbb5cacad8a8e61056c2c878b750c350d1cbd03626e925eda3075530df78b1

SHA512
03f69067996158664da2aaad94ff4224e2959af5b079f8e7ce70a2938c74ac428b4cc38962fef8cd4f5b2d5cf994c7ad640e8768d6f283441ea989b388bc46a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
13KB

MD5
3a209f700b315ae6e375478267bc1396

SHA1
3665100c4d0ec95cde0f5b48f245ca3ed9f1c0c0

SHA256
cce8a08bb927f3fe55702138a5299b85561a10c6dc31494f42059da52c1a14c8

SHA512
d7fee788c00ce477972eb4d1034c4fa8b9cf2c3106455d20c77d875b0a2f84ed65510d1190280b4a5e04c9687766dfd44b28dd88806e1b7c3297050e3a26a4a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
10KB

MD5
168af205d4b5a88c1fbe150135e091b8

SHA1
9468f9f67bb19055352788893a7f3dc85e0a8ac4

SHA256
4c3420a23e25212df84c591480fa20759852ff04266ef354ce09809c852e8f9e

SHA512
d288bada727a81642cc8853fc3e291827b709238738e95fa3e483f26c8e26df6d236b89182464a81dc461dc51d7a7e74c1575345f8f1f1a003ebaabf72eda7d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
13KB

MD5
7c230972141a94eb33de741655e87ddd

SHA1
1ecc27633ccc625bdfe767086ffdbe830d336029

SHA256
7f09f9b69881ce085f0b5e213018ae0f9aa003bd42f0f85602a523ea93f7b27e

SHA512
c71ffca0c633d963edeae529f1d7d0ab461b7d7456f04a00f427ab5873fd20bd8e216517b0fe3be8c21737cea34d13686e3cdcdc658525404b7440913151952c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
12KB

MD5
a3e929ce1ccaf1f76464860688572d20

SHA1
7269db54b3cd7c7ee9b977c0383032398777ba87

SHA256
025e03cc179d943ab019ea758a42347286d62c0229e871a6f1921e6c75096897

SHA512
1e33e9844a0c80ececfeb482bbc4b0acd8bd1a3be8332bb17d240a66c45f5d4c416e80c2393366179c4f904e821d1957d7a3cfe36ea9f2f24f7116407ff3f659

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
12KB

MD5
b6ea98f639adc94d88985b99f7d1ae8a

SHA1
b8ee7bac6602330bdbad83ea05d38cc4a0b41673

SHA256
13a2c2a939868c2017aaf9260e61c4a79d55992015573600855c0d6847539222

SHA512
f0867d350ec98fb58d9b03f47331fe139cc394dbef041beb34a02a171357460c4457f72e3d2e3e6105bb828b369975c2ecbe5c498ab7618ec3f99f509db25fd9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
10KB

MD5
1ba882a8a2e7ed84ad0f014bc62ecde5

SHA1
abc1d6d67e077d88492f94e864943e2ab6d4137c

SHA256
dbaf2fa7858db19e291c8c54460426fe8ed8e0443aacb7a8e29c1c5ff5109ef5

SHA512
6252535915a31099f0986a54a50025ff36a9965c323a260ce353dda12d34fb0cbddc133cd53070e37574d330afb46c3849a3a1db32c0acd40dcc8effc117df36

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
Filesize
24KB

MD5
52826cef6409f67b78148b75e442b5ea

SHA1
a675db110aae767f5910511751cc3992cddcc393

SHA256
98fc43994599573e7181c849e5865f23b4f05f85c1115dff53c58764d80373fb

SHA512
f18df18cab6b5ecd71b79c81a2a1fdac42cc9960f62f06ac25f4d6487792705f2766ee3a10239eaac940d090186e6bc820e4eb7a5ee138f6e5c1c64f951b960c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\f56bfb986dc43b7d725c421f76f49d3c8fb9acfd\index.txt
Filesize
94B

MD5
c545166992a58e78eec0b89aa4fbd60d

SHA1
59bbfc0e950d286c2a7654ace11739402f2b8443

SHA256
5e2dea4b73f8017c52104a1bb4c236fbd5404639467b83a0eea1aef1c9dda7d2

SHA512
a48ff2220a12bad53c01143771177adfd292887a0d42d222fc8186c0b07800581563b868081bfdff00630eba96876f8604c0d698367bb15cebe82fbb1909e835

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\f56bfb986dc43b7d725c421f76f49d3c8fb9acfd\index.txt
Filesize
160B

MD5
0eeb96c416d5f99f77c120e67bf2ea0b

SHA1
4d93e35ff746144bb648574cbb1428e6dd58d003

SHA256
9f0422c2d66f9fdd0aea600c3dcffae6e9966f44f902026553e0b339c60539c5

SHA512
f38129475c2346767246f0e22f5aa414c65a07671db6fb1ed5a5a808bc6d1d7d5b1aaa462a774696d95c3ef06f6baf837f57357d184c48435a43c8bccbd2a4de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\f56bfb986dc43b7d725c421f76f49d3c8fb9acfd\index.txt
Filesize
153B

MD5
8b65b42d4f9857fd1aa354cf2741335a

SHA1
d43991087133ddd26ae8e8ecce9e6d0efcb2e7f4

SHA256
94e82f2e570c8a084a9d5e4593744f7e131d40dcc66c6ccd44e35bc0b32f9bb9

SHA512
6b9e6b314da6d0a07681e6143835752dfa919e6905d90f6a76a68c64661ed851dce277814d2124f696f481d989b8fc56b6e0e8af73adbf3e4bc15d3aa5aff6cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001
Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize
72B

MD5
e8aaf584cb97eb7657564420d40bf1d5

SHA1
97d59fe6bbc907d19f4b44986708ddfb65c5b2c9

SHA256
b75f3681d522a75cfb622b2d6286a78d27049f87e5b9d646d1fda93f9eee033e

SHA512
456a28b45aea70dc4ca5102459cba55d022a061076007ceae69787feb2125392f5ed2142374a9af70322b52b9b27a644dea90623f5c71bb2d080e55a608d5849

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57d1f6.TMP
Filesize
48B

MD5
9beaa548efce81c2a4d744526f8e917f

SHA1
b9d7471edb24af1b6ee9dce37e8bd72949f67be9

SHA256
a74ee95b7681a6a35210a86a41dd81e3e4a036af95a1a16f66f62b722914b67d

SHA512
386375c3e86ed75f485983f1e4089a04d439b1b77b21888c47e14203d6a8de8812e5a6829ab084e0d7244b104788605c6ad1c38c2947ae87f2a09c2ccd7bffb6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
7ba9f2b88ca6f993e14c38beca3ff77f

SHA1
1ac5d54d51b3036e2de164b439d76bd0b717dfb5

SHA256
39e1a1514b6e6ded06c619585d61cb59bb1dbef43817e25d08465bb7fd36c308

SHA512
07aee5aa65847c21f159b26d09f8c4bb85d8a69d06e818a27338d825f1e71948f179650041958912380fc894f080cff0efafb34071af521c4b9f87e8b97c6f7f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
a4fc9de76309048ee4be885188516c4c

SHA1
7c878091e3ff00a9039a41042272bfdfc8fa5859

SHA256
0b9e7cad5f4a438f028fe32abdd46e1dd25cdd58bbdbb3c4183cff7b5a41c79c

SHA512
9e9e48c6f5327a26eb2fda8939d18763912c33a9a7321b0017ffdb0e37b0a92c51993f0662adca71ab8a7762e32c714d7dae23178565a023b60b455e904a8985

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
3KB

MD5
65a05c94b123e108b5ac41ca209189ce

SHA1
fa08431a6a573144aa680204f14559f8a75e94ab

SHA256
edb23566c8e64502c90b49a53cee5f1c9384ad059c9ebf79dd4eae5f9ee7449f

SHA512
e7babecbc7dac8d13c0cf3ebe98cea2246e0ef116667e22a435a8b8da473464a5b0cc11a9201ae6aea14a5173734d141ce6e788fa03ab852996d57d8f141c70f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
3KB

MD5
6d0e580c3d4cc544e1e1446aa5841737

SHA1
1ff97e76596bdd1bdf31629a1fef9b1efafb42a2

SHA256
cbc225431a4f957f63f28a719210044a9ecbbabb0c82ee1ef19945393ae83337

SHA512
c5be5cd08e3f2045442b115d487492185ac2d901b47eaa31eba9be70e7a096c3316c9aad0ab2910d17f1a81a8affdf16149cfc4a12793430411fd804e7032f0a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
4KB

MD5
a92a8c91f60a0d1662e556a4f73924b0

SHA1
56e12293b8d34df48067b0cffdbcb4e542f31b46

SHA256
c8063a6c77bde46b82c5215ddca3336b72ab3d7a68fd36f233c248cdc2697cc7

SHA512
1c6bf54b000f2a944f6c54a963c9a6854f3426047120431d8c7042383a47fea65972540721549713b481c6fc9d8d6aaec91aa6cd0b0abc5b7728fa270b69b19d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
4KB

MD5
ca4eaa54b917aa26ef31a0d8870f5fda

SHA1
519e3f8d94476a43986bd3180cab203e04277db3

SHA256
986ad03adc69a617b2910479a239e343fc72f6258e3f78bde4c657b85ef4bd6b

SHA512
bd83146037c4661c6e509f4dc154bf981ec14bddc8315ee2fe106158e1c85bbad687049e347545071025250256b0c15a48b291f0cd4b05280b2fb26b49860a1e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
2KB

MD5
ad116b99f0fe631e17d0b60694d6b392

SHA1
e574f1c5cf838f320bf341758b0f8bf4f68a5277

SHA256
a74a99878e8eb429d9b8a1d96fbf83e329848a29c064a8e848b25060570b142b

SHA512
1ded3086f3c06d9128d16d8de7620703f1bdd9af11e58223727b15cd7b3fa1a1d42d50d18008aae194a6d485447038e19b1664d1c4ec815326643401e38af62f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
755e751a505dabb16b90700901b713e6

SHA1
6553217dc97dc84a1215bc1cb7f305eafb07a3da

SHA256
98754209a3087544ea3589f6fdd9ddf965cdd95c7b1f341b3950c2c98b5d5bdd

SHA512
e2a71275ace956d82b63a4f1fed80ac9f3e0cce72f9771618adbb8351710e89b2fe4b9f61eb851ba14146c7a2abec32e2c332ce9711e0b0b5256a27defbb4fda

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
3KB

MD5
6e694a23ab3d153ea8c9f87b4679abd5

SHA1
a86db25feb58e8af0a64928331bb98e8f765357b

SHA256
e5e89deec26975c188e10545cae52730bcde56bf0cdae2b23ccf13fa48b6a9eb

SHA512
7de6ce3b5abbd74b16e305992a87e57f3a7de8e9a93d4e7d832fd05a33728145793045ae4037fbaf23d6c18b43553ac3af05b7baa755b57cbb6bcfcaf2fbca6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
4KB

MD5
f441fb45bd3feaa969046b56504aeffc

SHA1
2d341cefdaa9d2693a12bd71e09e3723f7bea56a

SHA256
935fd94cf487ee69f4c516da18de6366f6e8b6fc8c8f466709312ca8343515b0

SHA512
c22024d88f267772f8548e5525cf0ab7e83a8d09c06f98a5ddb2455cc6fa720feeb1081f2daff13aaf7504187ad4d96c6a20001b74f927c0a259fe9d46979e87

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
4KB

MD5
40d371f86e63bb758f29cb7a2a2e56d0

SHA1
196cfb665bf03e0c0bebe8cdf1a30db0c43e72cf

SHA256
19bb5f44ee7e9a99847711edb9dd90a3a32a48d4927f028ca1f8a7f4fb69feee

SHA512
0629e64319ad26c0eb50fd6494bfee16d88d69f04fa2783be9ffbe49506b9e43353ab4860e74cd5cab5747a291a6160d251c17b68f31a978800e175b70986bae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
0c5c439e816c5072f3a9fd620cd33d3c

SHA1
67b4a53bfda21b9df1ed18a35aca3e54a78117d7

SHA256
a112345b15180f65cbaac5ee55facd177507213ff5f845482014903954201fdf

SHA512
d2c407eb1026d536eeb3332c5e9c845348f426410f896f0feeb539cc6ffbf70453ae7528965d729373a4a87adf9a18616dfc47e297b7e461287ec1ae58553951

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
3KB

MD5
1dcfc14eb627b41f2f7b1ac396463adf

SHA1
7b502fbb976bd3b79f6af1463e79d09ee64ec9db

SHA256
6278f878f0b53b54b54c56dc3cd75ad67e4f90d3b9af8408045ddc4f761bc06b

SHA512
de20a5a833f8a61de292dd6e595bc6e1a1c0a96818c2ad3337fe6887949405b4ce37708971e9f4cabc576339a43a047d2a8676fc916e6c1f2ad6551edca6532f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
4KB

MD5
c14b871c1dec74a449b88109e7d41a2c

SHA1
a1b8747ba18739586c4452806a952bd6fcf58354

SHA256
2a8b55c842570ab68cc813d49916695cfbb8e1d3c07b7169849fd4a59991151e

SHA512
e2ec1b9234fdc146244d66dc094fde2a8058d774a57ab1d79bbb62173279e6f016b3e1a5e5ec085bf8b1b0f88488473ce14d64f79125ea5fdd643eb6846d650f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
705B

MD5
6405c80d50b36ab14ef75b20939d71c5

SHA1
70f6b37332aeacee178f4bb2d376cca09f795c8a

SHA256
8ac6a4f14e288a1560e6a504dd7de8a11677f33a275ea0dd9e4e8d8c96683520

SHA512
7833b6a831a329baa11e74a69d89398daa2a9424542fe9070b7e37e9f4055129b926e92d81828cf673027f45b4a2c67f4918634f01908da140c4c7172e8f7a2d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
4KB

MD5
ff41ef6958a7707a4eb25cd6af184baf

SHA1
2b3a9ce12fa323ad8b15690c172c845b45f88a72

SHA256
854b179a1e033d2f6a92f0afd012105408be95f5a4328bd694a9cd5f2e8e7f16

SHA512
29bbde00a3ffc9841eeec278e1187616fb63be8f2cf12218486d60a0beb440049cd4b93cae7d40cf25ffe159e4113bbfc942e58bf3d7dece13768c434f482e82

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
2KB

MD5
52dc6fd3b4a62b8deb605679bcec5f31

SHA1
1c8b81fb41757261cd7ff13425bbe4cc4874cf8f

SHA256
864b404782be2f635d0ff99655f82239505c64bf2d11f828342d6a6b7dbdac33

SHA512
4514b03c73aa8138c946013b85b28b758ba1cac705bd555108c1d0bc9914f7570d6e4f315504878b3a6805473ccdf55eba67c5a2a49f9ed8bba44b47b4cfd10e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
3KB

MD5
fbe077b9d3882b36aa91571f5829d659

SHA1
f095cbcb026da892b389d47ce3e19a6c7511a86c

SHA256
233438fdcb2dd52ce03b7825aa39023842bca44eebbb69874dec414524429cbf

SHA512
9512a1a262825b85571e46115ca2b3467bf8e9c70819046f75965961c95715da7ba6231c5938c1e18a2a9788289a7d88baf36e448565e8500491c9bf0788a87d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
3KB

MD5
2a51fcf9bb25f1c9662731fdf79b921f

SHA1
1867348abb5d1b1077a8a1f8ab460eccab92f4fc

SHA256
4d2e2c6699da8b121281788a63ed55232d2fde9a43febc4aa963497ebe058bc3

SHA512
e9bfbda40369ad072cf37c4061898b7510ee561e38c8cb74c429aa87c54859b69e959c5f212080c61582fbfa8dcd83d7031fc67ac8a3dbba68610c8b27be567a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
3KB

MD5
40fb355c7e46aebf7467d2529a390017

SHA1
d945504e6c5032a02ac342def4322064bffbbc5b

SHA256
b33a5e2308516ab346f11413926b9149b3cde2c3ebb9a458f82364ea0cb20cc7

SHA512
15951c12e511bd6c3aff22474a56d3938d0fc8e111ac7bc2895b3dc8914972adecda0c78ee50a4bf9126da08b8ebc431f17d77638a87ffbffeb76e91c0da6797

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
4KB

MD5
345c1c9dd9f27f998e87e3eb213ec03d

SHA1
e5fabf30f264687e27d61972a74a4f4282e821d1

SHA256
de9115a910f3faad1e8a0cf0c2bd93046578cd9e348a4065af39faaa556922fc

SHA512
3aae84687c460d025175e3f4edde26f2d63d009756f5941cd1c68fa647f3874b7074dca2d3d3943cfc2a1ca3baa89962d5e9bd764c496700d0380b2b1548eef5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
2KB

MD5
c3220a2581515997e7a80783a3108676

SHA1
3f3fa50e651cc1dbc6ad8a662881ba124d603734

SHA256
31932e5a3faf9eb0ca31c4d4babc25bfa6a285dab957200815458b600b3fa64a

SHA512
70ff730e75d2230b1e18d3cd7b8bfb208dc553c63252cbaaf0217ce4695cad7b467e30302cb1c1433745bf7f52ccc1dc5ecb547cf332ca439616ffcf48f3506c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
4KB

MD5
5ea4d7d82b6d3be302077fc08c23ab21

SHA1
3075d7c2a1dc8b4d4da7532de83d4bb21f036c2b

SHA256
4b315eae921105e78584f5f065c384da4dd5b63fe91024f5058cea902bf8867e

SHA512
54cebcd3aee7c69a386a0fe32491eb56647a62249f4c57613a0efa73a990f222a452b242e9b177e714a15ff9990acbf355d85fd65e01252f11a51b6bfe0b88b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
3KB

MD5
766a97892ae991b026bac809d1283217

SHA1
0c79a34b3f732196dd8f512a856f30e842c6d7f6

SHA256
fb1c41cec01721fbf545f3daadad8be58cc140651fc0104794e3d56930cb4b11

SHA512
ee4cb820ebf8aa9b0fb198b289355d8df854ad5238faf1c40b49d181139bb821a1eae804ca07ecde5c5861271d958b59d92d90d7ac478ae738757e2004535eb8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
3KB

MD5
680f3c18a60f0b2fb7bfad9535af7f6c

SHA1
7b3f9816b67c3d6802e2a2db5ef8a283aa547368

SHA256
436f8eefce48ba03f0dd8ac0108a4d1b23be8ff2dc75ab16137e2a257b6e083e

SHA512
16ac68664dc68be9752ade62029cf2fe8ffa34d24de4739756792d224de66e6d663db1dd33e68d761967c6057b0e492bd0c9cd244e25933e1c7d180ecb77e01d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
4KB

MD5
787facdc59a0a50493e36a404e421806

SHA1
215293121d265ce09f3e27fe2739845752b07e98

SHA256
71d1408157089fb624ece510f3c4d74264483bfc8d2f78144f558741ace06325

SHA512
31942e34ffe7cc70a1af0182b1067143f8fdeb19c9187d98f7af6c142897fd9f54757a18660c25df01e2568b3c8d10b43b8424a48b06091e75d90499ebb44ee7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
3KB

MD5
4941a819de7cd42b2f2d0439ee8296c9

SHA1
8e9bcc145f9d523adcb319a0ca9d736b97cfd315

SHA256
ecb1691d9ddb53354df1c265f09e8533e8553e61182928e0d7a6727e49f85371

SHA512
bfc961028260ec7b2482cfd50b15afdd3b9ae6c482362072be136c0ae696b915a1b05a632d27284f635d62e4d20757e29edceb8883896a1f319b011d42679543

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57cd81.TMP
Filesize
203B

MD5
d9f676805357520f5b1b37d19f46e287

SHA1
6e9fd1e0ce2efb0bf2c6ce4c3e27a86392603dd5

SHA256
df54a10a6403451b3eebe2dc06a7a49b7af8e96d82f845a67fd3baa707c84918

SHA512
5ec4bb5d2a19416c7d9dfe453f0757cf37e1e704bf1dd450e5e62327755b29ae33bcd92edccf5068f0d39b3c2e5792459e72e6f8382a583162eedd3395e064b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\b478b0e1-f966-41d6-bbc0-529352ece2b2.tmp
Filesize
5KB

MD5
4a57ca18751c30f44c4684545d0caaee

SHA1
6d9b6ce209e9e1decc9448948c47fd550ab138ec

SHA256
31b0b6f179af401de998ae476c7b91ad7c53c4375a5a472fd34d6afc129811b6

SHA512
db3eccd79603642dc23ca693aaa175ec58703659243312a8d58ee0997fb91667450675373237d92a41e5495a59f18745d1b8becad4374b8186b98f0678d71c70

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\bef15af2-cac3-4d47-aa51-7036b1a366bb.tmp
Filesize
10KB

MD5
b7f2c6f489214c5a20777eec0a33b018

SHA1
07ffd375550fa98d7eeefb362aed692ec033f0e6

SHA256
2858cf95aa15f6f069726adfec907ebbd218f5c756d0a82e4ab5c59e54cdbb9b

SHA512
21c804879c03b9878439053ebc21bea4a1523d4f7bd1d22f4a7cbd52b7cc1858ab978552c6c102a0657ae1137a3cddf6584379de7fb5062b27863710bee8f634

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\blob_storage\f3a36287-3400-468b-8c6e-9838bee24c45\0
Filesize
2.9MB

MD5
81d7d4fcf1fd7f97985455ade2868bda

SHA1
edae3769c69c419a04c59a29627886e86122a766

SHA256
a40030ef01989d628c2a97c957d26ca67b547eb42ef37c0a2662bff1d3158d30

SHA512
13b2b02c2332c6c621bdf16b4dfae3c37b771da7f5a3efeff20e44b1902620231500148a70873cc233d213f2742ec740b2af4e397790a5ded75e76dd8b3c3b05

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\cee108dd-7fd8-41f9-a3f5-b3fb4cc5861c.tmp
Filesize
1KB

MD5
1943dbd9edd14a1a1ab7c92171fcb4e4

SHA1
3cae5dc8201eefbee5c055a46cef0ec6258b19ca

SHA256
97c64eb81ea8678216bf28c81717dd79f7bf3b02f7fbe5471232b470847207b9

SHA512
c6b1473c19ee8bd433a747e045780a09f906de08b4b9a3cb0698a7a382937c4e9814150523d6c231fcae1c76e52a0840e9001731e24d0807f75d7bc6240015a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\d7a1e122-0113-47d9-bdc7-752bbeb02cce.tmp
Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
589c49f8a8e18ec6998a7a30b4958ebc

SHA1
cd4e0e2a5cb1fd5099ff88daf4f48bdba566332e

SHA256
26d067dbb5e448b16f93a1bb22a2541beb7134b1b3e39903346d10b96022b6b8

SHA512
e73566a037838d1f7db7e9b728eba07db08e079de471baca7c8f863c7af7beb36221e9ff77e0a898ce86d4ef4c36f83fb3af9c35e342061b7a5442ca3b9024d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\ff556735-9b07-47bf-b24c-ec8866606a16.tmp
Filesize
4KB

MD5
bbd347ade573da31ef7bd8ec97a11ec2

SHA1
1687c30f48165030dab424496bfa850eccb3fd1b

SHA256
7732d7c8263ead30717bc1a87e4403ab54f1db8920848087c84654583c546376

SHA512
d5c0c126df3d1e8c68f132b21dc66923c8aa36b2e31e688ca567a2c87d3ae3ca046c33d7491a6923475abef6ab280abc250678cafa868447278fbf39feecf402

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version
Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
381d28f5dfb6a80bc041aba6ff561c9e

SHA1
55545a7e89daaf04dac4ebe063e92d0552a78eec

SHA256
d8b9661191858b6fcaa20ea306df44f3a64795394fac0f09fb7f0ad5a50ee6fd

SHA512
dfd06320703f1a8fc89e7bbe5f62198fbe5e261eafa21a2dba1942cb9ba826ae02a0580d4a03379244fdf192c9269d803956d2f22839586f7dc19a341ddae320

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
b31a9002e523bf2459a58460b5b92297

SHA1
c7b6d2eb85bcd295105be6b3f8c7cd88572689c1

SHA256
f3451b5881b4b76e55ddad421fa76672ed7b35459f04ca208999f8ae0455e13e

SHA512
05b954a3c788c9f396751c3b67bb9f75533207248ddffbe0c315ebd648de9e37ab728dc053936f27d8c431b430c37eeb774c7e83af14cfb6653978a1ac9f4c35

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
8004aae64e889cf1ede7551d130da485

SHA1
66e9456a0ded5d12dd47eb099f2d46c902a0958e

SHA256
f7427107a3e0e6596e2a89d3541ea8d62deda8536d9bf4796f1e9b8eb8e2573d

SHA512
00e056b1f97f7c56c581be50fad9e63ef05262639ababff2241121a752af3f46a436332d89315e71d7a8c4bb1cecf7cccd7d6786c8a932f7e2c22f0821068276

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
aa2e746a108d7085d8b9e57e15dd740b

SHA1
57bbf31957c2e737b3b93af12aa33b5c6a454bae

SHA256
ec8345ae121f6b37c384bfdaf9db95cf9fd3ef1080a1fa7059fabc7616512133

SHA512
47cab7a107b3760f57141903132bc8cd71ac5208a551341d2332eb480849c51077402a8663dcb04bd6970479ab189946b8fbc707fb3a2de7ca85b9a0152969dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
943a79e2236c3506bf24003782a9e7bb

SHA1
fba02323e78ad788beea37002aee9646ce8a875f

SHA256
e51bf9ced6020ab52e37b43d334b4cbb51a684104b012c309c48cc749b1f7202

SHA512
6f4c1f86759091792b1cc0ebce968019875870dfd5bc3590e0565d049cf7037e92c97d7c9c52d11ab8478a3cba849f443b3aaf8fb67be7d7dd3e00980699df56

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
d9b9a847ae691672096800191a753219

SHA1
6856614cb684181edc3d207f17ca042d3c72dfbe

SHA256
2eb53f20884fccf44b5da16e69caaf3ba80b3ed58af1011a5c0608281e5f8a4a

SHA512
bb81232a168f72c502c04feef545f789cf6a6d3c82ea649a0f50b786bdfb6d81ea2fc9019a8ef364e7e3f569cb5e1a4208080df6f2e5aaeaa02fff2426e520e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
fc1dc7f3c39fca2c305b71fa9d549c72

SHA1
56bb23fce35db3ed9de18f00e73d93d470b9bfae

SHA256
efee1b5823218ad6d1ea4d5682100c441925f011e6031c50d904e85af81e71ea

SHA512
2e40e0b4b308c8ab9baac2aa3d65027fd83a1f45d499dea8f90bc06e426b1e89be9f9d336f73f19108ca5c121fb068ee436f45992ea7f3d87063183b5fee8287

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
71403d9616f9e7706f5e39cfa6034cc0

SHA1
984300c04ac37d8159d0ff80c419a179edc755f7

SHA256
4a09703b7a73c79d853af36147edcdfcaff33d6458f7edd43ed99a3abf8c12ab

SHA512
a7aeda7a965e4f524ee2f537488a3d282fe0ea96a811bf969d3e42e881b98a36ae1c85e537e3df452fbcff91efc51dd7494b6416c40db4416ea2b1a18d63a353

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
10KB

MD5
7bc9428d8e72afaa8a01451f3c23b2be

SHA1
3578e0885b5ec21db752012d481116c0af939e2c

SHA256
939db1cc5a5c246d60eb29a4c9cda23003e5f32f83517346c71e4069b72a3f06

SHA512
8e654eb81f847cdc0ee4531de48fd775be5c53060f6f81a0a26b5ee97e8b0fdbbeeec89fa01766f02455f27ecee0602cfd696990a2ac32fb3b873562cc126fd6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
da03ef07efa01550dcf5b3bfa5c5ce42

SHA1
a4ebd8c1bb2501e7a3d394d549ef1d86d229051e

SHA256
a76e0c33247accd596cce338e8bc9733f014fc638c77cf61f07305676e355290

SHA512
34b2d01d946bae0af3b9fa847be6dd4262d58fffa7f993594be18da8729dc638d2fa66e2fbc6714663b785652931a01fbec457f08aca4c4075799e1324d22a9c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
d982c257022dc22a8c499f53c9a605bd

SHA1
e7eec3eae9bf648d91f0a820071a47aa8742b7c1

SHA256
2e199806b67b0d8be992890b8676954aff65fdf1bfe8ee165f480c2fe673600d

SHA512
fc6ece879467389f10ac7673caa0abb33b8fd8f71618504b98b71a04b858d5690029b27eaf808c0ec08772715c5241257a0ff75a187bafc744a595806e9a521a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
adde20a9196eeaea54fc756aee1693a2

SHA1
e67f1e532e6026354e0d9d0848665aacc92a31ea

SHA256
5893e1706eab96271a83c70e0acc697f1e92bf98d56fe8dcb4022b1fb5f6da3a

SHA512
96c7a1f6aa7f117e82e865f13c88265c79058abf0d8a01782b080506f2398183ca1438c55d20af5c0a98fcbb0dd7da4a60e9007a1f251e1e969082a30cc1e665

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
f517047fb69107c6a9b66d2692d59135

SHA1
cf238578a599d8db9d3618b6b9c9149d434fcb4e

SHA256
2c09a76b65c04e56b1994354e62314fb48b81b8b555265b96589043f426e73b1

SHA512
7cde740e8014d94ab28c3e3e072f5f72253ad4380a02b65478f84059fe3ac9f91ce1921aa7ab6c819f5f7372f422c6893abe3ee8d14ed393192b5a0ae3ecdddc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
1d754cfdd78d0337942c15e01573112c

SHA1
2a0304482940fe29ceaeb059bec279ef0b268bd3

SHA256
304188dfb3ccff926c3b7880c9e46e32b356fe9ad0a55d8373dbe5efed55550e

SHA512
4f072baedacd13d1f2e252a72099c58ecddedab6c94b70a0bfc353ada4ee1895c6dc45473da7c3bf764a9e7a67992a7ee6f30ffb382ada2e16a31ce0541bf6e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
3fd09f4a79a6c39527aac8476292ec15

SHA1
a86ebf64219f168e95cb8b987a77d4b68384e1d9

SHA256
16e53ec700cd6b11ab91b72dd04230de3bfc84cbef43038aebc584e589248801

SHA512
8c9a7daba3f070aca7cf5b409527f44ed0f0f8c2a7602438b091eff50f28e7958f1a1b8bc6ca3d94020b9b68f098368990bbcfb12fd3075a79d2b87cd68f3fa7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
7c04c8769c0ea6efe806b41f180eba8d

SHA1
b9b0c694634373b946a2169b16a06bdb580ce337

SHA256
8b94e6e914b501d7f0b7d7c4c92c13f55e2193667cbf9412f559cae4802e2bb0

SHA512
2bb17c94da704a12e80cf3e4f019c7d1ced864b92d9170b375b6e4d9dbd8825312d79906ce8861cd436f69f51bc50e8d27af9389c5bd29c07c7be6de2514d62f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
9f680dc87cd32c6d0c5ce3dba51b8a1d

SHA1
46b66070b49cc61d2057504b9a4a18d9e7e70eb0

SHA256
e5f08d937913c0a26598ae4ecd0d996e0cb3ac211cf4f625fc328c4ce85fa0c8

SHA512
c6cbdc91bce7d77d121db4532ed5f47724af3875ce5e6e9356fe647e0dbf40113fa88f79e462c28d7dbdcb1d6e063dd62f321c30e2fdd4ff5eb16ce214cea896

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
6bd330ac8549923335de35a3a6693965

SHA1
e8ad7a199d565be8fd7b333fee3b92d88260ac97

SHA256
b9ca63b3c1be407c33408bcc3b5cbc0c0c272ff7411e9f8a7bae90a1b1c7c9e7

SHA512
0dc670fafaea6350d00525b05e726018b00a1855450e59886d93019e60cde3fc220fe12d7e84516bc6076f98db1750d31a51786fe123eff3a491601cbd011924

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1
Filesize
264KB

MD5
cb1e0540dc14fbdf4221928c77e1cf2f

SHA1
d682f9ad5f1b07e8b39f244f6a7382e5389f4910

SHA256
c643df95132e10ccb693a528c9121b376832ba6951563442ba78685bece950d3

SHA512
a676b176033026ff0d9355a560cf19f65da573251c7e87cb3fb40a4d448515d8674b2d30b31a0d7689678bf5aed828bd7edd827a2b8691e4356048a88fa30d08

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1
Filesize
264KB

MD5
ab393a82abb16d886585b3d1430003d1

SHA1
e72355710b3ced8636b20d160f5bb4e1f18a10d0

SHA256
0ac8a459046bc3d17b204cd5a2690d53955584984c5e8881a93eabbe5bd55c70

SHA512
bf3a4ef74bf783585f592cbf0915dd4f5778dad68135b3b56adfd43ae0fed86451362a5e612c9930878ff04eba4934b1010de687d5570d539644eb515d2557db

Download Submit
C:\Users\Admin\AppData\Local\Temp\HFI92E3.tmp.html
Filesize
16KB

MD5
b12f65c39fce6e3e1c516f0f50e5c314

SHA1
086339fffa44e4f1fa604847dbbad4e919bcfbea

SHA256
54561c079372033978d8af85ee0173411cf4d586e61eb68910a73e783d7f98ac

SHA512
0c5a2a4348d23f4938b72c5869217a537741ed4778b3fc8987fcd02c49ebe2bd10712d1768592849c6cd317057ab01546e02ad11a690105fd2db3c4246a0cf17

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsdD9A9.tmp\LangDLL.dll
Filesize
8KB

MD5
59888d7d17f0100e5cffe2aca0b3dfaf

SHA1
8563187a53d22f33b90260819624943204924fdc

SHA256
f9075791123be825d521525377f340b0f811e55dcec00d0e8d0347f14733f8a3

SHA512
d4ca43a00c689fa3204ce859fdd56cf47f92c10ba5cfa93bb987908a072364685b757c85febc11f8b3f869f413b07c6fcc8c3a3c81c9b5de3fba30d35495ff23

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsdD9A9.tmp\System.dll
Filesize
25KB

MD5
480304643eee06e32bfc0ff7e922c5b2

SHA1
383c23b3aba0450416b9fe60e77663ee96bb8359

SHA256
f2bb03ddaeb75b17a006bc7fc652730d09a88d62861c2681a14ab2a21ef597ce

SHA512
125c8d2ccbfd5e123ce680b689ac7a2452f2d14c5bfbb48385d64e24b28b6de97b53916c383945f2ff8d4528fef115fbb0b45a43ffa4579199e16d1004cf1642

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsdD9A9.tmp\nsDialogs.dll
Filesize
14KB

MD5
990eb444cf524aa6e436295d5fc1d671

SHA1
ae599a54c0d3d57a2f8443ad7fc14a28fe26cac3

SHA256
46b59010064c703fbaf22b0dbafadb5bd82ab5399f8b4badcc9eeda9329dbab8

SHA512
d1e4eb477c90803ddf07d75f5d94c2dacfdcd3e786a74ea7c521401e116abf036d9399e467d2d12bd1a7c1abda2f1d6d15b40c8039fd6ec79ba5fe4119674c27

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsl5D87.tmp\InstallOptions.dll
Filesize
23KB

MD5
d8bfba73978801ed5c291b847ae6ed0f

SHA1
afd973df6c0fd92372b787f2a06a02fa4c03b877

SHA256
75fca8af133756a0d36ad9b6177ef8ee01b6dd18ede216d82b2eb5f8092a84cd

SHA512
62b921725c727247b96622765caa4ddec1126980e677764f9bdb5e68eae50044747f0ee99744c44b7a7253a57e3c28a2fc19a99d479787aa4944499871db92f2

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsl5D87.tmp\SimpleSC.dll
Filesize
70KB

MD5
4a2b58bd7cab29463d9e53fcb9a252b6

SHA1
4679ba66db7989a64c41892bbb3f7cec38fb5597

SHA256
18b17999996d73fe911a8eb676c231cb0bf002174954b552f880bdabf4c78124

SHA512
e6a69b5bb52467e7b8168a3e0ad45252b196b8eaea87b91f8d3b150545ce6bc7ee586ebe1d83da6c04203a9a9bab5f4af66759ba35b73306f7962ca5b6ff2fff

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsl5D87.tmp\System.dll
Filesize
19KB

MD5
6a2f80ed640b6c2458329c2d3f8d9e3f

SHA1
c6dba02a05dbf15aa5de3ac1464bc9dce995eb80

SHA256
1e981423fda8f74e9a7079675c1a6fe55c716d4c0d50fb03ea482ff7500db14b

SHA512
00d49b1874d76b150a646ac40032b34608e548cfd806642982e446619c9852a0ab5389791468651c4d51d118aad502174e7b887c2b5b6a7a3e35ddd9bd50d722

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsl5D87.tmp\final.ini
Filesize
309B

MD5
dac03b63bfdaec1e91b3eba65b7d4b9b

SHA1
5a4dcd5ebdb24a0ae93c6c143141d1d53fb2e836

SHA256
2f7695f1bda4a81172e8755b91c0bf0dac1320a303c84da045ab327e564b5632

SHA512
fc5a71d3606b6e1ff6e7446401e034ebfb6fd1ea1e509b0ec7be6d308b64df3ed8af89a6079590d295859cde873b52123d75feaa6daf0f09b7c6d432caa99d9f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsl5D87.tmp\nsExec.dll
Filesize
15KB

MD5
78bda400d7b80858c014fc79bd8fc49b

SHA1
f5bb0e85ba892611cf79b3c2756e87a59e1e213c

SHA256
6bd24522cd139c978cc259d5612188053577ba9de46e2d77642bd4d19fc959d4

SHA512
95a1aced8deaad51ad7990b83f0e5768fab9e1c7aa64d9fd656baa850d81c0955b7989ce08a02fedbb8c9d77ec135b2a9d132effbfc0f8478a052095140c74cc

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsl5D87.tmp\options.ini
Filesize
1KB

MD5
b002d12368ddc8495970646800136f68

SHA1
6d9e228bc0fa0df12c9618d7faa5c809f9efc242

SHA256
a570199c2bc0d4230f7ec110b503d23bdc731a3504997f80e038cc406defd4a0

SHA512
a5b78390780a2ae4903e63698749a59c4d068a6ff804633bc5279a02483b479deb4affb6f8b497b74d0e9998fea2a83fdbf4e2e183c94c3b0e58d7f0c4974107

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsl5D87.tmp\options.ini
Filesize
1KB

MD5
e38518663886e755d6f5c37494565215

SHA1
571cdf647b17fdf3f2de0e9cfb9170e278d28850

SHA256
0b43dc6b2f51925b1334fb1b6a14911c194e99e53c0dc7d28e679fde46e23b22

SHA512
d98ee520063f688458730556e8f84193916d02316ddf79dc85ced4924af2cc79d61a30948da3905ab1ea48edb2a6e68dd67afa36e94d5ade9fc3cf2e1a470163

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
Filesize
10KB

MD5
816232b73f93e178151a6d730276568c

SHA1
7acefed19e3f0e63761c0624c5d48dd28d23d066

SHA256
f0bc029336b307a5d2dc8d4b4d3071546b95e717262abe1c781998d3e0596f7c

SHA512
0ae1be8b73f6a0cf79d88ff0022490919ad51ea70a21a1647e32b47d127407df505143d68ec28ff9325651c9fa8f113e75eb4eaa861ffabd7a638130156868fb

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
Filesize
11KB

MD5
c461d515847278faf3c98e8da019f24b

SHA1
5f03d06c66d395d0518210ccd8a6802517c28eeb

SHA256
b0f08caf38d4dec2913b8a8b7452e8d553fcf2d60628a60f761083cc2b32dcd8

SHA512
bf6e5b7b17ab94b7e40c80daade2e2ea1b970482b41bdfcedb53cdcfe456aa148311f9de5e7f5a61132c289a5f6f1bb6c435d6ac603190b3b424fe6941a754e5

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
Filesize
11KB

MD5
75676a33183ff63b974be8d9550cad99

SHA1
deb6695d59fd52ca72fe283103cd861200b67740

SHA256
b3333b33252db0aa67673af0f50752f8c3985da38dcdb0b76c79bcee52247d2c

SHA512
f3d53ed5e6aa8b80dbbbb5360df27c5a9c48fd7cc0e1492d378337c86565bbb23cc93e93032e1931d5d2836b456c8405bf98af2e24826b4859f7821c4dc824b2

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
Filesize
10KB

MD5
93e3c0066c6d754112e27f415e780ab0

SHA1
426bb4ac44b8db164603ba96537f6ff09d49a3c6

SHA256
8a198ec7a5f141ec1d661f83652533e89c863edd82a2bd50a0500334cde78f7b

SHA512
6940a0da11cb258962172a7179e8e77afaac86684fd3d7e228220f71ed77775445080bdd830d14eb8c676a0b8faef400036fc76f27c7d22d92df056af7e3a7e0

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
Filesize
10KB

MD5
f72fe5edc4f05aff9d683b4228121d3e

SHA1
d65c16d8673248b49b6fb1d819484d45f40aaf26

SHA256
ed5bbb01f09fda5835ca000bc536cbb7fd14f03faff4135193e58c501aa0a406

SHA512
eeb9812ec3b19cdcee095ec420fe2addc5593e6b5ea29abff436547947363144617e84832fea902cb186d25e5ead80ef1badd5841a3aa51718af7d7e13acdf15

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
Filesize
10KB

MD5
6d4b06df9c80edab55ea3a77b8c1c1ae

SHA1
7a127b8f875186450a4ab9529df4c4748c6d7933

SHA256
cef672d942f0e244f75450288cfd21882b77121d0b7a3bf632bf072b69a86942

SHA512
91ae5d640caf209387803d14d34d8fb15eb3526c335220224b0fb5a410254866bc707fcf5cb7449d33ff4072895c92c72f3e7f2334c1206ebca716aa78a56294

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
Filesize
10KB

MD5
6089e352b316b148975b9765f8a29832

SHA1
cf7683fd9c8d17e17fbe9e2e58f622c4fd0d8f5f

SHA256
df996e9de333744f27a846808454bbedbadf6f60d5381af3b4273cd349f6c485

SHA512
57d775f925a2e7c27455ec41f84dfd5b6676f9b89ace0379b463b20f99c735503c5909c9b0fcd65e9300c474eb39ec9a637dc7f42b27227447460b7d478c257d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
Filesize
10KB

MD5
7b3cfaa62735d615d3e61820b62745de

SHA1
1ce863e9706f5a611300a625c3cbce41e5d90b1e

SHA256
f106b8387014dc9f561eec30245063ee1a45550ce9c16ecf3e0ead22994c6dd8

SHA512
a694bd120f969200596ea30ca77524d165d4181f898e2e3d26dd2b69a909a140e059b55ef278f661b8397e97a79f93746a0557e24b812da328edfaf6cdaa363b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
Filesize
10KB

MD5
9a705383d28b16113d8491fabebd705e

SHA1
5ba1e2ec28b01d36d8c33b78d8152b5b90df5365

SHA256
c4454b9ab52ef760a3f24b21469c786be86b3055b9d61d838341391e4a719112

SHA512
21e09d6301f77b3616882c32bf20cd5bcecfcff72efb85b22df4c02823b40b12324ab15b2b2c4813623b03ca76222320ae9b7d0f18371915ab58a6e613ace449

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
Filesize
10KB

MD5
3c3630f6627522106418fe6a3b3e6cc4

SHA1
13f7d194aa6a5110a62cc69d4d65d8ea852f1cc5

SHA256
a08687358a345368a305c71d2417176ae12f8573560f1e974fda5b13a8bf65f3

SHA512
f3ab8abfa078233fe283076c4c0e1b9f489fe99a1ac2dae05a5936f68c93a5c8e8d964fe328c5c34bcea37ab5d1b34faff367ddd4a540e5b6807ace2101fc790

Download Submit
C:\Users\Admin\Desktop\LANC Remastered (lancremasteredpcps.com)\LANC Remastered.exe
Filesize
1.7MB

MD5
4d5049ded6b78dd9d0eb4b8cbc7fc48d

SHA1
ffd12090c0923fee03a4162728caebcfa9ccc1df

SHA256
68ec4627b643ca6f66a23f77b3e4922b5b1d3f54216728df7c2fd1dc824294e0

SHA512
51cd6feafa698235d288369863e6e24d1cfd3ef848c760802bbf7bb432a4d3313c1920d214ce32fdbcb4ebee191085abb7d7078fd5636bed9b30259358b3dac7

Download Submit
C:\Users\Admin\Desktop\LANC Remastered (lancremasteredpcps.com)\PsychoCoding Theme.dll
Filesize
96KB

MD5
bdfd2b195bb55f1054251cb52abb5dad

SHA1
6f93f734f75d7e01852744c68312d8532e60dfe3

SHA256
070583767d41d7913df3c7c791800216edf1329a64917b028d1f24e3a977e498

SHA512
22f1d63fc19a961c994a63eaccb257c5fabdc95f3a7d13c74283b71fd10fd8000718254b8ef163640aecbbc3934d703f72a9d2bd1eb418414678adfc8f6332ca

Download Submit
C:\Users\Admin\Desktop\Lanc V2 (lancremasteredpcps.com)\LANC v2.exe
Filesize
321KB

MD5
f594847c2e806183624275d877acf069

SHA1
f5a547ec6dc47fb2e297539a6d6ec55e4c9bd87b

SHA256
5d600c4a17065f936875f00cfddf0f04b78ca49d68596025bb9512d81bcbc766

SHA512
7b768def9bd6de863f3b7361ca8339b2dda9619dc4953f39b0cf7a2add017ceed164d430ae6ff274f6125b072cd020687329e1bcb3bee8f886fb72b4f1dd5e1c

Download Submit
C:\Users\Admin\Desktop\Lanc V2 (lancremasteredpcps.com)\PcapDotNet.Core.dll
Filesize
69KB

MD5
45fa4315c7631b828e2871db89b3df27

SHA1
f34f3a5344abbb67a21348be9eaeba7831c7333e

SHA256
e580ca9c0382a8663d6bdff6e53802bd73fa8a71689d7f38521ca02269775a58

SHA512
1dd74a83b0435674d61e0e752e3d671334970fd7d235203faf1791c67965eee2324a7dd18e03be575138d3c3639d106534a084c3f9a78d37ff4ff77ead4cfd96

Download Submit
C:\Users\Admin\Desktop\Lanc V2 (lancremasteredpcps.com)\README.txt
Filesize
429B

MD5
0ae6ab68e925b5f113172f5db62939b1

SHA1
715c9c14c95d64f06a57095c057496af841f3224

SHA256
17373dfc1fdb538a2863bc2601e967b0360eaba9df3094dbb2d5b095e8b00c2b

SHA512
780629fdd9c43fa058fd3db68df8db429693aa72dc2586fd5b9494ccc67fbaa81276e5ec596aca08bf02f82cbb0c7a6d52e886bd0b675c4e98c119dce753abde

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\datareporting\glean\db\data.safe.tmp
Filesize
182B

MD5
63b1bb87284efe954e1c3ae390e7ee44

SHA1
75b297779e1e2a8009276dd8df4507eb57e4e179

SHA256
b017ee25a7f5c09eb4bf359ca721d67e6e9d9f95f8ce6f741d47f33bde6ef73a

SHA512
f7768cbd7dd80408bd270e5a0dc47df588850203546bbc405adb0b096d00d45010d0fb64d8a6c050c83d81bd313094036f3d3af2916f1328f3899d76fad04895

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\extensions.json
Filesize
26KB

MD5
aa3fffacf9317f6d6bbe4b5259f93f2d

SHA1
4d299b528a471ab6413e131aeef522639d473eac

SHA256
b3c5c1717c77327ff4e7aa7684996f9ece5e880376b9cd510bdce2f6244b2810

SHA512
1dffc6784114d6beb6e4421c4fb490215d0d1a527b4e6e8318d60d94fac8c23552d5b5385d3dbaa03cb586b288e54c4299284fe70b292c0a820ff1c1895420ca

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs-1.js
Filesize
5KB

MD5
b80a2b854a530f1d94a540119e5aaaa5

SHA1
790edc952650c0f28482cbb6f93510549af7ce20

SHA256
b424d0649df6dbe7706cf31e1d13b51f169a5340e2479d8862e33128e433f625

SHA512
c80f6f3803d1bb848f3825607e24d09adffc0447b55c546a83aec26c11495420411e1cd4770d0230479e5e24c35a54aeef8a7c51efa50865e2618fe7ba04ad6f

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js
Filesize
866B

MD5
760a51ae6b1366dc26224c012e77b127

SHA1
d8c23394ae2abe2ab5a15b1252fa63c366674ebe

SHA256
00f22ebc28a2cb52bcbf2d6f5b8be139f91c7965408c35406e9d73e245987146

SHA512
8b27665aaad05408d86334edaf5161ec4250b21bd93af3c80961d3a4ed6047055d1e504a93121281d6f870f4f06533733c2d3e2050286f908cc5463bf075e261

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\prefs.js
Filesize
2KB

MD5
ad9a0aec4e89583b75880b424db22430

SHA1
88ea9b041941c11c2de10d5bd0fdba6ca8ede6bb

SHA256
a8fffea45df10c943818138d37484808d37322d998887919bd972c51961afb08

SHA512
4cb7a0de4e6fcf0a665c5d643b6fed8ff2b78a17e7d9e7c5a7235d31786d6853a710c75ecb75a2aa2a6e02f6977bf59552cdacac46e566036a9eb0c26c23e2de

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\sessionCheckpoints.json.tmp
Filesize
212B

MD5
29ce37dc02c78bbe2e5284d350fae004

SHA1
bab97d5908ea6592aef6b46cee1ded6f34693fa2

SHA256
1bfee61e2f346959c53aa41add4b02d2b05c86c9f19ffefe1018f4a964bf4693

SHA512
53a9eb746e193c088210d8eaa6218d988f3a67ee4cb21844d682ff0178db040932404f5ce2f3cf8b4576313ba0ec33c04ca288c3412bfa5df7dd8230cc2068bb

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
Filesize
160KB

MD5
1c1ddfd28890de33f5999f346e848fa3

SHA1
45adcb046b4ba68da823f359dd7916131b7fd27d

SHA256
0baf4c7a89a8a6f631acd164c94c9f1b58a2b32afe26752c567c51e6c592caae

SHA512
37abc4ae69ed48f87bae6f02b925adf49b69f8f18152c3e289057262776679d5a1f6df39291b259d70de035fa08367279ad7c29d04d2e898b2e1d9dc3a00737e

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Browser\firefox.exe
Filesize
1.7MB

MD5
15ff36f3e045f98652c3909d99de57ab

SHA1
1df6b4e970451227269e09be8c67067bc8a6d7db

SHA256
d5a7aec0caef36f3e1726b7e91bad676e227ecd1aa6750ad4aef34c9411985ac

SHA512
2081aa0459ba3ea01123b5d3f760fa3198e677c914aa9c648716e667d21338e63a918c065f11c2a10b8c3adb273693825b3b878207bcf39c68c6e7de909eaf2c

Download Submit
C:\Users\Admin\Desktop\Tor Browser\Start Tor Browser.lnk
Filesize
829B

MD5
296a5167c29ef5430202f9301b735885

SHA1
177103059aae72830e1d0b5f2f506574c6355374

SHA256
4a78958bf14a8d99763b07d09d787f2a42e6a8f4eebd8e75761ae25fe34c7874

SHA512
ad0e1ed001921dac6299bb5893d369d6d2574840aec7bd6c153838466e81047f97fafba8d1e9fbd21d72842fefad2714ee48795d3a604d3d9ac5c408bee167f0

Download Submit
C:\Users\Admin\Downloads\LANC Remastered (lancremasteredpcps.com).rar
Filesize
756KB

MD5
a18fe3b6ed604cf5edb9225e59d4e061

SHA1
138eb6c432803e2cbbe540bf5e3623a3967180d0

SHA256
4d9f9c329200d932ad5a1b30d419aca5a67addd6b1f08740ddac4e8dc32e20f0

SHA512
c57ead7c4ca7fb06625543c43b44a405afc3da23f25710a41206343e904b3fe61ac5a253e9f86013bd2556635e7a5a21b459700be192137c3671d17831cfdefe

Download Submit
C:\Users\Admin\Downloads\Lanc V2 (lancremasteredpcps.com).rar
Filesize
1.1MB

MD5
1f5dff521764c6e40f2e5cf93da8bf33

SHA1
f11865e79fe452745c66bbe3f6cb1c1c5e649528

SHA256
b37ac4dcda0ebec2024827c57ad93032ce7e101600131a695332b363f1f942fb

SHA512
08858ebcdae5ea73d317f100d435906473ee78603f4d5c60b73ab9cf5848bfd2e3b55e130f758f0bad9bf0d61613c08bde1cb184da48767b79ba9e78f6e026e2

Download Submit
C:\Users\Admin\Downloads\NDP452-KB2901907-x86-x64-AllOS-ENU.exe
Filesize
3.9MB

MD5
7811606d791058f950b2c80df0356a6c

SHA1
e95832c1c40d25dc562c91285717d7814b6ea99f

SHA256
04572bc874e69869658b69118218c11eb7ee9df0163236acc5c0f2deddb160a8

SHA512
4179c683cf9e4fe1b8686e0b806e84d6a982f320100bacbaf998ee525f03c71113e59606a1106ba81b7a72304bb6e14192651a75a460b2decbb38a0d1902e270

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 124181.crdownload
Filesize
448KB

MD5
6ee30c3b4147bf45a4408c5336b7ea48

SHA1
5c38f67969cd5d8962e51afa0b3c51c209a6c623

SHA256
115dd458b8e4ce12bb3fa31ef0abd943e6e2930b1c922caf90754b64c91bc676

SHA512
3bfa32751237312677ae4fd58de4ccfb3c9012ba3bc8a731b4943cb5f7e6980a01b0021b420e0ecf8559bf12a203faff0ab243d6b6c5921b4d836be12a43e6cd

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 834571.crdownload
Filesize
1.4MB

MD5
1e8bedb21ee92f318c5842bf6dcb13fd

SHA1
c6b601d8e54d839409b1206500f15c9e835ad04c

SHA256
efe06287bbd8507b1d444d8689c459aa93a4b907a32f660e7e6470f223a7d7c5

SHA512
44be6cf8971993216482e0fca9bbad5dccc85acdb1551ee92e153e55ea2970b74fcb9eac9b3e62698182ea4b633158358ee4253bae3d0f1edeee72c966df4fa6

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 919041.crdownload:SmartScreen
Filesize
7B

MD5
4047530ecbc0170039e76fe1657bdb01

SHA1
32db7d5e662ebccdd1d71de285f907e3a1c68ac5

SHA256
82254025d1b98d60044d3aeb7c56eed7c61c07c3e30534d6e05dab9d6c326750

SHA512
8f002af3f4ed2b3dfb4ed8273318d160152da50ee4842c9f5d9915f50a3e643952494699c4258e6af993dc6e1695d0dc3db6d23f4d93c26b0bc6a20f4b4f336e

Download Submit
C:\Users\Admin\Downloads\tor-browser-windows-x86_64-portable-13.0.10.exe
Filesize
13.3MB

MD5
ec6235dcde8a2ba766dd1c646a5ed2a3

SHA1
80e25b9f7b033208d3a617225abe9a28bee26340

SHA256
689bfc452598d344b85c855a88873e0c90784701508189a07a115fe8a83c8ad4

SHA512
e6b24c7d653fe00050fd18bbbe791c52c8f811f12bdd58a9d6259058f273caffa6e0f3051ed3c592b06d07f43d6187e77efe6dc6280c3742d2900273a3606aff

Download Submit
C:\Windows\System32\DriverStore\Temp\{7daef008-e6a1-2e48-80f4-5ba113bc0f49}\SET906D.tmp
Filesize
10KB

MD5
d375acc2a2fa53f2c14d3b499706cbce

SHA1
3c6e1008dac945c7977892e8cffc03eb504b1f12

SHA256
b3e9f2f1c0f7159b9e3c878823074639650dbe43d402f8a8bb7951ed5434a8c0

SHA512
68e0c8cea193753ddfcb8f4c0ad94048835b89a22fb5db5beacbadf718038f7d17bf1da6a6b9ca6a200cd4207f8117c9dfbec9c643fa9548009d8ae76839b635

Download Submit
C:\Windows\System32\DriverStore\Temp\{7daef008-e6a1-2e48-80f4-5ba113bc0f49}\SET906E.tmp
Filesize
8KB

MD5
0cd1363104790d449a5cc916a5d25709

SHA1
5a8a8743409e0f50bad7a7f717c126e8188b503e

SHA256
8498f99f47b69d6607bed9f920e24b1b14de98d4620d8c9034be6c93f152e7ed

SHA512
a61484501f6cfbda3fa29a4d55a3b8d2a6ac1c6a10fc87260cf00bdf1093bdc69aeb6dcb9b0cc67f30e8f9578788f1a9841dd098b182895af387b7851b099312

Download Submit
C:\Windows\System32\DriverStore\Temp\{7daef008-e6a1-2e48-80f4-5ba113bc0f49}\SET906F.tmp
Filesize
78KB

MD5
c6bcafebc9fcb8d87367b13555c0ab26

SHA1
7cd384d49d2b714d2e975672472a16a11eab553c

SHA256
49129b2a848ae97e34486b22c69310db299756606a80603b281411d0805cad24

SHA512
72eb456fe87a3c3fe244de3fd0f201d141f6389a803de34cde5db0721a38030aae5451f6b2b16d4aae48029f6155ad7fdb94b1f0b215b2441bcdcec65bd62562

Download Submit
C:\Windows\System32\DriverStore\Temp\{90c53866-5eb0-ea41-a6be-414f05a45e7a}\Win10Pcap.cat
Filesize
9KB

MD5
402f4733d358cdc87a3a6a837a393e69

SHA1
1b6c9e1955cce2ea79936261985dd4ee7fa55cc1

SHA256
dbdc38e03162d95564d71ef5178f15c3db9e99eb22ddb19b09ea64099e4b1868

SHA512
6de66fab25f4b148586283a61a4e5431f82179fc41e58f251e9052a03d78c34ac9ccc8d46ca214f9bf14545bac25708edd31be16e5916ba42fcac62cfcebbfbc

Download Submit
C:\Windows\System32\DriverStore\Temp\{90c53866-5eb0-ea41-a6be-414f05a45e7a}\Win10Pcap.inf
Filesize
1KB

MD5
9e7fa312a88fa2232a65654324e13e3d

SHA1
91e7032c3c350abfd64c57ee2a653367ab253040

SHA256
fdba4f076d7d3952dae9a63908691ec380ef137b2e77c1db7a7f2c4ed9502f25

SHA512
040dd963e1ebde13d469ca7007db89661bc1cacc433cb9bd6be65436ce19bf9203fcd7a8a5a7a9aa427476b46aab6ada8315bc5cb717d145a1c2d6ba0f7dc993

Download Submit
C:\Windows\System32\DriverStore\Temp\{90c53866-5eb0-ea41-a6be-414f05a45e7a}\Win10Pcap.sys
Filesize
49KB

MD5
8daccfd6b64a3a5f5e3f4ae4805564c0

SHA1
e2c69c2f23b96598f5c387e527931f2edd736aaf

SHA256
5c67c47ca7d382e4f23b702a1cad70ee5e10d380d43d8bc9b903475246e8ce97

SHA512
bb1416ec2c167c95c138c04ae1cbb4b90fd8e06bc31394a754290d8064f8d84908636928c192109fa348ee24cbc27f67a2ac8920592518d7e8dfe9401be307a3

Download Submit
F:\d804ac1aa293e2e3af\1040\eula.rtf
Filesize
143KB

MD5
67a9f0946d135a41e51d90220c0c8c67

SHA1
81079fbfe8423e87fd5a7ea2b42e34dca7385587

SHA256
1478376f05d1bbe824cf1efdebc485d736e3ba1aa72dc8dff69cc9e3b8127cf8

SHA512
7b4087bf0e6ffdac910bf1ea004247f89c64ef65b717ae69971d71e3d3d223809fd0a58b5dd618bce242dbdd19c355cfabdf0613c0c1787e20d5072f2edc1a8c

Download Submit
F:\d804ac1aa293e2e3af\1053\eula.rtf
Filesize
145KB

MD5
8ca89fafa113bdca3dfb5a141e206b84

SHA1
529075ffb30e400e4a24f4aac678295b04502c62

SHA256
411414181d515ad8ca0ed1b1f462a067648a98d26451b7414d91601c1e6c449a

SHA512
a90179a9a8a14e6d6ddefcbc1641ebeff567fa028d65705429fa81b352647c6a973b5fb5bc585c23ef9dc2587566ce3e0086f9cfb31b8eeb5d4fc2fd7a7b1bf7

Download Submit
F:\d804ac1aa293e2e3af\NetFx451\netfx_Full_GDR_x86.msi
Filesize
900KB

MD5
3792ad35ba11c4626dbf5a69ddf83ac1

SHA1
193483376d63fb18e0da47409b1b2b21a2a0456f

SHA256
6504cc67a8733aa24a628c737a8a83f28f4bce86edaf993f0491d52349552346

SHA512
6966b2ccb76408a6399662ab404f05c3294a409d6cdd192358f213aece005471edf948269674cb736f8ddec9a295dc412c9b9841c90c1be86b2ea36b99d1fe6d

Download Submit
\??\pipe\LOCAL\crashpad_5104_YJGZPTPEVNLGUZNA
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/412-2364-0x0000000075360000-0x0000000075B10000-memory.dmp

Filesize
7.7MB

Download
memory/412-2365-0x0000000075360000-0x0000000075B10000-memory.dmp

Filesize
7.7MB

Download
memory/908-843-0x0000000075360000-0x0000000075B10000-memory.dmp

Filesize
7.7MB

Download
memory/908-842-0x0000000075360000-0x0000000075B10000-memory.dmp

Filesize
7.7MB

Download
memory/956-6571-0x00000284AC940000-0x00000284ACAB0000-memory.dmp

Filesize
1.4MB

Download
memory/3148-5411-0x0000000140000000-0x0000000140070000-memory.dmp

Filesize
448KB

Download
memory/3148-6134-0x0000000140000000-0x0000000140070000-memory.dmp

Filesize
448KB

Download
memory/3148-5750-0x00007FFCBABD0000-0x00007FFCBABDD000-memory.dmp

Filesize
52KB

Download
memory/3148-5748-0x0000000140000000-0x0000000140070000-memory.dmp

Filesize
448KB

Download
memory/3148-5615-0x0000000140000000-0x0000000140070000-memory.dmp

Filesize
448KB

Download
memory/3148-5330-0x0000000140000000-0x0000000140070000-memory.dmp

Filesize
448KB

Download
memory/3148-5331-0x00007FFCBAC30000-0x00007FFCBAC3F000-memory.dmp

Filesize
60KB

Download
memory/3476-797-0x0000000004F50000-0x0000000004F65000-memory.dmp

Filesize
84KB

Download
memory/3476-794-0x0000000075400000-0x0000000075BB0000-memory.dmp

Filesize
7.7MB

Download
memory/3476-808-0x0000000075400000-0x0000000075BB0000-memory.dmp

Filesize
7.7MB

Download
memory/3972-6519-0x000001DFF1480000-0x000001DFF154D000-memory.dmp

Filesize
820KB

Download
memory/4188-6508-0x000001C18E6A0000-0x000001C18E76D000-memory.dmp

Filesize
820KB

Download
memory/4192-6505-0x0000021201620000-0x00000212016ED000-memory.dmp

Filesize
820KB

Download
memory/4208-790-0x0000000075360000-0x0000000075B10000-memory.dmp

Filesize
7.7MB

Download
memory/4208-788-0x00000000053C0000-0x00000000053D5000-memory.dmp

Filesize
84KB

Download
memory/4208-784-0x00000000054E0000-0x0000000005572000-memory.dmp

Filesize
584KB

Download
memory/4208-783-0x00000000059F0000-0x0000000005F94000-memory.dmp

Filesize
5.6MB

Download
memory/4208-782-0x00000000009F0000-0x0000000000A46000-memory.dmp

Filesize
344KB

Download
memory/4208-781-0x0000000075360000-0x0000000075B10000-memory.dmp

Filesize
7.7MB

Download
memory/4308-3623-0x0000000003240000-0x0000000003253000-memory.dmp

Filesize
76KB

Download
memory/4316-1174-0x0000000005220000-0x0000000005230000-memory.dmp

Filesize
64KB

Download
memory/4316-1187-0x0000000075360000-0x0000000075B10000-memory.dmp

Filesize
7.7MB

Download
memory/4316-1185-0x00000000088E0000-0x00000000088F5000-memory.dmp

Filesize
84KB

Download
memory/4316-1172-0x00000000007A0000-0x000000000095A000-memory.dmp

Filesize
1.7MB

Download
memory/4316-1173-0x0000000075360000-0x0000000075B10000-memory.dmp

Filesize
7.7MB

Download
memory/4316-1181-0x0000000008900000-0x000000000899C000-memory.dmp

Filesize
624KB

Download
memory/4316-1175-0x00000000052B0000-0x00000000052BA000-memory.dmp

Filesize
40KB

Download
memory/4316-1176-0x0000000005850000-0x00000000059F6000-memory.dmp

Filesize
1.6MB

Download
memory/4316-1180-0x00000000056A0000-0x00000000056BE000-memory.dmp

Filesize
120KB

Download
memory/4668-3171-0x0000000002A10000-0x0000000002A11000-memory.dmp

Filesize
4KB

Download
memory/4688-3979-0x0000000004FC0000-0x0000000004FEC000-memory.dmp

Filesize
176KB

Download
memory/4688-3980-0x0000000004FF0000-0x0000000004FFE000-memory.dmp

Filesize
56KB

Download
memory/4688-3977-0x0000000075360000-0x0000000075B10000-memory.dmp

Filesize
7.7MB

Download
memory/4688-4059-0x0000000002750000-0x0000000002760000-memory.dmp

Filesize
64KB

Download
memory/4688-4115-0x0000000075360000-0x0000000075B10000-memory.dmp

Filesize
7.7MB

Download
memory/4688-3978-0x0000000004F20000-0x0000000004F2A000-memory.dmp

Filesize
40KB

Download
memory/4688-4009-0x0000000075360000-0x0000000075B10000-memory.dmp

Filesize
7.7MB

Download
memory/4688-3981-0x0000000005000000-0x0000000005078000-memory.dmp

Filesize
480KB

Download
memory/4688-4030-0x0000000002750000-0x0000000002760000-memory.dmp

Filesize
64KB

Download
memory/4688-4012-0x0000000002750000-0x0000000002760000-memory.dmp

Filesize
64KB

Download
memory/4688-3982-0x0000000002750000-0x0000000002760000-memory.dmp

Filesize
64KB

Download
memory/4688-3983-0x0000000002750000-0x0000000002760000-memory.dmp

Filesize
64KB

Download
memory/4688-3993-0x0000000002750000-0x0000000002760000-memory.dmp

Filesize
64KB

Download
memory/4912-2345-0x00000000051D0000-0x00000000051E5000-memory.dmp

Filesize
84KB

Download
memory/4912-2329-0x0000000000670000-0x0000000000950000-memory.dmp

Filesize
2.9MB

Download
memory/4912-2328-0x0000000075360000-0x0000000075B10000-memory.dmp

Filesize
7.7MB

Download
memory/4912-2351-0x0000000075360000-0x0000000075B10000-memory.dmp

Filesize
7.7MB

Download
memory/4912-2342-0x00000000051B0000-0x00000000051C5000-memory.dmp

Filesize
84KB

Download
memory/4912-2341-0x00000000051A0000-0x00000000051AA000-memory.dmp

Filesize
40KB

Download
memory/4912-2340-0x0000000005180000-0x000000000519E000-memory.dmp

Filesize
120KB

Download
memory/4912-2339-0x0000000005170000-0x0000000005182000-memory.dmp

Filesize
72KB

Download
memory/5028-6239-0x00007FFCC0800000-0x00007FFCC0801000-memory.dmp

Filesize
4KB

Download
memory/5028-6536-0x000001DCA0000000-0x000001DCA00CD000-memory.dmp

Filesize
820KB

Download
memory/5028-6243-0x00007FFCC11D0000-0x00007FFCC11D1000-memory.dmp

Filesize
4KB

Download
memory/5560-6484-0x0000027932D60000-0x0000027932E2D000-memory.dmp

Filesize
820KB

Download
memory/5576-6565-0x000002F0C0C80000-0x000002F0C2238000-memory.dmp

Filesize
21.7MB

Download
memory/5576-6566-0x00007FFC9D560000-0x00007FFC9E021000-memory.dmp

Filesize
10.8MB

Download
memory/5576-6572-0x000002F0DCA40000-0x000002F0DCA50000-memory.dmp

Filesize
64KB

Download
memory/5576-6573-0x000002F0DCA40000-0x000002F0DCA50000-memory.dmp

Filesize
64KB

Download
memory/5576-6574-0x000002F0DCA40000-0x000002F0DCA50000-memory.dmp

Filesize
64KB

Download
memory/5576-6763-0x00007FFC9D560000-0x00007FFC9E021000-memory.dmp

Filesize
10.8MB

Download
memory/5576-6764-0x000002F0DCA40000-0x000002F0DCA50000-memory.dmp

Filesize
64KB

Download
memory/5576-6765-0x000002F0DCA40000-0x000002F0DCA50000-memory.dmp

Filesize
64KB

Download
memory/5576-6766-0x000002F0DCA40000-0x000002F0DCA50000-memory.dmp

Filesize
64KB

Download