hxxp://google[.]com

Resubmissions

25-02-2024 02:03

240225-cg45caaa33 10

25-02-2024 01:59

240225-cesnjahh97 8

25-02-2024 01:31

240225-bxq2zshg26 10

25-02-2024 00:49

240225-a6gdgaab3x 7

Analysis

max time kernel
1549s
max time network
1553s
platform
windows11-21h2_x64
resource
win11-20240221-en
resource tags

arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
submitted
25-02-2024 01:31

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

http://google.com

Score

10^/10

discovery evasion ransomware trojan upx

Malware Config

Signatures

UAC bypass 3 TTPs 1 IoCs
evasion trojan

Bypass User Account Control
T1548.002

Disable or Modify Tools
T1562.001

Modify Registry
T1112

Processes:

reg.exe

description ioc process

Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe
Disables Task Manager via registry modification
evasion
Downloads MZ/PE file

description	ioc	process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe

Executes dropped EXE 10 IoCs

Processes:

Setup.exevcredist_2015-2019_x64.exevcredist_2015-2019_x86.exeSetup.exeDXSETUP.exeSuperDeath3.exeMrsMjrGui.exeMrsMjrGui.exeMrsMjrGui.exeMrsMjrGui.exe

pid	process
5020	Setup.exe
2104	vcredist_2015-2019_x64.exe
1160	vcredist_2015-2019_x86.exe
1480	Setup.exe
1036	DXSETUP.exe
840	SuperDeath3.exe
2092	MrsMjrGui.exe
1632	MrsMjrGui.exe
5468	MrsMjrGui.exe
3068	MrsMjrGui.exe

Loads dropped DLL 19 IoCs

Processes:

Setup.exevcredist_2015-2019_x64.exevcredist_2015-2019_x86.exeSetup.exeDXSETUP.exeMsiExec.exe

pid	process
5020	Setup.exe
5020	Setup.exe
5020	Setup.exe
5020	Setup.exe
5020	Setup.exe
2104	vcredist_2015-2019_x64.exe
1160	vcredist_2015-2019_x86.exe
1480	Setup.exe
1480	Setup.exe
1480	Setup.exe
1480	Setup.exe
1480	Setup.exe
1036	DXSETUP.exe
1036	DXSETUP.exe
1036	DXSETUP.exe
1036	DXSETUP.exe
1036	DXSETUP.exe
1036	DXSETUP.exe
5488	MsiExec.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
C:\Users\Admin\Downloads\Unconfirmed 47663.crdownload	upx
behavioral1/memory/840-6200-0x0000000000400000-0x00000000011FF000-memory.dmp	upx

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Drops desktop.ini file(s) 1 IoCs

Processes:

svchost.exe

description ioc process

File opened for modification C:\Users\Admin\Videos\Captures\desktop.ini svchost.exe

description	ioc	process
File opened for modification	C:\Users\Admin\Videos\Captures\desktop.ini	svchost.exe

Enumerates connected drives 3 TTPs 64 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

msiexec.exeWScript.exemsiexec.exe

description	ioc	process
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\R:	WScript.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\B:	WScript.exe
File opened (read-only)	\??\I:	WScript.exe
File opened (read-only)	\??\T:	WScript.exe
File opened (read-only)	\??\Z:	WScript.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\A:	WScript.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\L:	WScript.exe
File opened (read-only)	\??\P:	WScript.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\M:	WScript.exe
File opened (read-only)	\??\S:	WScript.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\U:	WScript.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\O:	WScript.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\K:	WScript.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\J:	WScript.exe
File opened (read-only)	\??\V:	WScript.exe
File opened (read-only)	\??\X:	WScript.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\E:	WScript.exe
File opened (read-only)	\??\Q:	WScript.exe
File opened (read-only)	\??\Y:	WScript.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\G:	WScript.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\H:	WScript.exe
File opened (read-only)	\??\N:	WScript.exe
File opened (read-only)	\??\W:	WScript.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs

Web Service
T1102

Processes:

flow ioc

413 raw.githubusercontent.com
145 discord.com
148 discord.com
412 raw.githubusercontent.com

flow	ioc
413	raw.githubusercontent.com
145	discord.com
148	discord.com
412	raw.githubusercontent.com

Drops file in System32 directory 64 IoCs

Processes:

People Playground.exeUnityCrashHandler64.exeDXSETUP.exeUnityCrashHandler64.exePeople Playground.exeUnityCrashHandler64.exeoalinst.exePeople Playground.exe

description	ioc	process
File opened for modification	C:\Windows\system32\symbols\dll\ntdll.pdb	People Playground.exe
File opened for modification	C:\Windows\system32\symbols\dll\UnityPlayer_Win64_mono_x64.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\SysWOW64\xinput1_3.dll	DXSETUP.exe
File opened for modification	C:\Windows\system32\mono-2.0-bdwgc.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\system32\symbols\DLL\kernel32.pdb	People Playground.exe
File opened for modification	C:\Windows\system32\symbols\dll\kernelbase.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\system32\symbols\exe\WindowsPlayer_Master_mono_x64.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\system32\symbols\dll\steam_api64.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\system32\dll\mswsock.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\SysWOW64\d3dx9_33.dll	DXSETUP.exe
File opened for modification	C:\Windows\system32\kernelbase.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\system32\WindowsPlayer_Master_mono_x64.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\system32\dll\mono-2.0-bdwgc.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\system32\symbols\dll\mono-2.0-bdwgc.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\system32\kernel32.pdb	People Playground.exe
File opened for modification	C:\Windows\SysWOW64\tmp663.tmp	oalinst.exe
File opened for modification	C:\Windows\system32\exe\WindowsPlayer_Master_mono_x64.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\system32\dll\kernelbase.pdb	People Playground.exe
File opened for modification	C:\Windows\system32\symbols\dll\kernelbase.pdb	People Playground.exe
File created	C:\Windows\SysWOW64\OpenAL32.new	oalinst.exe
File opened for modification	C:\Windows\system32\DLL\kernel32.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\system32\DLL\kernel32.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\system32\dll\ntdll.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\system32\symbols\dll\mswsock.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\system32\DLL\kernel32.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\system32\mswsock.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\system32\dll\kernelbase.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\SysWOW64\X3DAudio1_7.dll	DXSETUP.exe
File opened for modification	C:\Windows\system32\symbols\dll\kernelbase.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\system32\dll\steam_api64.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\system32\dll\mono-2.0-bdwgc.pdb	People Playground.exe
File opened for modification	C:\Windows\system32\steam_api64.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\system32\dll\mswsock.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\system32\dll\kernelbase.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\system32\steam_api64.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\system32\mswsock.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\SysWOW64\xactengine3_6.dll	DXSETUP.exe
File opened for modification	C:\Windows\system32\exe\WindowsPlayer_Master_mono_x64.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\system32\combase.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\system32\DLL\kernel32.pdb	People Playground.exe
File opened for modification	C:\Windows\system32\dll\ntdll.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\SysWOW64\SET6CEB.tmp	DXSETUP.exe
File created	C:\Windows\SysWOW64\SET6DB9.tmp	DXSETUP.exe
File opened for modification	C:\Windows\SysWOW64\XAPOFX1_4.dll	DXSETUP.exe
File opened for modification	C:\Windows\system32\ntdll.pdb	People Playground.exe
File opened for modification	C:\Windows\system32\symbols\dll\combase.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\system32\kernelbase.pdb	People Playground.exe
File opened for modification	C:\Windows\system32\dll\ntdll.pdb	People Playground.exe
File opened for modification	C:\Windows\system32\symbols\dll\kernelbase.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\system32\dll\UnityPlayer_Win64_mono_x64.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\system32\symbols\exe\WindowsPlayer_Master_mono_x64.pdb	UnityCrashHandler64.exe
File created	C:\Windows\SysWOW64\tmp664.tmp:Zone.Identifier:$DATA	oalinst.exe
File created	C:\Windows\SysWOW64\SET6CEB.tmp	DXSETUP.exe
File opened for modification	C:\Windows\system32\dll\mono-2.0-bdwgc.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\system32\dll\ntdll.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\system32\mono-2.0-bdwgc.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\SysWOW64\SET6C3C.tmp	DXSETUP.exe
File opened for modification	C:\Windows\system32\symbols\DLL\kernel32.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\system32\UnityPlayer_Win64_mono_x64.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\system32\kernel32.pdb	People Playground.exe
File opened for modification	C:\Windows\system32\dll\kernelbase.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\system32\mono-2.0-bdwgc.pdb	People Playground.exe
File opened for modification	C:\Windows\system32\combase.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\SysWOW64\SET6C5D.tmp	DXSETUP.exe

Sets desktop wallpaper using registry 2 TTPs 1 IoCs

ransomware

Defacement

T1491

Modify Registry

T1112

Processes:

reg.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-4181651180-3163410697-3990547336-1000\Control Panel\Desktop\Wallpaper = "c:\\bg.bmp"	reg.exe

Drops file in Program Files directory 16 IoCs

Processes:

oalinst.exemsiexec.exe

description	ioc	process
File created	C:\Program Files (x86)\OpenAL\oalinst.exe	oalinst.exe
File created	C:\Program Files (x86)\Microsoft XNA\XNA Game Studio\v4.0\Redist\DX Redist\dxupdate.cab	msiexec.exe
File created	C:\Program Files (x86)\Microsoft XNA\XNA Game Studio\v4.0\Redist\DX Redist\DSETUP.dll	msiexec.exe
File created	C:\Program Files (x86)\Microsoft XNA\XNA Game Studio\v4.0\Redist\DX Redist\Feb2010_xact_x86.cab	msiexec.exe
File created	C:\Program Files (x86)\Microsoft XNA\XNA Game Studio\v4.0\Redist\DX Redist\Feb2010_XAudio_x86.cab	msiexec.exe
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\XNA\Framework\v4.0\EULA.en-US.txt	msiexec.exe
File created	C:\Program Files (x86)\Microsoft XNA\XNA Game Studio\v4.0\Redist\DX Redist\Mar2009_d3dx9_41_x86.cab	msiexec.exe
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\XNA\Framework\Shared\XnaVisualizerPS.dll	msiexec.exe
File created	C:\Program Files (x86)\OpenAL\oalinst.exe\:Zone.Identifier:$DATA	oalinst.exe
File created	C:\Program Files (x86)\Microsoft XNA\XNA Game Studio\v4.0\Redist\DX Redist\APR2007_d3dx9_33_x86.cab	msiexec.exe
File created	C:\Program Files (x86)\Microsoft XNA\XNA Game Studio\v4.0\Redist\DX Redist\DXSETUP.exe	msiexec.exe
File created	C:\Program Files (x86)\Microsoft XNA\XNA Game Studio\v4.0\Redist\DX Redist\APR2007_xinput_x86.cab	msiexec.exe
File created	C:\Program Files (x86)\Microsoft XNA\XNA Game Studio\v4.0\Redist\DX Redist\dsetup32.dll	msiexec.exe
File created	C:\Program Files (x86)\Microsoft XNA\XNA Game Studio\v4.0\Redist\DX Redist\Feb2010_X3DAudio_x86.cab	msiexec.exe
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\XNA\Framework\v4.0\XnaNative.dll	msiexec.exe
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\XNA\Framework\Shared\xnavisualizer.dll	msiexec.exe

Drops file in Windows directory 64 IoCs

Processes:

UnityCrashHandler64.exePeople Playground.exemsiexec.exePeople Playground.exeUnityCrashHandler64.exeUnityCrashHandler64.exePeople Playground.exeDXSETUP.exe

description	ioc	process
File opened for modification	C:\Windows\kernel32.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\DLL\kernel32.pdb	People Playground.exe
File opened for modification	C:\Windows\Installer\MSI675A.tmp	msiexec.exe
File opened for modification	C:\Windows\dll\kernelbase.pdb	People Playground.exe
File opened for modification	C:\Windows\dll\ntdll.pdb	People Playground.exe
File opened for modification	C:\Windows\symbols\dll\kernelbase.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\kernelbase.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\mono-2.0-bdwgc.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\mswsock.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\symbols\dll\mono-2.0-bdwgc.pdb	People Playground.exe
File opened for modification	C:\Windows\steam_api64.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe
File created	C:\Windows\Installer\$PatchCache$\Managed\0AA7CFB2C445A3E47869763FEB56B59E\4.0.20823\F_CENTRAL_msvcp100_x86.DF495DFD_79F6_34DF_BB1E_E58DB5BDCF2C	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI6FE7.tmp	msiexec.exe
File opened for modification	C:\Windows\DLL\kernel32.pdb	People Playground.exe
File created	C:\Windows\SystemTemp\~DF3BC3BBBE047EAD6A.TMP	msiexec.exe
File opened for modification	C:\Windows\exe\WindowsPlayer_Master_mono_x64.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\kernel32.pdb	People Playground.exe
File created	C:\Windows\assembly\tmp\XWANHKP8\Microsoft.Xna.Framework.GamerServices.dll	msiexec.exe
File opened for modification	C:\Windows\kernelbase.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\dll\mswsock.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\mono-2.0-bdwgc.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\dll\kernelbase.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\0AA7CFB2C445A3E47869763FEB56B59E\4.0.20823\F_CENTRAL_msvcp100_x86.DF495DFD_79F6_34DF_BB1E_E58DB5BDCF2C	msiexec.exe
File opened for modification	C:\Windows\kernelbase.pdb	People Playground.exe
File opened for modification	C:\Windows\dll\steam_api64.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\dll\mono-2.0-bdwgc.pdb	People Playground.exe
File opened for modification	C:\Windows\symbols\dll\steam_api64.pdb	UnityCrashHandler64.exe
File created	C:\Windows\assembly\tmp\57OCYI50\Microsoft.Xna.Framework.Game.dll	msiexec.exe
File created	C:\Windows\assembly\tmp\CIPMHMO3\Microsoft.Xna.Framework.Net.dll	msiexec.exe
File created	C:\Windows\assembly\tmp\HSRXV49Y\Microsoft.Xna.Framework.Xact.dll	msiexec.exe
File opened for modification	C:\Windows\dll\mono-2.0-bdwgc.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\mono-2.0-bdwgc.pdb	People Playground.exe
File opened for modification	C:\Windows\combase.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\Logs\DirectX.log	DXSETUP.exe
File opened for modification	C:\Windows\symbols\dll\kernelbase.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\symbols\dll\ntdll.pdb	People Playground.exe
File opened for modification	C:\Windows\kernelbase.pdb	People Playground.exe
File opened for modification	C:\Windows\dll\mono-2.0-bdwgc.pdb	People Playground.exe
File created	C:\Windows\SystemTemp\~DF9502CB864DD7571D.TMP	msiexec.exe
File opened for modification	C:\Windows\dll\ntdll.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\symbols\dll\combase.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\WindowsPlayer_Master_mono_x64.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\symbols\DLL\kernel32.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\symbols\dll\ntdll.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\kernel32.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\Installer\$PatchCache$\Managed\0AA7CFB2C445A3E47869763FEB56B59E\4.0.20823\F_CENTRAL_msvcr100_x86.DF495DFD_79F6_34DF_BB1E_E58DB5BDCF2C	msiexec.exe
File opened for modification	C:\Windows\symbols\dll\ntdll.pdb	People Playground.exe
File opened for modification	C:\Windows\dll\mswsock.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\kernelbase.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\dll\UnityPlayer_Win64_mono_x64.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\dll\combase.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\mono-2.0-bdwgc.pdb	People Playground.exe
File opened for modification	C:\Windows\dll\steam_api64.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\symbols\dll\UnityPlayer_Win64_mono_x64.pdb	UnityCrashHandler64.exe
File created	C:\Windows\assembly\GACLock.dat	msiexec.exe
File created	C:\Windows\assembly\tmp\R7HJTG3E\Microsoft.Xna.Framework.Avatar.dll	msiexec.exe
File created	C:\Windows\SystemTemp\~DF94E350CFA947520C.TMP	msiexec.exe
File opened for modification	C:\Windows\mono-2.0-bdwgc.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\dll\UnityPlayer_Win64_mono_x64.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\symbols\dll\steam_api64.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\symbols\dll\mswsock.pdb	UnityCrashHandler64.exe
File opened for modification	C:\Windows\symbols\DLL\kernel32.pdb	People Playground.exe
File created	C:\Windows\Installer\inprogressinstallinfo.ipi	msiexec.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 5 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

vssvc.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr	vssvc.exe
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 0000000004000000a0a26a5bdad282120000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff000000002701010000080000a0a26a5b0000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3a000000ffffffff000000000700010000680900a0a26a5b000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000000005000000ffffffff000000000700010000f87f1da0a26a5b000000000000f0ff3a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff000000000000000000000000a0a26a5b00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vssvc.exe
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vssvc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters	vssvc.exe
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters	vssvc.exe

Checks processor information in registry 2 TTPs 18 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

Setup.exesvchost.exefirefox.exefirefox.exeSetup.exesvchost.exesvchost.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	Setup.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	svchost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Setup.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	Setup.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	svchost.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	svchost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	svchost.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	svchost.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	svchost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Setup.exe

Delays execution with timeout.exe 3 IoCs
evasion

Processes:

timeout.exetimeout.exetimeout.exe

pid process

6092 timeout.exe
4532 timeout.exe
4808 timeout.exe

pid	process
6092	timeout.exe
4532	timeout.exe
4808	timeout.exe

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exemsedge.exemsedge.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies data under HKEY_USERS 64 IoCs

Processes:

DXSETUP.exemsiexec.exeLogonUI.exechrome.exe

description	ioc	process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates	DXSETUP.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs	DXSETUP.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs	DXSETUP.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs	DXSETUP.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs	DXSETUP.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs	DXSETUP.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs	DXSETUP.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\23	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates	DXSETUP.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10"	LogonUI.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133532984387566089"	chrome.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs	DXSETUP.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs	DXSETUP.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs	DXSETUP.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates	DXSETUP.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs	DXSETUP.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	DXSETUP.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates	DXSETUP.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\24	msiexec.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4290799360"	LogonUI.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs	DXSETUP.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\TelemetrySalt = "5"	DXSETUP.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs	DXSETUP.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates	DXSETUP.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\23	msiexec.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365268"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	DXSETUP.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates	DXSETUP.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer	DXSETUP.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292114432"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot	DXSETUP.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs	DXSETUP.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs	DXSETUP.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates	DXSETUP.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E	msiexec.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = 99ebff004cc2ff000091f8000078d4000067c000003e9200001a6800f7630c00	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	DXSETUP.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "238"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	DXSETUP.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs	DXSETUP.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	DXSETUP.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292114432"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs	DXSETUP.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates	DXSETUP.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs	DXSETUP.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	DXSETUP.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates	DXSETUP.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs	DXSETUP.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	DXSETUP.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs	DXSETUP.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	DXSETUP.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates	DXSETUP.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365268"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs	DXSETUP.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	DXSETUP.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	DXSETUP.exe

Modifies registry class 64 IoCs

Processes:

msiexec.exeDXSETUP.exeMsiExec.exemsedge.execmd.exefirefox.exemsedge.exesvchost.exesvchost.exe

description	ioc	process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global\Microsoft.Xna.Framework.Game,fileVersion="4.0.20823.0",version="4.0.0.00000",culture="neutral",publicKeyToken="842CF8BE1DE50553",processorArchitecture="x86" = 6c00660060002e003200510046002b00300041004c0048005600370077003800680027002100740058004e0041004600720061006d00650077006f0072006b005200650064006900730074003e0048006100380066004c0049004f0071007b003f00380032003100310034002e002400740052006c0000000000	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global\Microsoft.Xna.Framework.Input.Touch,fileVersion="4.0.20823.0",version="4.0.0.00000",culture="neutral",publicKeyToken="842CF8BE1DE50553",processorArchitecture="MSIL" = 6c00660060002e003200510046002b00300041004c0048005600370077003800680027002100740058004e0041004600720061006d00650077006f0072006b005200650064006900730074003e0050006a006300540058005b0053007b00610039003700380070002d005d0061006c0065004900260000000000	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0AA7CFB2C445A3E47869763FEB56B59E\PackageCode = "CC1B48CD503865840BBC69BD0DED73A5"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0AA7CFB2C445A3E47869763FEB56B59E\SourceList\Net\1 = "C:\\Users\\Admin\\Desktop\\_Redist\\"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{248d8a3b-6256-44d3-a018-2ac96c459f47}\InProcServer32	DXSETUP.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global\Microsoft.Xna.Framework.Graphics,fileVersion="4.0.20823.0",version="4.0.0.00000",culture="neutral",publicKeyToken="842CF8BE1DE50553",processorArchitecture="x86" = 6c00660060002e003200510046002b00300041004c0048005600370077003800680027002100740058004e0041004600720061006d00650077006f0072006b005200650064006900730074003e0055006a0064003f003d002e00310076002400390053007e005a00340068007b0055006f007a00690000000000	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0AA7CFB2C445A3E47869763FEB56B59E\ProductIcon = "C:\\Windows\\Installer\\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}\\ProductIcon"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0AA7CFB2C445A3E47869763FEB56B59E\AuthorizedLUAApp = "0"	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\DirectShow\MediaObjects\a8122ff4-9e52-4374-b3d9-b4063e77109d\InputTypes = 6175647300001000800000aa00389b710100000000001000800000aa00389b71	MsiExec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global\Microsoft.Xna.Framework.Video,fileVersion="4.0.20823.0",version="4.0.0.00000",culture="neutral",publicKeyToken="842CF8BE1DE50553",processorArchitecture="MSIL" = 6c00660060002e003200510046002b00300041004c0048005600370077003800680027002100740058004e0041004600720061006d00650077006f0072006b005200650064006900730074003e00550048004a0055006e0053003d0052005d00380048004d005d00250038005d00400059006900750000000000	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0AA7CFB2C445A3E47869763FEB56B59E\SourceList\PackageName = "xnafx40_redist.msi"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{e48c5a3f-93ef-43bb-a092-2c7ceb946f27}	DXSETUP.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4181651180-3163410697-3990547336-1000\{E8BBC572-D599-4206-80FC-68F29B50FF5F}	msedge.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0AA7CFB2C445A3E47869763FEB56B59E\ProductName = "Microsoft XNA Framework Redistributable 4.0"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0AA7CFB2C445A3E47869763FEB56B59E\Assignment = "1"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{cecec95a-d894-491a-bee3-5e106fb59f2d}\InProcServer32\ = "C:\\Windows\\SysWow64\\XAudio2_6.dll"	DXSETUP.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{cecec95a-d894-491a-bee3-5e106fb59f2d}\InProcServer32\ThreadingModel = "Both"	DXSETUP.exe
Key created	\REGISTRY\USER\S-1-5-21-4181651180-3163410697-3990547336-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-4181651180-3163410697-3990547336-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-4181651180-3163410697-3990547336-1000_Classes\Local Settings	msedge.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{248d8a3b-6256-44d3-a018-2ac96c459f47}\InProcServer32\ThreadingModel = "Both"	DXSETUP.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\DirectShow\MediaObjects\a8122ff4-9e52-4374-b3d9-b4063e77109d	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A8122FF4-9E52-4374-B3D9-B4063E77109D}\InprocServer32\ = "C:\\Program Files (x86)\\Common Files\\Microsoft Shared\\XNA\\Framework\\Shared\\xnavisualizer.dll"	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0AA7CFB2C445A3E47869763FEB56B59E\Clients = 3a0000000000	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A8122FF4-9E52-4374-B3D9-B4063E77109D}	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\0AA7CFB2C445A3E47869763FEB56B59E	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\500BB8FAD5F3D2A4D9EFC01E0702D939	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{cecec95a-d894-491a-bee3-5e106fb59f2d}\InProcServer32	DXSETUP.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0AA7CFB2C445A3E47869763FEB56B59E\SourceList\Net	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{248d8a3b-6256-44d3-a018-2ac96c459f47}\InProcServer32\ = "C:\\Windows\\SysWow64\\xactengine3_6.dll"	DXSETUP.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3eda9b49-2085-498b-9bb2-39a6778493de}	DXSETUP.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3eda9b49-2085-498b-9bb2-39a6778493de}\InProcServer32\ThreadingModel = "Both"	DXSETUP.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{e48c5a3f-93ef-43bb-a092-2c7ceb946f27}\InProcServer32	DXSETUP.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0AA7CFB2C445A3E47869763FEB56B59E\Language = "1033"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0AA7CFB2C445A3E47869763FEB56B59E\AdvertiseFlags = "388"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0AA7CFB2C445A3E47869763FEB56B59E\SourceList	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3eda9b49-2085-498b-9bb2-39a6778493de}\InProcServer32	DXSETUP.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\DirectShow\MediaObjects\a8122ff4-9e52-4374-b3d9-b4063e77109d\OutputTypes = 6175647300001000800000aa00389b710100000000001000800000aa00389b71	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A8122FF4-9E52-4374-B3D9-B4063E77109D}\ = "VisualizerPlugin Class"	MsiExec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global\Microsoft.Xna.Framework,fileVersion="4.0.20823.0",version="4.0.0.00000",culture="neutral",publicKeyToken="842CF8BE1DE50553",processorArchitecture="x86" = 6c00660060002e003200510046002b00300041004c0048005600370077003800680027002100740058004e0041004600720061006d00650077006f0072006b005200650064006900730074003e0065006a0036002d0051005b002d0065003900400060004a003d006e0079005e005b005d002a00710000000000	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0AA7CFB2C445A3E47869763FEB56B59E\Version = "67129687"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\500BB8FAD5F3D2A4D9EFC01E0702D939\0AA7CFB2C445A3E47869763FEB56B59E	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0AA7CFB2C445A3E47869763FEB56B59E\SourceList\Media	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{248d8a3b-6256-44d3-a018-2ac96c459f47}	DXSETUP.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{cecec95a-d894-491a-bee3-5e106fb59f2d}	DXSETUP.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global\Microsoft.Xna.Framework.GamerServices,fileVersion="4.0.20823.0",version="4.0.0.00000",culture="neutral",publicKeyToken="842CF8BE1DE50553",processorArchitecture="MSIL" = 6c00660060002e003200510046002b00300041004c0048005600370077003800680027002100740058004e0041004600720061006d00650077006f0072006b005200650064006900730074003e007a00770076007100640077006800410066003d007a0027006500360077004900760034006700560000000000	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0AA7CFB2C445A3E47869763FEB56B59E\SourceList\Media\1 = ";"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{e48c5a3f-93ef-43bb-a092-2c7ceb946f27}\ = "AudioVolumeMeter"	DXSETUP.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global\Microsoft.Xna.Framework.Xact,fileVersion="4.0.20823.0",version="4.0.0.00000",culture="neutral",publicKeyToken="842CF8BE1DE50553",processorArchitecture="x86" = 6c00660060002e003200510046002b00300041004c0048005600370077003800680027002100740058004e0041004600720061006d00650077006f0072006b005200650064006900730074003e0058003600520051006200610026006500470040005b002d003200630041007600560064007300740000000000	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0AA7CFB2C445A3E47869763FEB56B59E\InstanceType = "0"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{248d8a3b-6256-44d3-a018-2ac96c459f47}\ = "XACT Engine"	DXSETUP.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{e48c5a3f-93ef-43bb-a092-2c7ceb946f27}\InProcServer32\ThreadingModel = "Both"	DXSETUP.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global\Microsoft.Xna.Framework.Storage,fileVersion="4.0.20823.0",version="4.0.0.00000",culture="neutral",publicKeyToken="842CF8BE1DE50553",processorArchitecture="MSIL" = 6c00660060002e003200510046002b00300041004c0048005600370077003800680027002100740058004e0041004600720061006d00650077006f0072006b005200650064006900730074003e007b0072006100690027004a006300710041003d00550070005d002e0026004d0043007a007100590000000000	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3eda9b49-2085-498b-9bb2-39a6778493de}\ = "XAudio2"	DXSETUP.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3eda9b49-2085-498b-9bb2-39a6778493de}\InProcServer32\ = "C:\\Windows\\SysWow64\\XAudio2_6.dll"	DXSETUP.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\DirectShow\MediaObjects\Categories\f3602b3f-0592-48df-a4cd-674721e7ebeb\a8122ff4-9e52-4374-b3d9-b4063e77109d	MsiExec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A8122FF4-9E52-4374-B3D9-B4063E77109D}\InprocServer32	MsiExec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A8122FF4-9E52-4374-B3D9-B4063E77109D}\InprocServer32\ThreadingModel = "Both"	MsiExec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4181651180-3163410697-3990547336-1000\{9B73FA92-DA4B-4AC6-BB3B-F33A4B394D30}	svchost.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4181651180-3163410697-3990547336-1000\{D498B8D5-DC24-43FC-85B0-2A082FE23760}	svchost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\0AA7CFB2C445A3E47869763FEB56B59E\DXRedist	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0AA7CFB2C445A3E47869763FEB56B59E	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0AA7CFB2C445A3E47869763FEB56B59E\DeploymentFlags = "3"	msiexec.exe

Modifies registry key 1 TTPs 3 IoCs

Modify Registry
T1112

Processes:

reg.exereg.exereg.exe

pid process

6056 reg.exe
4708 reg.exe
4908 reg.exe

pid	process
6056	reg.exe
4708	reg.exe
4908	reg.exe

NTFS ADS 5 IoCs

Processes:

msedge.exemsedge.exemsedge.exemsedge.exeoalinst.exe

description	ioc	process
File opened for modification	C:\Users\Admin\Downloads\People.Playground.Gamdie.com.zip:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 47663.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\SuperDeath3.exe:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Lethal.Company.Gamdie.com.zip:Zone.Identifier	msedge.exe
File created	C:\Program Files (x86)\OpenAL\oalinst.exe\:Zone.Identifier:$DATA	oalinst.exe

Runs net.exe
Suspicious behavior: AddClipboardFormatListener 1 IoCs

Processes:

vlc.exe

pid process

3520 vlc.exe

pid	process
3520	vlc.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

msedge.exemsedge.exemsedge.exeidentity_helper.exechrome.exechrome.exemsedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exemsedge.exemsedge.exeSetup.exeSetup.exemsiexec.exemsedge.exePeople Playground.exeUnityCrashHandler64.exePeople Playground.exeUnityCrashHandler64.exe

pid	process
228	msedge.exe
228	msedge.exe
3600	msedge.exe
3600	msedge.exe
1644	msedge.exe
1644	msedge.exe
2400	identity_helper.exe
2400	identity_helper.exe
2424	chrome.exe
2424	chrome.exe
4996	chrome.exe
4996	chrome.exe
1324	msedge.exe
1324	msedge.exe
1688	msedge.exe
1688	msedge.exe
2616	identity_helper.exe
2616	identity_helper.exe
2840	msedge.exe
2840	msedge.exe
2724	msedge.exe
2724	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
2140	msedge.exe
1160	msedge.exe
1160	msedge.exe
5020	Setup.exe
5020	Setup.exe
5020	Setup.exe
5020	Setup.exe
5020	Setup.exe
5020	Setup.exe
5020	Setup.exe
5020	Setup.exe
1480	Setup.exe
1480	Setup.exe
1480	Setup.exe
1480	Setup.exe
1480	Setup.exe
1480	Setup.exe
1480	Setup.exe
1480	Setup.exe
1964	msiexec.exe
1964	msiexec.exe
1732	msedge.exe
1732	msedge.exe
6084	People Playground.exe
6084	People Playground.exe
6016	UnityCrashHandler64.exe
6016	UnityCrashHandler64.exe
6016	UnityCrashHandler64.exe
6016	UnityCrashHandler64.exe
6016	UnityCrashHandler64.exe
6016	UnityCrashHandler64.exe
6084	People Playground.exe
6084	People Playground.exe
5724	People Playground.exe
5724	People Playground.exe
5160	UnityCrashHandler64.exe
5160	UnityCrashHandler64.exe
5160	UnityCrashHandler64.exe
5160	UnityCrashHandler64.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

vlc.exe

pid process

3520 vlc.exe

pid	process
3520	vlc.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs

Processes:

msedge.exechrome.exemsedge.exe

pid	process
3600	msedge.exe
3600	msedge.exe
3600	msedge.exe
3600	msedge.exe
3600	msedge.exe
3600	msedge.exe
3600	msedge.exe
2424	chrome.exe
2424	chrome.exe
2424	chrome.exe
2424	chrome.exe
2424	chrome.exe
2424	chrome.exe
2424	chrome.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	2424	chrome.exe
Token: SeCreatePagefilePrivilege	2424	chrome.exe
Token: SeShutdownPrivilege	2424	chrome.exe
Token: SeCreatePagefilePrivilege	2424	chrome.exe
Token: SeShutdownPrivilege	2424	chrome.exe
Token: SeCreatePagefilePrivilege	2424	chrome.exe
Token: SeShutdownPrivilege	2424	chrome.exe
Token: SeCreatePagefilePrivilege	2424	chrome.exe
Token: SeShutdownPrivilege	2424	chrome.exe
Token: SeCreatePagefilePrivilege	2424	chrome.exe
Token: SeShutdownPrivilege	2424	chrome.exe
Token: SeCreatePagefilePrivilege	2424	chrome.exe
Token: SeShutdownPrivilege	2424	chrome.exe
Token: SeCreatePagefilePrivilege	2424	chrome.exe
Token: SeShutdownPrivilege	2424	chrome.exe
Token: SeCreatePagefilePrivilege	2424	chrome.exe
Token: SeShutdownPrivilege	2424	chrome.exe
Token: SeCreatePagefilePrivilege	2424	chrome.exe
Token: SeShutdownPrivilege	2424	chrome.exe
Token: SeCreatePagefilePrivilege	2424	chrome.exe
Token: SeShutdownPrivilege	2424	chrome.exe
Token: SeCreatePagefilePrivilege	2424	chrome.exe
Token: SeShutdownPrivilege	2424	chrome.exe
Token: SeCreatePagefilePrivilege	2424	chrome.exe
Token: SeShutdownPrivilege	2424	chrome.exe
Token: SeCreatePagefilePrivilege	2424	chrome.exe
Token: SeShutdownPrivilege	2424	chrome.exe
Token: SeCreatePagefilePrivilege	2424	chrome.exe
Token: SeShutdownPrivilege	2424	chrome.exe
Token: SeCreatePagefilePrivilege	2424	chrome.exe
Token: SeShutdownPrivilege	2424	chrome.exe
Token: SeCreatePagefilePrivilege	2424	chrome.exe
Token: SeShutdownPrivilege	2424	chrome.exe
Token: SeCreatePagefilePrivilege	2424	chrome.exe
Token: SeShutdownPrivilege	2424	chrome.exe
Token: SeCreatePagefilePrivilege	2424	chrome.exe
Token: SeShutdownPrivilege	2424	chrome.exe
Token: SeCreatePagefilePrivilege	2424	chrome.exe
Token: SeShutdownPrivilege	2424	chrome.exe
Token: SeCreatePagefilePrivilege	2424	chrome.exe
Token: SeShutdownPrivilege	2424	chrome.exe
Token: SeCreatePagefilePrivilege	2424	chrome.exe
Token: SeShutdownPrivilege	2424	chrome.exe
Token: SeCreatePagefilePrivilege	2424	chrome.exe
Token: SeShutdownPrivilege	2424	chrome.exe
Token: SeCreatePagefilePrivilege	2424	chrome.exe
Token: SeShutdownPrivilege	2424	chrome.exe
Token: SeCreatePagefilePrivilege	2424	chrome.exe
Token: SeShutdownPrivilege	2424	chrome.exe
Token: SeCreatePagefilePrivilege	2424	chrome.exe
Token: SeShutdownPrivilege	2424	chrome.exe
Token: SeCreatePagefilePrivilege	2424	chrome.exe
Token: SeShutdownPrivilege	2424	chrome.exe
Token: SeCreatePagefilePrivilege	2424	chrome.exe
Token: SeShutdownPrivilege	2424	chrome.exe
Token: SeCreatePagefilePrivilege	2424	chrome.exe
Token: SeShutdownPrivilege	2424	chrome.exe
Token: SeCreatePagefilePrivilege	2424	chrome.exe
Token: SeShutdownPrivilege	2424	chrome.exe
Token: SeCreatePagefilePrivilege	2424	chrome.exe
Token: SeShutdownPrivilege	2424	chrome.exe
Token: SeCreatePagefilePrivilege	2424	chrome.exe
Token: SeShutdownPrivilege	2424	chrome.exe
Token: SeCreatePagefilePrivilege	2424	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

msedge.exechrome.exefirefox.exemsedge.exe

pid	process
3600	msedge.exe
3600	msedge.exe
3600	msedge.exe
3600	msedge.exe
3600	msedge.exe
3600	msedge.exe
3600	msedge.exe
3600	msedge.exe
3600	msedge.exe
3600	msedge.exe
3600	msedge.exe
3600	msedge.exe
3600	msedge.exe
3600	msedge.exe
3600	msedge.exe
3600	msedge.exe
3600	msedge.exe
3600	msedge.exe
3600	msedge.exe
3600	msedge.exe
3600	msedge.exe
3600	msedge.exe
3600	msedge.exe
3600	msedge.exe
3600	msedge.exe
3600	msedge.exe
2424	chrome.exe
2424	chrome.exe
2424	chrome.exe
2424	chrome.exe
2424	chrome.exe
2424	chrome.exe
2424	chrome.exe
2424	chrome.exe
2424	chrome.exe
2424	chrome.exe
2424	chrome.exe
2424	chrome.exe
2424	chrome.exe
2424	chrome.exe
2424	chrome.exe
2424	chrome.exe
2424	chrome.exe
2424	chrome.exe
2424	chrome.exe
2424	chrome.exe
2424	chrome.exe
2424	chrome.exe
2424	chrome.exe
2424	chrome.exe
2424	chrome.exe
2424	chrome.exe
2424	chrome.exe
2028	firefox.exe
2028	firefox.exe
2028	firefox.exe
2028	firefox.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe

Suspicious use of SendNotifyMessage 64 IoCs

Processes:

msedge.exechrome.exefirefox.exemsedge.exevlc.exe

pid	process
3600	msedge.exe
3600	msedge.exe
3600	msedge.exe
3600	msedge.exe
3600	msedge.exe
3600	msedge.exe
3600	msedge.exe
3600	msedge.exe
3600	msedge.exe
3600	msedge.exe
3600	msedge.exe
3600	msedge.exe
2424	chrome.exe
2424	chrome.exe
2424	chrome.exe
2424	chrome.exe
2424	chrome.exe
2424	chrome.exe
2424	chrome.exe
2424	chrome.exe
2424	chrome.exe
2424	chrome.exe
2424	chrome.exe
2424	chrome.exe
2028	firefox.exe
2028	firefox.exe
2028	firefox.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe
3520	vlc.exe
3520	vlc.exe
3520	vlc.exe
3520	vlc.exe
3520	vlc.exe
3520	vlc.exe
3520	vlc.exe
3520	vlc.exe
3520	vlc.exe
3520	vlc.exe
3520	vlc.exe
3520	vlc.exe
3520	vlc.exe

Suspicious use of SetWindowsHookEx 21 IoCs

Processes:

firefox.exedotNetFx40_Full_setup.exeoalinst.exevcredist_x64.exeSetup.exePeople Playground.exeOpenWith.exePeople Playground.exeOpenWith.exePeople Playground.exeOpenWith.exevlc.exePickerHost.exeLogonUI.exe

pid	process
2028	firefox.exe
2804	dotNetFx40_Full_setup.exe
3872	oalinst.exe
4420	vcredist_x64.exe
1480	Setup.exe
6084	People Playground.exe
3144	OpenWith.exe
5724	People Playground.exe
380	OpenWith.exe
5036	People Playground.exe
5300	OpenWith.exe
3520	vlc.exe
3520	vlc.exe
3520	vlc.exe
3520	vlc.exe
3520	vlc.exe
3520	vlc.exe
3520	vlc.exe
3520	vlc.exe
1148	PickerHost.exe
3312	LogonUI.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 3600 wrote to memory of 2236	3600	msedge.exe	msedge.exe
PID 3600 wrote to memory of 2236	3600	msedge.exe	msedge.exe
PID 3600 wrote to memory of 1036	3600	msedge.exe	msedge.exe
PID 3600 wrote to memory of 1036	3600	msedge.exe	msedge.exe
PID 3600 wrote to memory of 1036	3600	msedge.exe	msedge.exe
PID 3600 wrote to memory of 1036	3600	msedge.exe	msedge.exe
PID 3600 wrote to memory of 1036	3600	msedge.exe	msedge.exe
PID 3600 wrote to memory of 1036	3600	msedge.exe	msedge.exe
PID 3600 wrote to memory of 1036	3600	msedge.exe	msedge.exe
PID 3600 wrote to memory of 1036	3600	msedge.exe	msedge.exe
PID 3600 wrote to memory of 1036	3600	msedge.exe	msedge.exe
PID 3600 wrote to memory of 1036	3600	msedge.exe	msedge.exe
PID 3600 wrote to memory of 1036	3600	msedge.exe	msedge.exe
PID 3600 wrote to memory of 1036	3600	msedge.exe	msedge.exe
PID 3600 wrote to memory of 1036	3600	msedge.exe	msedge.exe
PID 3600 wrote to memory of 1036	3600	msedge.exe	msedge.exe
PID 3600 wrote to memory of 1036	3600	msedge.exe	msedge.exe
PID 3600 wrote to memory of 1036	3600	msedge.exe	msedge.exe
PID 3600 wrote to memory of 1036	3600	msedge.exe	msedge.exe
PID 3600 wrote to memory of 1036	3600	msedge.exe	msedge.exe
PID 3600 wrote to memory of 1036	3600	msedge.exe	msedge.exe
PID 3600 wrote to memory of 1036	3600	msedge.exe	msedge.exe
PID 3600 wrote to memory of 1036	3600	msedge.exe	msedge.exe
PID 3600 wrote to memory of 1036	3600	msedge.exe	msedge.exe
PID 3600 wrote to memory of 1036	3600	msedge.exe	msedge.exe
PID 3600 wrote to memory of 1036	3600	msedge.exe	msedge.exe
PID 3600 wrote to memory of 1036	3600	msedge.exe	msedge.exe
PID 3600 wrote to memory of 1036	3600	msedge.exe	msedge.exe
PID 3600 wrote to memory of 1036	3600	msedge.exe	msedge.exe
PID 3600 wrote to memory of 1036	3600	msedge.exe	msedge.exe
PID 3600 wrote to memory of 1036	3600	msedge.exe	msedge.exe
PID 3600 wrote to memory of 1036	3600	msedge.exe	msedge.exe
PID 3600 wrote to memory of 1036	3600	msedge.exe	msedge.exe
PID 3600 wrote to memory of 1036	3600	msedge.exe	msedge.exe
PID 3600 wrote to memory of 1036	3600	msedge.exe	msedge.exe
PID 3600 wrote to memory of 1036	3600	msedge.exe	msedge.exe
PID 3600 wrote to memory of 1036	3600	msedge.exe	msedge.exe
PID 3600 wrote to memory of 1036	3600	msedge.exe	msedge.exe
PID 3600 wrote to memory of 1036	3600	msedge.exe	msedge.exe
PID 3600 wrote to memory of 1036	3600	msedge.exe	msedge.exe
PID 3600 wrote to memory of 1036	3600	msedge.exe	msedge.exe
PID 3600 wrote to memory of 1036	3600	msedge.exe	msedge.exe
PID 3600 wrote to memory of 228	3600	msedge.exe	msedge.exe
PID 3600 wrote to memory of 228	3600	msedge.exe	msedge.exe
PID 3600 wrote to memory of 4084	3600	msedge.exe	msedge.exe
PID 3600 wrote to memory of 4084	3600	msedge.exe	msedge.exe
PID 3600 wrote to memory of 4084	3600	msedge.exe	msedge.exe
PID 3600 wrote to memory of 4084	3600	msedge.exe	msedge.exe
PID 3600 wrote to memory of 4084	3600	msedge.exe	msedge.exe
PID 3600 wrote to memory of 4084	3600	msedge.exe	msedge.exe
PID 3600 wrote to memory of 4084	3600	msedge.exe	msedge.exe
PID 3600 wrote to memory of 4084	3600	msedge.exe	msedge.exe
PID 3600 wrote to memory of 4084	3600	msedge.exe	msedge.exe
PID 3600 wrote to memory of 4084	3600	msedge.exe	msedge.exe
PID 3600 wrote to memory of 4084	3600	msedge.exe	msedge.exe
PID 3600 wrote to memory of 4084	3600	msedge.exe	msedge.exe
PID 3600 wrote to memory of 4084	3600	msedge.exe	msedge.exe
PID 3600 wrote to memory of 4084	3600	msedge.exe	msedge.exe
PID 3600 wrote to memory of 4084	3600	msedge.exe	msedge.exe
PID 3600 wrote to memory of 4084	3600	msedge.exe	msedge.exe
PID 3600 wrote to memory of 4084	3600	msedge.exe	msedge.exe
PID 3600 wrote to memory of 4084	3600	msedge.exe	msedge.exe
PID 3600 wrote to memory of 4084	3600	msedge.exe	msedge.exe
PID 3600 wrote to memory of 4084	3600	msedge.exe	msedge.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffd60d13cb8,0x7ffd60d13cc8,0x7ffd60d13cd8
  2⤵
  PID:2236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1904,15568165027891666841,7097334174909742309,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1880 /prefetch:2
  2⤵
  PID:1036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1904,15568165027891666841,7097334174909742309,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1952 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1904,15568165027891666841,7097334174909742309,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2676 /prefetch:8
  2⤵
  PID:4084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,15568165027891666841,7097334174909742309,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3152 /prefetch:1
  2⤵
  PID:3360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,15568165027891666841,7097334174909742309,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3084 /prefetch:1
  2⤵
  PID:4496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,15568165027891666841,7097334174909742309,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4884 /prefetch:1
  2⤵
  PID:992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1904,15568165027891666841,7097334174909742309,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5428 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1644
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1904,15568165027891666841,7097334174909742309,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5656 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,15568165027891666841,7097334174909742309,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5388 /prefetch:1
  2⤵
  PID:5072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,15568165027891666841,7097334174909742309,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4572 /prefetch:1
  2⤵
  PID:3716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,15568165027891666841,7097334174909742309,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5032 /prefetch:1
  2⤵
  PID:980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,15568165027891666841,7097334174909742309,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4856 /prefetch:1
  2⤵
  PID:3792

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:904

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3116

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffd601f9758,0x7ffd601f9768,0x7ffd601f9778
  2⤵
  PID:1008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1856 --field-trial-handle=1860,i,10668784230380526206,8714847402274496877,131072 /prefetch:8
  2⤵
  PID:2296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1568 --field-trial-handle=1860,i,10668784230380526206,8714847402274496877,131072 /prefetch:2
  2⤵
  PID:3608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2200 --field-trial-handle=1860,i,10668784230380526206,8714847402274496877,131072 /prefetch:8
  2⤵
  PID:1576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3196 --field-trial-handle=1860,i,10668784230380526206,8714847402274496877,131072 /prefetch:1
  2⤵
  PID:4700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3172 --field-trial-handle=1860,i,10668784230380526206,8714847402274496877,131072 /prefetch:1
  2⤵
  PID:2124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4516 --field-trial-handle=1860,i,10668784230380526206,8714847402274496877,131072 /prefetch:1
  2⤵
  PID:4592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4984 --field-trial-handle=1860,i,10668784230380526206,8714847402274496877,131072 /prefetch:8
  2⤵
  PID:4060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5084 --field-trial-handle=1860,i,10668784230380526206,8714847402274496877,131072 /prefetch:8
  2⤵
  PID:1792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5136 --field-trial-handle=1860,i,10668784230380526206,8714847402274496877,131072 /prefetch:8
  2⤵
  PID:380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5428 --field-trial-handle=1860,i,10668784230380526206,8714847402274496877,131072 /prefetch:1
  2⤵
  PID:4460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4444 --field-trial-handle=1860,i,10668784230380526206,8714847402274496877,131072 /prefetch:1
  2⤵
  PID:2744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3368 --field-trial-handle=1860,i,10668784230380526206,8714847402274496877,131072 /prefetch:1
  2⤵
  PID:4356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4636 --field-trial-handle=1860,i,10668784230380526206,8714847402274496877,131072 /prefetch:1
  2⤵
  PID:4664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4668 --field-trial-handle=1860,i,10668784230380526206,8714847402274496877,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4996

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1344

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:1872
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:2028
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2028.0.1455523874\2001916181" -parentBuildID 20221007134813 -prefsHandle 1792 -prefMapHandle 1748 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {79806942-695e-438e-aa99-6f0392dad772} 2028 "\\.\pipe\gecko-crash-server-pipe.2028" 1872 1dc1e9dcb58 gpu
    3⤵
    PID:2896
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2028.1.682133786\34116045" -parentBuildID 20221007134813 -prefsHandle 2240 -prefMapHandle 2236 -prefsLen 20783 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6764909a-8650-4a04-84a2-e00904f18994} 2028 "\\.\pipe\gecko-crash-server-pipe.2028" 2248 1dc1e8e4258 socket
    3⤵
    - Checks processor information in registry
    PID:3312
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2028.2.505545321\656123721" -childID 1 -isForBrowser -prefsHandle 2800 -prefMapHandle 3084 -prefsLen 20821 -prefMapSize 233444 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f49a7af6-caf7-42a5-a343-4b32a2e4cbdb} 2028 "\\.\pipe\gecko-crash-server-pipe.2028" 3132 1dc23b97658 tab
    3⤵
    PID:1272
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2028.3.1023684936\1915731058" -childID 2 -isForBrowser -prefsHandle 3400 -prefMapHandle 2788 -prefsLen 26064 -prefMapSize 233444 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {46f2869d-724a-4394-85b4-9b952f9481a7} 2028 "\\.\pipe\gecko-crash-server-pipe.2028" 3448 1dc0b56a558 tab
    3⤵
    PID:2464
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2028.4.1078401365\984570936" -childID 3 -isForBrowser -prefsHandle 4404 -prefMapHandle 4376 -prefsLen 26123 -prefMapSize 233444 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cf76bdcf-01ed-4ea2-b155-b97990effc08} 2028 "\\.\pipe\gecko-crash-server-pipe.2028" 4388 1dc257c2258 tab
    3⤵
    PID:456
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2028.5.1440502151\717297509" -childID 4 -isForBrowser -prefsHandle 5048 -prefMapHandle 5044 -prefsLen 26123 -prefMapSize 233444 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ab7d7c35-f5a9-43a3-932a-5b3a7595761c} 2028 "\\.\pipe\gecko-crash-server-pipe.2028" 5056 1dc24fd5558 tab
    3⤵
    PID:2908
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2028.7.468537786\27352798" -childID 6 -isForBrowser -prefsHandle 5376 -prefMapHandle 5380 -prefsLen 26123 -prefMapSize 233444 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8fb378f4-5af3-4f7e-9759-8969311c6595} 2028 "\\.\pipe\gecko-crash-server-pipe.2028" 5368 1dc260bfb58 tab
    3⤵
    PID:3008
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2028.6.2117168010\1231166956" -childID 5 -isForBrowser -prefsHandle 5184 -prefMapHandle 5188 -prefsLen 26123 -prefMapSize 233444 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d644c05f-c2fb-486f-9386-69d4dcdb9f26} 2028 "\\.\pipe\gecko-crash-server-pipe.2028" 5176 1dc260bf558 tab
    3⤵
    PID:4984
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2028.8.1870764545\235903715" -childID 7 -isForBrowser -prefsHandle 5792 -prefMapHandle 5788 -prefsLen 26204 -prefMapSize 233444 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7ba777ea-9e0a-43db-8e56-e83a62b3a0bb} 2028 "\\.\pipe\gecko-crash-server-pipe.2028" 2708 1dc2785c458 tab
    3⤵
    PID:3364

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
1⤵
- Enumerates system info in registry
- Modifies registry class
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffd60d13cb8,0x7ffd60d13cc8,0x7ffd60d13cd8
  2⤵
  PID:2704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1904,17857742181001317761,307212254656651353,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1904,17857742181001317761,307212254656651353,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1920 /prefetch:2
  2⤵
  PID:1364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1904,17857742181001317761,307212254656651353,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2528 /prefetch:8
  2⤵
  PID:1164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,17857742181001317761,307212254656651353,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1
  2⤵
  PID:2128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,17857742181001317761,307212254656651353,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1
  2⤵
  PID:3360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,17857742181001317761,307212254656651353,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4936 /prefetch:1
  2⤵
  PID:1180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,17857742181001317761,307212254656651353,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4408 /prefetch:1
  2⤵
  PID:5016
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1904,17857742181001317761,307212254656651353,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3804 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1904,17857742181001317761,307212254656651353,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5356 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,17857742181001317761,307212254656651353,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:1
  2⤵
  PID:904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1904,17857742181001317761,307212254656651353,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4016 /prefetch:8
  2⤵
  PID:3636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,17857742181001317761,307212254656651353,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5504 /prefetch:1
  2⤵
  PID:3136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1904,17857742181001317761,307212254656651353,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=1908 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:2724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1904,17857742181001317761,307212254656651353,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3984 /prefetch:8
  2⤵
  PID:2964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,17857742181001317761,307212254656651353,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4216 /prefetch:1
  2⤵
  PID:1536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,17857742181001317761,307212254656651353,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5536 /prefetch:1
  2⤵
  PID:1752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,17857742181001317761,307212254656651353,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5520 /prefetch:1
  2⤵
  PID:4676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,17857742181001317761,307212254656651353,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5936 /prefetch:1
  2⤵
  PID:904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,17857742181001317761,307212254656651353,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:3312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,17857742181001317761,307212254656651353,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5036 /prefetch:1
  2⤵
  PID:4076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,17857742181001317761,307212254656651353,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5064 /prefetch:1
  2⤵
  PID:3928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,17857742181001317761,307212254656651353,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5608 /prefetch:1
  2⤵
  PID:4472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,17857742181001317761,307212254656651353,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5712 /prefetch:1
  2⤵
  PID:2128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,17857742181001317761,307212254656651353,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4116 /prefetch:1
  2⤵
  PID:4644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,17857742181001317761,307212254656651353,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6524 /prefetch:1
  2⤵
  PID:2036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,17857742181001317761,307212254656651353,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6876 /prefetch:1
  2⤵
  PID:2288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,17857742181001317761,307212254656651353,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6540 /prefetch:1
  2⤵
  PID:2280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1904,17857742181001317761,307212254656651353,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=7420 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1904,17857742181001317761,307212254656651353,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8172 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:1160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,17857742181001317761,307212254656651353,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8084 /prefetch:1
  2⤵
  PID:1328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,17857742181001317761,307212254656651353,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7776 /prefetch:1
  2⤵
  PID:840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1904,17857742181001317761,307212254656651353,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=7820 /prefetch:8
  2⤵
  PID:5828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,17857742181001317761,307212254656651353,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6312 /prefetch:1
  2⤵
  PID:5368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,17857742181001317761,307212254656651353,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6276 /prefetch:1
  2⤵
  PID:5356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,17857742181001317761,307212254656651353,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4116 /prefetch:1
  2⤵
  PID:5712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,17857742181001317761,307212254656651353,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3444 /prefetch:1
  2⤵
  PID:684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,17857742181001317761,307212254656651353,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7016 /prefetch:1
  2⤵
  PID:5784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,17857742181001317761,307212254656651353,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6172 /prefetch:1
  2⤵
  PID:4556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,17857742181001317761,307212254656651353,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6280 /prefetch:1
  2⤵
  PID:3256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,17857742181001317761,307212254656651353,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6252 /prefetch:1
  2⤵
  PID:2124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,17857742181001317761,307212254656651353,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7936 /prefetch:1
  2⤵
  PID:5988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,17857742181001317761,307212254656651353,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4060 /prefetch:1
  2⤵
  PID:3644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,17857742181001317761,307212254656651353,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7044 /prefetch:1
  2⤵
  PID:2304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,17857742181001317761,307212254656651353,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1020 /prefetch:1
  2⤵
  PID:780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,17857742181001317761,307212254656651353,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7676 /prefetch:1
  2⤵
  PID:1564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,17857742181001317761,307212254656651353,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4052 /prefetch:1
  2⤵
  PID:4804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,17857742181001317761,307212254656651353,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7696 /prefetch:1
  2⤵
  PID:3112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,17857742181001317761,307212254656651353,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2896 /prefetch:1
  2⤵
  PID:132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,17857742181001317761,307212254656651353,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4156 /prefetch:1
  2⤵
  PID:5524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,17857742181001317761,307212254656651353,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5904 /prefetch:1
  2⤵
  PID:6088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,17857742181001317761,307212254656651353,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5188 /prefetch:1
  2⤵
  PID:5072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,17857742181001317761,307212254656651353,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3560 /prefetch:1
  2⤵
  PID:1168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,17857742181001317761,307212254656651353,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1884 /prefetch:1
  2⤵
  PID:1588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,17857742181001317761,307212254656651353,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6184 /prefetch:1
  2⤵
  PID:5792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,17857742181001317761,307212254656651353,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2632 /prefetch:1
  2⤵
  PID:5352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,17857742181001317761,307212254656651353,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7308 /prefetch:1
  2⤵
  PID:5504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,17857742181001317761,307212254656651353,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8268 /prefetch:1
  2⤵
  PID:4028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,17857742181001317761,307212254656651353,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7372 /prefetch:1
  2⤵
  PID:5220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,17857742181001317761,307212254656651353,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3452 /prefetch:1
  2⤵
  PID:4468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1904,17857742181001317761,307212254656651353,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6756 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:1732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,17857742181001317761,307212254656651353,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7636 /prefetch:1
  2⤵
  PID:4324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,17857742181001317761,307212254656651353,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6792 /prefetch:1
  2⤵
  PID:6044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,17857742181001317761,307212254656651353,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6576 /prefetch:1
  2⤵
  PID:3920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,17857742181001317761,307212254656651353,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7608 /prefetch:1
  2⤵
  PID:2312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,17857742181001317761,307212254656651353,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3452 /prefetch:1
  2⤵
  PID:5788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,17857742181001317761,307212254656651353,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5868 /prefetch:1
  2⤵
  PID:4324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,17857742181001317761,307212254656651353,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1860 /prefetch:1
  2⤵
  PID:2120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,17857742181001317761,307212254656651353,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8240 /prefetch:1
  2⤵
  PID:2724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,17857742181001317761,307212254656651353,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8460 /prefetch:1
  2⤵
  PID:5808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1904,17857742181001317761,307212254656651353,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5208 /prefetch:8
  2⤵
  PID:3704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1904,17857742181001317761,307212254656651353,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7044 /prefetch:8
  2⤵
  - NTFS ADS
  PID:2616
- C:\Users\Admin\Downloads\SuperDeath3.exe
  "C:\Users\Admin\Downloads\SuperDeath3.exe"
  2⤵
  - Executes dropped EXE
  PID:840
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\43EF.tmp\SuperDeath3.bat""
    3⤵
    - Modifies registry class
    PID:4836
  - - C:\Windows\SysWOW64\reg.exe
      reg add "HKEY_CURRENT_USER\Control Panel\Desktop" /v Wallpaper /t REG_SZ /d c:\bg.bmp /f
      4⤵
      Sets desktop wallpaper using registry
      PID:644
  - - C:\Windows\SysWOW64\rundll32.exe
      RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
      4⤵
      PID:3948
  - - C:\Windows\SysWOW64\reg.exe
      reg.exe ADD HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop /v NoChangingWallPaper /t REG_DWORD /d 1 /f
      4⤵
      Modifies registry key
      PID:6056
  - - C:\Windows\SysWOW64\reg.exe
      reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
      4⤵
      UAC bypass
      Modifies registry key
      PID:4708
  - - C:\Windows\SysWOW64\reg.exe
      Reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender" /v DisableAntiSpyware /t REG_DWORD /d 1 /f
      4⤵
      PID:2844
  - - C:\Windows\SysWOW64\reg.exe
      REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
      4⤵
      Modifies registry key
      PID:4908
  - - C:\Windows\SysWOW64\net.exe
      net user Admin /fullname:"HUMANS ARE TASTY!"
      4⤵
      PID:4600
    - - C:\Windows\SysWOW64\net1.exe
        
        C:\Windows\system32\net1 user Admin /fullname:"HUMANS ARE TASTY!"
        5⤵
        
        PID:5608
  - - C:\Windows\SysWOW64\reg.exe
      reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v "NoControlPanel" /t REG_DWORD /d "1" /f
      4⤵
      PID:1628
  - - C:\Program Files\VideoLAN\VLC\vlc.exe
      "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\43EF.tmp\street.mp4"
      4⤵
      Suspicious behavior: AddClipboardFormatListener
      Suspicious behavior: GetForegroundWindowSpam
      Suspicious use of SendNotifyMessage
      Suspicious use of SetWindowsHookEx
      PID:3520
  - - C:\Windows\SysWOW64\timeout.exe
      timeout 3 /nobreak
      4⤵
      Delays execution with timeout.exe
      PID:6092
  - - C:\Program Files\VideoLAN\VLC\vlc.exe
      "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\43EF.tmp\f11.mp4"
      4⤵
      PID:5520
  - - C:\Windows\SysWOW64\timeout.exe
      timeout 5 /nobreak
      4⤵
      Delays execution with timeout.exe
      PID:4532
  - - C:\Program Files\VideoLAN\VLC\vlc.exe
      "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\43EF.tmp\scarr2.mp4"
      4⤵
      PID:924
  - - C:\Windows\SysWOW64\timeout.exe
      timeout 15 /nobreak
      4⤵
      Delays execution with timeout.exe
      PID:4808
  - - C:\Windows\SysWOW64\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\43EF.tmp\musicplayer2.vbs"
      4⤵
      Enumerates connected drives
      PID:1208
  - - C:\Windows\SysWOW64\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\43EF.tmp\major.vbs"
      4⤵
      PID:704
    - - C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c ""C:\MrsMjrGuiLauncher.bat" "
        5⤵
        
        PID:1548
      - \??\c:\MrsMjrGui.exe
        
        c:\mrsmjrgui.exe
        6⤵
        Executes dropped EXE
        
        PID:2092
      - \??\c:\MrsMjrGui.exe
        
        c:\mrsmjrgui.exe
        6⤵
        Executes dropped EXE
        
        PID:1632
      - \??\c:\MrsMjrGui.exe
        
        c:\mrsmjrgui.exe
        6⤵
        Executes dropped EXE
        
        PID:5468
      - \??\c:\MrsMjrGui.exe
        
        c:\mrsmjrgui.exe
        6⤵
        Executes dropped EXE
        
        PID:3068
  - - C:\Windows\SysWOW64\shutdown.exe
      shutdown /r /t 15
      4⤵
      PID:5988

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4448

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2368

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4212

C:\Users\Admin\Desktop\_Redist\dotNetFx40_Full_setup.exe
"C:\Users\Admin\Desktop\_Redist\dotNetFx40_Full_setup.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:2804
- F:\0afd78889197de94a240bb\Setup.exe
  F:\0afd78889197de94a240bb\\Setup.exe /x86 /x64 /ia64 /web
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks processor information in registry
  - Suspicious behavior: EnumeratesProcesses
  PID:5020

C:\Users\Admin\Desktop\_Redist\oalinst.exe
"C:\Users\Admin\Desktop\_Redist\oalinst.exe"
1⤵
- Drops file in System32 directory
- Drops file in Program Files directory
- NTFS ADS
- Suspicious use of SetWindowsHookEx
PID:3872

C:\Users\Admin\Desktop\_Redist\vcredist_2015-2019_x64.exe
"C:\Users\Admin\Desktop\_Redist\vcredist_2015-2019_x64.exe"
1⤵
PID:2968
- C:\Windows\Temp\{AE5D957A-62DC-4736-ADBF-F99CEB67FCFD}\.cr\vcredist_2015-2019_x64.exe
  "C:\Windows\Temp\{AE5D957A-62DC-4736-ADBF-F99CEB67FCFD}\.cr\vcredist_2015-2019_x64.exe" -burn.clean.room="C:\Users\Admin\Desktop\_Redist\vcredist_2015-2019_x64.exe" -burn.filehandle.attached=592 -burn.filehandle.self=752
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2104

C:\Users\Admin\Desktop\_Redist\vcredist_2015-2019_x86.exe
"C:\Users\Admin\Desktop\_Redist\vcredist_2015-2019_x86.exe"
1⤵
PID:2464
- C:\Windows\Temp\{3FDDB4C1-49F9-4C79-8ADA-91908222D112}\.cr\vcredist_2015-2019_x86.exe
  "C:\Windows\Temp\{3FDDB4C1-49F9-4C79-8ADA-91908222D112}\.cr\vcredist_2015-2019_x86.exe" -burn.clean.room="C:\Users\Admin\Desktop\_Redist\vcredist_2015-2019_x86.exe" -burn.filehandle.attached=592 -burn.filehandle.self=600
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:1160

C:\Users\Admin\Desktop\_Redist\vcredist_x64.exe
"C:\Users\Admin\Desktop\_Redist\vcredist_x64.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:4420
- \??\f:\fd657bbcdd476399885cc3790d06\Setup.exe
  f:\fd657bbcdd476399885cc3790d06\Setup.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks processor information in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:1480

C:\Windows\System32\msiexec.exe
"C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\Desktop\_Redist\xnafx40_redist.msi"
1⤵
- Enumerates connected drives
PID:4868

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:1964
- C:\Windows\system32\srtasks.exe
  C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
  2⤵
  PID:3108
- C:\Program Files (x86)\Microsoft XNA\XNA Game Studio\v4.0\Redist\DX Redist\DXSETUP.exe
  "C:\Program Files (x86)\Microsoft XNA\XNA Game Studio\v4.0\Redist\DX Redist\DXSETUP.exe" /silent
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in System32 directory
  - Drops file in Windows directory
  - Modifies data under HKEY_USERS
  - Modifies registry class
  PID:1036
- C:\Windows\syswow64\MsiExec.exe
  "C:\Windows\syswow64\MsiExec.exe" /Y "C:\Program Files (x86)\Common Files\Microsoft Shared\XNA\Framework\Shared\xnavisualizer.dll"
  2⤵
  - Loads dropped DLL
  - Modifies registry class
  PID:5488

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Checks SCSI registry key(s)
PID:4344

C:\Users\Admin\Desktop\_Redist\Lethal Company\Lethal Company.exe
"C:\Users\Admin\Desktop\_Redist\Lethal Company\Lethal Company.exe"
1⤵
PID:760

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://online-fix.me/
1⤵
PID:1480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x104,0x108,0x10c,0xdc,0x110,0x7ffd60d13cb8,0x7ffd60d13cc8,0x7ffd60d13cd8
  2⤵
  PID:4404

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004E4 0x00000000000004C4
1⤵
PID:5632

C:\Users\Admin\Desktop\_Redist\Lethal Company\Lethal Company.exe
"C:\Users\Admin\Desktop\_Redist\Lethal Company\Lethal Company.exe"
1⤵
PID:4448

C:\Windows\System32\DataExchangeHost.exe
C:\Windows\System32\DataExchangeHost.exe -Embedding
1⤵
PID:2908

C:\Users\Admin\Desktop\_Redist\People Playground v1.26.6\People Playground.exe
"C:\Users\Admin\Desktop\_Redist\People Playground v1.26.6\People Playground.exe"
1⤵
- Drops file in System32 directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:6084
- C:\Users\Admin\Desktop\_Redist\People Playground v1.26.6\UnityCrashHandler64.exe
  "C:\Users\Admin\Desktop\_Redist\People Playground v1.26.6\UnityCrashHandler64.exe" --attach 6084 2610987667456
  2⤵
  - Drops file in System32 directory
  - Drops file in Windows directory
  - Suspicious behavior: EnumeratesProcesses
  PID:6016
- - C:\Users\Admin\Desktop\_Redist\People Playground v1.26.6\UnityCrashHandler64.exe
    "C:\Users\Admin\Desktop\_Redist\People Playground v1.26.6\UnityCrashHandler64.exe" "6084" "2610987667456"
    3⤵
    PID:1564

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004E4 0x00000000000004C4
1⤵
PID:4280

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:3144

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService
1⤵
- Checks processor information in registry
- Modifies registry class
PID:5224

C:\Users\Admin\Desktop\_Redist\People Playground v1.26.6\People Playground.exe
"C:\Users\Admin\Desktop\_Redist\People Playground v1.26.6\People Playground.exe"
1⤵
- Drops file in System32 directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:5724
- C:\Users\Admin\Desktop\_Redist\People Playground v1.26.6\UnityCrashHandler64.exe
  "C:\Users\Admin\Desktop\_Redist\People Playground v1.26.6\UnityCrashHandler64.exe" --attach 5724 1951413702656
  2⤵
  - Drops file in System32 directory
  - Drops file in Windows directory
  - Suspicious behavior: EnumeratesProcesses
  PID:5160
- - C:\Users\Admin\Desktop\_Redist\People Playground v1.26.6\UnityCrashHandler64.exe
    "C:\Users\Admin\Desktop\_Redist\People Playground v1.26.6\UnityCrashHandler64.exe" "5724" "1951413702656"
    3⤵
    PID:5700

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:380

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService
1⤵
- Drops desktop.ini file(s)
- Checks processor information in registry
- Modifies registry class
PID:5052

C:\Users\Admin\Desktop\_Redist\People Playground v1.26.6\UnityCrashHandler64.exe
"C:\Users\Admin\Desktop\_Redist\People Playground v1.26.6\UnityCrashHandler64.exe"
1⤵
PID:1168

C:\Users\Admin\Desktop\_Redist\People Playground v1.26.6\People Playground.exe
"C:\Users\Admin\Desktop\_Redist\People Playground v1.26.6\People Playground.exe"
1⤵
- Drops file in System32 directory
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
PID:5036
- C:\Users\Admin\Desktop\_Redist\People Playground v1.26.6\UnityCrashHandler64.exe
  "C:\Users\Admin\Desktop\_Redist\People Playground v1.26.6\UnityCrashHandler64.exe" --attach 5036 2097062481920
  2⤵
  - Drops file in System32 directory
  - Drops file in Windows directory
  PID:3052
- - C:\Users\Admin\Desktop\_Redist\People Playground v1.26.6\UnityCrashHandler64.exe
    "C:\Users\Admin\Desktop\_Redist\People Playground v1.26.6\UnityCrashHandler64.exe" "5036" "2097062481920"
    3⤵
    PID:5212

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:5300

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService
1⤵
- Checks processor information in registry
PID:4256

C:\Windows\System32\PickerHost.exe
C:\Windows\System32\PickerHost.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:1148

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa38e2855 /state1:0x41c64e6d
1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
PID:3312

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Abuse Elevation Control Mechanism

T1548

Bypass User Account Control

T1548.002

Defense Evasion

Abuse Elevation Control Mechanism

T1548

Bypass User Account Control

T1548.002

Impair Defenses

T1562

Disable or Modify Tools

T1562.001

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Defacement

T1491

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Config.Msi\e636671.rbs

Filesize
17KB

MD5
d7e7abc7fd58e04d72002e36c084b8ca

SHA1
cd5c44a7decdb6c62b76ca4244e5d56a72f34022

SHA256
898cae7e7139c3ec8ab47298b477fe55a16b310900f817294049923d095212a6

SHA512
58378cf946ff981fd39c979973c9099a999a208451015f0e5cff221d7a694698e0e85fa743c68f8052581f27c5602111493d17405db4ef47ac83fb3f81952b0c

Download Submit
C:\Config.Msi\e636673.rbs

Filesize
596B

MD5
6a6e55a626f9dd570aa152424498bb01

SHA1
3b5491da93892c21b8f17013b3f67bac748dd3f7

SHA256
dcdc40b8f2fbe3c794560ecb3a8545e2d89ab111673a53ca60345709aea16acc

SHA512
f2cb66fbb5df5c03765c0fb778fe8dcfa6f2fae461691fb5062455e3dbf1d5c503946eedca45c1c97624f614d6862504b1c16a0974437e32db79f6bb5b9b0523

Download Submit
C:\MrsMjrGui.exe

Filesize
71KB

MD5
450f49426b4519ecaac8cd04814c03a4

SHA1
063ee81f46d56544a5c217ffab69ee949eaa6f45

SHA256
087fca40e079746b9c1dfaf777d3994c0321ea8f69d08238cdfc02fb109add1d

SHA512
0cae15d863120f4edc6b6dabfe2f0f3d2e028057025d7d5ffe615cde8144f29bdaf099850e91e101e95d13f8a83cb1410a06172dda25a5f92967abcbc8453cbc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000002

Filesize
24KB

MD5
b82ca47ee5d42100e589bdd94e57936e

SHA1
0dad0cd7d0472248b9b409b02122d13bab513b4c

SHA256
d3c59060e591b3839ec59cad150c0a38a2a2a6ba4cc4dc5530f68be54f14ef1d

SHA512
58840a773a3a6cb0913e6a542934daecaef9c0eeab626446a29a70cd6d063fdb012229ff2ccfa283e3c05bc2a91a7cac331293965264715bdb9020f162dc7383

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
bf718adac1bc1b0bde0bb0305cc74684

SHA1
57f13df36cce00eab9e6f33a2abe1b88f7cf57ac

SHA256
d3fc0c533b2cd59b8d9642224a9f4a68ee0f42bb79fede09a205f29b2ad75217

SHA512
98f0277f4215c5100fc7fd307f92fc2794bb2dc57438d5d925b786c3b47b0eefbe0ff5c312a8a47762a88b0a31db13563bced484c18362478437129bf56efe47

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
cafe02ac2fe804ed5fd32381e925ebef

SHA1
0d042a195dc144c9be144216cae6e9e171e1a500

SHA256
c501465d167cee4cb26e28b63e09ed3047cb7216fe0a66ea1441799d9b69a559

SHA512
7d499390efcd4524048374a30d4d794ff840f80b5c79f33568acd30f2c469b14173ca8abe41a8fa928da5a5e183073de078e73ba27d52a7c4d2bf9baa1302c75

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
2872254ab7d15e482af4a2985a2defea

SHA1
ec9543fbae679959376c8f55331269b33e7b3d80

SHA256
6fbf8264251e059d24a69044527bc7a61aad9f6f1e25cec1d1652af0df4fee48

SHA512
6b1903e9d5c3a221fd823105e9ae43c47d2f4632f58cdff76ca40b249f4d71109721213d68972568023be078961e661857f0f12ca7e6feb40fba5017d7a449c5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
c04109784a3cbaefedefdd14cb781a08

SHA1
9e1670d3ddab8bfc97415de13e4e69c0ac53c58a

SHA256
889f36e7024bc81bbd2083a50fa024b68220a2f98481cca8179e40c5d2d02772

SHA512
878752680e77f458164e6aa5d148276886b2dd0902b30239e82634f79177cb5c3cafa4396f524e92ddbd1cc6a3028906f8caa9ba9c77e7ef5ef30c908c2fd2a8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
0f9f8fca1ffaaa006872975474b9eb6f

SHA1
df69eaab7f95237fb993edfad4b24ce338c76f73

SHA256
7346f70957ec51491506d639165efe06c7c9e54207df307d517131af198b83a5

SHA512
4faf27b9c8534244455f993fefb84c4a0318a84491f9afa6a11f3f25ec6fdd2a122766301fa6412e75b3dba474a80fd3987a32c5da87aead92d649a180222012

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
ea0a2ac1bc11e413c271fed288d77da9

SHA1
775613990d686da1d02dbca004a332b1a74ca75f

SHA256
599d8aed87e392493a60f06137107b4fbc7e0596fa1f968657395f6e3562fbdf

SHA512
ac2624cf04b14fed8852af39f8bb33ad94351391d6399de46914ad651710014791f17b67cb640d50c2cd84ae716c5800bee1df61343d811f4d0e63578d0f819e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
b69d63c72264a04920b6eeae74671ed2

SHA1
76f1696f0df1c7832d2e9b11b5ec270318a2522c

SHA256
d0978a1763fc66a8934b81f8e608632f530de53fb4075c4597f79ac8743cf225

SHA512
7e96e1f4d325f0a258d8780ea42a81a3c3bd561158c7f754f72ce5a4afd6f4d010e89383f78e8eb1a32ebed5a8ff7b8115120ccc33b97118242c3d262c71e3e5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
3da6429b3bc6a01539e92f984ad15a3e

SHA1
6df52f77b37b4ec54cc11790a5246750f2e42199

SHA256
b85adc8d167b99b096e0f456644dc74eaf85c4b3031cc62820dd1020991ab400

SHA512
130257529ce740c3c6461323d1f22dff1a260d2a8d809d2831b4257613b30b18f6cf320a72abd88ae3c6d644cbaba6e1b70e604ec4761074cd6ba4aff8199a5c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
7ada9db564f22ba2476ea146792cb67e

SHA1
f867bc332d81a02e2b47cea1898e1bad33ac5fa6

SHA256
18f976c384adef7b77dfc464c115e0eeb81b23ac388842a609fbb6e0e5e2b422

SHA512
e046302ee9ddb0a147ff2db6a834640cc9c3654d9cbc1ca082e6a048124e39db1f6413d795661fd3696dba0e002fe3b710d38d7d53ea9a9afdac38e243b5b130

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
2b93339aa67e522e072371351499771b

SHA1
dbda579934154f20c13c50e5d6036dba835eae72

SHA256
9fa90ad211f0c773c888c34533d1e73e1fb46afae84eb53351f0c31b0df8b63f

SHA512
9b2d249776c456dbda3d1fe7c3fcdef9955e346be7c78d34d6e8380aa2d22a78c75f5b8bbae39a3d8144b3f700308a21202d53d8c526857d826ff481a05702c2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
3d2e1f301b2b7da311e5beefef13d9f2

SHA1
69bd72512f96ae401e25f04784afdbc569d50864

SHA256
b92aa2c1ea22d1a78548b1ca0dae44471339dd64199b33308c22481d60b7b3d9

SHA512
5d9427009cd321bbf062fdb5d9f927ddf0b161f0a24e7f0ad9f0d74c70340ef46edb151ddb3115544889272d9075b1987b607a6a260c76bd22a63d76f4588662

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
092277ee48754309196584688ebb2dee

SHA1
2584d697f7b4b0bb60c98bcc2bf704f2656b8c1f

SHA256
ff88ebe202aaf8e659a4ceba66e0218441621df21bab16e2571c1f660253bcb5

SHA512
3f787e099a4a1ca267525b1f2f9d9442a04bc6f3ae0c1ba76d6d54c8d043fc420d6c4ed2cb60c460c92c398cf47e4616c8978a8123549c369037f2dd1333d4d5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
d9ab98348b390a5d518c9a3c74985eaa

SHA1
31b1b461e75dfbd024b91a19655707ee09c8ecef

SHA256
3d65ef5ce0d68a407fc6400f6b5e7de050a4c0886bbce020263594874aca7a69

SHA512
28c18ecb9d107d14488459676a7c702ff5a433ee9266cda7c703c488b91031c5a0687396505fc4d667e4f5a5891575b63b2240049fa26a28e7bff92119ea9d51

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
82f852bf65eaaba460868689d13836f3

SHA1
1e4b6d799c03bdd083a555112d3400fa932ffbd0

SHA256
c78f37260be117be01915b51f27ada335702c443d1fae08221c3a268b9b7e7fe

SHA512
c4f04284cef0d9839de3b29e49d460757a9ed5afe404846afe07a5728fcf135005ea5d01e43f7b054762daf63783c5df717c56302ec24ae51cf537b5a73c63bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
9b3c3f2ad44386d9c3feb85c7412977f

SHA1
a62d3a995055bf52ad1f3f2993d51fdac30eef09

SHA256
80a01ea84abb227318afb185f60eee61b8b9ff6472828e140e73b293f16c3aa8

SHA512
7bc787ede1be19d263bb54ee501e6ca45e0dcfbd1badc0471cd7ed11dd5ded8b9e25f6de7cea0ee7aeb8e11a2416855e8a2421d262adf27594d1733d9e4ebd69

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
94455a786f14dbe93aaaf7505ce82080

SHA1
3d3c5db39bdc1bad29f414fd8354cfaea53170f6

SHA256
b3563ec5faca5fe1d9bdb2390bdebb9eb42d95f71581ff3568cb902a9b1662af

SHA512
00f3defdbbca837866dcf87d3a14e4b9f5f361e6398dff3106b6b4fbbb85994ded60d84902be22c84c78ca881fc9cc84d29744f3b61ceb22b16483bfb120b1be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
257KB

MD5
af1658371437dc05c2e70c2b816c86ec

SHA1
1ee806110139f285078a8ba52199000c0cee854d

SHA256
a05d388ffeb500d04203197855ce19f15cf226a30aaa8ca766434127597b13e1

SHA512
fdebcd2cd87dfa3533d5baf7e828bf1d4ad6241637f80a2aa4b46d06f4221fd94cd59f15a1ea63d5de945a4759af19a0ab77ac138902ffef308a281c38993272

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
257KB

MD5
c9575c5d472e64017863a9670d9daee4

SHA1
2892d8841fa762b104710d3ee1a2992f84db8851

SHA256
ea9545f3afd97e12eab250ef994ada3f25984fd0b34c05bae2ec0aeab06b6f76

SHA512
3ec479f6eba435eef401c33fb41c8d16c04e6ebbbb30f4e7c3a9c3eff3e11969f7881461961571011b88f4670ea45a7a462e8e61a4a76f7a2d1226fc86487500

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
257KB

MD5
5deec32a5082473e5016accb2621c627

SHA1
387eaa8861a02de93cd4077a0fb2921d96a02219

SHA256
80e3bad45af749dc6dea4390186adb420cc05a6a375eaecfea91db5f570cf84e

SHA512
34789ac2996ac21b98f0618f93a0636cbf2dfad37c8461b63c5ba29bf20a9efef41ace4724ee02cf238a6ea9a8b1c64887c78cc1f793cf3e7d583097e531ef95

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3b1e59e67b947d63336fe9c8a1a5cebc

SHA1
5dc7146555c05d8eb1c9680b1b5c98537dd19b91

SHA256
7fccd8c81f41a2684315ad9c86ef0861ecf1f2bf5d13050f760f52aef9b4a263

SHA512
2d9b8f574f7f669c109f7e0d9714b84798e07966341a0200baac01ed5939b611c7ff75bf1978fe06e37e813df277b092ba68051fae9ba997fd529962e2e5d7b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0e10a8550dceecf34b33a98b85d5fa0b

SHA1
357ed761cbff74e7f3f75cd15074b4f7f3bcdce0

SHA256
5694744f7e6c49068383af6569df880eed386f56062933708c8716f4221cac61

SHA512
fe6815e41c7643ddb7755cc542d478814f47acea5339df0b5265d9969d02c59ece6fc61150c6c75de3f4f59b052bc2a4f58a14caa3675daeb67955b4dc416d3a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
63707d94fa97e708598c2357f2a43691

SHA1
b7b31905c612ffb7e4fc89469adb3e513286e366

SHA256
97af0badb4296a79fe7503633604c7ea33328d335bc137050f35100637628e7e

SHA512
c6380a89e8025e55a3b86c36e55017241efee9c9e0237a89d3d85c58a9c9ce71e7e305b18d82983af8255657f26f71e7bab36b4845f9cbb6cff4d66be330d173

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f998a68afedea7139e122f8f471f990d

SHA1
605214730094a6ef6fc5539699a4366a3b08f265

SHA256
92260ddea827afa0adcffa2ed7cd00d799427cce3dbf52191a026b14d7799868

SHA512
6fbc9b66c422f107b8311ddadf3f5aa7b63707bef4c77defe98bb2201cf3474df5a5b2d7913bbd15b70250e7584d2ef66046d9b60ae8ecc46dba34a9a2061ce0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\98e47977-760c-4740-8b4d-5a919717caf9.tmp

Filesize
6KB

MD5
2cab8e55a7ae3f4093517ee138b40aee

SHA1
31991d09e06e717984e976ad7aac428a9bb02b72

SHA256
4c5a0c2d95948d8a3fb9ad220eedce040bb72161d7ae3bd9ec4b10c81fb2d961

SHA512
014e36bf03424a53b602e44d2d552034842763111ae46952a58885e953da42550e1a1dad7b8a762b720272b2e7c3bed93a76f1160653b75fd9a5518bcfd0679c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\9b30cd2d-6dc5-4108-a39c-ab6ee892f7a5.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

Filesize
44KB

MD5
61c21999493a50aa513bda05650b298e

SHA1
124896c375f4fc1f89085d28ef30e6c52c393bff

SHA256
aa8cc8c688bdbb601f8b62be9e5ef2be53b36b8f9559d926be9b28b82e73aef8

SHA512
a39fb886c2806d20152ed1007358cf69d933dd2e11095b33146324753ead8094c412f000e8e32d6d59d8b586061e9333f6fd4bfcee0f96fed75f2479f1ca5a27

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

Filesize
264KB

MD5
c990712d08a336a4953a6bb7f04ba537

SHA1
3ba3a774acca542f6fd376ae4e7e50797ad36623

SHA256
f367336bef87c6183ad36fa783eaffe5f7c0d20ddb4645b6e03457e1fef0196f

SHA512
3889435a40ce5bf014f39036fb5353b44414551095f4570f7305a40bb6469eafd0dee40f367c8b8ab78ce1f1dfc595c372c5ab5022f082458aa0385a43cfa02a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2

Filesize
1.0MB

MD5
e764fe1caa85f7682bc4649a5a92f7ce

SHA1
a7e8e24df6111e56ce35fe0c2f3fa681ad312953

SHA256
d34b63571ece03a153ae26a4b7777c3fb23eb600358130958581403911afc8ab

SHA512
fe1bdec8b1aef05686b1c18afdb73203d677cd9f2c2e2bc4a355357cf84a8928232856418634de6824959a85f79bbea95bdb26d939c75a39373aec63a9d2a901

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3

Filesize
4.0MB

MD5
6119646c8147b9440209643ce3ac7c1a

SHA1
f4ed070dcc72dd33f97a606ad9bef490e9481593

SHA256
83dbc63263643dd67ceb96c71eb32c1b5487992ac03016c0ad752f3cbedf9ac6

SHA512
da70f9c3d040288da99578f9206905198c1f22045f4454d1a956b73d17d8cd66b2af83da96746c55b18d6bcd196916ae6a7a2ade96938522662da8a6173c9c8c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
195KB

MD5
873734b55d4c7d35a177c8318b0caec7

SHA1
469b913b09ea5b55e60098c95120cc9b935ddb28

SHA256
4ee3aa3dc43cb3ef3f6bfb91ed8214659e9c2600a45bee9728ebbcb6f33b088d

SHA512
24f05ed981e994475879ca2221b6948418c4412063b9c07f46b8de581047ddd5d73401562fa9ee54d4ce5f97a6288c54eac5de0ca29b1bb5797bdac5a1b30308

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
62KB

MD5
c3c0eb5e044497577bec91b5970f6d30

SHA1
d833f81cf21f68d43ba64a6c28892945adc317a6

SHA256
eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb

SHA512
83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
69KB

MD5
a127a49f49671771565e01d883a5e4fa

SHA1
09ec098e238b34c09406628c6bee1b81472fc003

SHA256
3f208f049ffaf4a7ed808bf0ff759ce7986c177f476b380d0076fd1f5482fca6

SHA512
61b54222e54e7ab8743a2d6ca3c36768a7b2cf22d5689a3309dee9974b1f804533720ea9de2d3beab44853d565a94f1bc0e60b9382997abcf03945219f98d734

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
30KB

MD5
452cee87a193d291cf0394c0a8f961c9

SHA1
5ed43fad7737f776e85433d7fe7aa70d37eb4606

SHA256
6c31786e9b268be9d7e56b3e519845551550a8b0df4d3f55fbaf947378446c61

SHA512
355afabaa3be9194b4d47800be51e0ccecd9a857364fa57063b0866ee7595d33def0aed28eff297e582d16978e1ffb61921f3ee723e7c5e940dd48197b472500

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
84KB

MD5
74e33b4b54f4d1f3da06ab47c5936a13

SHA1
6e5976d593b6ee3dca3c4dbbb90071b76e1cd85c

SHA256
535fc48679c38decd459ad656bdd6914e539754265244d0cc7b1da6bddf3e287

SHA512
79218e8ee50484af968480ff9b211815c97c3f3035414e685aa5d15d9b4152682d87b66202339f212bf3b463a074bf7a4431107b50303f28e2eb4b17843991c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
1.1MB

MD5
eeb2da3dfe4dbfa17c25b4eb9319f982

SHA1
30a738a3f477b3655645873a98838424fabc8e21

SHA256
fbfee0384218b2d1ec02a67a3406c0f02194d5ce42471945fbaed8d03eaf13f3

SHA512
d014c72b432231b5253947d78b280c50eac93ab89a616db2e25ead807cab79d4cb88ffe49a2337efb9624f98e0d63b4834ab96f0d940654fc000868a845084fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
33KB

MD5
3cd0f2f60ab620c7be0c2c3dbf2cda97

SHA1
47fad82bfa9a32d578c0c84aed2840c55bd27bfb

SHA256
29a3b99e23b07099e1d2a3c0b4cff458a2eba2519f4654c26cf22d03f149e36b

SHA512
ef6e3bbd7e03be8e514936bcb0b5a59b4cf4e677ad24d6d2dfca8c1ec95f134ae37f2042d8bf9a0e343b68bff98a0fd748503f35d5e9d42cdaa1dc283dec89fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
109KB

MD5
bb3fc9718561b34e8ab4e7b60bf19da6

SHA1
61c958bedf93d543622351633d91ad9dda838723

SHA256
d6ea500b6752094a4c340d4f5ed01afdca1925006077560d9a3f56054cd8d141

SHA512
97da30e9a0d14e6f9151539b77b2216e0f6b6cc4742f075077f9ff92f46f8b97e82f020c562625261eaa01bcf810ce81c0b7b71340ac566aef1bef5a07dac63e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
105KB

MD5
24cab279a1b1479cd2848b4cf4db97d8

SHA1
c59c889167dfa25ea85e0ab5b93db29270cd9a3a

SHA256
2feef54f715ea3e6192ec7a9d30e910044968a41d8fe91fc9b1b469ad574df51

SHA512
d1ec7ed765e5ec1b5e095a917437ddcd783ad01a1d6025f1125906617afc24e1d3a9cd702616d18c4231e5ffe60e5326a8dee855db42bc417568283c310e5c10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

Filesize
155KB

MD5
65b00bec774c969842aceb3199fbe254

SHA1
bd464411b9578497f081a5f8b6c04180b6ee0f0a

SHA256
d604e67e9d16b6b3d2f10687a36ec00597c48288fa60bfa957bd3ca78eadceda

SHA512
0c89ad2ca25ecd9058e42ed477bf6cd1512859c7ac63701206a82f2591b2878acc7f9354b6a23245fd186ca9b3c809cf7700c0e3e43f469c37580d8531d3beac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

Filesize
75KB

MD5
cf989be758e8dab43e0a5bc0798c71e0

SHA1
97537516ffd3621ffdd0219ede2a0771a9d1e01d

SHA256
beeca69af7bea038faf8f688bf2f10fda22dee6d9d9429306d379a7a4be0c615

SHA512
f8a88edb6bcd029ad02cba25cae57fdf9bbc7fa17c26e7d03f09040eb0559bc27bd4db11025706190ae548363a1d3b3f95519b9740e562bb9531c4d51e3ca2b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

Filesize
53KB

MD5
68f0a51fa86985999964ee43de12cdd5

SHA1
bbfc7666be00c560b7394fa0b82b864237a99d8c

SHA256
f230c691e1525fac0191e2f4a1db36046306eb7d19808b7bf8227b7ed75e5a0f

SHA512
3049b9bd4160bfa702f2e2b6c1714c960d2c422e3481d3b6dd7006e65aa5075eed1dc9b8a2337e0501e9a7780a38718d298b2415cf30ec9e115a9360df5fa2a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

Filesize
40KB

MD5
3051c1e179d84292d3f84a1a0a112c80

SHA1
c11a63236373abfe574f2935a0e7024688b71ccb

SHA256
992cbdc768319cbd64c1ec740134deccbb990d29d7dccd5ecd5c49672fa98ea3

SHA512
df64e0f8c59b50bcffb523b6eab8fabf5f0c5c3d1abbfc6aa4831b4f6ce008320c66121dcedd124533867a9d5de83c424c5e9390bf0a95c8e641af6de74dabff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

Filesize
16KB

MD5
5266139241b2b03aef221469be74239f

SHA1
75c259cbb11bab36b68a61844f3db890f30f01b3

SHA256
e40bd055253be595ad5453e0de6e22904856a74f1d6a732a9b4882687a73cb2c

SHA512
e4252fc77925020dc2058aa9b0a2e6e7ef9d39d3eb05bd68bc1f771395c6831cde2e77c4439942a8ece9d856acdfeaa1e316f37a68f55b4a2d4ab9bf3f1d7deb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000021

Filesize
93KB

MD5
e1f425cb8850469dece7e6b0ce0f707f

SHA1
1471d67b8b9831eb6703d3c7f441abdea7092344

SHA256
24f555b9c045999db7bb041cf331a1e70224f26d527c9fe61be219d77a285004

SHA512
3c431124823d6dd96833ab9a170f511c239ef48ba8b91013492803a6e4b1f25fce9b40b60a6d419170ea0d8482be16ee04faf367673d553405c585ac4945a2dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000118

Filesize
30KB

MD5
0163a422aafb83c214f62d19c936a490

SHA1
6b5779b134ee9cdfd8f1cfb99bf094b09c1ff07a

SHA256
d50229cc42c20999eeec4246f1533aecbd7d25015faed390a4bfa3360b016020

SHA512
01ab03d3d52b4629ef7912d722932f3109584a85770bee0fcd6b19a09f1abf0f67864c1b6936efb652a86705f3261d633a63ed424b6286ff75b70d26df2078c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000124

Filesize
49KB

MD5
a5cc0f924bf1b4c45ab613c8b38fa47f

SHA1
c4faa4ac788391b469b4d2686bf51d0c23805ec5

SHA256
4f09e8cbac1730894f5757ec34b5acefd9bf1b378b427bc085d35ba3c77277ee

SHA512
73056cd674526a192765072ee8fd663457903520eae01039254a28d390ce6f590827444e59c98ec1e3aa20b47d29bebd44fed9cd29d805d2ebe4df636673409e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000129

Filesize
47KB

MD5
015c126a3520c9a8f6a27979d0266e96

SHA1
2acf956561d44434a6d84204670cf849d3215d5f

SHA256
3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa

SHA512
02a20f2788bb1c3b2c7d3142c664cdec306b6ba5366e57e33c008edb3eb78638b98dc03cdf932a9dc440ded7827956f99117e7a3a4d55acadd29b006032d9c5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00013c

Filesize
37KB

MD5
1db559d5a90934ca4269e4a6dcf5e60f

SHA1
fdd6707c372b71e2d75a928d824ec2ed5794faad

SHA256
3106f79cb71ac20b0fe040ff0f0a5b9fff409fa283e85fbf35c6c98ee77d721d

SHA512
8a9f4135d271569dac43930523bee499050a22bc65dd3dcd0a79f72a667b9c6bf07cb987210bcbbe3525473f94c0efd95bbc2d20ac6e0b34488370bd8d87d751

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\02735674612cbc52_0

Filesize
1KB

MD5
5b88a13dac45f4de287c15863b72d113

SHA1
fd953ff6245bbfa6986505c4a8fef0f6d11651dd

SHA256
60fbbfb1a0d3ee398f3ae3f507fcb71ecef57e593063f0cbcbbc70fa0da789a1

SHA512
1be9e126662ea8b51a68b0a8fdbd7d4287f527db187318abf2920a31030495d03f28cbfc0dea937d75779c737fce6907912803ddd29c15256a41c07bc2de25ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0580a8e1646d7bcd_0

Filesize
14KB

MD5
73f58399f834ef734bc8a18326f9aec2

SHA1
a4cbd9efc4f2878a1378afa3cd3fae6571eb0eb0

SHA256
3f9c589a3f2f0a4552f0fdfc7538e87eb43d76c6cd2fbbf92eb0f2ba358ade98

SHA512
e60a9676b10934edea247c9d74fdca1d5e6940c4bb111b735708dc325cc1739f2fcfb271a5b365b6c1ab201a2163806be9d61fa463a406319bdcae07796a3990

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\06450eb6a7b09545_0

Filesize
2KB

MD5
3c02c9fd61cb28f6406c5227e9d74d4f

SHA1
90f3ead984e9bc965a4eba61cb90153762bece10

SHA256
6e3102bdb9a566da5bb784b9132dd592c3ab34b15b6eafd0e91a35014361636e

SHA512
e0119440a2276d61e60fb32eecfdbbe8fae6e71652085b381ba006439bb092d5723fb9334ccd2e97c9b39a7581cde9d6f39afafe34ef42a0ce509be8ab1d1b53

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0649a04755d311d6_0

Filesize
436KB

MD5
13edac5f6bcb6cc58dfae6bbacf3ac57

SHA1
16122a0212e9f332460872b0b02a9494811987c8

SHA256
044386324bfea7b30fddb176eb15529281224abd1d713709dd6c7cccbfce035b

SHA512
cfb23cfd8d7c54458ab7c708e8c048c68a9b80f040e4d0d221010b479bc41ee21fabdbec1596c62279becf6c04b94c1123b206988433e4fbef34da0b141e4f3d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\14ff8116b518ca2d_0

Filesize
2KB

MD5
f21370f0d8720b785a621b469bfcef14

SHA1
eb829f1a00763af257e8cdcbe48700324028d1c4

SHA256
ae7b4b2a3c92e6eb1a44d366c5d969f99ec56a5d7957d2fcdf027b50f15b22af

SHA512
e9b56c849e3a0450dbd712f28ed44377b3e0ecc6571f9158ad16afa3c9fc0e05f6f3a13a60090042937b7c239bc647c88afee0e95c7c0092d315dc36719071b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\1ac673f66e12ce14_0

Filesize
2KB

MD5
457c2d67ba2576115e0a882dd7f44371

SHA1
f24a95fc8d4d44187023f3c30a43da6f4cafe9d2

SHA256
611555569d903f0b120fa25760c50030c3829b4ae027db58ea495ad5bc0a12aa

SHA512
5fcc18ef88f39cbd8473f1e07f3c8f018c78471d9da4ad38d9168856d9bd3990073078f44332df8d89bc84ceb620d0b4ae518aa351a3a32c8528d3558e1acf02

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\1c3a4fac15e53909_0

Filesize
958B

MD5
dd74ac74c45857b35fa4446212796ab5

SHA1
ac71122e6258f7e945508998973ec237e9cd712a

SHA256
15ce259b654e10650384f3aa06aa72a31215d9b78c81670157b41f66dc3200a2

SHA512
572f6b24cbd9c2236df4d6e72b4cc24bd0b7337385d58c8ec7739ea0b1d903ff4da5553533c42e1fdff387b4d80acab844c4565e3986bed6c8b9e94300d6ac88

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\25c90b4fb1c6ef85_0

Filesize
1KB

MD5
1cff686eef72cd9ff775e8591d0bf7d7

SHA1
0db5c00f0ca77284eebb6723a8888d967777feca

SHA256
2879c78bd79fdf0a5748bcee9c76df7a3de4ad2770d83d1a271b353b38d3d680

SHA512
51081e75a658eca896d929abbf70478d02323126f4559d27e6de08afd0db02c58d14c8f0041f731b23912e0389a3f143fc044b322a71f66be9780a6f1f4f0fb5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\26535df81b2a57bd_0

Filesize
1KB

MD5
d0938b5a8e80acb7e5b95741d0afa6de

SHA1
7fb043847907fc4b385c567e276d5fd89f747af6

SHA256
1ff2d5929bd7c2a5f0277750398a5fa90c34e5359505d5e3356b6bb02ff6cc6b

SHA512
03c62a3b5dc90f9e45962bcc9a3cc6bc07016646ed375e470fa86af3d854ac35cdaadc5724ed3f4e6b11b04310cfe2ed237a9023eb057dccd719d943ab803f2a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\38bcf8c6e12eea88_0

Filesize
308KB

MD5
f423afad61f4e14062d365aa40e16881

SHA1
5ffa6759583d1cd26097cc1bc010cd603d3cb69f

SHA256
f829e85c10ac9af7f38f9c5595bd7231a6e3b5795b40893963fc2f5c7834bd2e

SHA512
604f09a5463c46734bb89fe4febc4ef89f58af56887e1e35f40f1986b3d17ad7abaed458ff988b9e96583e57e2b64e2136ec8eb15000b798fc30b233daf5625e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3cb4aa86cee881e8_0

Filesize
14KB

MD5
5b23a164e4e539c7fc777959fbc43142

SHA1
8256f65b261461c371ac3e97e22d38bf619f3383

SHA256
5174bfb77d5860f4070089f06f719a45eca4bee82e4d7a6457e2e40a7b08f97e

SHA512
c8b6877b505a54c4ab2c2819a376335e27b3d785daa739f1ef3728b890bd3731f73077efa7f7996b266ed3d0fcd0f4fe57d8189c97d80571e1db6fcd0b926128

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\428230c6094125e0_0

Filesize
24KB

MD5
4449e284b8a7996142315a697fe93faf

SHA1
ce990de379a9a38e08febbd61dd7bad9f03727f5

SHA256
4545080ae6bfc9a6915fb8abbc8d19a03f894317c67634706f0efa5bf615b3dd

SHA512
de8b7f56b1a961927ba7433ee05e2cbd782a985e7fd6e2b6787ff0c7142434e4731f6eb34db751f3551d13bd66f45eb4d8272972fc7c4f656fd7102681bfb155

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\45a16ff6d0d9ab5f_0

Filesize
1KB

MD5
15bac0ceb476a6486a9e257866ca8a22

SHA1
321349b3f46f2ce537c603d3e9348b44dedf5911

SHA256
5b7e7c185a6ded5d4fdce0f502f7ab507549ed9fd7d217c1ac05ae3905298749

SHA512
7e1c83191407817aca69408830e6e7af21694907f2fb53db69d9be963cff17dd7a99c19318be44324f21d14613b21e910363bfef4ccd40ef51308b7cbebf8acb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\45bab54b0aa32e19_0

Filesize
4.4MB

MD5
0c14ca7c838e9ea6ee6c1a55c54200bc

SHA1
e21c44b3c5a7ef6860753b18c3c9542524aa277b

SHA256
5118c9bf6667ce9dd8aa43fb88f3983c166cfcf029df8342da811e0586c1b355

SHA512
1385523a43578e6760f19cc5b61cb40f5d82747f6a41cbcc5ed39a2ae5d0fd0f493603d2f997ae975bb69452e6c477e940a6e3145a4cd57b2e3b3ce2d2b9a57b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\47d4e623e47f5bdd_0

Filesize
262B

MD5
d1a0a818876dcf7ca5d47c826ab15478

SHA1
abdecced6f47fa35008076fad90f657196f87a72

SHA256
230aac110e42273b9f1ae00c1131bb852e4a9bc32ea91f19120dcc0aaa8deab6

SHA512
591c21eeaba9fd9ade65f564d2705739de51d6e9378c18b0c3f814d8add08b445e7dfcf5a80471e5528b0a94f580afa0c9500cccd98a8aaf0721d17905675231

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\47e5051cb297755f_0

Filesize
26KB

MD5
1817aff3b488cb83a3809570d72e4594

SHA1
64b30a4a79067a7d7b6ac069f0884cbd52a11dfb

SHA256
165e6749ae3aa8ab82a65b17080e383182b8acb355de15f1497f10b048ada468

SHA512
58fa4256919bea2048fe28a83c131c1c56b11c0c9bdfdde1cee9e8e1f893dbf517ed6546d29eb72c713e001fc03941e104fbf9c2262fa46eda0820874250206f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\48b1105b4c2874b5_0

Filesize
1KB

MD5
0af236e3a881f12e78cbb8b2acd4bbcb

SHA1
e6aeeec3db223f71496ef054c16ffebb5fde5a13

SHA256
a22e7b885f00d03b5eb074cc59b8db6f0b2c0eb8233295e65495887dedb1b5bc

SHA512
34d99380d9c0186e8aee721701ddf1502c552be5a01050c5749d9c911053ab9cf1796d2a67c2b95b2f0408ebae37fea0574709af6d7ea667cabec6623590745e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\49da9a423c2b9ff0_0

Filesize
2KB

MD5
66ddb5130d6b6cfe2dafc550d9a4edd8

SHA1
353aea08407bb4b0a1bd59ef9c3ed165403b17db

SHA256
8c2e47b9952fb54109da6e8aa9b80706a62174b8714e658c0360c40f877a6947

SHA512
7bf68334db5f5233f949fe3da244dfd77b4d018dedbde072667670ff273346549604a9bf70494b3c2fc44e7d0cffa8aa5c0112aa2bd76f2af8d0177495b06d7a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\4c693273baa0190b_0

Filesize
5KB

MD5
d41d27f72df41ecc1abb7169e870a709

SHA1
d49272b96ebbbb0c9faad589ad64e585837dadb7

SHA256
d8485ae743d61958a28eb65dceee9280e26e12310ecbf22a87231b330546f140

SHA512
d6b4a03febe9ab3161ca7a82f8c80ec6132d7791af235a7cc3bd258cae3564d1c069b898b9fa0fa03d3ed4a5246aaa3b9195d8c79ea1fcbf47df4905270e598d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\4e6742505c79459c_0

Filesize
2KB

MD5
8dfdb32452750b8b0f53b640f284b289

SHA1
5fa364eae1ed48cdfbfb189361533defbcea4c58

SHA256
82b215789e20b4906298f2390cd638600382ab09a32f07ad2dec463648a2b9a0

SHA512
9374091948386ce9b5049e4b6db52b1dd20f181169d6009bd0958a179446f987b82902ff7e23deb88c67dad6bba1db5a7196f9333393bb7a8f594f6e6d12c33f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\53ac5abc87e80789_0

Filesize
2KB

MD5
9dc7391fc2fc05405fd9deb49afe62d7

SHA1
1e53ba533b000e18079e91035ba158040f533024

SHA256
10f1f4c14403939bc55edafcda0266d255f4da3be46ce97fe207cb6fd57ab060

SHA512
0eb52803e9e9882c38b470bcdff086c44cdbe61be197e898372e9fade5cd449708dc3ddeab988fdee38641ed5cabf6cf278b882dd323947555de6aef2e846307

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5901cd6815f5b8c7_0

Filesize
10KB

MD5
a984ac57c92208bbbf62ffa45cb4aea0

SHA1
6128beac83df291a8e5ee32b1bfd9d4189e1fd7b

SHA256
03bef285520360de29e62d67b2a2ffc7cf0a6f8deb81e16e7aab1d3c9f719f46

SHA512
be4682e68b191b4e01209d74dedba5b95a060413af626ae5c929bb9a904a47286afe7ef42874ce0035123175b9ce9275dd36638e7637fa42ebd952490d143ecc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5ebae3eea1f01edc_0

Filesize
2KB

MD5
289cf3b96148fc07c5c9e3017d222d3f

SHA1
1000e57475dc7170a6040f09ebf396adcef8fe49

SHA256
71aa4d14595ed8dafe2280bf50f1f19316d4623263fa5a54cd548b9fc0ceebba

SHA512
cd9f803bc5674a58bad28a1144c8844145c9cb4dce73af4e713d93e8815c0da9b3a34596dc7ab8cd68ef444f425a5dc41393f39128f5a050cc00a624f760341d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\632e260441be7404_0

Filesize
4KB

MD5
61691bf47163d7a3e2de74be68092a27

SHA1
4349eb6dd918f4244465252972cdee282ae9bb6a

SHA256
cd814a959d9f08ced86ef7bcc40dcc9691a5d2f12463af42e9a182e1b835a648

SHA512
b6e7dce6806d71e53bae3642f9fd4cf29bc8d304ac1c18e72e837219e137439d1e7971ff6d4ab4a965d7d66eed677bbc5fd40cf7b7ac0e80e7088ce0ba2e15c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\63c6995fb9eb98a2_0

Filesize
1KB

MD5
94d41970cd3571041a5cae082dc982ea

SHA1
8736a84d49008d7663527858b47921c8cc90131c

SHA256
73561dc4c18ff76d6563051e94a0ee68a0886d8608ae90ec90b4b5fac5b4a671

SHA512
5c3aa72bbfe7f30b83fb47671bc37cbc3ba1084ec646a8f0e7943d71eaba30c46afc63bcea1ea3d460b4aea7e67439c1bfbffa45444d8d44fcd9c7ca79f9cef5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\64fa70d4ab69732e_0

Filesize
6KB

MD5
55c4318418f6446d56f5093e652af67b

SHA1
f34cbf8cfa5c51adad615fa9cded26e43a1a35a2

SHA256
440af374c4deafff1e3f027220302183355f7340912d33dba93c4bdeaafa2847

SHA512
6915ea2e3c56ec2a736ab1f82bd1a368de1e098da03aff07aed47dde40ed0d7900c8c955ac8921e16f0823e9c653a46eef2c81dd80f62e15cb6104588b20834e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\695c42f61090a800_0

Filesize
6KB

MD5
73c127c994b377660b708dd4b1da91cb

SHA1
3d4d979a88f801378e5dc5613a22731bc9c5557c

SHA256
25abd742f237fd185f01039bd53fe56588ada32bb943ba0d2cfff6ab76b5b12c

SHA512
7d2ce33ed733409ba44f4765ce63d42aca9bbfd3aa376b7bcad7dc388d1546155a3d1621c9646bd9dfdf55950cb73d4ca9857772733a90e1ea39373f02a8133a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6d3b0ad57bdf7db9_0

Filesize
1KB

MD5
9d09a1516fe6f5928bc187e5e963f2b6

SHA1
83a059eaec2a556455c3f566d13546ae7416edd8

SHA256
5c23ed3a86bd13df57cc57a5442fcf2a0017c26ed55d89072c6d78db250af5e2

SHA512
7cbfa709aea64214144b3afd0cb58b08289ca0355fa36f8f8002788973041fffded6923df99c11e60b5da512ec17717096151482914326a57a1cc0dce61b5ced

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\74b88724f60b0383_0

Filesize
1KB

MD5
e761ae0ad4f807a483de6967f85a3f4b

SHA1
3af8150086f0b543ad72021041ba34410495e95a

SHA256
520d54253942ec435f141b8e068aceae676772078b02a040699677b01b866ce8

SHA512
1e9dc861e0ce1cbbf7c93878d3767ef30499f8a09609c954a6dea22ef751dd4a576dd8bc5bc706f44d766ec4958809eb3b6745fe05627d1b2dfb416f97bd5e76

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\794417c96d8ffeee_0

Filesize
5KB

MD5
d674f7da3e12a9960307642541c1804f

SHA1
7eeed79d39ee7cc615a68fd3820661439c59622a

SHA256
8fb387acb83d0ed44399e62f01baa998c8e21c31c15489a40083bffd8365b788

SHA512
53a90014c242491e6123c7c31c7561e58bf8348b7431a4cc3c0d1acf241e309ac7d4a0c5b4b12085400abc64f91b5805c8b39c78ff0a4c4a02d24dd66cc6a1ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7a66a1246c4f29f4_0

Filesize
9KB

MD5
8d384a7355354fe069977286bc4d6943

SHA1
e231a00ac2b2a725f9930a9282c96b23240db7c4

SHA256
10e450c0d7fcf09b34b2edbe0f82ab0906300a07169e873e6c84da122fc16789

SHA512
1a621eb63b78e65e5b810eba1b14dc40c87fac965320ed9e2918a5cc07289bf38a4965f55e8522a8ef03ae940db159d22989bcd6f15d5863b3bd285e9a6eea56

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7bdcfbb4c67a4a7b_0

Filesize
5KB

MD5
8a611c37545f3b6164e3921686710472

SHA1
6c2487aec052932d4c0ed1fbb9961e5463133d38

SHA256
d587282a2c49aba2e84a9035de2ca7d740688e806a37f4056c56042173fdc4b2

SHA512
4bee0e8618c8fca5fb31fb6e0c03b2a8d7a5da88c41d6976aa136607e7eb91aa2b888aa77507e234d3905eab9c45c65f1bbc33a1852889d842dc76506ff6ff69

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8781fa41e6538ca4_0

Filesize
4KB

MD5
5033b216e23980a1e3580d08f35207ba

SHA1
6dcfe0f15033fb53f38aac91983b4967878a15b8

SHA256
216a0574c9707882ba310a0111ef1b27e3d212b16bd8ce38a5dcb95a59f570c8

SHA512
bf4ac47efe1e8b0589525813088a2985fe4ff6b41b55973fae2e8139c82c0d40f4f6971ae15700e64884e78ac858c557f2b94ab8033c6a3e7cf5a1715766b546

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8afa270bdc720348_0

Filesize
2KB

MD5
56130a8dfa7c1b8eccfda30f2e50f39c

SHA1
df5647aada8c5d12b82cd911e37360c489f459f9

SHA256
616bfe62afd020f4a405f6a711ff92fb61be7a4c3a2cd0cce394abc433b668d3

SHA512
0a4e9687e7c9d82800a84916de817566ed3b3d7e85f685e56b54d3c9a4e3838cfd1eca4d578ce48b306177eee2c691cc896023dc05e027b84c4af09a13d9b51c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8e5987d08f7b6e11_0

Filesize
1KB

MD5
e6195ce06e5edfc27806888efad4fd4a

SHA1
dbdedac8f3ae08bcb2774bc5c282cd967077c9d7

SHA256
523336d4b3008822f2d3de874e41bd56a73548412ef4b3f2fd75c33fd7216e37

SHA512
54324254f2fded9edc7ae30e0cb9f80242529938b0b6e5439ab23c3094aefa5c543cac359a561a088fbf547bb159c1859b9e4dfd558a7f204bf5a005dc40120d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9412c8b664751f90_0

Filesize
1KB

MD5
8a520cb878124d100534dd64d2b29bea

SHA1
b5a849056017ab293193c4c0a6501b89656e78b8

SHA256
0131437d2a27e5f0a33c3f2e8bd9714d0368e57839ded0db12feb4cf32706c4d

SHA512
7ebf0b33af309be4966a506c5ad8abe349302bd7158904a8b0e90e70e4f4f5c90c71478ed3cc3b0c612991031b1214431d82410bbb329f05eb0c6939bd1f049e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\94ebe1630900d094_0

Filesize
7KB

MD5
26eacfb697a342c78362395b50899b58

SHA1
74dac266331cb696bad284d9039ad59af6194617

SHA256
f8a22f05584d880d611183b6f9489705c1c22dfa2bf3519aace4903b85972882

SHA512
8514713aaed5aa3218b43a6626e5edcf9fd55f649a0b4bd89b38e08155a72484825d7a0da0605a1141e95fa4e624729a8d2acbd11a2f2ad0b2699c5d5967e835

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\98d178282cde78d4_0

Filesize
110KB

MD5
4dc2f2dfc65f433738feaae468c2cec4

SHA1
13718cb91f6cd48b24fce28cb631fc95bdec6d53

SHA256
15c2e43bba6b607b02be9ce7ca3787968ee130e1032fbc7751e2aaf2c340ec40

SHA512
46ac98709e5d856dccd109eff54911248051994ff615dd0c1066c07cdea8e9d827a570b7292a46f53f2a25e24a9eac8261cf1f2b3efe091da1922e0fa0e7ddb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9eb49b832d016644_0

Filesize
262B

MD5
278e9238ffdd48a62ec4d5d82e79666e

SHA1
946c055fe0b28e300ece273d4d306cb4d2dc7b41

SHA256
075d753f85f37974c85d8fb746c251da7bd754f2cd67a24f6280fa8bd3d1183b

SHA512
054d1d0f640a5e559bf61c70adc6515cd06ac0555973001c51d6699e233c367faf4d7d985987eb0304cc4cc6b0d5f20e1e26939aa4ac33e698f40324fe5c136f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a09f6271ad0c4092_0

Filesize
48KB

MD5
fdd1f49ddfdaf21a893014d03a5750d2

SHA1
b7aa58a9b6256c47f31653083b8c6028498775c5

SHA256
9e0a9d13aba34aa503fa66b7023822b09b3552a8de786a8ac1d97137a92c42cc

SHA512
e2035eed1a6d17917927121b8b7e0e886467135934c9c200ff6e06eeb5741c7160a13fa9323bed8016f7d4d7fa313452e6e6b7c2162ad17effa63bbd9e4f2c02

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a0bf23602ca1ab29_0

Filesize
6KB

MD5
61b304367b4105f5f05d3c5215cfef59

SHA1
e39f8041705cdef1aae8a41d869e3690661cb744

SHA256
ed735c62dcc4aaf7aed5cb6830c5a153eafa769d05d2577cb7a691da68697f4e

SHA512
2f652869c753acccafe72e597e22e895583ffdf8f81aef404f75cdfbadd088225d2642c0c72cea76a3492deca1dea285cc53694442237f7f5b3f82ff5417691d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a6591353e7e8bb2c_0

Filesize
3KB

MD5
6113ef7eba5758016dd038e0f9304781

SHA1
26f2b4838e194959cef1f231649f6d8e66ccc67d

SHA256
2b232691645643e1446b9f82dd3ffd6bd522716c59c4d03d1de1a528154b5f3e

SHA512
7cac4ac8f7140369a794d02621bbb216c3bbc1b5346b90822fe0b62da8028ac1f553c335c4ef5d366120e7a9d231375ba29f2a3a8d865b4bee08498aa3ca56fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a6eb226d0fcd483a_0

Filesize
17KB

MD5
f6b2c52fbf952053c0ab3ee100ef11dd

SHA1
be5afb97e94d21c6ad344cd6f41c3ff056760695

SHA256
a0333f42e340bf16bf3ce74f6ea602515a71c1a95988793cb8ee1bfb018c65d9

SHA512
4fb1b9df6d19f37b7d458f093ab398403836cd0da245b6bd1a95d4dd358523e380bb0359b4b269907c3697242cfc518e3b4f2ceacb9791b4e999f25685d48b51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a9a5b2100abc1a1d_0

Filesize
6KB

MD5
5161ac0d816b6bf0ca8fd0b76dd9be2d

SHA1
ed7e9d1f53822cc9448fbcc8439ba49d12b3bb69

SHA256
778021fef099540fb7f8c8c1b5679c23c99f9151cf1d3f0ca26e146c3ac9d4ef

SHA512
a3cee348e6ab7f2968b3619c43355e317dad93c67ebbeb1f75afbdf166894aed98e9e58267dd25e1b27cf8951e4819cbd0d1414b1d0049208f352ca825563c9e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ac9b40a0411376f7_0

Filesize
1KB

MD5
6f85dfc1e1c1bf3a0cf9e441217a6486

SHA1
5a08b33438e1224999ea573b363bd83240faef19

SHA256
dfe11d905f4535d9f4a5dde8dfe761b0860c9c43eba1f03edc4ebbc1786c5abf

SHA512
f8abdeffbb29dcc018b9e536f9e70eb20d4e6d491d94ebca195cc6c8a1b9c94c4043247e1c55b9338a880316f16760699351f1c2facc85f56970b42706c7f351

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ad24adfdc0f573ff_0

Filesize
262B

MD5
167d2e7578b2ea27ccca8a7472e4df21

SHA1
e933313a10f1ca4a1d1c17c5a6ad683019923d22

SHA256
3960daba91479314f1188623df86390ed2829c49117895a90cb967c60aa6fe16

SHA512
93281af33f28c36b42409043583cb603f53fafdacf22415020a2cfc4fc6bbca6cc89c976a49ae9de1217119985702bb868b51b5ed2d15ffa12a0ddc65f70ee64

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\af48edbd3578ee3b_0

Filesize
2KB

MD5
f89885a783fb8137ac0ef25e6faf5bbb

SHA1
4175f6b4d310b3aa583cab25506b2591e7c71b57

SHA256
3889668e829d334241118e41ee1cc9623ef6bc1a2e02d337328a6f418fcd8ec5

SHA512
2af2d0280d17bbc28e452569ee1a7c91b5bf1dd2cd7167fd481c0404c0df91d9a1e29f9b736eb911f999e01cbf9445bef84934f52febd861880800df4e9e7c51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\babc259ad3cfa523_0

Filesize
3KB

MD5
49f61f5b0ef703633cc887bda73036d0

SHA1
c1acd04d17037194fddff691a845fccb281f1193

SHA256
615a12bb0b0421e327f1b17d5380b78cca02d4cfb8657f9e4c9f24a043deb5cf

SHA512
921eeb910c82f99fb50b5f0d1825d3dc73fbea6aab13730bbb2dd79ce43031aa7b2b4f0844cf480e0982f82e69976239e4459b8db7ae52967c46416f18bbdd52

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c37dfb5671a046f1_0

Filesize
2KB

MD5
55ab9b979dcd23000082ab09597ce2e4

SHA1
9617daa7f4e1cd3a9083096a61c2196020b79503

SHA256
f9e10baadb6452e3445cb1ba4dfda7fd2ccaa51109bd74cbc6918fbfd6d933fe

SHA512
b38a795be43270b533c0bc035af29a0aca15711dfc932a22f3a42eab95810aaecbe870227d4261af787a8df8a48094028ca0ab40b5dfb375c5b598fa5f11c25e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\cc2f0fedd3e9608a_0

Filesize
1KB

MD5
18b667d719fedf5b8b4231683f0f95cb

SHA1
8d92e34dc9598c0a2972934faa26514125405996

SHA256
178e719362eee8433bd5ec3d0eb836610669c3558fbf9c99446482a8e60da1cb

SHA512
5b3f58328efd0ab6e08a46b6af701562c403263cda12ce00d67da88179f180eec125974960bd76e0b6576b4718b34bd9dd8375aaf359a2cda806b149afd63c2d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\cca6dff0f171f457_0

Filesize
26KB

MD5
02fdfb15f5004b98fe17b432fca6c527

SHA1
9168bfb0715888b318380baaf7fb4352302f4d55

SHA256
7e29ce1176a97c1fb6b665946c909cdceb5ce0d17ac9e6f19c2d11343a4058ff

SHA512
bc669b13f062301e4c76bed9641d3b0b701bea9c60e8560e473266f43eb28b634d87115d7245f4536d782b21e08b642839810db82ceeaa71dfa292c8a5a6d539

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d11b1a627a65df13_0

Filesize
291KB

MD5
faf47764fe0457a4458e2a52c270064d

SHA1
4f24d126c06892c5b1be085abf7cc6ffbe70e663

SHA256
f0e5b7b9d8dcbc850f0fff5715d96caef763b9cabe6ae2dda8965de3254fcd00

SHA512
f4b6b7e8ef4b0191a35c4968030566d9aef1e1773bb82ba34e9b0ec61740639661e51f242330b8cf2cc7deb474647d9391be632a29174b2481b30fab5e017a01

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d3dbb3008455b523_0

Filesize
262B

MD5
bcb386d143305825570a93bbb07da68d

SHA1
9b7559eb05710d83a8328645bf3dd467cde5e5c4

SHA256
8c1485ab7d51c68af901327b6ea05c1c008d82e668a68133e5e02226fb2dd2da

SHA512
4855022ecc23b94403ad87abd9570a4205bb58a4c4b35b2483f0ff99e756c250758c7e56c5bc233d10fdfec70acae3e3cbc40bc7ed2c5613d494a0c5eeb35ad3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d7a29efad91a1117_0

Filesize
262B

MD5
0f4f2e53a71ed34dd5325ed7af8863db

SHA1
5b4098ff4a91431e70c2d0846d4adc63a2d7967f

SHA256
16274c29d1d8a65c59b73d773bf505df4c623386bdedaa28a1c3156ab33ca4b2

SHA512
9a6b8dfd8c7082fc8fa058ddaa759a8b7e7bda3f8fc2aa600145f7fcbb75a3275ead1d0e53f35e038210ebb5d4ff6276c70003a5d567413ce33485b9a81db4a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d86829ee97a8a592_0

Filesize
6KB

MD5
9fe937fc273dc2c59f73bf77b80a2659

SHA1
ac95fe0bf7f7277bed8c1726ed5068b77d606bc6

SHA256
a32f367d333315e81b1e9b8c20f739c5480e628180be987da8d6301beaff0202

SHA512
0a47b02033b3b63f75a30549a4ad8449fbc6cb88366961a1f6ac0cb6c2b5303c93b56fe8ef8f29a270e98d79522029504ea7abf415e92a0f1099bd234833e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\daea348421cbc209_0

Filesize
2KB

MD5
13793d27c6511f6d1fbd339f591e61f1

SHA1
9e0ca1fc77cce0584f7be46a91d3ad52186ef01d

SHA256
46e81f2b480738a695c4f88c7efdb52c7449b04b80745a4d7177b6d00769b925

SHA512
2d1b4a09bc2bb923fbe82aefd475f1277ff794de30b7e221ec367cf4b5e35ad70835bbd704c249742d72b6eb42c0feb1605b924372b36f361b2da4e18dd98caa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e52ae3fb759a78f0_0

Filesize
262B

MD5
bed5876aa784a4d5e92c05735e694560

SHA1
80df41214c1e11045446e1b3df25478f399f5771

SHA256
e79a49cc8e8a4fa9435768e91f9e6c53e9377a349e0684e75be0c4e86d011586

SHA512
f65c8dfeef9b66e7eac802feb7b8239c056bd01f5abd04b89eee438bffc0bc7e5324c33cfbab66e5c469cd9e4ab1b1dc259e85c5a5b3082940e0cd6948007e69

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f078f5fb70fd150f_0

Filesize
2KB

MD5
7b454a337e04176f0cc17025fb2583b0

SHA1
c2664c0b1e7b2c2520bb3d21b3859e55aa49d016

SHA256
cbce9c09e14d4391373da92b679d0fc1bca4f1866764581060a8f296f4748834

SHA512
8b92df0362186fb68abb1a26db992dc5933cee1a7742846c39c801e349183f2fc28e590597d9b6c178994802173f051e41bcb13cf4211eb3a3ca74247cfd9b73

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f65039c6a8e14547_0

Filesize
175KB

MD5
17c128010b48d83bc94e5a997f939d74

SHA1
6aa69af0003ef3e4cf5a573bff7a70a792574a6d

SHA256
a658d7768e5c28e20904f0612f7926446160989a64e2af6d41ca938ca3e30807

SHA512
ed44245637dd9e17527882ee29a37b908f1f083fb998da58cb9a376563b8318897149cefc1a48ed29ba1c799750e561cf8802a0397075c9db2d7aa284b9061b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f89251fac2b69325_0

Filesize
3KB

MD5
a024a471250ae33a6649413868cbc85e

SHA1
1cba49a1e333f0e68d1300e6f666179075510f65

SHA256
720ff41a1b3e5d613b60f2d122d773e95c2a112b4c3fe9d346c9d61646bd423e

SHA512
d62cdfeec26c835a2afeb42cbca48f25383d57e21df0cdf399f4fb6816919851c409eb3b15ff954a7aeab7e8b1688346b3cce83f47bb392d140e77b456fd62e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f91005797e8140ad_0

Filesize
7KB

MD5
cac46427a95b8881f5526cc06968f1f8

SHA1
e7317aa390f866b6e80bdb175e083fe54fee1c41

SHA256
fabaa3e5c61f8ac5050d66ec3550716288fffa3db9f055cc7887cf4ec3c52b10

SHA512
6d5bed630ddd378d80b32a2ac88bebe2fe6d87187d3f4a6da4ed97a579690e55bc0eeab2208d36394c7af4a0741263336b1579f889c141b8b7cfe02402df390f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\fd8e59714b0dbb54_0

Filesize
27KB

MD5
1b76978b3cb624868e9e99b033f7b71e

SHA1
74f6d254dbe8688337c5cffac76ca3839ec22db6

SHA256
7f98b0313e2ce7e8271182312d6d8a4c09ad7ed1cdca7ba5277c3787e00a7dbf

SHA512
9c0e27e710c9d6c2ea1f8122a96f38ec81735f62b45c72f243c586fb285b7dd82adfdc934605eddf5ea28dcfaa8d333b21cfa51c1c4c74f8e5dcb2b077d2ceaf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
5KB

MD5
e4328a98adfc3e4039966cd8553eb25b

SHA1
93ab7f62c8270b68de37086dbacca44d02b3801b

SHA256
c72abcedaf7a0e7d2bceef2164c7b11c67c077a2f49c696c15d7d41f3db13847

SHA512
185066e65e7407b1b365508f63bdc878937d0f6556964110ef6b4c934e1513d38c0dfc2ab057981a475543aca94022c5b680b7bc2ac7a18fd7db3d19e05a5141

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
6KB

MD5
114b47ddebb805c91b5a1516d89fcd27

SHA1
c6f7475440861976b2d07ebcef7ccea9efbe9fec

SHA256
9a31a466d88d167836d9f9dbfe4df1e62adeb839b254df38087220fb68cf8a98

SHA512
71083c413aed1dad8e74b4d6522dc055075d8eef3e41133779fb15612f2a64214d9f3bd92b8ba0557721943e5aac7e78c532669de0d020863c40d7b8d71707dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
8KB

MD5
96b2eeb420a906f2d266c26250a890bb

SHA1
c403dd304559d42b0998bef6388395e9c70eec57

SHA256
d001ea27d11e3f45e71733ba38d96473928532573edf859e0e895b0c5bb883dc

SHA512
deaacf318d39c96c8fd073880fda01a2de9e74cd5ca9f0e2a2bba402dbf5badadf80cb0506e3d4885201991d03f28bde5ff65acde764d883a4aba8145d40274f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
6KB

MD5
0fe5ca0f2c8d422f3ea0786db8cea54c

SHA1
578f417f38bb7535d0a98841aa39287b14d34b78

SHA256
716462ba3299b6a111a6a215afd97fcde7a1f860822777ce8be2a80da2e877f1

SHA512
6708dbc866a17adc07736eae962a1050f6cc0bb54ccde2525286e4a72b49051a6aaf6e75dbb0bf306d7cbb27cd375a25261332600fa71e407d69433ec5f22c0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
0a43473074ca701aacfbceb9a63e7681

SHA1
68fd82697d43f298bc41342bf12852230ff1f2f1

SHA256
ab99768e966e2d5a2975084d3b33c660beeed385a7b891114977052ced5d825b

SHA512
ccec4832103651538ede345f1c1d60244dbb1ba2f8a2c1d5af583f260f8ae4890cbc2b2069471468e60d563bf4a517a58eea7f003b15390cfaf06908cde54a77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
cc469b95be0e92ac2e41d8e56cfffe6c

SHA1
7126f7b557a0494acd1e1d2a5bf879a07af33385

SHA256
8922c6dee84096c4bb3b1a7a24bb3a5eb1bbc68c92b9cc77495ed137fb860eb6

SHA512
b80e76b36c5d635c82b3670f6a8d88e9a20a52fdc876fd234fe374415aa477b84dc4ba1af8931b0a2b24af7b30d3587ba4e3dd88ab557d1bca4ad1f55315ece9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
79d454021212c3219e1f97625ba3e2d1

SHA1
a8cb39f4eb3bb1934f7ebcfbb08df08a267ec495

SHA256
412df0cae64d97dc01139b53080850298fbd802de79c012a84df4d37f836b644

SHA512
61dc969d19a5c79298d9e8124572829d4ac6331231df87309187413e0b77b936aebc80dcd52e6e07da30614d590315a80be236555cceda5ba3800781b857e305

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
c0c7109996257d6ffb942cd23f06fc45

SHA1
6feaa41b7536e7e0a83f530eb1bc6b77d41a66ff

SHA256
b386d9b8b4b56e23c4981f5492096b1fdbf81bef2b80b89b68a2e6e7b4bcafef

SHA512
9650c5c68b271a4d7360311f204842db64c5e955fc109105bb481deed42dbb2e5390b91ce8a4ef912a47d7f8528b2a213cad84a6a417053b525e36fd036c77a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
8KB

MD5
04848d35902fda6df5164548e9f00f2f

SHA1
dc0893464098c1692cb1fdb78d3afe97bf899cc9

SHA256
55fd2423e121ee6a3e996b90de305e36e876f53054d8f05dc814bbb36d8716d9

SHA512
b798f86fe360849983841e15f5ffa141fdff7d25a8c83c6d7e280b69653ac7834f2cb5beb47c473a10bd5f22488eb5569de1ad3e663729f67b67775a4aefbc1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
6KB

MD5
ec33667d59f77e86c018e1d3dc7d0378

SHA1
8fc69e9d8e80a9beaf0d17d17ae73915584509f3

SHA256
451195635ee7fa01db58587b7d6ae276e7b2c9d8a91373efc52a8c53524f7c2d

SHA512
f93c9580a668ac7bc7c18a5fa35bcba7b1e85fc746a53ce240f66a8d3058c09c745686b72cd4f542a4392fc6914a8ff2c3ee14f25e07a4b384875224ee0a3bd9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies

Filesize
20KB

MD5
d07f5f1b5b8995de252bf335a610881f

SHA1
4dc948cb3450bbbd5ad4f092f1cb83a1795db144

SHA256
86f9648612212cd4d107b2977a886683788fad300a7a4e77038b5479acf037fb

SHA512
79cc794635f9e0eae344931191f044889d75b2fd4e47a3060074437484744eed704a87990fca38e571cdaf4cef38deb1af4fa20ea0db50847674de4732e205ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

Filesize
20KB

MD5
281df89776ca2c37101238924f490d51

SHA1
dd5164d2538baf8bfc9d49240ddfe9e3085fa605

SHA256
65798b4f3d4470742fc2fc5a9fc6c4adb603a5f9c237f5608ca517c5f7e0f46e

SHA512
29619eb9d7cd20f04af647031a55279d0415e9a6742f35f0b45cfd3c92e42c3eaa0e26052330406c85612fed2095ae27d8564de9e4b187dd027631e3ac6a55fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\Origins\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
88cdfea590df53c6b88046b53b0a878b

SHA1
756f30cd25b11ac1fb90e373096cd315270940c9

SHA256
3c10e02a42f1d0723995916a518f4e36ac216f0604249dbe60f8526a6760ec72

SHA512
7db2e1b7e088d6d054b4dfc80f9dabf632b47d00a02d7172632c7904806d39e6b6f7e9fe1ce3c74429628ed4999a2eb14eb4aa547321941544350d3d749a321c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
116KB

MD5
7b96d285c5e3cd50a0644839b85d08b3

SHA1
62ed17445bf14dbf4a0040dfd3facd0c6cfc90e2

SHA256
586b0ed167df76fa18f5d0442d1cf84a8cfe82c0c40adeaa8a7a721450009149

SHA512
b21f5017e9b70dadfba5d66504c9af06891b251a2c4fd5e2c268345ebf4f38ad0f02cb1ade13fed2e1f11be162f79ac1858fc81ee5b2e21cae83d7a7398e9a84

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
6B

MD5
a9851aa4c3c8af2d1bd8834201b2ba51

SHA1
fa95986f7ebfac4aab3b261d3ed0a21b142e91fc

SHA256
e708be5e34097c8b4b6ecb50ead7705843d0dc4b0779b95ef57073d80f36c191

SHA512
41a1b4d650ff55b164f3db02c8440f044c4ec31d8ddbbbf56195d4e27473c6b1379dfad3581e16429650e2364791f5c19aae723efc11986bb986ef262538b818

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_gamdie.com_0.indexeddb.leveldb\LOG.old

Filesize
1KB

MD5
5897bfa9a4f14abcbfa1d7fd1c50bca8

SHA1
e3f7cecef7e60c46a548e6849d373963fc58122a

SHA256
b1be587d0c6cdec7c43acecc3ceada7c2d6e1b7a0866ce2210598d3f9ed43a42

SHA512
42a2dfa91092f0a3ff437b95404a14a9a1e1333127e091a7a4b424519815407bb27c20ec793a8ef773e9083b33b71275dfe4a1577fa1f847ab3c52d9716b5247

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_gamdie.com_0.indexeddb.leveldb\LOG.old~RFe6590c2.TMP

Filesize
599B

MD5
53663413bdbd5e50a496685ef72f733a

SHA1
e09aad4e35c5b36fd4750c0645a921561ed8865e

SHA256
5955dd2a60b2af98ca4bd107f4f1dbfb0b4a7798d6c8a6388fa4dc37d041c550

SHA512
6639d88735f0c9215a6cf9ddca80ad4501bebd6ada1c5ad2c7e15f4903ccdd26887f40c9b629786e520691be3a7ce68f1a8ca8c8242174cb32603a431a82c197

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_graipeepoo.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

Filesize
278B

MD5
33ddd6c5488b1ea35e738696b83bc6a3

SHA1
faf34bd1e3b5db045ec1e4dc5e9e76b9579a17bd

SHA256
e35da7855252dce0c375b4ebe2d257c9ea382d255ced3ceb7aeb997315d9d633

SHA512
51ef656430c93e9fff7129b390d5976480e1cecc0c1ac486aebc7700f5cbfbeb31099bae2116ba69e6f5b8f144787a3b84ac722579e581ced73e5195720b28b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
334B

MD5
319e43c85580ad0a7d5654c91bb1a6d9

SHA1
7453fb6e46f0c33adcb19ca3ead104f01a669a54

SHA256
762312672e6118d3f0de0bb65f216dab87e66994690553c5db2c44c229b14835

SHA512
e0b42a52145e997c069a37f47796cc82e3e3ea665497720507e8a94f6bee7e23c2fde365d4a0d9c43e395381193a8823850292d4803bd445002bd14744cc869c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
54a56c90bac00f81cbc5dc34bb7fe270

SHA1
990fd6bcd3e9fc2d69f47402dcc96385e2aa0d16

SHA256
93702efcbdf4796c23495fdb06a4df16a1d17e21e01f5db1602159980b06a45d

SHA512
51288915982fbf79593034129fae8d363c2c46f357d72ddad7fb26ce0bb6f40b9b44fe67e3536f6ba53a69016b254b3735064778db866082fe54ae69720e5f14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
a120ba646408dabebcecb24f56e71252

SHA1
b1a2934a718161c2165574f03a7d702d3a2b73b0

SHA256
19124058a6ea492c8eb7308a20fe446e54962834150d41a6171aadf14bcf07c7

SHA512
cbaf3cc7bc27a40752de7c7cab0b9905328e1de169e50b4af5d87cf7fb5e5233971a2ae9f69e945e402939076df3bfa922b902ddd5d2a45e80729124033e8b25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
0e31ccd759e6ef055fcec9b3285dff79

SHA1
08910b6010a4b68cf2b6c4425de5c2a749e8434c

SHA256
6b8ff54c9a05be6935ae986e48732adeaf82e401c88b01f609201820c5992761

SHA512
b90c81ca5176dbd2d23b51eb2f7f37385b3c3659724b885c4727b44c71f9c095928edddad5711e812786e6dd5efb02c782d46a223ef22205e199b5df8889c2f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
845B

MD5
6d21df121e52dae53192262e3d099064

SHA1
4aeb137825c490e4a19cdf35ba1c9ad88ab70828

SHA256
71f1df01ecd53d33696b3fb92917ad01a2632dc59bb9df05023c68f8b0d1f4b7

SHA512
f48cb769469768d1c6fd58849ebd0f1aec03d0c1d6c0e107d079c93d36aeaa9a76bf0399d0bcac85d9342eba2224404435e56370dd7a09913532f3be91a2f909

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
9KB

MD5
0848557cda45ce9c44b6923b3c6a9c84

SHA1
b6b3900e42326b2bc1f30c1d92735acb07046e8d

SHA256
7330001449024fe191ddfce70045154f8d105ade3741e6329c24f844df30c109

SHA512
3a956666731fba73a0c10d452deba403f9ee67f665df4dae08195ba26a82e7bf0eeedb67dbc951fd6eb6b8968fec1fd6f3dc86a972a3d7476ce9bec69d504682

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
7KB

MD5
310162db5d79da0768d02c794b6285f3

SHA1
1c3dc8b6f9a95a86ae41b4d067f7d4626850a0d6

SHA256
2b22a316cfbec250989efd15ade30daafb88d7cde671e4676294ee753fb77121

SHA512
b6617d1faf386af2802d254c284ceb48d45cfc86eb88618f580f47d93474ed8e5d249f158431f8a829187fedcd7d2e8b723665ddf1223b4324d1eabb102df817

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
0b8cfb537ed1a007fd61b66970e326c2

SHA1
d0ae0ce7069f847ed8b582df9298c267e0cf1640

SHA256
fc616177dc5d2f050ef682b025a13991f530055db646858400084e68dff5cc13

SHA512
ce4b7a1ae8321e64c2944f21ea3327d2c5cf5f5c62542df16cae1b21dd0ccd638f660bf71187d1580e811002dfbce2c92b52ade725122369a1cc0e0a6e33fab4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
8KB

MD5
b6a31682515724e97fcf8aaf82642d88

SHA1
c7fb252340d76a8537eb96fae7770a6bf5335379

SHA256
5503b8a5da8026628d54cc48ea0ac15baf5406f8c5c3b246572ff6304b7587ef

SHA512
989889df5caed5b2e4ce0864b32144f32fb183aa8add6997d559f878c1f6e508d358c8632fffb440bb5fb4bacb061025ab22a2072d69ecc3a6e04d1ff30bf289

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0adf467c9ed7671b90bfc2c1f7ae65be

SHA1
054a317ac3ef692063b4458c1e49d9f81d0fda0a

SHA256
f0de12bbdb4e9b01360e83cd7672bc1e9fff8d75a702dfe04ed8a089bcb3e1e6

SHA512
3d28917bb019549efd2283c32e239d98d3f55317995b42b7de43781d1f43fb8835b88f1a710411f3edf09aa56ff281fa8ca3f94032928aa36918c2d63fee92e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
e60177f9e2e050f4ade6bbc35760bafc

SHA1
468c33bcba4349b0aa0d9e2ff075a467d6fc738c

SHA256
a659f4ef603441b5a86cc32d4021da8212a02a6a224acc72ede5ed2279a85a3d

SHA512
9de91aedb1a7c5f47d2219d4fd88a7bfe111f899d573f62f285c64f00c247288a1f02dace32a2a7ab678a5e0eb195b3e7a77638b615cd611c96843b69be585b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
adfa4f90d5f2010861b9353407cff60f

SHA1
808574547b351dfcb8749727bc0d0fe0d5a48e9e

SHA256
0fcc176e40f45c5879ba49ff929bd79501ebd210bc0b544a03a2f0fb11d4e176

SHA512
8f89161b708ee132023003663ced4d76df5b6e0440955131ac93ef9724bbd451d94a66b9ed317bcd4f37a7cc9fdd5e48af8a915dc8e7f727afb37de751440491

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
381f4ea6f52e3872298f70e118eec466

SHA1
c9b6bf2d8d6a59f2762e086f08206e623c717cfc

SHA256
73b4bdc54bc24cd12aef1e5f50964d2170e154dc8626e31259c8cabb5ff55e51

SHA512
f2db2291b77f9e635ff510056a0be399a6f2b2be35cef55f08764de7678c5ce3a7fc0c35e75797b0bc1af53ae263e09471dcb817c7f9f162536ffbe22de626e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
547f66f536b5e08a8ac7c6c9591d2041

SHA1
4e897ab74daa137aefe0c12afb82125d8b499319

SHA256
91f905ade0fecab44fb0cee5c23c60abb4057486c2acef0da2cf90f5996582be

SHA512
01473338e0fc82a9a588d944c7de8db0561fee562a29a9c5acf1f4deea5a31c9f31b842fd2cd2ed980148f252c10cc4947f7057bbe28818ed457c958c66b2dbd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d8087e1fb9499e914d51c2547238e112

SHA1
15862493965058be12cba3a1b1f553889a9e8961

SHA256
4c6c0953527bc9a0285226e6e851f718f938d6da903987659a7854d47e081bb5

SHA512
7e386c875f29d29478ab072c8ebc47422f47b9f895bd7a55d4997145999468710921ea57b43f041a280ddf7eb9c69a54ad8d50a68c1294fddbde6f827b8c7c5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
a570f7ee84b825bec2c63ff05be47eb5

SHA1
d077d0618daa593b0a458a01b5574c42e5a91042

SHA256
964955ac30fee62306aa1a645ddb65df4da5af99df69e7a0064133a6d8e3970e

SHA512
6de5568fecf8f07502687febac1956d72c6bf565065944b3d8c053bd154b8d783371abae8946249829d591e2bda04d7210c509aa21951dab73cdf2fa54b0f345

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
46ec8401ec64609cf161397b174485ac

SHA1
fadeffbb5c6c165d9add741abc3a657444baff3e

SHA256
cf511e0184aaa0374632489b8f85259b0d367b563cf5f9cb75ea2d85d1dc0bcd

SHA512
fe706031a04be253081eb93fdd6a929a4b8e5b06c5b23aa8a09d181b1428ee7b6aa5ff50f2879499ee24901cd6d0cc3662c8c4a5774a208a0d28368269f5db01

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
2610c14448f09ae238e837dc0c5f1537

SHA1
35f3409e49722f3ef2bc8c849d5947bae64599f3

SHA256
8af7772276692ab56aed2e5543b639d1669ebff720d614bd6c68a72f59fddfd6

SHA512
48bec3f29b718df562a9b53ce2be68672e4dcff4d4e8d99da760d9736ee8bff455e619810f48d4a2509fcb7acc24f5f49eb0b466f622821dd414ec011e9a9477

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
a2a4c2732d86f33d1748109026cfe1f7

SHA1
ba2b79e7ae52c001cfdf4e328daa30273447e8c7

SHA256
888bd7e0f825043d2aab089fcc8f9bd71f01c0f9043bdb2dbe9a23c8d6809582

SHA512
95c69880ba547a630e04644e8acdde31b2da5153cc9dfa9d7375dbbeee1041d8a7d2af5811008d012c666b554c70d87edba3a47ae89c581e8b9a3fdb8541aace

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
19f7880076e4eca44001a3e941c8087b

SHA1
ab5a56781484fc13a7a0bb548216eaef627ec73d

SHA256
2c51015190b540db7fa0ebc432c7c43270145aee02472d509850809fc575b94e

SHA512
2c5af3dde83a8c1e027cce15d2b2b22603f105ac4ca32e7892561bc6d2aa69e6f6b7def30eec685140761418eb358f035fb1960ed8e7a49e3d0adf6ef66efa0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
949d0993a33fdb4e4429bea18d3db420

SHA1
66119bc26b0d30eeb0247f0395632a44262e515f

SHA256
f10349390a6ffae73e4298d145cbc35e7477e25b496dbfabce89f3632fb24648

SHA512
c35832a6c8ceb02d23799deb2243863710d92a4854ae04b71f88810d566bbfced2a399dbbc035569ea1133076e70260aa1cac65cf5b335d85ce009dc94e83c6a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
cae78c45712db3e2f78592a5881879fd

SHA1
351015968057fece0bccf1454cf1ad8f9a4180d9

SHA256
1c3a98073f05620f91ce33c569c242bff526dd077f4532ba6e0a6ef22f9f1d96

SHA512
40f7531a2edce7477a05fe2cc29b0e9efeeae4b6ede19a2cde202d214407ab172d89d59a1daea007d9654e85a6f37f95eccd17dfb6e3f1f7a38406a36bbfde37

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
b5a786912b6a125f68ff96fe398ac0d6

SHA1
b9fedb3c91d6f7f1bed472518b26f5311d4bebf1

SHA256
ccb03de57d6f08f54abe065a54f845cabde43d16e7f8df57fbeab1b1995e961f

SHA512
c725cb931c559fa83705de6d7fc56df83da379a93ed7aa7d696ec4cbb794cc2848e5baa4c9712ae1689e2cb51bacde8f8cc53d6bf68af7e87fdce4c2d6753bcf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
c2f31e5d3a921998499327a92b42259b

SHA1
a5163b381f90961c99a281f2a3db6a443a46ed89

SHA256
edb6710be69ea24ca7fce06137dd93b1efcf62d43b16c0f5a5d20eae84288822

SHA512
d0195506b24873942a8bb3aa33e0c1b32d3a265d0efe0dd3fd3b5fe96e4b81e01fdffbee23e71ff138bf73a0f4a1681b30b9b8e0c274dbd131a6122ad93f42d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
886f1aa185d14ff669d57ecfb8aa8fc5

SHA1
caa1fe9c3d5bb1b8a6860a4b613a51deee6c0326

SHA256
d6e1f1bb1d40cb12a4ed80d1ca1a7b2338a8686141a5e53731cb145d70212c89

SHA512
2857063a642de599278b633a264ecfef8741a49d5248721bbb359d594f227e39552d566b63afc1e7fca2f2fe09eeb59dfec9d2abd75e0b63b47103f3e81b6459

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9b31d415bab05131e0e9e4ab07c02709

SHA1
097f67b3dbcb7a269301682c04312e469f7e0de0

SHA256
bd8a89897b083a9681c6b608abd4da74b9fd2748e3ab3ff5797ec11660a816aa

SHA512
29ea411769fce239eeeb8f60d1f649fc96ec329c2ca2ccffaecd77c29d9344982d251cbc4446e78884ed33aa7f12e84eb56657a06063580ad0697e636d6a50c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
19a6532840d8172911700a437b73d56b

SHA1
ec138dc56b616e3bbbddc6a52a2b2697f4b19ef6

SHA256
aa0d99d0c1ea344dff936ce5e9644b3ef84c49a76d35f24bc0236c059c477369

SHA512
6adfdb3b880bc0651d679eac4cdf4bdf7ca9f76b268547480c47261704afa22eae1f592cec0f960a85c8533301fe345fa41deefc54b5433fef09a0a9a3b5700b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
2246d99617c2b928c803339492c61930

SHA1
d826998c3c62740e78612b3f1561f4e36471fd61

SHA256
61eb6df0f0e9a0581907fce1654e4fda125099c3f1ad9d5a78b9561d6a8609fa

SHA512
0046584fb673da8ecfa42a8bf08c4c1d31c0a15c8fea0f17558cc2687da5370f1118741caf73fdce275434dc8042cec71fe7b5bb02e9acbbe1c4db88e4cf9395

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
fff8e392e4e6f3aa7bd0df562a087269

SHA1
d5ab2938952245b415f5b40b84e3a892e0a4877a

SHA256
cfd2a4c4ae6632a1aef1fb0b903e9d3cb7c6cb36ffc7c8e0b3904f43b875bc36

SHA512
331981fc19a3d394b6ae4a702ee5185421bd4bda6bf87095769787cf0cb3356a1d381215dec384283738783597599563118a3c5110e8c8daf355c0425ae5b3c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
ea384911ff4dcf6d48cea3ddaea7fcaa

SHA1
8a2c94d955e346973fcdeb37c42902e7e54c7932

SHA256
7591f45808cc2b0219fb40cdab31976b3264137bb05df6b77cb5d889a3e11705

SHA512
9b671d185ad861a6f121f19eff68b02ebb9e1afec726139abf555d95aae839cf709f369c54b4952986c2119f693daf441f48320c48e3a9235e9b7eca20efc295

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
8b10d9329c7e2772dcf540860416f831

SHA1
7b05a36649b1d38bc3bc36a857bf20157d4fae10

SHA256
70ef70607b4e25813db9a6393598b34024bd431e1fd66ee23ea8066242a03a79

SHA512
3397466b31f184221d49a1708284a04fc02df3292a0ca31e60f7d66bf0f53dded5ed750e96ccf58366e05ed8ab60c830f16d6ba20f8e6869ab1df73c3044e717

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
a0e8b319d9d3dbb2d1b47926ff608ca7

SHA1
f902b6f5d897bf8bf0eefebeb03637b56e856362

SHA256
2060c9610ad1ef8b51726d2cfdf3a5b699a80b89c125b2cdf5bcf56613b3b237

SHA512
1de500da1a016a134fc70fea0ec91fd7f7bb4b12d2fbbfb1708a10c72b5131e5f6ef574e6b3803bb4ac1ed9c05f2f805bd98e7a3ec86ca6a9e2c0552a59baba4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
2f5fc6f4cdcc164a847dd202019b8526

SHA1
b9fd7ba0e5c39fb864242e7e6b2463cab4bb3eec

SHA256
1b39ef270e377093336d50f32e643fa0dc0a307ed64e3cca65eaceb140d5138d

SHA512
6e2351ff4f97b223ee4a4d5465c223c35233829ba0f64929803a07c38a31bdf7f9ebb98f06ceaeb57c2a2f9770db9ad42c98a1348dcd7904f8d864c39a37f63e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
c03d6299178fa3a844b3e66701edd356

SHA1
64f04d95eeb85722d46ac67e9c40b62a2d0af841

SHA256
91dc46ad04b2055628ff6b996710da20b48214a6fd4bf19fd272777c0b4b3c80

SHA512
e99c618cedc2b272fdfbafd579ff13311f6538e869264a1670df2a39ac1d9986c9da65044d9033c7a68b8adc655e9f5f371b8b448eb17149e98d08967e442135

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
1KB

MD5
99b61446d2d3e68dff5046a5d4d8beb8

SHA1
cbbd571a73d5b64d0697bca9f473ba783b85ecbe

SHA256
e574863e78b976aea70e20d0793159bcd9ee510804f8720cbbc9baf3d36e367a

SHA512
daab380783cc4e2b6d49ef3eefbc3b56dfd626a2fb87eb4cf1808633f80578f0ac33c2c1110d5156e154af603daed27eb0331f4103880c0d82e6745790f187f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
322B

MD5
3201ecd223268a246f7c46da728d0391

SHA1
3058399dc0f73b6469862bb256398564dc3bb8b3

SHA256
44a0e37558d82a0eb25944297d5086dc72cbec279dd182f11c5c6317068c74d8

SHA512
4a990cbe929a4e10fd39d4090ee937fd4508d2bec69d17ce1df54307894833f91c34b40344d1105171bf70dbf279ecfb67872b744722f8dc654e20bb13d64b21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13353298376294367

Filesize
2KB

MD5
bfe7b42e9b68bfb5dbd7ab9cf4e7a12b

SHA1
02cd4c7fec39e208633f6d624098fd2631c7c274

SHA256
442f07b2a59637c1df613c2a10a83f677aca7df433ef7694f457499f615675bb

SHA512
5c48dbe80a3a042139468fd9851b755586838493c497db1952d7ab9ca3d85d0b02f37c0f04e3efcbff62f699bd2f52999280c5660995dfa848fd35bd2819d5e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
112B

MD5
6b9ea6beba83dde5a3d98fd88f3d8e9d

SHA1
ac72c8d4c7b1788cc959d0d1f760d76367ebad16

SHA256
8fbfac66c14f313fafa050fd2475cecbf3277ecc1c1f553f87f1b885abc5f9f2

SHA512
0404450d47b3ca163273fa10cfcf2245b404860d372e7d1209fc417b299b15a6853e90d4ae265356c016523ec37faa1d7ff4d5fb86ac08a011a829edbb755841

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
e3e4e3de2c13264662200964d33467be

SHA1
e8bfcae47fe7c9457578f825a624bc8d512947c3

SHA256
f799488d701be0c8c7a4726107c7cf5ddd1ec1aa98e2def211d7afdb00ee585b

SHA512
c05fd5df546acf140894095128384a27b8b9481f13dcfc83e4d34dc3a25e55f837bd504ab8286e597ae21864738c7f566f56c2740dadefecffea30d88a7e43aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
bd4f719928ecfc98348ff04410b5c784

SHA1
cf30785043d8ef627fa426f42ca10336bcc6a8c4

SHA256
c2fa51d4763cf2d51a3816aaff371000aed8b40c042ec64ae6763a064fc763a3

SHA512
0d4758ee18c468c9aa3cad8e8bda5a38c1a9aca8ccc31e03c152e14a26721afe9827f8c40e2b2c157d833b7e6c30edf61e277911a322844de736cc8f5deb2ca9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
42ad36d4e46aa0b9c7bd7208f8f23c21

SHA1
4927fe16c90cc36fcc9b71be6fdff27d0c9f65e8

SHA256
5b2ce1c286744751a3480397c29172e6a7ce31eddea7c06163c1eeca855eff73

SHA512
34c28ad71439fbc760982d59c32979c7719140083fc385152dd2cea3ffd6ff7686b9aec9d304f2475e4d66debc4102f856ca78fed255c3ef48cc268dfc7872a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
5a5897607a422704ba091286bb8b0375

SHA1
3273279275523baa6be07c703ce1010c8fa1b98b

SHA256
e5929ae708ac224811715602ab4d493b8a2227a5a90c29a51a45dfedee373358

SHA512
3b0828ce90ec1601cf6437077d4cf17714b1be0dedebab0669a68443a465e49bffb7020520bc992ca13137ac1a0cd6366ce8fb416aec7f23e7b6bc974f1c1bf2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
5d4c9606f3a238695348394ea17f5040

SHA1
1a230ee530c9608a031f8cdd29689827b444133f

SHA256
14736d59a7ebc873cf35955ecd4e13f2557a6167eb4653ae4e12330797e67168

SHA512
93f578df5d738a938555946f11cfa1f2c888cfc44a5c65ac16a595e54702f711d8ceb1b8d9445e0f496ee34887960968fd339ddde7ecc9e18de40679f126e24d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
67d0364c892a3d53369fb5c1e9585039

SHA1
20cf6ed24057dca863f119505c4664f95328a04a

SHA256
702a5f1a87dc8d79d78d459c2d548fc5ad28843bef05053305a3371ec185dfb6

SHA512
804e9da7bbfd6c27c312e1030c9516eb894c2a434787a959ae98a451fefbc3bf040fe16cab4390cbaf53da48d18f5724ac466ebb134876a98d2bdf54942f1009

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
fae7ffb3c7393a9d7cc832d7af895c88

SHA1
06a8166787bbc2891c34a113befe1e7637d8dce7

SHA256
d2a482b6c5a6c374c2778961d1e2b40dc37684ede7f20c6bcb69912c8a2bd084

SHA512
01478b9e96219d345ede6bca1a863f240f489e029449d1763b7451abe22a8f1b7529c8d31bbbaa74be7cf264aa0d3e7f859664c1c262d7631622626fa1817706

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
6d48b26933e90a600cd29971d4544ea4

SHA1
8123e9c7900978e949809320425f37a7e3a69bda

SHA256
e86a8d6a03ee9cf24b6ec428d1dff62ae26d11aeaeaac4665b96f613b9dc7868

SHA512
846177e57afe04d7a71f3c7e079266569191c226441e6fd46a8cbf8d433f12056618389b47eb19e2265d021e1d5a7177e872f603167b7535ec382ffb5deffa8e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
7d6f3039fe7a59b7449f9c6ee4bfd22d

SHA1
e529702040604bfd2d83849c9695447af2ecad3c

SHA256
a73690b832f75401eb487092a96f358e67d8a54052932ffd2a590ab73999f373

SHA512
425aa044a15368da1277556196a34dcf9ed21f684e839f107e2b271a63775e9a1498e150f17256f621ffda694864788e97d4272ccc074ac929bccd0bd2c4cb43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
b68867e294a463fd7e63aea23c19c7a5

SHA1
1086d3ee99ed244c570006a9c7fe94d0f5325658

SHA256
db6c4ed7592ad659e89ac019643cd00027368e8f8f83402748a37291411cef0f

SHA512
fd2fc37525a85e71750a8cd84ed0e3132f7e7d929e83f5c96e7253438868063db87cd559fbf5f9b9b95fe3c9c2a383c35473e5ec7061d7b91521f65c0e42e65e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
ef18cd2ea1452c8bddfe2eed598be04f

SHA1
acc07a190a7145c96fff8ac9906189d6b19cd26e

SHA256
7d8d42ece454e754d89855e795a89e92d3d51b2742879890c5fc3725bfa114eb

SHA512
cc84a6514da0664c775421e06b9cfbc00d327d05c454a46d780882493e1faeee85ddccb42af404eec9d8a992cb56c38ac119f5e6a2ba1ef21679c731348e1e1d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
9f183ce398a9a08ced9d26433739a291

SHA1
d1d478865cc24f8305d7fefea712bbb5b8149d06

SHA256
15a91966dd97381bb949238efe82e2ead4d4006011219f121a23ec5eb0793ee3

SHA512
de470ae547f53737abf6fd91e67a1a2b6cb579f0d531559012fdaaacbff5d5718edfffb331539f5ad27733c53ac3ca5ff184926117d0b2c73a4e68ceed72d78c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
549f351319352a7b153ccefc1209200e

SHA1
fccd878227efd3cce9fa6eca7f753fa5768427cb

SHA256
d078e7152d64f262a4285577aa3b7156c3bfd6e0dcb1101efc4d2a87a816b936

SHA512
a70d6d1a9d4893c67722ce21d7a4060bcab338327e8cb36e615356fdaa6a2f01081273923868c301cd9ad31462b19f0727e6ea0aeb98b06a6ec9d413c985a6c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
59cbeab6da8f0ef33ff29af5bd24fbda

SHA1
c6f5f4142bdf8c44bc14f01bf752eed70d91e29f

SHA256
2f73beeb217f0c431369d663b4b84e75135329e157e0c087dd2a71634dc9c2b7

SHA512
0ce41a4ad9d06b3c50e19728f18aa86069173a96159b81191e85afcee1e1b33c43a22e8df25f46b396bfb7ad653981315239c0d0428320bbe8d6ef7ed2101c2c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
a3bb75286c86b5d9baeec2ec2f6cecc6

SHA1
8fdc70e8452a86a7ba9097f7d445ece7fdfa1275

SHA256
cd07f98cf43b257a9f4838f3e4afb6961fe8e672217a9c493a78a54275d8991f

SHA512
cb31b8ce9be181164733a5afd53ff2cbcbc5094178aa567e83ad731f416c04c0b2cf06ecce420c545e02d29765e5f762b844b21bce80c5a1cb50e4c519ebe10d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
cdab82330b7b175abe4ea462073c7338

SHA1
9fbf8c87c97cdaf64c568aebdd3a821de5b27699

SHA256
4143a4d5008446365c7da646defa484998a93ba64a963fd3c6fb2b71374d3948

SHA512
51b95aefeb3337c74d3e8de499e78b307861d3a363d190d0538da1ad630a3d99e638fc9e8a0c3c03855922e6bc0b3da65ca0688d25cbdedea2812119c908f517

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
d54a5341f95009b0b5549b451d925e59

SHA1
f29099f9528bb33b50f1737891cbb3762d161ae6

SHA256
c68aac6ed935b5e13255cd1502fbc4c42b2a968fafe3aa2469382b45376220e0

SHA512
3b5d5cdae33a764fc9e23041958bbc4b51ddbe3f2d45600b5d01b5c07d04200e1a5e7c8004dd389a19f404f0d6e07ee7b7091b127989a9c4def55a1b1449fe8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
a682352bc2599a00822256aa63c0a26e

SHA1
663c131c97ffef96b83a6cad663858a846c16762

SHA256
09b8ded7c3d312fb1b7125fbda3e3d4ff4bb7f73c7d26cc30ec971ff202dc986

SHA512
97e821e44dc06d0d90a44bc468d8dc40e4e36987ac5da078bb1d67b4ce99a58ceaded178f54a6b0b3604edff74813a1b92215808610cfa486c08a06a15b00bb7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
7db89c4338a9d6ef5aaaff4991793a6d

SHA1
60ac66b01e4b8715c64ddab5f6a0e975a4d4ae5b

SHA256
8af5cf06dcc5cced760071d38b5cf5a8fa27667f31e99724cf4eb96161cf46ee

SHA512
94113fbdd04712d507adaf2670d3976c462c423baee324ffb5fe1064c9e4799b4ab12441ac4ed86611271402f9deb30cc8785cfc92d6147ab193ac6e4eee7037

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
2a887eb6ef33e51df7a4d8f64da3efaf

SHA1
1326b70eca75ed7dded29d4633202c739fe189b1

SHA256
801b8843215bd50ce0972eeafdda8f702919a067614454a8cf9c922e0327a4f4

SHA512
aa513b674f744dd2de4ad00c0867d498ce9c6a6f0a22f188ce200d97efaf7419849f2a9d2d718c099a4e981e7b7fae8a98fb6aa61445187a3045dcbed73c2964

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
7938f03b1d9087da1a7122e9af8aaecf

SHA1
98991bf222c47d386d8a989ce3e92a735fc875c0

SHA256
0e5e966019b935172ad675de830a53cb9ee92901f72cadeab278e46f7612f37a

SHA512
2d613df950df46faefc44dd5bd514d23f96d99e29375a39c65f61e8844f376e2ef7ada88080fcf44a4296773f9e919a4016fb19264728a8c2087468abe61f223

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5c0b81.TMP

Filesize
1KB

MD5
2130d3c7f825b704c2333901946f750d

SHA1
f82a53951b3bf64cd81331ca21db8ce13b2769a9

SHA256
18e4461693054fdf4ccba1498ba411208758f76a1ca821881f423ca865fea6da

SHA512
36740d98133fa8efaa39959bec9e27a52d3d3bae52503502c72aba03b0039621a733038997eb23658970cb0b86b89098f0d39e1564f5a939fa5506124c0674f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
5cd1056ac4f8650a72dacf324007955d

SHA1
25e4dc9a03ce9f211486aebc2bba90f25e00e724

SHA256
747577c886f47da616dc5785ea8e1b25ba0203472c8220334abe32bda6cdb1bd

SHA512
5cc624af4833b878e339c015f3097413e9dbfb24c9dcb01adcdc4cd3237d2a925b89c58fd76bc5482d593671bb6a67e9f76ef719c540b65f0b169b723dd3293c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
44KB

MD5
eb62b3ebbbd409172c80f69beea967f6

SHA1
7a6be45f830c6b4b2f707c138956a9b78217ea98

SHA256
3df449523d74565f9a53691b49c7816de6f5cd221117e085e7ae3394a029baec

SHA512
86ca1d1f98b69bac002130e2961b47131a067afba052d72bd6237536f981437760f320631f79ed11c1e7b1ac84fd51ccc241bf298ccd868e4583602173471c64

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Filesize
38B

MD5
51a2cbb807f5085530dec18e45cb8569

SHA1
7ad88cd3de5844c7fc269c4500228a630016ab5b

SHA256
1c43a1bda1e458863c46dfae7fb43bfb3e27802169f37320399b1dd799a819ac

SHA512
b643a8fa75eda90c89ab98f79d4d022bb81f1f62f50ed4e5440f487f22d1163671ec3ae73c4742c11830214173ff2935c785018318f4a4cad413ae4eeef985df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
322B

MD5
6a388f00e88f83c7e06abb8c2f42b3c6

SHA1
34fa7555851605847187649b8589ae3ab5d05582

SHA256
9b3c51bca2f120a9a96ae9e06defddbcaa32a92d806dbcfc1e31b7fae9f9d1b3

SHA512
a05997bbe750a2218328c0dd76f5ba116aa6afd5abba3fe515d56450cf362df7d1be675f7ff59e404455ac0d6716abdc4e1121439a1ed0135be833c1aadfaa36

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
340B

MD5
ffa209dc51be1671acccf5cfd069e81f

SHA1
2b3c08665345b704dd97f713bdd3140e4b608821

SHA256
8ecaddd7b9154df9cf2c0d256a29d635ab44256c0a0d758733ffff699c99f7c0

SHA512
a7de4cc603275f331df0f17b3d0cddabb9966824e2fb412364e8732eede4d1a4da459add40389c88576787bac75a86a75f5bdfae9281ad5815b67b798798de89

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
fabae39dc34c131da3a6953749075aa6

SHA1
cbcd436666c2ef0fd66c3b6c14e8f8dff3af3030

SHA256
217e02c231f2632cf24e18742c48d6fc933effc7ada912d05bbb63fa247d8392

SHA512
ed67de15fac7a0dd9f8d1b26750089e63f82cb5940ea1a421b64a16da3ec4bc8dcf97cd30595ddcd05e3f61489c847a2dcc6333668cc91bb437e6de0382a9b0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
824f54e4ac20fbd5106139c2f607800f

SHA1
98948b0a2115007ab42de6c4d21b881ddafce972

SHA256
aec373746b2191a0856ef7b0a33045774e72ad5cb885119081b359e522b9a5c5

SHA512
61e3291c5ac915f80d0d4506927d9f2c5ed1acb4c4f4259cd08d24030482e67e5c8335f8651bb9ccc0e44f4092ab3950350a5d863de1991f61ef6fac2f91bed9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

Filesize
4.0MB

MD5
a512e837d11ce8dde305faa189a4f065

SHA1
5374f0982001226329cd48dd2a8ef14b5598b415

SHA256
3a3af2fa788e721091f615fb3997d7d4e0188e5f90ce53a0d765275495b8c75f

SHA512
4726610b030fce6ca22ea9f052a6e3a5c8f27d8a38c7ee3ba8e1586787a09807c51364f31220d8bb5ae6ade583a319e186fe116078a7e37bbbaffe93c29a635a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000001

Filesize
20KB

MD5
ef9588ca82f853399e5968af99985e74

SHA1
80d9df4f75c3e789ddf10584d9ff9de2b6154cb0

SHA256
9d550015f47a4d5d502f8a2f5b33bd9cbd136f4fea7c64754c8cc5a9651f7fe5

SHA512
a77b6b0bcea459ab4fc1e5d0983e85b86a6b0835849345f6afbfb27a5e84d8d1a38ff16e21ecf862e95d0a74e3fe97fda28bea66752b8bd64fd44c8ba680a5c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
b29bcf9cd0e55f93000b4bb265a9810b

SHA1
e662b8c98bd5eced29495dbe2a8f1930e3f714b8

SHA256
f53ab2877a33ef4dbde62f23f0cbfb572924a80a3921f47fc080d680107064b4

SHA512
e15f515e4177d38d6bb83a939a0a8f901ce64dffe45e635063161497d527fbddaf2b1261195fde90b72b4c3e64ac0a0500003faceffcc749471733c9e83eb011

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
f98fa01e8415e092e036cddf309c39ba

SHA1
acc7f70383a2db0cc2661fe23cde36ee2448bd49

SHA256
844ce612633f820214569231dbc7b93ca55d57fcfc3fee57b0187b83b8de7d69

SHA512
0b817ce33967e5a7ceadeebb318ff866ec4241803a38cd85debdb5d238dd64ecb5077f3d1a9232ae9aa53bd1923cc1bf62285743f905c84944825cfad21d5e4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
b0877e96d235a8e6a2df695c1d5ca54a

SHA1
6276d1a49f59710de86bc76bacdb8fc996bcc3af

SHA256
31161530b4d12127c6dd5c91efa25d1a413494f4eefe81b528c13beceef03b92

SHA512
6e19f10814dbd7c886cc947a23c1105a8faf4edeefdde4620a19f439fad27447e21f47e6dbb1706d4076fb56d86b6a315e93e4f0479bbe86661cdd627d58786f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
756069dd55aa08bcb8c72db6d2cb4803

SHA1
b5c83bfc58ba46722ed66676b703d2344edb67bc

SHA256
c89bbdc029735ad4a3a01675f1e344401f43af46e1e720b641fdd5776a08df7f

SHA512
1c4f0c35f04e263cd0fd4a581b586b2a5fc2dfe1423bf275405f7bdeb3b7412b04ae3b312d5f4cbef963840787e660acd680700864fafc5df5f46dbcc1196fd3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
d702ed5822cb1f02ee415d8ff883e8b5

SHA1
a2351c0852acce171d6f0f118dcc05bd4749eb4a

SHA256
d9627945dc98016891a7554656226a3413c362fc0e4f75e2053dc3445e778b50

SHA512
1123d36be9a8b742c460b157406772e26f4aecc76a105ed641afe110c102ef398edde12edcc51e95d54f0879de22a5bd051dfc2d985c59fde9507a1aaff3d953

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
bf2f60e82b2c757990a51b9efab9112f

SHA1
565cd7eb513780c930d457dccc40a91dff4390c3

SHA256
cdfd2ab53670cc0c7ab3d4a458c97704ee595c3ee49f0d1678ee2b32bc989874

SHA512
1d370ed811494385ee6d1b499d23ae4a723efcc08cac50d516615e56e911b223cf6d8c973dc9e8ecb5f0148a5633c9df8305c9c2caa45871956a6ad9b03bf4ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
394020cea85e6701746e41dc1e4bf5cc

SHA1
410625c4649e7b4f741235ad2b02f6d0fa03f3cf

SHA256
89b301008e51afd0b71300e096fbd4d52183dabf1589c91881c8de6ea1b19286

SHA512
f854af0a003ff9e8c8bba2964520589895a2b7a6d4b2ebe238d312d31216617c633d5ccdd8840210b490583870ec2c3891bdfe269b4b6f365ea39be08c51f4d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb

Filesize
640KB

MD5
c25e868376dd580691c5d3d15781b588

SHA1
362d24a49401ec19203e49d5f831edd42e087e54

SHA256
f471cbe3b5b6e2e5b89a7a9e7988653d6cef0ea6e9dc25c68875e338f0df5ef6

SHA512
5a8b727bfd074517a97143d3d5cf222e108ea0c3063e3f682271c1800ae2d94aec32734c092d3338406b74208407682e063f661d285b1a71faf646eda069019b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML

Filesize
9KB

MD5
7050d5ae8acfbe560fa11073fef8185d

SHA1
5bc38e77ff06785fe0aec5a345c4ccd15752560e

SHA256
cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b

SHA512
a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b

Download Submit
C:\Users\Admin\AppData\Local\Temp\DX6A87.tmp\FEB2010_X3DAudio_x86.inf

Filesize
1KB

MD5
e84adf38d499ae39090ad60fd76d76e3

SHA1
6af4d58bc04aac2723e8b97649f1b35fb1aca84c

SHA256
d4da3e530982812d1e2a31570b80af541fac1b13c72997d2aad7ea3bfeaf4a4a

SHA512
6714992e7aee7bd0798fbec68f92c97ee502127580e21e1b6693ed6737312b44dbc9fd9ef579fe552590e9e5a4904df94e4116334265a34699a04aa76ab87c24

Download Submit
C:\Users\Admin\AppData\Local\Temp\DX6A87.tmp\FEB2010_XACT_x86.inf

Filesize
1KB

MD5
82c10b720e33be099f69e4010d44ecd2

SHA1
e95a2eb23db3fd610d71089500aad523f93c9469

SHA256
e850fdb84bcac0f667927e53fee943efd3f43be6c6a0ae1e17f3fff83ddb2635

SHA512
853261c439b26cdc8991ac289b9f9925976452ed613481b0cf09e75444882805ffa15633eba441d8e1a04641f5f6378b68e2270a6a48d3911d7f9c2c0b1235bd

Download Submit
C:\Users\Admin\AppData\Local\Temp\DX6A87.tmp\FEB2010_XAudio_x86.inf

Filesize
1KB

MD5
e6e942a2cfbb587bfcc4203b5bb34fd4

SHA1
2e0172ea1936911a98e11a6e98990703e24172c0

SHA256
74c827ef94881099761e04397ef8f162fd0ccaf4876a5503c4b53a5216d2acca

SHA512
3d70d76e6f459819a1703c5019a2e10fe518ee6e8eb5d3313fe57d3d1b6313b52c4904398a26841c78a9ecf9d715e1201e834ab3df47265e070ec94417a78e4d

Download Submit
C:\Users\Admin\AppData\Local\Temp\DX6A87.tmp\Mar2009_d3dx9_41_x86.inf

Filesize
1KB

MD5
b37a5ff044eb65521a290c79ba1a3e00

SHA1
ed505464894bd3e52654834487f3821ae117edfe

SHA256
bd29711cc2ecd924990167ffa95f48842e24aeed3acef1023717040240b4bbb6

SHA512
eae4408cfa7f9c39b101489688cc570a184b8a57f3d20d3b0452a581fb80c4f485dc2f512a39669a92a5bde81fbf474e1585f566ff482e87610780c23126c21e

Download Submit
C:\Users\Admin\AppData\Local\Temp\DX6A87.tmp\X3DAudio1_7.dll

Filesize
21KB

MD5
c811e70c8804cfff719038250a43b464

SHA1
ec48da45888ccea388da1425d5322f5ee9285282

SHA256
288c701bdedf1d45c63dd0b7d424a752f8819f90feb5088c582f76bc98970ba3

SHA512
09f2f4d412485ef69aceacc90637c90fad25874f534433811c5ed88225285559db1d981a3ab7bc3a20336e96fb43b4801b4b48a3668c64c21436ee3ea3c32f45

Download Submit
C:\Users\Admin\AppData\Local\Temp\DX6A87.tmp\XAPOFX1_4.dll

Filesize
72KB

MD5
e4ce2af32f501a7f7dddd908704a0ee6

SHA1
9dc2976efb15b6fba08bebdeb98929b6961063a5

SHA256
0aee44b12913a95840ee6431d90518b0d72c54a27392e21ee6995e2151554a06

SHA512
ec14a58414d595a36c6b575cdae690f11481cd3f0b35fd2f4c6a6d162a6272882cfe03da865e09a34972775790529f51c80b69056a2fcb909f25b549ed2f7f01

Download Submit
C:\Users\Admin\AppData\Local\Temp\DX6A87.tmp\XAudio2_6.dll

Filesize
515KB

MD5
4976243bd70fae3d1d24e49739ab2710

SHA1
6ef27b10bcf4e697fe77c3e964b326be11e4444f

SHA256
61b57170f7c6365714396072d22cb98746718c0f44c9f0d5c62fdb1b218639c7

SHA512
af2d6aaad44bed880a1a2ee947618b142c76a5eca42d4608196b74df9108a9649059d8207e84a58b76ad43aefe9b66ffcc519f8126667177011cf4199f163e83

Download Submit
C:\Users\Admin\AppData\Local\Temp\DX6A87.tmp\apr2007_d3dx9_33_x86.inf

Filesize
1KB

MD5
044cae9c30c88bda73727243f5e5206d

SHA1
de744e349cf4ea458b10657d510966d21ad08d67

SHA256
349a09a2791d697bffffc61410a536cdcf258f0d7c86dda44a297e8aec4bdf00

SHA512
18e501142004afbcd28b41bdd3a9b19e2eebc047d7858ee11a9135f19759cfd8c643ff074a51e937bbcab7162888fd95effc146be21fe63dfc300ef03ed44056

Download Submit
C:\Users\Admin\AppData\Local\Temp\DX6A87.tmp\apr2007_xinput_x86.inf

Filesize
1KB

MD5
e188f534500688cec2e894d3533997b4

SHA1
f073f8515b94cb23b703ab5cdb3a5cfcc10b3333

SHA256
1c798cb80e9e46ce03356ea7316e1eff5d3a88ccdd7cbfbfcdce73cded23b4e5

SHA512
332ccb25c5ed92ae48c5805a330534d985d6b41f9220af0844d407b2019396fcefea7076b409439f5ab8a9ca6819b65c07ada7bd3aa1222429966dc5a440d4f7

Download Submit
C:\Users\Admin\AppData\Local\Temp\DX6A87.tmp\d3dx9_33.dll

Filesize
3.3MB

MD5
cdb1cd22baff21f48606b3c1a18b000b

SHA1
9315b5db975a34dbebdb4dcae652ba1db01c482c

SHA256
c6b7b2ad7742dde5dd8d1a35fdc1c185e586e551ad9c74d3fb21759cd8ca4da8

SHA512
c5fb24de8f1ee6fc1ed6e74580b5d22599ea4eb6c3589645fff0b15dc8dca051c4917e60fbc00ca86542dd63a8f5e40da92ea77e24826c0c6bdba9b58c36d4db

Download Submit
C:\Users\Admin\AppData\Local\Temp\DX6A87.tmp\d3dx9_41.dll

Filesize
4.0MB

MD5
3fa06cf5079b84155d18b05c08f7131b

SHA1
fafe52876151a08f39dbb6b4aa137dd85558ba5f

SHA256
6ac4df203af419d3f3b7d9a99e14a3490ea3ad307c474bfe36baea642b1421f6

SHA512
24d29c3ffb6532da860fef4dd93e61f7532cea3af94928495a3af0231e7dff6db5cad25713451a2e722c076462b94818cd6969a1c7d8905585b0f64e12174d1e

Download Submit
C:\Users\Admin\AppData\Local\Temp\DX6A87.tmp\dxupdate.dll

Filesize
169KB

MD5
c4842e139fca422e265c91c44a1341d6

SHA1
299a5ab4644fe7302b515aa10ef0f1715046275c

SHA256
b1f954cd75dc3c9d5bc57f1a4c28720ee3639aa8a4306f3da7b27d3c361ff8f5

SHA512
e85a35164e0feafa73a676dacf67d275b8e8aa5be40d861743662a7d1ac8135625c2d59a73e5c77fe1e3e8bd8523d9c823c89137aa4cb1b32d392cd9a1b59989

Download Submit
C:\Users\Admin\AppData\Local\Temp\DX6A87.tmp\dxupdate.inf

Filesize
12KB

MD5
8c281fcb5546d1ed3cdaf6e3f7303139

SHA1
de342a17f2df0386f6584e2f55ae43c558ceb6c4

SHA256
7530c6e18dbb522c5f4fbf6714962c185ea318f9eab7aeb833b0cc07cd2fe656

SHA512
344ea0a375c8851fcf413f441a1cac3013b3748d1630a4d677da72e98f41823bf9427d896de7e1fe35bf868279538cf3b8322aa6ef20025bff48a6bb7f8c42d3

Download Submit
C:\Users\Admin\AppData\Local\Temp\DX6A87.tmp\xactengine3_6.dll

Filesize
233KB

MD5
f81c4678a55ffee585ac75825faf5582

SHA1
8fb2e6cf2a022eaed2ff5e3e225b3ca1e453d1cc

SHA256
8a7e7c5ac2e6230f0249d46751522e7ecf85e7490cf7491ab73bf2e7e59e4c0f

SHA512
8c8071bc2640d5c0fcf140ad68d4788cbb0706d17313c3cb74e25624a748b282acbf77eda678cf0d5fecf2ec3d583508c6f4eaf5c84073909b616f59b4f4e5fe

Download Submit
C:\Users\Admin\AppData\Local\Temp\DX6A87.tmp\xinput1_3.dll

Filesize
79KB

MD5
77f595dee5ffacea72b135b1fce1312e

SHA1
d2a710b332de3ef7a576e0aed27b0ae66892b7e9

SHA256
8d540d484ea41e374fd0107d55d253f87ded4ce780d515d8fd59bbe8c98970a7

SHA512
a8683050d7758c248052c11ac6a46c9a0b3b3773902cca478c1961b6d9d2d57c75a8c925ba5af4499989c0f44b34eaf57abafafa26506c31e5e4769fb3439746

Download Submit
C:\Users\Admin\AppData\Local\Temp\HFI9328.tmp.html

Filesize
16KB

MD5
e81defbbbaf3d85a7711a9a97a4943ce

SHA1
8d8161e5b5693aa1fb7262696f2a704f04fcdb48

SHA256
800475df98d0275e8ad26baae8adbf294ab83fecef8cc5eb59524e6feb6c5384

SHA512
869721472db9d78e90265e2c1175f5cc80987b080682b80821ed3f548f50d14c9cb179c7c5446d62c7e0a12da14be8f6d7c1a17e0666bbc05c39c5b67dac1353

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
39d8e21fea206e510e703e43fd69d968

SHA1
820bd4ced7746300053e28a1cae57b39b0a836e0

SHA256
7fa5101e3541292115c5b091152eea6cabf39c2e94b96b2398a5ec34a65b69b3

SHA512
e0260e53bbba9de3e29afbf6fd3923f15125daaaf188b4e1825ad4515cabe62dcd17dd3bd8d00dc3417afc04064b6302238706a490aa772cbc7c7a9fb1446132

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
12KB

MD5
b98fe3b3f939823e713a480c265daf45

SHA1
bafaaa9020f76896b2ad766fbd12a8219139fae0

SHA256
a8e6bf8ad03837a11586051d394fd854a20626bcf227f8683d0f49e86f904bb3

SHA512
ca6f0ee14fcadd55cc1d623dda1a28e3d88e74630d531a3715dc8c3f60d4361f1679830e198bcd6f9f79f2a9156f417e9da31a44de269cfd64eae6ca0776ce71

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
c52d1f5fbb6502ca79fc11ea9a6193fb

SHA1
66e0203a67d2a1efda9c5a1960511659e660b446

SHA256
b17bc81b77def074035d1060d116e8b8fc3d3d41bea13c19c1dea812b57175f5

SHA512
16c9065505e11fbb613a54f6b89dc63ba48b5aa833f34402fd7953be3dc3c77034c3d2866902ff094bc249f329d5381eafab45493d38ecaf873ce4ca88a43fc0

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
dc6b5090d9870da2cd074c61d96e03b9

SHA1
9e16dd3e3a0975b57f102f1a45d62eed68795540

SHA256
bda4042e23577921f747caed147899e619ffa89ed3b1ee9ec3420344cbb27aba

SHA512
bb6e111af228e843f7e27f7c80e2e5ceab61dec4eba30f86ca0b39aea9f0f76c659577c1fdf38c0813d80689b3cd7d2106e4cc376ac7d6144cf4821da3fb45e0

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
12KB

MD5
f0b9491fc3d0a373482a3333c9d247dc

SHA1
73f6d2098a3ad5bc2fcff33bea2fe6eaf3bc219e

SHA256
83f3ed365fc571d777be30407e1c3aea0337449c84a47efdac92848183941147

SHA512
80bad1eb031fb26c845fc18b737ea238e2eb1c1ad560b2b761a43c6688c6c2fa417bde7e5d91ad1719cc2731dadf8da772d9d6278efc7675f34e0de3a35ff591

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0zk78kq5.default-release\datareporting\glean\db\data.safe.bin

Filesize
9KB

MD5
9fdd1eac0cbcf8c485e9de17b99b8ac7

SHA1
1be1c3f666161dde361473e2b1b815786dfe3eb6

SHA256
e47fa7dbec85056efd69ffd6d91de7c25927e64edc53779d7a34d0b7ca1e88b7

SHA512
1c8fa67ef85bc1e4a6e425e4d0434d1877f1bbc1db1d7eb966359b82872fe75fd3ab689eb31c338ccde11ddd2cb9628e69011baebb17728ff6e20fe75f26ed9b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0zk78kq5.default-release\datareporting\glean\pending_pings\38f51c65-4837-4876-bdbd-dcdd48f303bc

Filesize
734B

MD5
c5696c5a1c19a15c8568752ae0a0d18d

SHA1
e37e11188c36f6bd5a7e9cd2fc7509794235bb4c

SHA256
6ee3ad34e5d106698ff024760fed05003d69734a3e58fa8383f019ccbf06f72e

SHA512
be57f13944eaede7e7f883fdfa7c34af6bf394139d5274b394a8a52a4fdf9e34d7a6b04da3293d5d671a1e7ed396b4e5239cb0990ca25b56afca280f6c8b97a6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0zk78kq5.default-release\prefs.js

Filesize
6KB

MD5
ec8496905a6df4c36ec50d650fc12955

SHA1
12040eefdadfb53600c66299aafc3fb6dfabda5a

SHA256
ceb895cfbd9c1301d04f603738abcaa252a3df2c1dae4be498199424b2877f83

SHA512
f63647c288b33ce8dc6c61563a517148fba9b07ac00ae10c3dc0185148adbc6cb1b90b4a8645e8f58c6a7c189423f914af575b6de4cea2c9b4328784b296cb91

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0zk78kq5.default-release\prefs.js

Filesize
6KB

MD5
7fff3c764ff3fb444d66083739ddcf78

SHA1
3c31e9cd993ffd4170fcaa5ea15b780c881778c6

SHA256
c48f9d323efe859fd784e380a6e7c8a5792d328c8dde1a58a36f1b7d615e4878

SHA512
504fd770015c7b76105ea2e189d23a56dc052ccb4150fd4427f12f07f0d48f48263963f89a8134f736fbae80f13e911b036f1c85e832fd798b42a94404ad81f4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0zk78kq5.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
4a0d3444fb376a084ed41b94a23d7c1a

SHA1
d0c0e81d916339c0328161a98ae6141ffdaf354e

SHA256
aac622d2c5e611551722e91b2fcc8c5ba01d1e211e23914722309255ac0caa67

SHA512
7d6a8b366d0534cbb6c669732f8bd199cbd5ad25645b5d7360e284fcf8d6f6ed53c317f5dd6682a08658c1b2a1ee35a7092cd6c77f963b4e1d1abf89f3a57dc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0zk78kq5.default-release\sessionstore.jsonlz4

Filesize
4KB

MD5
a7e5ba7ad1b3bcdb1f8a5961af95109e

SHA1
e644527f49458e520cd4d8bf3918d3f1b5668455

SHA256
6c9c0c79d72ad02f429dc98597fcc11c484aaa2414608901c8fa4d27f7669af6

SHA512
dfbbf59f4849ec971fed32efe787d0e904b7c32999f559a7b4411804faa04176207b35f6b5304fcf7fa3ce6b2759174c8cb0ad1c7dfc22f44f0c32af2d9261db

Download Submit
C:\Users\Admin\AppData\Roaming\vlc\vlc-qt-interface.ini

Filesize
92B

MD5
6cda956102c29488c53b5d18f801e473

SHA1
a68892519df3ac3ef5d6c58ce89a4072c0d056b7

SHA256
312f0e376bd4c837cb102475fcf38237594ba2e299a0c2e4b4147d8e09255c82

SHA512
f7ee16884c6481a55969ddfdd4e7417fb9083f6991d4de92d34e1c49c8cff9fb050a3ee009966dcfbc67d83932cf993d1f4363114cd67113242be3a1004591f4

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 47663.crdownload

Filesize
12.9MB

MD5
360b27096c744ec384c25d14c16106bc

SHA1
03fd2fd75e77088ca8e684ad37f0472d121658a6

SHA256
21fb7b91c58f8033ec1d495ca2e724aaf155c08a0b5dc1c7ef2cbfbf9be208d6

SHA512
7b8018e6e53ed46fa3dad547739604e548a57fedad58ac078ae97f46f7a9e7740f97361674c814419de3cad2a11152bddbe88adef24904da842699a93399b36a

Download Submit
C:\Users\Admin\Videos\Captures\desktop.ini

Filesize
190B

MD5
b0d27eaec71f1cd73b015f5ceeb15f9d

SHA1
62264f8b5c2f5034a1e4143df6e8c787165fbc2f

SHA256
86d9f822aeb989755fac82929e8db369b3f5f04117ef96fd76e3d5f920a501d2

SHA512
7b5c9783a0a14b600b156825639d24cbbc000f5066c48ce9fecc195255603fc55129aaaca336d7ce6ad4e941d5492b756562f2c7a1d151fcfc2dabac76f3946c

Download Submit
C:\Windows\Installer\e636672.msi

Filesize
6.7MB

MD5
97c2eebb30c5a88c68c8f24f37183f1d

SHA1
49efdc29f65fc8263c196338552c7009fc96c5de

SHA256
e6c41d692ebcba854dad4b1c52bb7ddd05926bad3105595d6596b8bab01c25e7

SHA512
c9d1017b274ceb1b4ee624cf7e628787c32a727c64f715fbce1f1ae929d9114f8fe1291e34583cec615619b0128c01206b07efc878e7a5c57b792453f73fd0da

Download Submit
C:\Windows\Logs\DirectX.log

Filesize
10KB

MD5
8d066a381e2a0de555c56461d11d619c

SHA1
18240af44c10fca8932dc800a204ce17dd1f7069

SHA256
51fc83686a9ab0eab2f6cc575ee41f6113313312dbd49c17bec1ba740063ae2b

SHA512
3748193f7a48a0329aee24614ff5f55c44a2f87bf442b09a74e06044d3e3bb98014a16ef0dd31558a9ef7c7b1aad20bfa7770210dc9c9478a3ca917618a430fc

Download Submit
C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Xna.Framework.Game\v4.0_4.0.0.0__842cf8be1de50553\Microsoft.Xna.Framework.Game.dll

Filesize
73KB

MD5
cb165eb6a9f33e000ab06edb13e04481

SHA1
78413765326533e1b155121abb4968bd07c36bc7

SHA256
a0347e9d9a646779a9bb1bd512af333ae07a3db65b3259fae3220ed87a80e756

SHA512
702d91b8a74e9e49aa36a0d94b364243052778320652ee980ddc21b9618edf72676d1f42d7eb008a973c439a2717c205c90b4c116de7023b3a2f89315e5096d6

Download Submit
C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Xna.Framework.Graphics\v4.0_4.0.0.0__842cf8be1de50553\Microsoft.Xna.Framework.Graphics.dll

Filesize
417KB

MD5
c76b932d5308f2c33b2b25077fc93fdc

SHA1
3877403187dc35eb57cbe9940166e57021b2275b

SHA256
39aed7fd8e308ccace5ce9390256f1c829ca72c2eccd97d4a0f629f24015d3a5

SHA512
d84c39c2aaff47a0a9899a695ccf450b1c126388f25e9c186a313a31c81f584768d8a5928916fe6e0a7dafee66c7d11909ebdd1468b7b80a3892de1ddf252f74

Download Submit
C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Xna.Framework.Xact\v4.0_4.0.0.0__842cf8be1de50553\Microsoft.Xna.Framework.Xact.dll

Filesize
74KB

MD5
cf7788e795f1c743d6ee0bf8de3fa502

SHA1
db2bf000c096a91aca46da5fe35326761c63053f

SHA256
6824bb0b7b42626d1ed5b7ab7e4dab4a380fa010175d4de0fadb1c3904e491d1

SHA512
13cd0d8d7479d7bb9b721cbd8109764bfb58e4dc01661e8fd6819f1cb182e408766e7cc61103e95763bdc1e11ab4b901ae05c8748e18b5f730ec78c5868f7781

Download Submit
C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Xna.Framework\v4.0_4.0.0.0__842cf8be1de50553\Microsoft.Xna.Framework.dll

Filesize
657KB

MD5
343f79fe3dcfe0828f7ac2a13f8f7210

SHA1
8daafd2b9e44f0b46b2dc6ba4607ef155964db0e

SHA256
8b7aa4c4939f243b21432747281cc8aacdcda56191a16d9eaa036b4136cf0da4

SHA512
651d7acf8effe6a77ce094c88163adb950830d2f5779f900129391f2f9ca7393163749084e861fbd742e26f61c350225107d64dcf888c0b5d4ac9de8ae99d44a

Download Submit
C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Xna.Framework.Avatar\v4.0_4.0.0.0__842cf8be1de50553\Microsoft.Xna.Framework.Avatar.dll

Filesize
24KB

MD5
7b26de335983eb8b800a67ef5ff077d5

SHA1
f614672dd8b25985a417ed339a6a6532c9e57800

SHA256
7688ebdffc98433eef8aada293a8c4beec6d6acfc0e1f91ca8eb2f1c350e7cec

SHA512
fc14dcda0703c8ade152bee32b4c4175c37e98500cc1370d4de0ffd0eac398edae3a42d29711e6ec841231fab0eed228fc6eba69347b54a8e125866ae6822043

Download Submit
C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Xna.Framework.GamerServices\v4.0_4.0.0.0__842cf8be1de50553\Microsoft.Xna.Framework.GamerServices.dll

Filesize
70KB

MD5
f1e460b7805cbc4901c410f2767912ab

SHA1
01e7f335e58af5140bc7953518739f43c59f1c98

SHA256
627e84c06cc4e409870b068c9ec9149adba425e47e64185f92d839db2aa35484

SHA512
3f34bb839deb6af6b68946aaeac17fa3a1e419d2f8310f37d1f460bda329c2bd46e380fe18f883389dcc64e482e596a0b31e0291b202abefe1c6976d5dec8751

Download Submit
C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Xna.Framework.Input.Touch\v4.0_4.0.0.0__842cf8be1de50553\Microsoft.Xna.Framework.Input.Touch.dll

Filesize
22KB

MD5
911fbe5496efbaed4ea67497fa63c633

SHA1
570911a579cd752ceedbe9b07efc1c8c832cfda9

SHA256
2191bad4540b50723acbda55bd2c6e5d80cc6f84ad989ff89ddda672348577b2

SHA512
6ffc30116c62f9a91e5d6fee4133e87417df14aafdf5443f7002b46c20ddbf0eca242ea54f8711b31defb42ad0ef3f5f11b16e699ce3dbdaa728ec1661e00d7d

Download Submit
C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Xna.Framework.Net\v4.0_4.0.0.0__842cf8be1de50553\Microsoft.Xna.Framework.Net.dll

Filesize
53KB

MD5
378479eead647cedc6b74bf84e5514a2

SHA1
8dac9af1bec30f93a4aa6650ced1f64dd0791841

SHA256
3c0b37068ad56193fd613eb8f6bd321e7e08a99b9cf85606ccddf060afb1263b

SHA512
6b0cb09a21121d2eed1277c0989d5ae142b6c724886ada5f713f762c61641901fadbb4fdea115cbdb662ceee220aa7d684e5a7a0613fc3a642bbad36e9c22e88

Download Submit
C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Xna.Framework.Storage\v4.0_4.0.0.0__842cf8be1de50553\Microsoft.Xna.Framework.Storage.dll

Filesize
20KB

MD5
17c4074e1d0977182060959ec63e18a6

SHA1
af73bc4b90899793525ca472a1b90312c33063e9

SHA256
7edbb80c699ce3ead8aee5a512ee34c7718cb5dceeb1d0577e788ad8d0ad9383

SHA512
b7d7fc7b21f3fd480e6ee40cfb3682b898382ad2397cc38ef7258db68dcac31de0f64b8adae5ac92d0b31c3cf85c2489a04dfa77675104134d874fb4871e91b0

Download Submit
C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Xna.Framework.Video\v4.0_4.0.0.0__842cf8be1de50553\Microsoft.Xna.Framework.Video.dll

Filesize
17KB

MD5
94b8554692a89f1955b9219e0f26442b

SHA1
cd34862740a30b2f0fd391fa16b082edb79d155b

SHA256
63c7673c936747abd9ebe779e8837c8b8add2c078a31216684fbf8c6bcab2745

SHA512
9a6762e9cd8bd26dd347c8166dc59b31159c9e5295d39773c69228d73b5f3f850bbd41f733b1f880623bcd4c929f13d66e2168f2e1972842a6e031d069ec92b4

Download Submit
C:\Windows\Temp\{6431A799-E7A9-4C67-8C05-7A76C9557ABC}\.ba\wixstdba.dll

Filesize
191KB

MD5
eab9caf4277829abdf6223ec1efa0edd

SHA1
74862ecf349a9bedd32699f2a7a4e00b4727543d

SHA256
a4efbdb2ce55788ffe92a244cb775efd475526ef5b61ad78de2bcdfaddac7041

SHA512
45b15ade68e0a90ea7300aeb6dca9bc9e347a63dba5ce72a635957564d1bdf0b1584a5e34191916498850fc7b3b7ecfbcbfcb246b39dbf59d47f66bc825c6fd2

Download Submit
C:\Windows\Temp\{7C5E9BFC-06C7-4F8C-BE16-B0E61EE731A8}\.ba\logo.png

Filesize
1KB

MD5
d6bd210f227442b3362493d046cea233

SHA1
ff286ac8370fc655aea0ef35e9cf0bfcb6d698de

SHA256
335a256d4779ec5dcf283d007fb56fd8211bbcaf47dcd70fe60ded6a112744ef

SHA512
464aaab9e08de610ad34b97d4076e92dc04c2cdc6669f60bfc50f0f9ce5d71c31b8943bd84cee1a04fb9ab5bbed3442bd41d9cb21a0dd170ea97c463e1ce2b5b

Download Submit
F:\fd657bbcdd476399885cc3790d06\1028\SetupResources.dll

Filesize
13KB

MD5
7c136b92983cec25f85336056e45f3e8

SHA1
0bb527e7004601e920e2aac467518126e5352618

SHA256
f2e8ca58fa8d8e694d04e14404dec4e8ea5f231d3f2e5c2f915bd7914849eb2b

SHA512
06da50ddb2c5f83e6e4b4313cbdae14eed227eec85f94024a185c2d7f535b6a68e79337557727b2b40a39739c66d526968aaedbcfef04dab09dc0426cfbefbf4

Download Submit
F:\fd657bbcdd476399885cc3790d06\Setup.exe

Filesize
76KB

MD5
006f8a615020a4a17f5e63801485df46

SHA1
78c82a80ebf9c8bf0c996dd8bc26087679f77fea

SHA256
d273460aa4d42f0b5764383e2ab852ab9af6fecb3ed866f1783869f2f155d8be

SHA512
c603ed6f3611eb7049a43a190ed223445a9f7bd5651100a825917198b50c70011e950fa968d3019439afa0a416752517b1c181ee9445e02da3904f4e4b73ce76

Download Submit
\??\pipe\LOCAL\crashpad_3600_XGFMNKUTQOXSYYDP

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/840-6200-0x0000000000400000-0x00000000011FF000-memory.dmp

Filesize
14.0MB

Download
memory/924-6227-0x00007FF77C320000-0x00007FF77C418000-memory.dmp

Filesize
992KB

Download
memory/924-6237-0x00007FFD600B0000-0x00007FFD600C1000-memory.dmp

Filesize
68KB

Download
memory/924-6236-0x00007FFD60360000-0x00007FFD60377000-memory.dmp

Filesize
92KB

Download
memory/924-6235-0x00007FFD61380000-0x00007FFD61398000-memory.dmp

Filesize
96KB

Download
memory/924-6234-0x00007FFD4C740000-0x00007FFD4C9F4000-memory.dmp

Filesize
2.7MB

Download
memory/924-6233-0x00007FFD5C5F0000-0x00007FFD5C624000-memory.dmp

Filesize
208KB

Download
memory/1480-1847-0x0000000003140000-0x0000000003141000-memory.dmp

Filesize
4KB

Download
memory/1964-3104-0x000001FE207B0000-0x000001FE21272000-memory.dmp

Filesize
10.8MB

Download
memory/1964-1935-0x00000000008F0000-0x0000000000906000-memory.dmp

Filesize
88KB

Download
memory/1964-1914-0x000001FE1ED40000-0x000001FE1ED58000-memory.dmp

Filesize
96KB

Download
memory/1964-1911-0x00000000007D0000-0x000000000087A000-memory.dmp

Filesize
680KB

Download
memory/1964-1908-0x000001FE1EA80000-0x000001FE1EA8C000-memory.dmp

Filesize
48KB

Download
memory/1964-4836-0x000001FE207B0000-0x000001FE21272000-memory.dmp

Filesize
10.8MB

Download
memory/1964-1926-0x000001FE1ED80000-0x000001FE1ED94000-memory.dmp

Filesize
80KB

Download
memory/1964-1929-0x000001FE1ED20000-0x000001FE1ED2C000-memory.dmp

Filesize
48KB

Download
memory/1964-1923-0x000001FE1EA90000-0x000001FE1EA9C000-memory.dmp

Filesize
48KB

Download
memory/1964-1920-0x0000000000880000-0x00000000008EC000-memory.dmp

Filesize
432KB

Download
memory/1964-1917-0x000001FE1ED60000-0x000001FE1ED78000-memory.dmp

Filesize
96KB

Download
memory/1964-1932-0x000001FE1ED30000-0x000001FE1ED3A000-memory.dmp

Filesize
40KB

Download
memory/3520-6248-0x00007FFD56900000-0x00007FFD56911000-memory.dmp

Filesize
68KB

Download
memory/3520-6243-0x00007FFD60360000-0x00007FFD60377000-memory.dmp

Filesize
92KB

Download
memory/3520-6253-0x00007FFD555C0000-0x00007FFD555D8000-memory.dmp

Filesize
96KB

Download
memory/3520-6242-0x00007FFD61380000-0x00007FFD61398000-memory.dmp

Filesize
96KB

Download
memory/3520-6247-0x00007FFD5C550000-0x00007FFD5C56D000-memory.dmp

Filesize
116KB

Download
memory/3520-6251-0x00007FFD4ADE0000-0x00007FFD4BE8B000-memory.dmp

Filesize
16.7MB

Download
memory/3520-6249-0x00007FFD4E920000-0x00007FFD4EB20000-memory.dmp

Filesize
2.0MB

Download
memory/3520-6250-0x00007FFD55740000-0x00007FFD5577F000-memory.dmp

Filesize
252KB

Download
memory/3520-6246-0x00007FFD5CAB0000-0x00007FFD5CAC1000-memory.dmp

Filesize
68KB

Download
memory/3520-6245-0x00007FFD5DC30000-0x00007FFD5DC47000-memory.dmp

Filesize
92KB

Download
memory/3520-6244-0x00007FFD600B0000-0x00007FFD600C1000-memory.dmp

Filesize
68KB

Download
memory/3520-6252-0x00007FFD54870000-0x00007FFD54891000-memory.dmp

Filesize
132KB

Download
memory/3520-6241-0x00007FFD4C740000-0x00007FFD4C9F4000-memory.dmp

Filesize
2.7MB

Download
memory/3520-6240-0x00007FFD5C5F0000-0x00007FFD5C624000-memory.dmp

Filesize
208KB

Download
memory/3520-6239-0x00007FF77C320000-0x00007FF77C418000-memory.dmp

Filesize
992KB

Download
memory/4868-3105-0x000001BE88940000-0x000001BE89402000-memory.dmp

Filesize
10.8MB

Download
memory/4868-1886-0x000001BE88940000-0x000001BE89402000-memory.dmp

Filesize
10.8MB

Download
memory/5020-1525-0x00000000026C0000-0x00000000026C1000-memory.dmp

Filesize
4KB

Download
memory/5520-6213-0x00007FFD600B0000-0x00007FFD600C1000-memory.dmp

Filesize
68KB

Download
memory/5520-6212-0x00007FFD60360000-0x00007FFD60377000-memory.dmp

Filesize
92KB

Download
memory/5520-6211-0x00007FFD61380000-0x00007FFD61398000-memory.dmp

Filesize
96KB

Download
memory/5520-6205-0x00007FFD4C740000-0x00007FFD4C9F4000-memory.dmp

Filesize
2.7MB

Download
memory/5520-6203-0x00007FFD5C5F0000-0x00007FFD5C624000-memory.dmp

Filesize
208KB

Download
memory/5520-6202-0x00007FF77C320000-0x00007FF77C418000-memory.dmp

Filesize
992KB

Download
memory/5724-4912-0x000001C87E610000-0x000001C87E620000-memory.dmp

Filesize
64KB

Download
memory/5724-4913-0x000001C7DED50000-0x000001C7DED60000-memory.dmp

Filesize
64KB

Download
memory/5724-4890-0x000001C87BC30000-0x000001C87BC40000-memory.dmp

Filesize
64KB

Download
memory/5724-4883-0x000001C65AF90000-0x000001C65AFA0000-memory.dmp

Filesize
64KB

Download
memory/5724-4884-0x000001C65AEC0000-0x000001C65AED0000-memory.dmp

Filesize
64KB

Download
memory/5724-4885-0x000001C7DED40000-0x000001C7DED50000-memory.dmp

Filesize
64KB

Download
memory/5724-4886-0x000001C7DED50000-0x000001C7DED60000-memory.dmp

Filesize
64KB

Download
memory/5724-4887-0x000001C85B630000-0x000001C85B640000-memory.dmp

Filesize
64KB

Download
memory/5724-4905-0x000001C87D250000-0x000001C87D260000-memory.dmp

Filesize
64KB

Download
memory/5724-4906-0x000001C87E340000-0x000001C87E350000-memory.dmp

Filesize
64KB

Download
memory/5724-4907-0x000001C87E5F0000-0x000001C87E600000-memory.dmp

Filesize
64KB

Download
memory/5724-4908-0x000001C65AF90000-0x000001C65AFA0000-memory.dmp

Filesize
64KB

Download
memory/5724-4909-0x000001C65AEC0000-0x000001C65AED0000-memory.dmp

Filesize
64KB

Download
memory/5724-4888-0x000001C85B730000-0x000001C85B740000-memory.dmp

Filesize
64KB

Download
memory/5724-4921-0x000001C85B730000-0x000001C85B740000-memory.dmp

Filesize
64KB

Download
memory/5724-4889-0x000001C87BA60000-0x000001C87BA70000-memory.dmp

Filesize
64KB

Download
memory/5724-4910-0x000001C7DED40000-0x000001C7DED50000-memory.dmp

Filesize
64KB

Download
memory/5724-4920-0x000001C65AF90000-0x000001C65AFA0000-memory.dmp

Filesize
64KB

Download
memory/5724-4919-0x000001C87EA20000-0x000001C87EA30000-memory.dmp

Filesize
64KB

Download
memory/5724-4918-0x000001C85B630000-0x000001C85B640000-memory.dmp

Filesize
64KB

Download
memory/5724-4914-0x000001C87E9F0000-0x000001C87EA00000-memory.dmp

Filesize
64KB

Download
memory/5724-4911-0x000001C87E600000-0x000001C87E610000-memory.dmp

Filesize
64KB

Download
memory/6084-4862-0x0000025FEB020000-0x0000025FEB030000-memory.dmp

Filesize
64KB

Download
memory/6084-4870-0x00000261CB770000-0x00000261CB780000-memory.dmp

Filesize
64KB

Download
memory/6084-4861-0x0000025FEB0F0000-0x0000025FEB100000-memory.dmp

Filesize
64KB

Download
memory/6084-4850-0x00000261CB770000-0x00000261CB780000-memory.dmp

Filesize
64KB

Download
memory/6084-4863-0x00000261EE740000-0x00000261EE750000-memory.dmp

Filesize
64KB

Download
memory/6084-4855-0x00000261EE480000-0x00000261EE490000-memory.dmp

Filesize
64KB

Download
memory/6084-4864-0x00000261EE750000-0x00000261EE760000-memory.dmp

Filesize
64KB

Download
memory/6084-4854-0x00000261ED390000-0x00000261ED3A0000-memory.dmp

Filesize
64KB

Download
memory/6084-4853-0x00000261EBD70000-0x00000261EBD80000-memory.dmp

Filesize
64KB

Download
memory/6084-4852-0x00000261EBBA0000-0x00000261EBBB0000-memory.dmp

Filesize
64KB

Download
memory/6084-4846-0x0000025FEB0F0000-0x0000025FEB100000-memory.dmp

Filesize
64KB

Download
memory/6084-4847-0x0000025FEB020000-0x0000025FEB030000-memory.dmp

Filesize
64KB

Download
memory/6084-4865-0x000002614EEA0000-0x000002614EEB0000-memory.dmp

Filesize
64KB

Download
memory/6084-4866-0x00000261EE760000-0x00000261EE770000-memory.dmp

Filesize
64KB

Download
memory/6084-4871-0x00000261EEB60000-0x00000261EEB70000-memory.dmp

Filesize
64KB

Download
memory/6084-4856-0x00000261EE730000-0x00000261EE740000-memory.dmp

Filesize
64KB

Download
memory/6084-4872-0x0000025FEB0F0000-0x0000025FEB100000-memory.dmp

Filesize
64KB

Download
memory/6084-4875-0x00000261EBD70000-0x00000261EBD80000-memory.dmp

Filesize
64KB

Download
memory/6084-4882-0x00000261EEB60000-0x00000261EEB70000-memory.dmp

Filesize
64KB

Download
memory/6084-4881-0x00000261EE760000-0x00000261EE770000-memory.dmp

Filesize
64KB

Download
memory/6084-4880-0x00000261EE750000-0x00000261EE760000-memory.dmp

Filesize
64KB

Download
memory/6084-4879-0x00000261EE740000-0x00000261EE750000-memory.dmp

Filesize
64KB

Download
memory/6084-4878-0x00000261EE730000-0x00000261EE740000-memory.dmp

Filesize
64KB

Download
memory/6084-4877-0x00000261EE480000-0x00000261EE490000-memory.dmp

Filesize
64KB

Download
memory/6084-4876-0x00000261ED390000-0x00000261ED3A0000-memory.dmp

Filesize
64KB

Download
memory/6084-4873-0x00000261CB870000-0x00000261CB880000-memory.dmp

Filesize
64KB

Download
memory/6084-4874-0x00000261EBBA0000-0x00000261EBBB0000-memory.dmp

Filesize
64KB

Download
memory/6084-4848-0x000002614EE90000-0x000002614EEA0000-memory.dmp

Filesize
64KB

Download
memory/6084-4849-0x000002614EEA0000-0x000002614EEB0000-memory.dmp

Filesize
64KB

Download
memory/6084-4851-0x00000261CB870000-0x00000261CB880000-memory.dmp

Filesize
64KB

Download

Resubmissions

Analysis

Sharing

Errors

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads