03021483f92262ea3b1582550ded8599d000638f50eb0990743a124dc7437c80

max time kernel
1049s
max time network
1048s
platform
windows11-21h2_x64
resource
win11-20240221-en
resource tags

arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
submitted
28/02/2024, 22:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ReShadePreset_by_GamboHub.ini
Size

31KB
MD5

753ffc0af0fc2bb5dcd1dd978c2f0f52
SHA1

13fc43c0d9ae481a4462a3e15be2b41b2b7ba39f
SHA256

03021483f92262ea3b1582550ded8599d000638f50eb0990743a124dc7437c80
SHA512

24bf5ce5b842395178b8137d827af72a289f14b524220c2056e23ab225854dce742c7c72464644a50c4b5ba56da16417a422e51df46599cf168c9e8c6bb40052
SSDEEP

768:Eq8x58pWIcRU1ytawZwzZmQcpZJ6V0h2WkXW:EjrDtaIH6V0QWkm

Score

7^/10

persistence

Malware Config

Signatures

Executes dropped EXE 8 IoCs

pid	Process
4084	Aimbot Ninja.exe
1788	Aimbot Ninja.exe
2128	Aimbot Ninja.exe
2072	Aimbot Ninja.exe
1652	Aimbot Ninja.exe
1396	Aimbot Ninja.exe
5624	Aimbot Ninja.exe
4992	Aimbot Ninja.exe

Loads dropped DLL 11 IoCs

pid	Process
4084	Aimbot Ninja.exe
1788	Aimbot Ninja.exe
2128	Aimbot Ninja.exe
2072	Aimbot Ninja.exe
1788	Aimbot Ninja.exe
1788	Aimbot Ninja.exe
1788	Aimbot Ninja.exe
1788	Aimbot Ninja.exe
1652	Aimbot Ninja.exe
5624	Aimbot Ninja.exe
5624	Aimbot Ninja.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-1637591879-962683004-3585269084-1000\Software\Microsoft\Windows\CurrentVersion\Run\Aimbot Ninja = "C:\\Users\\Admin\\AppData\\Roaming\\Aimbot Ninja\\Aimbot Ninja.exe"	Aimbot Ninja.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 4 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1637591879-962683004-3585269084-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-1637591879-962683004-3585269084-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1637591879-962683004-3585269084-1000\{CF29223C-CCBD-496E-91BC-55F2A3FA97A7}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1637591879-962683004-3585269084-1000_Classes\Local Settings	msedge.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Aimbot.Ninja.zip:Zone.Identifier	msedge.exe

Suspicious behavior: EnumeratesProcesses 19 IoCs

pid	Process
1136	msedge.exe
1136	msedge.exe
3048	msedge.exe
3048	msedge.exe
3420	msedge.exe
3420	msedge.exe
2620	msedge.exe
2620	msedge.exe
2620	msedge.exe
5032	identity_helper.exe
5032	identity_helper.exe
348	msedge.exe
348	msedge.exe
1272	msedge.exe
1272	msedge.exe
1272	msedge.exe
1272	msedge.exe
5624	Aimbot Ninja.exe
5624	Aimbot Ninja.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs

pid	Process
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: 33	4520	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4520	AUDIODG.EXE
Token: SeShutdownPrivilege	4084	Aimbot Ninja.exe
Token: SeCreatePagefilePrivilege	4084	Aimbot Ninja.exe
Token: SeShutdownPrivilege	4084	Aimbot Ninja.exe
Token: SeCreatePagefilePrivilege	4084	Aimbot Ninja.exe
Token: SeShutdownPrivilege	4084	Aimbot Ninja.exe
Token: SeCreatePagefilePrivilege	4084	Aimbot Ninja.exe
Token: SeShutdownPrivilege	4084	Aimbot Ninja.exe
Token: SeCreatePagefilePrivilege	4084	Aimbot Ninja.exe
Token: SeShutdownPrivilege	4084	Aimbot Ninja.exe
Token: SeCreatePagefilePrivilege	4084	Aimbot Ninja.exe
Token: SeShutdownPrivilege	4084	Aimbot Ninja.exe
Token: SeCreatePagefilePrivilege	4084	Aimbot Ninja.exe
Token: SeShutdownPrivilege	4084	Aimbot Ninja.exe
Token: SeCreatePagefilePrivilege	4084	Aimbot Ninja.exe
Token: SeShutdownPrivilege	4084	Aimbot Ninja.exe
Token: SeCreatePagefilePrivilege	4084	Aimbot Ninja.exe
Token: SeShutdownPrivilege	4084	Aimbot Ninja.exe
Token: SeCreatePagefilePrivilege	4084	Aimbot Ninja.exe
Token: SeShutdownPrivilege	4084	Aimbot Ninja.exe
Token: SeCreatePagefilePrivilege	4084	Aimbot Ninja.exe
Token: SeShutdownPrivilege	4084	Aimbot Ninja.exe
Token: SeCreatePagefilePrivilege	4084	Aimbot Ninja.exe
Token: SeShutdownPrivilege	4084	Aimbot Ninja.exe
Token: SeCreatePagefilePrivilege	4084	Aimbot Ninja.exe
Token: SeShutdownPrivilege	4084	Aimbot Ninja.exe
Token: SeCreatePagefilePrivilege	4084	Aimbot Ninja.exe
Token: SeShutdownPrivilege	4084	Aimbot Ninja.exe
Token: SeCreatePagefilePrivilege	4084	Aimbot Ninja.exe
Token: SeShutdownPrivilege	4084	Aimbot Ninja.exe
Token: SeCreatePagefilePrivilege	4084	Aimbot Ninja.exe
Token: SeShutdownPrivilege	4084	Aimbot Ninja.exe
Token: SeCreatePagefilePrivilege	4084	Aimbot Ninja.exe
Token: SeShutdownPrivilege	4084	Aimbot Ninja.exe
Token: SeCreatePagefilePrivilege	4084	Aimbot Ninja.exe
Token: SeShutdownPrivilege	4084	Aimbot Ninja.exe
Token: SeCreatePagefilePrivilege	4084	Aimbot Ninja.exe
Token: SeShutdownPrivilege	4084	Aimbot Ninja.exe
Token: SeCreatePagefilePrivilege	4084	Aimbot Ninja.exe
Token: SeShutdownPrivilege	4084	Aimbot Ninja.exe
Token: SeCreatePagefilePrivilege	4084	Aimbot Ninja.exe
Token: SeShutdownPrivilege	4084	Aimbot Ninja.exe
Token: SeCreatePagefilePrivilege	4084	Aimbot Ninja.exe
Token: SeShutdownPrivilege	4084	Aimbot Ninja.exe
Token: SeCreatePagefilePrivilege	4084	Aimbot Ninja.exe
Token: SeShutdownPrivilege	4084	Aimbot Ninja.exe
Token: SeCreatePagefilePrivilege	4084	Aimbot Ninja.exe
Token: SeShutdownPrivilege	4084	Aimbot Ninja.exe
Token: SeCreatePagefilePrivilege	4084	Aimbot Ninja.exe
Token: SeShutdownPrivilege	4084	Aimbot Ninja.exe
Token: SeCreatePagefilePrivilege	4084	Aimbot Ninja.exe
Token: SeShutdownPrivilege	4084	Aimbot Ninja.exe
Token: SeCreatePagefilePrivilege	4084	Aimbot Ninja.exe
Token: SeShutdownPrivilege	4084	Aimbot Ninja.exe
Token: SeCreatePagefilePrivilege	4084	Aimbot Ninja.exe
Token: SeShutdownPrivilege	4084	Aimbot Ninja.exe
Token: SeCreatePagefilePrivilege	4084	Aimbot Ninja.exe
Token: SeShutdownPrivilege	4084	Aimbot Ninja.exe
Token: SeCreatePagefilePrivilege	4084	Aimbot Ninja.exe
Token: SeShutdownPrivilege	4084	Aimbot Ninja.exe
Token: SeCreatePagefilePrivilege	4084	Aimbot Ninja.exe
Token: SeShutdownPrivilege	4084	Aimbot Ninja.exe
Token: SeCreatePagefilePrivilege	4084	Aimbot Ninja.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe

Suspicious use of SendNotifyMessage 20 IoCs

pid	Process
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
3164	OpenWith.exe
3048	msedge.exe
3048	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3048 wrote to memory of 3008	3048	msedge.exe	86
PID 3048 wrote to memory of 3008	3048	msedge.exe	86
PID 3048 wrote to memory of 3864	3048	msedge.exe	87
PID 3048 wrote to memory of 3864	3048	msedge.exe	87
PID 3048 wrote to memory of 3864	3048	msedge.exe	87
PID 3048 wrote to memory of 3864	3048	msedge.exe	87
PID 3048 wrote to memory of 3864	3048	msedge.exe	87
PID 3048 wrote to memory of 3864	3048	msedge.exe	87
PID 3048 wrote to memory of 3864	3048	msedge.exe	87
PID 3048 wrote to memory of 3864	3048	msedge.exe	87
PID 3048 wrote to memory of 3864	3048	msedge.exe	87
PID 3048 wrote to memory of 3864	3048	msedge.exe	87
PID 3048 wrote to memory of 3864	3048	msedge.exe	87
PID 3048 wrote to memory of 3864	3048	msedge.exe	87
PID 3048 wrote to memory of 3864	3048	msedge.exe	87
PID 3048 wrote to memory of 3864	3048	msedge.exe	87
PID 3048 wrote to memory of 3864	3048	msedge.exe	87
PID 3048 wrote to memory of 3864	3048	msedge.exe	87
PID 3048 wrote to memory of 3864	3048	msedge.exe	87
PID 3048 wrote to memory of 3864	3048	msedge.exe	87
PID 3048 wrote to memory of 3864	3048	msedge.exe	87
PID 3048 wrote to memory of 3864	3048	msedge.exe	87
PID 3048 wrote to memory of 3864	3048	msedge.exe	87
PID 3048 wrote to memory of 3864	3048	msedge.exe	87
PID 3048 wrote to memory of 3864	3048	msedge.exe	87
PID 3048 wrote to memory of 3864	3048	msedge.exe	87
PID 3048 wrote to memory of 3864	3048	msedge.exe	87
PID 3048 wrote to memory of 3864	3048	msedge.exe	87
PID 3048 wrote to memory of 3864	3048	msedge.exe	87
PID 3048 wrote to memory of 3864	3048	msedge.exe	87
PID 3048 wrote to memory of 3864	3048	msedge.exe	87
PID 3048 wrote to memory of 3864	3048	msedge.exe	87
PID 3048 wrote to memory of 3864	3048	msedge.exe	87
PID 3048 wrote to memory of 3864	3048	msedge.exe	87
PID 3048 wrote to memory of 3864	3048	msedge.exe	87
PID 3048 wrote to memory of 3864	3048	msedge.exe	87
PID 3048 wrote to memory of 3864	3048	msedge.exe	87
PID 3048 wrote to memory of 3864	3048	msedge.exe	87
PID 3048 wrote to memory of 3864	3048	msedge.exe	87
PID 3048 wrote to memory of 3864	3048	msedge.exe	87
PID 3048 wrote to memory of 3864	3048	msedge.exe	87
PID 3048 wrote to memory of 3864	3048	msedge.exe	87
PID 3048 wrote to memory of 1136	3048	msedge.exe	89
PID 3048 wrote to memory of 1136	3048	msedge.exe	89
PID 3048 wrote to memory of 3096	3048	msedge.exe	88
PID 3048 wrote to memory of 3096	3048	msedge.exe	88
PID 3048 wrote to memory of 3096	3048	msedge.exe	88
PID 3048 wrote to memory of 3096	3048	msedge.exe	88
PID 3048 wrote to memory of 3096	3048	msedge.exe	88
PID 3048 wrote to memory of 3096	3048	msedge.exe	88
PID 3048 wrote to memory of 3096	3048	msedge.exe	88
PID 3048 wrote to memory of 3096	3048	msedge.exe	88
PID 3048 wrote to memory of 3096	3048	msedge.exe	88
PID 3048 wrote to memory of 3096	3048	msedge.exe	88
PID 3048 wrote to memory of 3096	3048	msedge.exe	88
PID 3048 wrote to memory of 3096	3048	msedge.exe	88
PID 3048 wrote to memory of 3096	3048	msedge.exe	88
PID 3048 wrote to memory of 3096	3048	msedge.exe	88
PID 3048 wrote to memory of 3096	3048	msedge.exe	88
PID 3048 wrote to memory of 3096	3048	msedge.exe	88
PID 3048 wrote to memory of 3096	3048	msedge.exe	88
PID 3048 wrote to memory of 3096	3048	msedge.exe	88
PID 3048 wrote to memory of 3096	3048	msedge.exe	88
PID 3048 wrote to memory of 3096	3048	msedge.exe	88

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\ReShadePreset_by_GamboHub.ini
1⤵
- Modifies registry class
PID:4304

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3164

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffbbd353cb8,0x7ffbbd353cc8,0x7ffbbd353cd8
  2⤵
  PID:3008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1916,9421361178914343078,3093589221493791156,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1928 /prefetch:2
  2⤵
  PID:3864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1916,9421361178914343078,3093589221493791156,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2540 /prefetch:8
  2⤵
  PID:3096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1916,9421361178914343078,3093589221493791156,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2296 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,9421361178914343078,3093589221493791156,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:3912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,9421361178914343078,3093589221493791156,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
  2⤵
  PID:3872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,9421361178914343078,3093589221493791156,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4008 /prefetch:1
  2⤵
  PID:3340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,9421361178914343078,3093589221493791156,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4900 /prefetch:1
  2⤵
  PID:4348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,9421361178914343078,3093589221493791156,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3540 /prefetch:1
  2⤵
  PID:4376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1916,9421361178914343078,3093589221493791156,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1348 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,9421361178914343078,3093589221493791156,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4680 /prefetch:1
  2⤵
  PID:828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1916,9421361178914343078,3093589221493791156,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=4580 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:2620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1916,9421361178914343078,3093589221493791156,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5148 /prefetch:8
  2⤵
  PID:2184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,9421361178914343078,3093589221493791156,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3512 /prefetch:1
  2⤵
  PID:2132
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1916,9421361178914343078,3093589221493791156,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5600 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,9421361178914343078,3093589221493791156,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5064 /prefetch:1
  2⤵
  PID:3260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,9421361178914343078,3093589221493791156,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5180 /prefetch:1
  2⤵
  PID:2388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,9421361178914343078,3093589221493791156,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5976 /prefetch:1
  2⤵
  PID:1988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,9421361178914343078,3093589221493791156,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4008 /prefetch:1
  2⤵
  PID:444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,9421361178914343078,3093589221493791156,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3536 /prefetch:1
  2⤵
  PID:3156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,9421361178914343078,3093589221493791156,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6000 /prefetch:1
  2⤵
  PID:2372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,9421361178914343078,3093589221493791156,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
  2⤵
  PID:1484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,9421361178914343078,3093589221493791156,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4016 /prefetch:1
  2⤵
  PID:3152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,9421361178914343078,3093589221493791156,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1972 /prefetch:1
  2⤵
  PID:2888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,9421361178914343078,3093589221493791156,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6132 /prefetch:1
  2⤵
  PID:1112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,9421361178914343078,3093589221493791156,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6200 /prefetch:1
  2⤵
  PID:4172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,9421361178914343078,3093589221493791156,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5060 /prefetch:1
  2⤵
  PID:3324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,9421361178914343078,3093589221493791156,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6324 /prefetch:1
  2⤵
  PID:5100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,9421361178914343078,3093589221493791156,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4516 /prefetch:1
  2⤵
  PID:2572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,9421361178914343078,3093589221493791156,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6508 /prefetch:1
  2⤵
  PID:2792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,9421361178914343078,3093589221493791156,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1236 /prefetch:1
  2⤵
  PID:4528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,9421361178914343078,3093589221493791156,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6004 /prefetch:1
  2⤵
  PID:4168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,9421361178914343078,3093589221493791156,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6928 /prefetch:1
  2⤵
  PID:3156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,9421361178914343078,3093589221493791156,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5264 /prefetch:1
  2⤵
  PID:4104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,9421361178914343078,3093589221493791156,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7312 /prefetch:1
  2⤵
  PID:2916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,9421361178914343078,3093589221493791156,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7592 /prefetch:1
  2⤵
  PID:1584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,9421361178914343078,3093589221493791156,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7248 /prefetch:1
  2⤵
  PID:5036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,9421361178914343078,3093589221493791156,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7312 /prefetch:1
  2⤵
  PID:3460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,9421361178914343078,3093589221493791156,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7348 /prefetch:1
  2⤵
  PID:4824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,9421361178914343078,3093589221493791156,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7840 /prefetch:1
  2⤵
  PID:4448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,9421361178914343078,3093589221493791156,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7360 /prefetch:1
  2⤵
  PID:2844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,9421361178914343078,3093589221493791156,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7780 /prefetch:1
  2⤵
  PID:3100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,9421361178914343078,3093589221493791156,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7592 /prefetch:1
  2⤵
  PID:4848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,9421361178914343078,3093589221493791156,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7732 /prefetch:1
  2⤵
  PID:2104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1916,9421361178914343078,3093589221493791156,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8020 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1916,9421361178914343078,3093589221493791156,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=8020 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,9421361178914343078,3093589221493791156,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5752 /prefetch:1
  2⤵
  PID:3668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,9421361178914343078,3093589221493791156,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7292 /prefetch:1
  2⤵
  PID:1204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,9421361178914343078,3093589221493791156,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6668 /prefetch:1
  2⤵
  PID:4376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,9421361178914343078,3093589221493791156,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7580 /prefetch:1
  2⤵
  PID:2440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,9421361178914343078,3093589221493791156,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7648 /prefetch:1
  2⤵
  PID:5552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,9421361178914343078,3093589221493791156,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7612 /prefetch:1
  2⤵
  PID:5700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,9421361178914343078,3093589221493791156,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7924 /prefetch:1
  2⤵
  PID:5708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,9421361178914343078,3093589221493791156,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8412 /prefetch:1
  2⤵
  PID:6012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,9421361178914343078,3093589221493791156,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6916 /prefetch:1
  2⤵
  PID:5176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,9421361178914343078,3093589221493791156,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8488 /prefetch:1
  2⤵
  PID:1744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,9421361178914343078,3093589221493791156,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7552 /prefetch:1
  2⤵
  PID:5296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,9421361178914343078,3093589221493791156,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4584 /prefetch:1
  2⤵
  PID:1900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,9421361178914343078,3093589221493791156,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1240 /prefetch:1
  2⤵
  PID:5648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,9421361178914343078,3093589221493791156,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8112 /prefetch:1
  2⤵
  PID:5796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,9421361178914343078,3093589221493791156,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7312 /prefetch:1
  2⤵
  PID:6092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,9421361178914343078,3093589221493791156,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8804 /prefetch:1
  2⤵
  PID:5384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,9421361178914343078,3093589221493791156,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8200 /prefetch:1
  2⤵
  PID:5448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,9421361178914343078,3093589221493791156,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7828 /prefetch:1
  2⤵
  PID:5576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,9421361178914343078,3093589221493791156,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1240 /prefetch:1
  2⤵
  PID:5232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,9421361178914343078,3093589221493791156,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8648 /prefetch:1
  2⤵
  PID:4008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,9421361178914343078,3093589221493791156,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9044 /prefetch:1
  2⤵
  PID:3328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,9421361178914343078,3093589221493791156,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8124 /prefetch:1
  2⤵
  PID:2840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,9421361178914343078,3093589221493791156,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8152 /prefetch:1
  2⤵
  PID:2696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,9421361178914343078,3093589221493791156,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5056 /prefetch:1
  2⤵
  PID:5936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,9421361178914343078,3093589221493791156,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9616 /prefetch:1
  2⤵
  PID:5516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,9421361178914343078,3093589221493791156,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9856 /prefetch:1
  2⤵
  PID:3444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,9421361178914343078,3093589221493791156,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1872 /prefetch:1
  2⤵
  PID:5708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,9421361178914343078,3093589221493791156,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10180 /prefetch:1
  2⤵
  PID:6028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,9421361178914343078,3093589221493791156,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=81 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9976 /prefetch:1
  2⤵
  PID:5792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,9421361178914343078,3093589221493791156,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=82 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9772 /prefetch:1
  2⤵
  PID:5824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,9421361178914343078,3093589221493791156,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=83 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8716 /prefetch:1
  2⤵
  PID:5440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,9421361178914343078,3093589221493791156,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=84 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9784 /prefetch:1
  2⤵
  PID:2164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,9421361178914343078,3093589221493791156,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=85 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8108 /prefetch:1
  2⤵
  PID:1580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,9421361178914343078,3093589221493791156,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=86 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9972 /prefetch:1
  2⤵
  PID:6124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,9421361178914343078,3093589221493791156,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=87 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9964 /prefetch:1
  2⤵
  PID:4356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,9421361178914343078,3093589221493791156,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=88 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5640 /prefetch:1
  2⤵
  PID:6072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,9421361178914343078,3093589221493791156,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=89 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6824 /prefetch:1
  2⤵
  PID:3572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,9421361178914343078,3093589221493791156,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=90 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4696 /prefetch:1
  2⤵
  PID:5300

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1772

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1988

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x000000000000049C 0x00000000000004E0
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4520

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1188

C:\Users\Admin\AppData\Local\Temp\Temp1_Aimbot.Ninja.zip\Aimbot Ninja.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_Aimbot.Ninja.zip\Aimbot Ninja.exe"
1⤵
- Adds Run key to start application
PID:1184
- C:\Users\Admin\AppData\Roaming\Aimbot Ninja\Aimbot Ninja.exe
  "C:\Users\Admin\AppData\Roaming\Aimbot Ninja\Aimbot Ninja.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of AdjustPrivilegeToken
  PID:4084
- - C:\Users\Admin\AppData\Roaming\Aimbot Ninja\Aimbot Ninja.exe
    "C:\Users\Admin\AppData\Roaming\Aimbot Ninja\Aimbot Ninja.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\aimbot-ninja-nativefier-f36b2c" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1548 --field-trial-handle=1644,i,12971574838302205169,10241757203022960224,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:1788
- - C:\Users\Admin\AppData\Roaming\Aimbot Ninja\Aimbot Ninja.exe
    "C:\Users\Admin\AppData\Roaming\Aimbot Ninja\Aimbot Ninja.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\aimbot-ninja-nativefier-f36b2c" --mojo-platform-channel-handle=1960 --field-trial-handle=1644,i,12971574838302205169,10241757203022960224,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:2128
- - C:\Users\Admin\AppData\Roaming\Aimbot Ninja\Aimbot Ninja.exe
    "C:\Users\Admin\AppData\Roaming\Aimbot Ninja\Aimbot Ninja.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\aimbot-ninja-nativefier-f36b2c" --app-user-model-id=aimbot-ninja-nativefier-f36b2c --app-path="C:\Users\Admin\AppData\Roaming\Aimbot Ninja\resources\app" --no-sandbox --no-zygote --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2272 --field-trial-handle=1644,i,12971574838302205169,10241757203022960224,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:2072
- - C:\Users\Admin\AppData\Roaming\Aimbot Ninja\Aimbot Ninja.exe
    "C:\Users\Admin\AppData\Roaming\Aimbot Ninja\Aimbot Ninja.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\aimbot-ninja-nativefier-f36b2c" --app-user-model-id=aimbot-ninja-nativefier-f36b2c --app-path="C:\Users\Admin\AppData\Roaming\Aimbot Ninja\resources\app" --enable-sandbox --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3148 --field-trial-handle=1644,i,12971574838302205169,10241757203022960224,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:1652
- - C:\Users\Admin\AppData\Roaming\Aimbot Ninja\Aimbot Ninja.exe
    "C:\Users\Admin\AppData\Roaming\Aimbot Ninja\Aimbot Ninja.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\aimbot-ninja-nativefier-f36b2c" --app-user-model-id=aimbot-ninja-nativefier-f36b2c --app-path="C:\Users\Admin\AppData\Roaming\Aimbot Ninja\resources\app" --enable-sandbox --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3340 --field-trial-handle=1644,i,12971574838302205169,10241757203022960224,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    - Executes dropped EXE
    PID:1396
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://d3srxd2wvksmqd.cloudfront.net/public/dynamo/lockerClick.php?offer=53174327&offer_position=4&it=3845692&m=0&visitor_id=Vdb9d03a63adb2&cpguid=&hash=8e96f2fae91dbd228ad9fb6e50d48ead
    3⤵
    PID:1460
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffbbd353cb8,0x7ffbbd353cc8,0x7ffbbd353cd8
      4⤵
      PID:4380
- - C:\Users\Admin\AppData\Roaming\Aimbot Ninja\Aimbot Ninja.exe
    "C:\Users\Admin\AppData\Roaming\Aimbot Ninja\Aimbot Ninja.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --user-data-dir="C:\Users\Admin\AppData\Roaming\aimbot-ninja-nativefier-f36b2c" --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2052 --field-trial-handle=1644,i,12971574838302205169,10241757203022960224,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious behavior: EnumeratesProcesses
    PID:5624
- - C:\Users\Admin\AppData\Roaming\Aimbot Ninja\Aimbot Ninja.exe
    "C:\Users\Admin\AppData\Roaming\Aimbot Ninja\Aimbot Ninja.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\aimbot-ninja-nativefier-f36b2c" --app-user-model-id=aimbot-ninja-nativefier-f36b2c --app-path="C:\Users\Admin\AppData\Roaming\Aimbot Ninja\resources\app" --enable-sandbox --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=776 --field-trial-handle=1644,i,12971574838302205169,10241757203022960224,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    - Executes dropped EXE
    PID:4992
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://d3srxd2wvksmqd.cloudfront.net/public/dynamo/lockerClick.php?offer=53251401&offer_position=1&it=3845692&m=0&visitor_id=Vdb9d03a63adb2&cpguid=&hash=469734e9dcf9b5aa0f66ebc7cbb9a2b2
    3⤵
    PID:6016
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x12c,0x130,0x134,0x108,0x138,0x7ffbbd353cb8,0x7ffbbd353cc8,0x7ffbbd353cd8
      4⤵
      PID:2464

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d459a8c16562fb3f4b1d7cadaca620aa

SHA1
7810bf83e8c362e0c69298e8c16964ed48a90d3a

SHA256
fa31bc49a2f9af06d325871104e36dd69bfe3847cd521059b62461a92912331a

SHA512
35cb00c21908e1332c3439af1ec9867c81befcc4792248ee392080b455b1f5ce2b0c0c2415e344d91537469b5eb72f330b79feb7e8a86eeb6cf41ec5be5dfd2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
656bb397c72d15efa159441f116440a6

SHA1
5b57747d6fdd99160af6d3e580114dbbd351921f

SHA256
770ed0fcd22783f60407cdc55b5998b08e37b3e06efb3d1168ffed8768751fab

SHA512
5923db1d102f99d0b29d60916b183b92e6be12cc55733998d3da36d796d6158c76e385cef320ec0e9afa242a42bfb596f7233b60b548f719f7d41cb8f404e73c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
62KB

MD5
c3c0eb5e044497577bec91b5970f6d30

SHA1
d833f81cf21f68d43ba64a6c28892945adc317a6

SHA256
eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb

SHA512
83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
69KB

MD5
a127a49f49671771565e01d883a5e4fa

SHA1
09ec098e238b34c09406628c6bee1b81472fc003

SHA256
3f208f049ffaf4a7ed808bf0ff759ce7986c177f476b380d0076fd1f5482fca6

SHA512
61b54222e54e7ab8743a2d6ca3c36768a7b2cf22d5689a3309dee9974b1f804533720ea9de2d3beab44853d565a94f1bc0e60b9382997abcf03945219f98d734

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
30KB

MD5
a6b4e8315405250e3796d15d51dcc2ba

SHA1
ecc9193572956a0d1b851656c225663697a7e74d

SHA256
72dc64af40f3f9a32933eaea03ad442fad1be9f8b2311138949ffc8aa731c99b

SHA512
2f372bf4ff32f19e3f44a7292d9f93112de888f2d42e951348f974fc169dd5dc2910c5869d5b1803cfc2721461fe299bd667c1907fe954895c853f1473945121

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
63KB

MD5
710d7637cc7e21b62fd3efe6aba1fd27

SHA1
8645d6b137064c7b38e10c736724e17787db6cf3

SHA256
c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b

SHA512
19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
88KB

MD5
b38fbbd0b5c8e8b4452b33d6f85df7dc

SHA1
386ba241790252df01a6a028b3238de2f995a559

SHA256
b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd

SHA512
546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
1.1MB

MD5
115d1f541c027bf6ff8463066c76bebe

SHA1
c7c8954fa5728e37a5826dd6bfe86b0bd9dc83d5

SHA256
72452b7030dccf63e908a6157f8409eb0f66eab6958d74de3706ee9156e084e8

SHA512
142fbf9c2538f7aecfde7c1ab7a585ce16b423b2b730084453d6f471b70c73175b23ea962dd477b4eebc6d1a623f5632c020054b17560f2af4e0db1f1ac0d275

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
32KB

MD5
bbc7e5859c0d0757b3b1b15e1b11929d

SHA1
59df2c56b3c79ac1de9b400ddf3c5a693fa76c2d

SHA256
851c67fbabfda5b3151a6f73f283f7f0634cd1163719135a8de25c0518234fc2

SHA512
f1fecb77f4cdfe7165cc1f2da042048fd94033ca4e648e50ebc4171c806c3c174666bb321c6dda53f2f175dc310ad2459e8f01778acaee6e7c7606497c0a1dea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
75KB

MD5
cf989be758e8dab43e0a5bc0798c71e0

SHA1
97537516ffd3621ffdd0219ede2a0771a9d1e01d

SHA256
beeca69af7bea038faf8f688bf2f10fda22dee6d9d9429306d379a7a4be0c615

SHA512
f8a88edb6bcd029ad02cba25cae57fdf9bbc7fa17c26e7d03f09040eb0559bc27bd4db11025706190ae548363a1d3b3f95519b9740e562bb9531c4d51e3ca2b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
105KB

MD5
24cab279a1b1479cd2848b4cf4db97d8

SHA1
c59c889167dfa25ea85e0ab5b93db29270cd9a3a

SHA256
2feef54f715ea3e6192ec7a9d30e910044968a41d8fe91fc9b1b469ad574df51

SHA512
d1ec7ed765e5ec1b5e095a917437ddcd783ad01a1d6025f1125906617afc24e1d3a9cd702616d18c4231e5ffe60e5326a8dee855db42bc417568283c310e5c10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
155KB

MD5
65b00bec774c969842aceb3199fbe254

SHA1
bd464411b9578497f081a5f8b6c04180b6ee0f0a

SHA256
d604e67e9d16b6b3d2f10687a36ec00597c48288fa60bfa957bd3ca78eadceda

SHA512
0c89ad2ca25ecd9058e42ed477bf6cd1512859c7ac63701206a82f2591b2878acc7f9354b6a23245fd186ca9b3c809cf7700c0e3e43f469c37580d8531d3beac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
109KB

MD5
bb3fc9718561b34e8ab4e7b60bf19da6

SHA1
61c958bedf93d543622351633d91ad9dda838723

SHA256
d6ea500b6752094a4c340d4f5ed01afdca1925006077560d9a3f56054cd8d141

SHA512
97da30e9a0d14e6f9151539b77b2216e0f6b6cc4742f075077f9ff92f46f8b97e82f020c562625261eaa01bcf810ce81c0b7b71340ac566aef1bef5a07dac63e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000031

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000048

Filesize
2.9MB

MD5
82eba5370a8e884414efc040b06bac54

SHA1
d02279cc39fa1d8597b95519487e74c0d9ad6d64

SHA256
da3913fbce930bf24c7d5e88d0409675c01302cc3c5ffd018a59ad60436ef1b8

SHA512
1a31be00f560db072f29b17ea5dd48b305faf41d1c291b7300865c3aea9ab0956d64e118b844d76d5bc81dad878b02b9440da65c25c07078ac2433b7612a9ffe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000ec

Filesize
37KB

MD5
ee7af9196ae8546ae64d3dbf66dff1b2

SHA1
90911804c6e20da3b5912289a0de6c3707b9f4e3

SHA256
ad3040a42640614306f0b7a3fbf10c20d432929cb0956aef9a37f410cbcc73c2

SHA512
43a3f174f85ec05cd9595fbd12a3179ab5e5cc1a7a6a0c4b02da86676f4a16905d6d6bcfc8e227e039acb7e018a63ef9414bd43ca8c681d9ecf8230afdc7eb90

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00015c

Filesize
195KB

MD5
873734b55d4c7d35a177c8318b0caec7

SHA1
469b913b09ea5b55e60098c95120cc9b935ddb28

SHA256
4ee3aa3dc43cb3ef3f6bfb91ed8214659e9c2600a45bee9728ebbcb6f33b088d

SHA512
24f05ed981e994475879ca2221b6948418c4412063b9c07f46b8de581047ddd5d73401562fa9ee54d4ce5f97a6288c54eac5de0ca29b1bb5797bdac5a1b30308

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\26535df81b2a57bd_0

Filesize
2KB

MD5
77b15e065b75dfba87037ce89bb06778

SHA1
e50873f3bc85b08e35ce6539c59adb968cb0cf41

SHA256
96739f225bb0e71c5e6ce634e5e7c2b0eea3e995b6fba1d78677c332ea892d85

SHA512
ef50bbc561095eafaf790b495552e71ae635731f27bf421118294c45f0bc7597c4aa33f4e049538431513d56bcaf931ad16de00f07917c3df0d34463f44b69ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\53ac5abc87e80789_0

Filesize
3KB

MD5
1627c14956871526fe7acff90b6ebac6

SHA1
6c9c9332a120c6744f75466595729d2219a54513

SHA256
ff43107fd6177c6f63ee0338c9b52a66ddfa72614fa726741d8ac152d90e0bfc

SHA512
cb4ba4fabce0852617da28714395e8e096ff8e5a19bacfd804457f9bc6de318e55b389cbcae16e361dc318fe62886efde9e9ca2a75024fce7aea5aa8a0d99b5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\74b88724f60b0383_0

Filesize
2KB

MD5
770e3907c4acaf860fa8488fa95f2300

SHA1
55f14c67d90b4c010480342004b5a7f6abb48647

SHA256
175493fd976ec3df5ef9f0690e1e99aabf559c4b50fe01342fe41b48be8dad24

SHA512
434002bcc8c2bcbc97dfdad9d7211447ad25f0c6859159b548859d85b00a1524b67bd3ad74d12c625b9552a8c43ca38240bf67dc058881b3843b35670ce5e202

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8781fa41e6538ca4_0

Filesize
4KB

MD5
5f38ec656f4a9bf1be8dd5a7bb67608a

SHA1
134fa563fdac7acf59415822d4cd3f14174705ee

SHA256
d63583c90ce8cf4692d15d4a7a190ba3b41de6bfb14aa469e153b83375473a67

SHA512
400d8d4145e703e134fcf6cfa48a117403b336f9deca750cb6cebb2cfa3ed95d5b1ee85c8b72a35b7caa9e10d4118ad0d776cf51c75f361bfbbb84767ae465dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\af48edbd3578ee3b_0

Filesize
5KB

MD5
26eed67647eab4fd8f37dcc6948df6e3

SHA1
f6c6c6a7d6c2e24cf4ff9eb8fae8f68beaad646f

SHA256
7705ed00e90a223c13f4d316051fc01125b49d494c941308d7d5ae49a9104bec

SHA512
627dc3fa3bb21977daba8c3019d7cfd25a4fb0fb0fc0f4f26931d10ea59fcefd00a9b2ce97e72bf5ca799bfb924553fc9a8d572eaf90ee342ffe22dab9f66e23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\cca6dff0f171f457_0

Filesize
35KB

MD5
22f57e6838d5de38a84996cab40de9a0

SHA1
6d4d20e580e4be83b2fbff25b1ba0507387a49f1

SHA256
f0d7c7158f96118abbbeee1e7c2e579dbc9f72239fefc8f6e97f04aeb08abf28

SHA512
1a6d93d1adafbd0a6d299bcfbc24fdfeec12bda5258826e20fec1cd09ea24bd4e21a3e8954cb6ceec79a55bc38adff95b81141993d8aa96e75e1f8d9233badfc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d145f69efc16229a_0

Filesize
4KB

MD5
2e508dcc225cb37c563d57643ca5de89

SHA1
0b422ec92b9de8268bb122f7099db8dfac35d3dc

SHA256
cfdc10c2ffb1b04bc40880f929ff9f33123e0b22567c5353bda13c0b677a22a3

SHA512
b431e5c3e865b4f407c996f139940a7a5686ca86c8ac9ab7dc101456807b5118ffde13a9da3569027d6618a37b147f8f23b1a04832c7762636943974e1dbcd1a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f89251fac2b69325_0

Filesize
3KB

MD5
bbc365575668686a8bfc07b9d49fa2d0

SHA1
283376f8aebbb9b9d60e59283b45fde99b43c958

SHA256
ed1b2008d38936a11fd5e547b5b2daa0a7fff0fd9fb00e24b77db1da0be72215

SHA512
dc90696903983839259359e6b0c863ea5f7328193baeac414c75a3d74ddd36a055fa265b1610982034795755ebfa94767a64e200c2092975f85725fe15d94ddd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
d6285fef961a2db8e35fbac904ce63b1

SHA1
971c428c4ee0ce56d76f09ce0ff6ff46b45bb4f5

SHA256
d219a1b59bbdf48fc7567132cbc8fd4a7dba9225202521550bcaab6da31ad35e

SHA512
f82fb84f373c28356310f22eee7a2d862d5f38e617f468be7ee1de8d173917e73e8f170ca3e0fd9f7397a3b7d0ed34b4abfaceddef453bfb1a662f13a9b3cbb2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
27894197545d5563761558b3c958fd2b

SHA1
4e36168592f0d42a10a44886e759f3d648b5b962

SHA256
c9126538357289ff57bc4c6f397ffd549c1e72b943b810cc0d4f3363dab30038

SHA512
5778a2de28c54ccb9dd364a6ba5c35acc0a2fade318acbc174cfd35fa0febcbe1a24553b81c26e73788c85c9fb60ed79c179e7e8b4aa1dc30dababd51f80eb12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
7a41863453b799564fe4393e090c1e69

SHA1
0ba469a4c22f84f57dc0a1d3b535e94eaf24015d

SHA256
5ac81510151926c726b380bc90aec63b6415493d9f3a0c1e6fa15925b574d243

SHA512
74c8f8b8e1944f31c6c9809cd0597ef5e230c7d5e7542c0790b722449d9ac9d7e0a8437ac7fa66c277c3c4052c670006de27420a126172365322e898f48335c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
6KB

MD5
3f571ec90dd96b8c4718ba11df39454d

SHA1
6107c30e6f37bd92c508a5a8a840b2a6752101eb

SHA256
def086d850a411d8ea958eef9412d2806637f4d90c69532e6395a65803682dd0

SHA512
ab28d3a791015ca661741ede55c982ca9708d3ea78398da17adc5efd5589cb2455c30e9e134b0a23f925ed181f28a67015a5f7317f1f660fe8a50379d125bd83

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
e8fe7149e55abd8a17728e32e8539abd

SHA1
b84f6ad94e1edce747ec4ff12b22bdba68bcf3d3

SHA256
ae67d88213c713023523ff8de1ec922af8ba069e0a33f9ecf1ed84947a55066a

SHA512
56cc316e0af470679ef86e606bbe5f331d27151e1d48c9c262b599b99c03c9b5c969c80a5d9e2a70ff425cc34a374864f43ced7bd8a1c20d8ab27bc09cc096ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
6c7f6d33021e8067409fa4a3c0e73b61

SHA1
8b1f05ca69fb29f70e3b26a24d0f08adb7571d0e

SHA256
d8b86045735eb2243108da9df01fcc3569e89908af528c3a412cdaa902d85854

SHA512
7aa2e9617b4ece3e5de2afb621e7b9e54376e484d94ea71b22370984922b66b850a0087c0642203d691b7a3266289f48c9081d79cb87e9c402c9647eafa2b348

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
ca6f54789cb0f4309c25568ad83a317a

SHA1
52ddeeb0aed8cbf9cc3cd513f9fa954b5edfcce8

SHA256
0049e9ae5307e1b572afdc4828c3b240cf832a2ee7bc5225f4733fa0e1fefc08

SHA512
5df6dfc7d937fedd85447ed14d5db4b6fb85508b707d6b6246a4933506c5d50e2fee60d52b2357e3fa5337a50fb818ceaa4f89f0b791b6c440b52fbdcfd48ec8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
6KB

MD5
f2080b67dbaeb6aeacef1827bf6ac106

SHA1
0cf43ea686dfd4492abea8f9c665a947c483574f

SHA256
62191eec6fc0fc6e8385a83f311fa1ebc858f9bbf994667dbb010147e696b281

SHA512
41175360b1f3ead5e7e59d1df0f45339f9c1eb4c05fb8b18da3cfd8604ce4b28254f7347a44d8595389e66d87e3228b27f0f12624ddb68b8d94e3c51b3597c87

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
15KB

MD5
bc0c0ce54ffa501355d60dfff42a2ef4

SHA1
b10997fb07e9f44a938e6b2c29e5fc16953e5513

SHA256
2810a02ea742951aad00997c181e6ed2d5b47c5a92e4c6ef4e81c4acdeff7623

SHA512
87f8025e3aa1d26ca26509fde11aaef4f4d68ef020b67a06bd42ca9f05795aa71cf1ab1614e17b58c547db4044c173887ca8638118454166f049e1c0d103db75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
2523447b88731a3b0571af32ce015fcc

SHA1
49e65843d1bc5a577122382b9fafce60292798d6

SHA256
d03eee673faef87a4705522f248d821c6479ff33fbd194296039eb1bb111f07f

SHA512
d69aab9cb970225c7ed80acbac2cb26e1ffbbb435f28f36357de2b9fbb20c257f0b54bac14cbbaae2bae08598dc7fb6dc774a060756b4fc313db20f829a014da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
10KB

MD5
8eb154140693184909b98bd53776ec53

SHA1
21788acb67b9f1933d24413398587e122fae87c3

SHA256
88c10cbf6cc75dde0f42005a3d890c007ee34da73f46cccf1c239e102569b7b7

SHA512
788d67733bcaac897ad618f99bb05339991bcace675eef63e14aef505541b503d0ce4ab709ebb12ad43027437caf693e8f584818270198a5aca40b86af2e3103

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
8KB

MD5
d3d17dbd9bd421e75d4919b7515ff54a

SHA1
c26025771a50ab34a3d4ba7e55dc9e22337d6eda

SHA256
3a4417fbe4822ba0de9b4a38a3d20a30e8f4f5140eb4b9ac0c6770ecae089a55

SHA512
64c3b686f526b9a8faa07eef6c19fd486d679bec230e2aad96830151972b06f17cdc835138aa4f2e4714a4c1e52458b444926f4445ebc9cde4935b8fa25e3800

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3736ad14174a0c60da1fb4aa72e2e2f0

SHA1
fdd68b05056fffa3602dea3400738e60dc604d85

SHA256
6f7a511b1378ed5f4b7426c588b7bfcd00061bfc10946314db36fa3bcd916e0e

SHA512
6f719f75309a962ce6683ac62834925ea78feb9abc3bf6e24d095a84c547e804e3a68e10445ee8c06c8c406aa27ec782ed990e685b5fb5bab83b30a05f2f18b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
f9675c18eea40c1f6fd0bc17674d7c95

SHA1
7daa87d58b93681cb9f8595a2beff3e807f30d2a

SHA256
621327f58c0ea71f9c4dd9fdc8b0b633a1d9e7401fb2c9d10974470b3584cccb

SHA512
f88ec99d05ef0eb345195b5c28c6566b1cbfbdfe6892d72cf0ddd940885a3925bd08e131e763f7af72ea1847d9179423356f4e925a57ce92ef1844e7f524d074

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
64f3a2138afd72b96755a8655d526a45

SHA1
1d484ea14846a37183b1715189c5e7df69ef8e61

SHA256
3c3e2df9bd5380a0da4a90ee833a2f8fba322ba1171adb08c0c0a29e7cffcda2

SHA512
e42c85e4ea3769eff3ce2ac0b4238557834945a0e9fffba0e6034f3d1000a151caf3c6c8b91e901510b2ff316cd9e89c69adea7eac5bd253c37ee836a1416d62

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
df636475bf379dd59a17ee439dffe9e4

SHA1
d0f01d8215ea37a8fe7e61efae55c1fa66800d59

SHA256
de705287427acd146227f80e9bfa2c24299a3bfbedb5c1805c2705f61ec2f6be

SHA512
ab406d7b31ec7afc1ebb7223a92fa36802261278a5a93229600e7617e6e962606286e8ea6a3bc7f28b2d2e8f6156d714540db9c2dedf17731b180bd81423192b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
814c4605127476ffddb3db43a5edfe5d

SHA1
dfd2a5d20dea45eb30fbee6c1c4d14b7d2b9d669

SHA256
f6ab9d0c6b8ed49811fd99c8f85fd1b4fe4a5655b71a70769192ec757ce46928

SHA512
73949518263485e0caaed89f453b2e7983bf16380126bda7777a09058f2c5b5a39579d0c181f9d4531ef08e36ff5bbb8cc861153e35a7c6dfd206d2b19980623

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0a2f25777f3c0c09f97459bc89baf9e0

SHA1
08b1800ac37d4e8220f9339767ae4231f6e63122

SHA256
e8070dfad7c6b9802551d4bad3c7f5bcfc83b3b6d2eaa0b6d75ac4319f1b41eb

SHA512
f9a7f59ae8903c4c5573144a3233b214946789c0b82b8ae856c4ca34649c3f69631dac187a0f57a6aee84f83dbc46d30d57332713eb9626285e74353ba6c283d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d92557bc68e2df423874382954088d08

SHA1
9290b836089113de374b4fe706daf133923e2d42

SHA256
ba792a44dcab0c365a3c4fe5ec571ab8b9aa0857441f7f6e0e518973575315a0

SHA512
abda1bb1eda17c185aa4ed3d5f31944e62a2347dbff44e99a3047a9e9c4826859e11d0086e1f51c237a895a5c6f062b4a1b4b0a23030ceffbb312e45bf7f73e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
16KB

MD5
666f2338f59e2ce267a010f320e90de5

SHA1
47f61528ab3291f3932cfbffecfe319253bbfdaa

SHA256
fda14588373d3566f959eaa1dea2ba4addbfe8a2ba7b490e1c6846338dbe4926

SHA512
ce5bb256cdf9b0504d46cab77f1e0aba9de22a49d7aa0765de1ee0a7d4140838a58b753ef58bc483120881ba8fa9755a058e423f811c8df8aed5107d0a7b15f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
1e670d2dc4051a006fa1a76330ea0829

SHA1
fae43ee8db363ae147851abbe5fc835d70e2be1c

SHA256
78ae24817b82fd8770c4a882db765ead43f313b290d5285a861bc8e26e8905b9

SHA512
e42bec15d55321377946f4959892259a358415f18a2cf03092cb81cd6965e98ec9f5f189a4539e36411d93b252c2bb02046cd141198c8df7bc0c758f67fa723a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
109d663efbed5c69e99c1d9bd2bc32d5

SHA1
313f3c6a5957259e12e4ba5253a4d3fe6d9825ca

SHA256
e0a05096e2ad0e08a8a725d01a9fdf1220956ef7ec8cf96c44b05ec9ba0c55c1

SHA512
4b3b00c27a6b27abc5b2446087d21283e48ba15afc5c4a038e2c52856804c5c77884268f1a14c1ee602c78a75647ca8996a16ffe1c89d0d652b9aafe79c8a1db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
307d6fb55f9edcdd2ee0846faec458e5

SHA1
6ce118bf734584d469a703569cdfe50bd96a7421

SHA256
19f9cae2fc17a1bd5cf13d5412ee1df46e4a31021e538743341c4775a163c8a6

SHA512
22216045a9f2bb72bf304c50786e3d4ef0c8954c30f6a4c79cf58b006a9d834a4f3908f3716b8ee5d83829bb59d0402b97d6a45ea610bb28aa147c1c4180b81e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
8360d736bee05355e9436241d1d3710e

SHA1
79b80c317f729c0330c320fe215c244317914eb8

SHA256
b785e890c6e81455c5ea8cffcc6099a1fc313cc52c996d7edb0f3b4301b9f531

SHA512
512777142a60b18789269a0f72f245439fdbe016ce5aed0ae14cd814a992039e3d369cc440978d00df92896793434a859067e3f8b7e1bb502a8f7e04901fb7df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
cc914cbb37828de48520ae659a735dd0

SHA1
f5bd13cac10c73a209f5b31e9aa7450554ddd95d

SHA256
edb016dfc11bb90fdb11f5a6e382efbb3cd80878bf5835f7fbeda9dd1dc96d29

SHA512
cfbcabd0faaf53887f676a191facff7393d8e1a3c423c516268b560bdc0eff4eb1c237b67f2a9436a5b0d7b56e921e29c9ffd44f0699a1dd0df3345ef07e7bd3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
c5ae2eb24173c048b32a06a293a0e19d

SHA1
b0a05c5c27bc28be67e27a2adb67baed7b7a5e7c

SHA256
a1c111cb572bc756d7e49c836b3de93fef5a2536cc993cc1debb2f5a95550042

SHA512
0a31b2f05102ee03eeed5ad9b98462e568a8d509a46f027e7d20ff49b631d6d467ab19db0a94fe726c5dfdd6a4cb09df638499bf35706a67ba9201614ec2733b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
17KB

MD5
8448fc5ab4acc027a60db3922511f84c

SHA1
82aeffe41212e2930efaa21c26be7cf711d75048

SHA256
a18308c30c713cfb51b3d696a3f7880a1b911ac8067b4bc89b14ebd2a427650c

SHA512
625192cf2bb47a079d002bdf64371719e8091d90c1e1af4b94ccd64a92909c2782f7ffd7deaccdcdc0c34607bfd03ce3293714597c26371eccbb6b0b6bec1731

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
05460a9ec5c807fcbd1d1c0f01eb12ac

SHA1
f6fb487556a14ff748da2f9203c6e72285e63ba1

SHA256
62477df0f3c5c8323dc7c03cdb2114699ffe6a6c1159d7b08e8f153a08dfa4f3

SHA512
b58067741e7b9f51ea98ac24e515cdc9cf0b420e728ab6a0c7c3a90b66348ce24bf17aacdd9f65ef70d83b37437cd7ab178a8ec5f79f6e94f4f2ca43b5c8d57e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
b4d442ece0089e1840909ec3c7e02f99

SHA1
67c24f44a5ebe096bd5cdb9e27a4d99eef6555f0

SHA256
eace471715de2497af94fbcc49aa2eb1fca9911837c52fa655dc2d3346c95b12

SHA512
c8aa7292cbadb3afe512bb3ff9d34960230fc9eb04271ebf4af30026cb3e627d6bd74d92679677aafabba496e375af74835b03fd8a87dfdd39377cc9a05e4f8f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
1d84a559bbb4588f38d34b3101c77930

SHA1
0cabcb9dfdf641ef30cd6fa401abb8e30510fc2b

SHA256
e82d0be56a6ab46a4e2f0445eaeb4bdc083770bee345c19e66759f550067556a

SHA512
b53fc972200eef0b7ed6bf12060f96a74de653c8cab576aea0ef19447cd5f6483d10a27a2fde9581a24910f19922bc20781b0f28fb15af8ed4c1085503acf7fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
1b44013403fdd6d7f1657f949889c2a8

SHA1
24da084d9782a12c6cb2799c3bcff400df14be82

SHA256
8b423ac45aebab6c05e09fdfb7c727336a13cc7502677b3c1bfb0eb0d9327f20

SHA512
d0e7eba3928eab68a1c67f5d637fc3e8b2a317a6b058d7fd191ca2f615fbfc51da58070764b16d190a08a923e6276df63ac1d0ecdd1c6cac9b8c3942bc538096

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
120B

MD5
5245a4e06abc37239c94e84c4ea752dd

SHA1
91b64e0e6836819e669768da8e5a7d89cde90616

SHA256
162a948be699a9abb0bc412fa50fd9016c45f5abf9836db06debbf08318dc847

SHA512
281003a5e2485eab4557c73c98d5aa0257baf6876136df6ab1558459ff11c6c3eeb76c20d507ff96b67352081bc8c67e9341faf22f3b185a0494717720207d0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5c43d7.TMP

Filesize
48B

MD5
274fb8c5d7233ce53ed9a2f1f706e012

SHA1
863d2926b032c66068b8dab3f22403530a4a2c1f

SHA256
5788b454f7da3d1ce86cf06b49bccf7104274cfad125f80d59c90d0e461ee218

SHA512
58ef3d11c43596b57f9563d380029e11306213d26a941f58986e64ba69b154e96808de2d1ba55e907537bccc72bcdcac5c8af6e152b6766d9633209b12902201

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
1fa73860f7bd1d3ba8f5cb6884b8052f

SHA1
b833b43a937e46394a214c9b5e5245533caa45a3

SHA256
457821e0bf1e6df98742586b01bdc05a4b2606703a38de27eff061fb4bc1508c

SHA512
ecbfb25ac9562aae2895e1146715ba5cee18b9797ac263e7e7cf1a368ed55dc33222e6649aee36b48b6a0330e37aa78a90495ea788ac0ed3f3ef3bb487c82731

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
c23459fa487b1f40fbcb4baa8b7c9616

SHA1
8bc38132a5d3c52049f262cac50660e5daecfc8d

SHA256
a773440a2b9b87beebabda9ec5b40ed1e78a54fc016a6c9ec034281c68e0bea6

SHA512
3041ffdefcecfc629dd3780361b62b605d1b6518b3bfe2d87a407cf6bc20e11294b238d033f5e2f4d02869b6cdd9f478da048c942640d770fa7a96fd4fb478d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
ea2a31f6f561aa1d086911c82b172650

SHA1
9d6987813e221d00be961c775a7741064fd5f665

SHA256
df421868966b736f764bd20cb0f24adc0b210fa809d8da9590d5345fe0d73975

SHA512
ee05f301bed410b18ace08d665e41abfd25207bf0ad47da71be561f5e87e574b2ff33c4ea67242503329fa6540dafbfafb7b8fdfdb1ae85d974984ca518808c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
e22f45efcb558c00d53f4a24433ef510

SHA1
da341eeb03f057e2c5d534661feb11abe4a14e18

SHA256
e4789cc69643f8626a88dc0ca72d69871e1a125d499f5d1ae685dafb18e46639

SHA512
3c8272cfb00b8322f276329bf03b0c714d792c168ed3aa910c2616c52a0ac62986861df6f329498cd553a2e080a88e61f59692eed2d12aec04b031cb499ccd52

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
bb09991c2b8af61b4cbe0ffadaac8f1e

SHA1
c7f4e56c9d872bf5fb337207505e06c9178ef332

SHA256
213b4815148d35b825d3c0d6add047a734f35e4b29f96c77ee82c1b6053f74d9

SHA512
cb6fd41180eec2762f8c6a8ea49acdbc962d6c853ed82e9f35a4efcf869abc9e0ea500d92b3780f030c907752a370878a5d884dacfa882871d2bd60231b66b3f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
6d98ff3648cf48bd55bc57b5b5e5593c

SHA1
5f535be4058fd9fcbad253d3000efee2bf430628

SHA256
c602af8f7f02a421a864da0ad44501f9ec0888cb7a1505e0b572a39f6a844684

SHA512
fb17052c0f14c4dd1b984462ce0fb00cbc4a538e7d4296c6a10e85ff7df40c597d02f406e2acbfcf378116271a5cc2474f4fcdc4ea635e141f934e56e163e75c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
4e2db0a898128a672d0848d2b115d40c

SHA1
019121b69d80528bae08304c698f97c7d694eea1

SHA256
282ad0c6d8b1346333f13763f67eda930e8dfed135210f8141f85b40924e7bfe

SHA512
9bc83e8c7398c8400509a5b64a2cf200a8c4061a8aa76791836f0885811554004f56d69b49608c57e47ac2d27a187459b5b4cbc0ac9040cddbf7060aa3e3a52e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
b06030b65a0666c79edadc429db9cdd1

SHA1
8e56551f904c932a74f3e292a9d42c8834e1f1ed

SHA256
6e83a066cbf4dca7dc85abc445d4699c5c710b404a26336efb33802bb57123da

SHA512
9d17e095efaa5fa08763453328c850b84c99c8db2091750c92155e4e3d5425394af397094365bfd68afd4bd5711fd5a99b6e396ce900b25c8017dbc970999c56

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
e3e75e483cfd3fb7192c95e7ed13ccd0

SHA1
3ff019b551ebdd489de5447de9f7ca94c8bc9eb1

SHA256
6704f55299474dd04cce66eb49f0a9162cfc7f30ab4da736277066150af0a449

SHA512
2db953ed2c54649e3c10d727dc96aaec5e1596399b340e78934ab87b248a313d3111c50edec3827834ea887e94f4142eee35ab06694a77c684186105cbc82532

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
4ee5f3bfda9dddd0246f19d3b78d6cd3

SHA1
b4c91c543d6b5f00cbcdc8aa7bbc2a2ebb24d9ab

SHA256
9acb978f4c220d6fbdfae988d7674d3d63a81960b5f9aa50eda6e9b9aaf61c36

SHA512
c3ab7c2993c97d159cd791b37bd513791b5d5dfc12bde53f9255ed97cf40767a4b3d93026b7efd5edca9a22658673542466632d9de0bdbc60b34925ca2875162

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
70aa1aabb2d4c23e1ad9a4fb354e8b2f

SHA1
9082e49ebf58021a6482625fb89a4f9ba507694b

SHA256
d97b5d63b882fb08f298c16c7056d5fff709bc257e6b2b2419bf189952aef7fe

SHA512
62db08ddab01755ea16ae86c22b77b847b9c81262c03c3304b144ed1eaa0d2bd550057da56aecfe57ef6e90d23e8146835b02873826b4cc28c8b0a79ff0466a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
c8247b974855c16ceb6e3ce3e2b00e41

SHA1
e5b908fa6b795863b11ed67981b180c2fc7052e2

SHA256
ac26c9600b4120f1184be4e7d38e00caace53ea38f522ea7d367fde805866891

SHA512
f4f45f1bc3ca2b805bc9c53863c80eaef4a1109666f34cdfc38cf102bb80c0d0f5b9592cc5c058737e248e7a8aeab2ff9d5f45a603ea1e71da70dde5814aedfd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
ff7e387f9d0509d09bfc28349448d195

SHA1
94b2063f8a3a12a0bb815019b44d8ebd68d507d6

SHA256
21679828e279984cd8a6d172364c72ae3cbecdc5bea4857b30690cae65072a9d

SHA512
0b6ccd79bb8766ab6bf1f1098b5168bb2c9ae97c1bec307d24e081955f5abf2988ed178ec0b390fc33d98b714da6a302c64c839196be45bd08e7625754359681

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
31195b7de7227fdcc7cc98849523730f

SHA1
a64e08dff83291653c0ed022307710a1834a8db1

SHA256
60a29c38226fabfcca1e850eaab520f8cda0ff82232b6fd40cb1c03da2add699

SHA512
7701ffc74c6067417df4a52a9a92c5edb8070246ebb184361f9636d62d7c91f17cb53ed7ca169a663ed2752e46719afad3bd2f2c592a11668596c3259cf53919

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
005bddffb03efc0226214894a23c92c8

SHA1
562fd4aacceef4982e4f0a1d498fd5d9031f21ab

SHA256
2c8a8493228232ea58794ef7f0e17109943d2f4cc01275a5660f9e26ca415573

SHA512
c3b0bc013778a6ac05cf61dc8c8224a9e206b4f4f1c226398c25ac898964f36269b1ee6bbd5e3abac9a2f1ca63c6faef781ef5e4671297ef74aeeba03c8c903c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
9944fe3891e6c9c7f43716b126c8d4b8

SHA1
e75fec652e08c0f03fa8e69c12cea1ffec55a3a7

SHA256
e1edf339cd416abc0ad331ed1b241128660aaf22e0496fc743a905ffc1db4cc8

SHA512
09d4b536b3a14250cc1b54dc8dfbda73a0251d56cb95ea30e1aa573b1c57dc1747c98ce65166e1b90ad8a1f0d42c751bb637a734bdba18eb2fb1ef3600ef37aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
b0f8ae15ed224559465f16c835adde4d

SHA1
758e3185575bfea60cab56fb63d8df2375ebefbc

SHA256
80492cb86e68141c2b19905b85f1cc36cefab20891539d0b0a74afda2e083465

SHA512
b61f8739ae2f6adfa43819c90d57309ea9fef6a5918f2b58ac36b2e52b3bf5ea2b46c9be960fd69294a8e51490b284417c46cb3cbcd3788db97f2e01d705f5be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
1200c4ca82fc2a6b0310e0fe3825699e

SHA1
0dcdf8ff3ada1219dbc1cf48e0b4d260fe271de5

SHA256
93c3aab4e76dd71a13a34b2e9b4fca6655dea00996da9ae32bfe95ae970705ec

SHA512
71f3de59d2a2f3b5ccf94f4d4a2dca4c8d2ad8cdf198271b624551b7079b228435351651f91ee215f5e7a70bdd32ed1e4d8a44ef7dfc4a70bd402c75466c8e55

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
4f9a9c805efc1352a926bcdbefcb6371

SHA1
f6a17fb50a4d88f5661cac5b0764aebd06488316

SHA256
d56f26e298ec28dbcc20c9fd22035604e7acb2d37c94a66e997ee948080c2809

SHA512
5b5d129b9fa01df90c5f96a24def24531846dd0ab66cf79ab7a2791886c08571d096b071f05a478009463fdedb57cafaca7491e516adfa8514b6d892eaf015b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
5e6d27ba48725a9483519bbe9a36bfd2

SHA1
0aa815d18d7fdac48d6225b2b3821bec00756deb

SHA256
c822201f1699c5bf4b287aa03ce773c11be6c51d3314470a6ff2ded4e54f8833

SHA512
84c682d2d5ac02ec291dd608c8f520473f5706f9f4445aa03d0e8b831b980adb08ea2be6b369ed9db9a7bbe3fd9d2c847b847ef38199bc2f075b12d3c3a142bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57e2bf.TMP

Filesize
538B

MD5
c5fd56fbc70c3fc75fd8366a3cc26c3e

SHA1
c4f440593c65ba9849563cf8f428fcb420d3a6df

SHA256
116fe9b7c9f78b880b0ed6aa7bd0a0468cd9c55f3775477cc057b8176431237e

SHA512
5fc0c28b419d3b3b8ed8a1699f0a59c39449300be82715c29c9c0c5c5bd415c37c69315ee65d72e04bcf950f77e210c4065e46160d85715d8c7a2a7748381d4a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
337db3474be8d28472402065d59199ee

SHA1
33d01ac64769475478a02d5a927f438f17117912

SHA256
ec4d422a879a668cb399a7f42c03f3fcb0bc27150777e6154164ca686d5ae9a1

SHA512
8efd8f526f367ddaa4659b17d5f39f7a3f8d682d7b92ee1fc1fd2fca050d63c03f66e45b6472106156a7212b75ac3bda9f171ed01bfa6a19080f9b269ffce79b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
706df24124d0ba44eb9deddf007ceaf4

SHA1
5c166f7314327ca7e6a0da0b451454cf24aa583e

SHA256
cc0df6076114437886ef96c6798aa1417f7b0496aa36d37a0602017938b51d60

SHA512
f9505fbeae617486b008c2096dccaf393c101155d3d202e139d08fc350e2e48822a10fb374e0a5c106abbe1a46791fb844b7baed28dab3e45054f0a0fff92cfe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
d8a8451d170d17c26dfaece1e8e6659c

SHA1
6c00cab61c53043f68e26287e9f1ed2083665fd2

SHA256
cb79077deadbea8ab4a665b3c42d64f738f7c9b413555ce2346a283b145fc479

SHA512
266bdcf830a3611f5668cc92fb90d2ceb806fe953e53c169a5ad5acb9c878cb672e90666037449dbdddb5e646cb0cede7bdde31ddd8c8625fba1bff0e5d5e891

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
9fbf0186a4ea61415093bc9be04dedc6

SHA1
9401a312873d2860469aabd8c639cb6faad4fc1f

SHA256
0519276c47676e742fb70b6a712f98986b54c0fee0ecc736b6b723f549639fd9

SHA512
6846544eaca359f20f1d652df2b9e6eb9129707c0e7b2fbaf1237acfc62020e30565c53c2205805c0f638aff0f8c3d66119e79a5781658141c5a2f3523e1aa15

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
3bed70bb050259f2b556656bcfbc45eb

SHA1
c2e1686a2efaac419855b36a7fc60d6ba020e9b7

SHA256
3580bab63e0183c0648da1428af1a6443b9c8ee215784754f013dce02ceb6576

SHA512
d1c7598b6f88625dc8606d358f6244cc2a3b468a3d0c05b08a1ba0da5cadf24d889691a4a17a221ff51a4b2b087d328730a6b5fb89fd85aab956bdb9ee4e4507

Download Submit
C:\Users\Admin\AppData\Roaming\Aimbot Ninja\Aimbot Ninja.exe

Filesize
142.2MB

MD5
c9651433c2643c9f64535398232f74b9

SHA1
6c8b87b451216df87d827ec2a79244a604f95da3

SHA256
b7b5a6185acf4ddd5cd0b63632bbe8beed1fb8d973226972b6f3abf4f8846608

SHA512
683d5ed86bebd199fae65b645055a23b1a3241c8f508923d36a520c34cd6dd0768768dadae84a3d95005df28ad3778befe39815caf4777736e162dcd4ab1f458

Download Submit
C:\Users\Admin\AppData\Roaming\Aimbot Ninja\Aimbot Ninja.exe

Filesize
3.3MB

MD5
fd9d94752ef8e0f1230ecbf646e51969

SHA1
837e624312611653a1c453cb649fa37be7a43620

SHA256
2154ccf408f0c4931b448ffc84815452b95d60b9d953996bb6d2451d6e74a8cd

SHA512
2cdc5def49945e6a14a28eed5d16dad3f55c77aacfcc44acede2c9fb3d15c42b7acdad310d386d5c38d6c1a517db5b775fe91d52ca09556d8fb66f3154ce2ca2

Download Submit
C:\Users\Admin\AppData\Roaming\Aimbot Ninja\Aimbot Ninja.exe

Filesize
3.9MB

MD5
7c0fff706614d753a16f545a5ba0db79

SHA1
694c8bcc865df57d18cfff825b3bacc5e87927fa

SHA256
b4980fdb53e6cf3b3cfeb8b58739234b82090abc757d579989dd71ede372ff7c

SHA512
f8263a09de008c3ee44f63920d1e19e62d58f02d092fd0fb66e6cffc86b1df85b4d1205703c235f97b15a6c5bc9d434723aa1dd5fb357fd8f9fe95f510df4dfd

Download Submit
C:\Users\Admin\AppData\Roaming\Aimbot Ninja\Aimbot Ninja.exe

Filesize
1.7MB

MD5
73860868d296e1e21d1d889e9797e398

SHA1
4acf09ffbd243ffb2f0c076344d481a4bd0b1c21

SHA256
7cf45e2789c7549f704c33aebf9e62c65ba2037191f82a4bccf4a20b39e59a3d

SHA512
47a781aa71b0bc7bf13c875b82d8f26bdacedcca1b59ad015001462b8d86a6e800fb778105c8d1535b851063ff903ce250ca5019a48cd5bbade832a962c3fd8e

Download Submit
C:\Users\Admin\AppData\Roaming\Aimbot Ninja\Aimbot Ninja.exe

Filesize
1.6MB

MD5
e88fa4efe6d3f6d0f39668457c58e999

SHA1
c9d8642b1ea03001b12f66fa0fb65494fbbc34e9

SHA256
d42d20d211fb969f52534a540e182dacb968a54d2313f04f899cccc29857b74f

SHA512
2ab8eb51e4e9c6eb2f4a8271b1de615c66afee9d2d02c14b41b975734544098b1ac6dad35ed0c447e16c52380359f4001f3c371a8646a240d3382146dc6a5e85

Download Submit
C:\Users\Admin\AppData\Roaming\Aimbot Ninja\Aimbot Ninja.exe

Filesize
1.5MB

MD5
eb682e815e696deb1e5c57dc763d7988

SHA1
d1355f1c19214d1dd78e3455fc26be8391e67583

SHA256
50657151c2ee125bd0fefdc4e90e23ad3963f18b5514bb0afeeb66a480d18ac7

SHA512
ef1937468e995d2cd2ebfa19b1f1b56eb66a6682a72f92a8844c0eda56ad4e9c8f8793e268357fa572c568f47ef188d5ff48f8c1fa14851f40524278fa68128f

Download Submit
C:\Users\Admin\AppData\Roaming\Aimbot Ninja\chrome_100_percent.pak

Filesize
125KB

MD5
0cf9de69dcfd8227665e08c644b9499c

SHA1
a27941acce0101627304e06533ba24f13e650e43

SHA256
d2c299095dbbd3a3cb2b4639e5b3bd389c691397ffd1a681e586f2cfe0e2ab88

SHA512
bb5d340009cef2bcb604ef38fdd7171fed0423c2dc6a01e590f8d15c4f6bc860606547550218db41fba554609e8395c9e3c3508dfa2d8b202e5059e7646bdcef

Download Submit
C:\Users\Admin\AppData\Roaming\Aimbot Ninja\chrome_200_percent.pak

Filesize
174KB

MD5
d88936315a5bd83c1550e5b8093eb1e6

SHA1
6445d97ceb89635f6459bc2fb237324d66e6a4ee

SHA256
f49abd81e93a05c1e53c1201a5d3a12f2724f52b6971806c8306b512bf66aa25

SHA512
75142f03df6187fb75f887e4c8b9d5162902ba6aac86351186c85e5f0a2d3825ca312a36cf9f4bd656cdfc23a20cd38d4580ca1b41560d23ebaa0d41e4cf1dd2

Download Submit
C:\Users\Admin\AppData\Roaming\Aimbot Ninja\ffmpeg.dll

Filesize
2.7MB

MD5
b41b5ca7e8cdf2669494ae42bf476eca

SHA1
47fe1078383d1f42b62b96bc2aa73e2dd529c3c4

SHA256
308d47179729e3e06f5153c26621bb67af12fca73a37123987176df5fe9be218

SHA512
98d6822f6a7be5c9b86b6d63140f5e1b653021bf666a8611a18c37202f77947676d8c5c59022d99721423d3799375210b46f25c795e62dc1b258fffcfb3f9d2a

Download Submit
C:\Users\Admin\AppData\Roaming\Aimbot Ninja\ffmpeg.dll

Filesize
1.8MB

MD5
ba11c7a12868c8ee39b7b7663abc739c

SHA1
f0c3e86bcb7c4dbdf94dca9f277f144aa786e443

SHA256
85b0282c6793bf52aa1c4658a9f8ba28a9617e5ee009034d3c3f62f120a762eb

SHA512
3408b18a0ad0d2778815c3e21f86ea6f2a9caddff9562b247dfbf4425de0c7bd6ac68542b01d3eb72b1cd6bc83f4a0db257951648db9619a3968ca3cc6a16690

Download Submit
C:\Users\Admin\AppData\Roaming\Aimbot Ninja\ffmpeg.dll

Filesize
1.6MB

MD5
0f23bd51ae07e300d7a7f042859728d0

SHA1
c14667272ad3c376c6422931790a1d363c445cc1

SHA256
10f31880cad908a3be7585361f86bc3d40ebd5698d3f73de4b31aded8f155f38

SHA512
f959795ab25c9527108bf88a06c34591fa246f976a409eeba773aa7de21b3eed7a7c2e1f2f97f4fd9ed142c098ed48120b9a470d862c7abacfdd0af94d39a069

Download Submit
C:\Users\Admin\AppData\Roaming\Aimbot Ninja\icudtl.dat

Filesize
3.4MB

MD5
393ae614dee22bdc9cf79212953f8214

SHA1
ec84b154822b97afeb47811b67d1e8d8dec7a472

SHA256
3bb71783a15728ca1e2f1fa6b91ef8f58641d7059ad442452665d28cf4bbcc7c

SHA512
507c679886dd01484dea7f2ba6086409891dc37f8e6e0834dcececa449fa0517333386a2ba61cbe9df31dc59f302485dbdfad2ebdcaac3fc42cbd39782ae472f

Download Submit
C:\Users\Admin\AppData\Roaming\Aimbot Ninja\locales\en-US.pak

Filesize
115KB

MD5
f982582f05ea5adf95d9258aa99c2aa5

SHA1
2f3168b09d812c6b9b6defc54390b7a833009abf

SHA256
4221cf9bae4ebea0edc1b0872c24ec708492d4fe13f051d1f806a77fe84ca94d

SHA512
75636f4d6aa1bcf0a573a061a55077106fbde059e293d095557cddfe73522aa5f55fe55a48158bf2cfc74e9edb74cae776369a8ac9123dc6f1f6afa805d0cc78

Download Submit
C:\Users\Admin\AppData\Roaming\Aimbot Ninja\resources.pak

Filesize
1.8MB

MD5
7d3785fefd435012f1d47f223785c57b

SHA1
f21fe35075b557110871b08d6ac1b719a80189ef

SHA256
2442c0d532afce6a6fc647f6c4c3ebf56d3fec6e36e7dcbe5405b1572f2457af

SHA512
1472c02c7183a047b919a40b39660c3715a9b44ec3ab423c47e3edf9d2411c289c95299c6ef77c109541e3be8a2d4e55753b410e0a07974f1f86d2c78effe589

Download Submit
C:\Users\Admin\AppData\Roaming\Aimbot Ninja\resources\app\icon.ico

Filesize
171KB

MD5
d1724fd6862f3c4c43dbac223609dbc0

SHA1
1c88897b180def1b185cdcbac8a7a1fb40f6c69e

SHA256
8b2ca127c947d91fd855012e1e3dec88fdb6701cfe2860994a2a7ea53fc47c49

SHA512
7192b57282daf68c4021b9faac38a1f71ad1a6e38a8175a9296205754b975a6d2e18065e743a268302d6de5af0c7e7c47548b49aee3734420bf6a428a4cf55b2

Download Submit
C:\Users\Admin\AppData\Roaming\Aimbot Ninja\resources\app\lib\main.js

Filesize
495KB

MD5
d1bbee38f184cd44322a0bbae13d6b7d

SHA1
900c2362ed581436a7e0b5210ae1cc2fba769ca0

SHA256
3bc4df185354269c757e4c31414ded23866a6e5bb880b07e2ba22e1314281863

SHA512
6ca51132ff3e88c97005c626d913d263a9ed383e64803f66a980ce57e92e3bba16b3008b87480818476cde5979efea6bc2c1edb1472517a93d26d1bccb75d0a2

Download Submit
C:\Users\Admin\AppData\Roaming\Aimbot Ninja\resources\app\nativefier.json

Filesize
954B

MD5
2765160d31d0c5f430c161ee9b6ded2b

SHA1
98e1e7aed01c91c8529c316f0bf00a5a2c194989

SHA256
ac0552c73fd8a809776888f3273f7412dce30dc4e45931620fea1b465b923630

SHA512
5e29237f6ae922b607bbec661421781cd0350223b23eb3e8d62ce0d2a65ce4b2b11f37edd888b209c1432073789327c95e93ca53e12704458db5921e1b714f2b

Download Submit
C:\Users\Admin\AppData\Roaming\Aimbot Ninja\resources\app\package.json

Filesize
599B

MD5
174a23e4d550bf943a59f2e774eb6244

SHA1
949103bac94389663d15fb14ae9525e4030be1ec

SHA256
c1f5d24bb24cb597ea01adcf30d828d5cbd1e697765c051d928290d14cbbc595

SHA512
7c31feedb3d3766185f797610f56c1096af94d0cf9ee5bf44cb158f2af042c61006ec94da5545aadb1d2fdb9a7672acb0d01ae517f26b4174eeb79eb7ff0d90d

Download Submit
C:\Users\Admin\AppData\Roaming\Aimbot Ninja\v8_context_snapshot.bin

Filesize
713KB

MD5
1270ddd6641f34d158ea05531a319ec9

SHA1
7d688b21acadb252ad8f175f64f5a3e44b483b0b

SHA256
47a8d799b55ba4c7a55498e0876521ad11cc2fa349665b11c715334a77f72b29

SHA512
710c18ef4e21aa6f666fa4f8d123b388c751e061b2197dae0332091fbef5bd216400c0f3bca8622f89e88733f23c66571a431eb3330dba87de1fc16979589e97

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
11KB

MD5
e47c567767782800cb30ceeae56728bc

SHA1
684a644e0a0f22507df09c063bdf100e5a2bc897

SHA256
e68b9435eeeb41d8ede1407f863f3de32dcd355468ad9f9750e47e5501e3718f

SHA512
c8e712061490d968c6d2f92ecb15fb0e045453a3cc937cffa01671f39158ae6ee27b543d869e7a538cd12f1b8468c54c02efcab58382563e012144e07e74f1de

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
a062dfa57f6df1e08b00bcf9227ee39e

SHA1
64db1d5be57560f4600199a9b02150986c5d3509

SHA256
163325f932270a8342f546dd1fa10d9ef8c7009d1d608c2adcd9855a1ecaa99f

SHA512
c2f5a57c089ca1e4ba8e3eafed5b9df7a370911c4814e79d1f8a3828f891e84d63430f95bb1e98517452b76f87013a06e55b995e1cf60e581c3c38459e536c97

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
b22d6bb4bb842961ac1e4f8dbb89402c

SHA1
b92e563c44bf823546088a9bf4d20170a5b0251c

SHA256
f2a264ac40e5b135a52d2acc68eb9dd1b0d13bfc73a8d10b9040e6d7167dd66f

SHA512
88fb6070627cc541b6d0b9891f3f34d8a6fe9d347aabe0658c451968459ca9323d1bb0995b467e6268f288f700acf57c8104f3c790acefc87c186503a7fc65ea

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
e02896cb09aaa8472654393f0a63e24f

SHA1
25c426ac37ce218ea9b8aead7544b4f6c6fdb326

SHA256
e52b49eea713e210433fa39dae1448299cface3fbabae85a21d85549f787680c

SHA512
7311513ee3a329fe00d84634fc31280b3012ecf5d177553bc1350b060b4dec11bda48c3d156ca96f9d530f26c42a78ad137df9f710caad5b34ae17c334835573

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
8b899fc8055e92014fbeea0ff49e35fa

SHA1
830638d1444a37e3dd98a971f290f0930d64750c

SHA256
e7bcd04837867008a7e27b399cf0e723ec2df03ad07f7ae3618351c749cfe647

SHA512
b3f5cc3cb2e1ee03182ac6b508f846d5b8ea8c004c7dd67c07c2c4907adc763a779ced0a69bc34ccc16ef1f36dd05384d2eee48170a65a8caef0bda4fbbc148d

Download Submit
C:\Users\Admin\AppData\Roaming\aimbot-ninja-nativefier-f36b2c\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
1fddd0730fb3fd2a2ba056df2482ef14

SHA1
10181d7f00b1a63df6bd204f588b8d2875f5cec8

SHA256
8f910386fb7486496a39e4144094728f0094c4065c59a03d5a1b86cc55d54418

SHA512
8e19a767647b87eddee2fc847b86d4db19e90202bc20ef2f5e119ac758c3caabfd78a3035efa952118aa3f726e098e26d62e3409be505f53fa8db243fc817048

Download Submit
C:\Users\Admin\AppData\Roaming\aimbot-ninja-nativefier-f36b2c\Code Cache\js\index-dir\the-real-index~RFe59a5ac.TMP

Filesize
48B

MD5
4c98a7d836c121af8c3f1239841f203d

SHA1
af37d328be4a7d3f992e2f2b1dbc70c12098d18a

SHA256
096fe50dc66700813ed5ae96a1ee692b1f3205203fa99080ca2a8259251d74cb

SHA512
301649d6acf967838a77a4fec7d22cd7ae16a5a666261a050950a05ee2875836544cf2f40d7503fea5717f50af9cf2636a709d480bd2fca90a881ceb896c12ed

Download Submit
C:\Users\Admin\AppData\Roaming\aimbot-ninja-nativefier-f36b2c\Local Storage\leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Roaming\aimbot-ninja-nativefier-f36b2c\Network\Network Persistent State

Filesize
1KB

MD5
fc49c343d5a59286eb5feb6db15f980f

SHA1
80dc2820e18de717117e637c11145816e12a84d2

SHA256
9ea0130a78449d18823b515b555580f0f1535ba68da0fc12da28427da97fe4fa

SHA512
8b1b64d739eb0a040514d3df74638272e4e5e7caa690952a41236c8d9db043437db94b5ce209a4557e0dac708329b821fdf1b1048f220e33bf32f52eb8fac074

Download Submit
C:\Users\Admin\AppData\Roaming\aimbot-ninja-nativefier-f36b2c\Network\Network Persistent State

Filesize
1KB

MD5
063311a9e4c396251b748e5b1625b383

SHA1
c4babcb0647b5afee2cece8c981751087586d03d

SHA256
62c547c62a11537533f78e27946c95c58077b5039630701948fb72387425a8b2

SHA512
f925d35b81312c0b6f0946a148db094bf6ae03d9da1fe11239ca204066270f8942c5acd8dc04e22a0c6b5a37ba210ac9ba7166d0ecc28df92ef7afa7d68e3a7b

Download Submit
C:\Users\Admin\AppData\Roaming\aimbot-ninja-nativefier-f36b2c\Network\Network Persistent State

Filesize
1KB

MD5
47c0569b7b95998317d7150d37b89df9

SHA1
b33f4890da017fcfd9457019c69dc69be92a6724

SHA256
1ebc99e40a606212fabf5b263f84603d08b6bac1a1065c093e8224e74b0ab054

SHA512
197cebcb90572d7edf6ecc2930475d52d0eaf7c6c9bc814136e5871d63331cf776cd3a3903956331224ca324ebe51d414fbad1ff46f62dda542567a37aaf6de2

Download Submit
C:\Users\Admin\AppData\Roaming\aimbot-ninja-nativefier-f36b2c\Network\Network Persistent State

Filesize
1KB

MD5
d215b96b8acfad6648ce20a79569ff66

SHA1
9ed18356ada6c9f1175eec10158acd4dabdbd576

SHA256
2375993f90bfdae43f348fabd51e084776f26f96869f788393d25d95f130089d

SHA512
d77f25286d8a8a62a3c0da1be6810117cdc1959e98b53fb19dbe908bd0218f088711ad2a64e687d3b2eb1fd98e01cfe0eeaa44758d4d69bcdd0034c41002789a

Download Submit
C:\Users\Admin\AppData\Roaming\aimbot-ninja-nativefier-f36b2c\Network\Network Persistent State~RFe5a5a47.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Roaming\aimbot-ninja-nativefier-f36b2c\Network\TransportSecurity

Filesize
535B

MD5
f22c4272d1be9cbde03b475517ead61d

SHA1
fd1272b6994ac807d10c6a92156d6d5130860398

SHA256
4ac1c0db8a30daa366ce014ec35f4b3da310c90dc0581c7ebc64c8dead6d6137

SHA512
2495421d17f951d6c532b148ea1627d3679236d367c60142a787ee440522f8da68888d0b360082a2351eeed023f399f0f2b519e890fb3c699fb6bebe536c7b72

Download Submit
C:\Users\Admin\AppData\Roaming\aimbot-ninja-nativefier-f36b2c\Network\TransportSecurity

Filesize
533B

MD5
1e11e994d9040567bef847c68939c28e

SHA1
d810ad6fa8239b703329a7c1aeb350fd51b9217b

SHA256
c2b8ad012e3094bca677f5e0706f9edf63d037951266a422cf543506ad990e32

SHA512
d43a343d5ac5a518e4d50fcee359341923c05137833b96e1275f273bfe8326e89081f1a7dddd9a4380a22a8165f0f044508c58ceba64dadb31c3d0eac355aac7

Download Submit
C:\Users\Admin\AppData\Roaming\aimbot-ninja-nativefier-f36b2c\Network\TransportSecurity

Filesize
535B

MD5
101067b9e1c4f422f574ae3d49161ead

SHA1
c9665bdc98ef9b1948f432390b65a39944c6a252

SHA256
b1f9a14f80d1d9c210989395460c872de9ce70e11f4515b979901c637c3060f8

SHA512
47d7a1e7f03b600e1c14d9c8de2663154f8eb441e30aa35af6a90e72ca681b504bb4377d71364d7c5d2b640a222b7526a794c513eaa1c03a4ae9f8c28d222907

Download Submit
C:\Users\Admin\AppData\Roaming\aimbot-ninja-nativefier-f36b2c\Network\TransportSecurity

Filesize
533B

MD5
4b08afadeedd8cca634c9ba80eb47b50

SHA1
60465e74fa3e298e94267be3e7c97d8f736dc591

SHA256
ddff05702b48003a8945255e137dcd6aa964a0952addd42747ec04c30588474a

SHA512
6bed71842b20c1ba5140b9a743f80873343641597cf96a59954140cffe20a087dd41715bc71afa0d71117cc1bd20af81838255eb34a21f2e10071a54a846cf08

Download Submit
C:\Users\Admin\AppData\Roaming\aimbot-ninja-nativefier-f36b2c\Network\TransportSecurity~RFe59c0c6.TMP

Filesize
533B

MD5
dcf15b99c96c8779783e40f90be4c46c

SHA1
eb6a34f59105c82228188f990cd311586c7b1396

SHA256
aa7ef82134b5f3316dc27b050d74891a6d2c54ad70e6dc560f72d8aa47107309

SHA512
7cf3e42b1a39bbf3b3aea9b0efd06697d6e10446bfab8ce51c3e26e1c23e04c0e8757d2eeb1a0239391bab4e3f9dfe5d2b4b973b2f1ac3926c55fee5fe1693f2

Download Submit
C:\Users\Admin\Downloads\Aimbot.Ninja.zip

Filesize
63.5MB

MD5
b615b542dd5ac85c9793a39cc9480e82

SHA1
2125339173d16a7c0a91b4bccb571ead4c46da01

SHA256
a1007471431db48e341c4f62995507baee9a94afe26ef5c413a6251d9e712a2b

SHA512
bde0def52dd09bd7149faa75baa95504d2e7daf3f358080d1787cafb6df71c5be4de406be96249144de271dc39fa509d0f9fa77666cd2091557d108a67503821

Download Submit
C:\Users\Admin\Downloads\Aimbot.Ninja.zip:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
memory/1184-1477-0x0000000000B20000-0x0000000000B21000-memory.dmp

Filesize
4KB

Download
memory/1184-1675-0x0000000000D20000-0x0000000001026000-memory.dmp

Filesize
3.0MB

Download
memory/1184-1678-0x0000000000D20000-0x0000000001026000-memory.dmp

Filesize
3.0MB

Download
memory/1652-1778-0x00007FFBDB770000-0x00007FFBDB771000-memory.dmp

Filesize
4KB

Download
memory/1652-1779-0x00007FFBDCC40000-0x00007FFBDCC41000-memory.dmp

Filesize
4KB

Download
memory/1788-1693-0x00007FFBDCDE0000-0x00007FFBDCDE1000-memory.dmp

Filesize
4KB

Download
memory/5624-2319-0x0000025E64650000-0x0000025E64651000-memory.dmp

Filesize
4KB

Download
memory/5624-2321-0x0000025E64650000-0x0000025E64651000-memory.dmp

Filesize
4KB

Download
memory/5624-2320-0x0000025E64650000-0x0000025E64651000-memory.dmp

Filesize
4KB

Download
memory/5624-2326-0x0000025E64650000-0x0000025E64651000-memory.dmp

Filesize
4KB

Download
memory/5624-2325-0x0000025E64650000-0x0000025E64651000-memory.dmp

Filesize
4KB

Download
memory/5624-2328-0x0000025E64650000-0x0000025E64651000-memory.dmp

Filesize
4KB

Download
memory/5624-2327-0x0000025E64650000-0x0000025E64651000-memory.dmp

Filesize
4KB

Download
memory/5624-2329-0x0000025E64650000-0x0000025E64651000-memory.dmp

Filesize
4KB

Download
memory/5624-2330-0x0000025E64650000-0x0000025E64651000-memory.dmp

Filesize
4KB

Download
memory/5624-2331-0x0000025E64650000-0x0000025E64651000-memory.dmp

Filesize
4KB

Download