03021483f92262ea3b1582550ded8599d000638f50eb0990743a124dc7437c80

max time kernel
1052s
max time network
1062s
platform
windows11-21h2_x64
resource
win11-20240221-en
resource tags

arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
submitted
28/02/2024, 21:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ReShadePreset_by_GamboHub.ini
Size

31KB
MD5

753ffc0af0fc2bb5dcd1dd978c2f0f52
SHA1

13fc43c0d9ae481a4462a3e15be2b41b2b7ba39f
SHA256

03021483f92262ea3b1582550ded8599d000638f50eb0990743a124dc7437c80
SHA512

24bf5ce5b842395178b8137d827af72a289f14b524220c2056e23ab225854dce742c7c72464644a50c4b5ba56da16417a422e51df46599cf168c9e8c6bb40052
SSDEEP

768:Eq8x58pWIcRU1ytawZwzZmQcpZJ6V0h2WkXW:EjrDtaIH6V0QWkm

Score

8^/10

discovery persistence spyware stealer upx

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 41 IoCs

pid	Process
3344	OperaGXSetup (1).exe
3104	OperaGXSetup (1).exe
4820	OperaGXSetup (1).exe
3956	OperaGXSetup (1).exe
1384	OperaGXSetup (1).exe
3700	Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe
4928	assistant_installer.exe
4996	assistant_installer.exe
1940	OperaGXSetup (1).exe
1420	OperaGXSetup (1).exe
1520	OperaGXSetup (1).exe
3468	OperaGXSetup.exe
3568	OperaGXSetup.exe
1456	OperaGXSetup.exe
3516	winrar-x64-700 (1).exe
1296	winrar-x64-700 (1).exe
1648	winrar-x64-700 (3).exe
5736	Aimbot Ninja.exe
6072	Aimbot Ninja.exe
6104	Aimbot Ninja.exe
6116	Aimbot Ninja.exe
5332	Aimbot Ninja.exe
5600	Aimbot Ninja.exe
4592	Aimbot Ninja.exe
1832	Aimbot Ninja.exe
5816	Aimbot Ninja.exe
3204	Aimbot Ninja.exe
5852	Aimbot Ninja.exe
2196	Aimbot Ninja.exe
248	Aimbot Ninja.exe
5896	Aimbot Ninja.exe
2316	Aimbot Ninja.exe
5228	Aimbot Ninja.exe
5304	Aimbot Ninja.exe
4360	Aimbot Ninja.exe
5412	Aimbot Ninja.exe
1044	Aimbot Ninja.exe
7380	Aimbot Ninja.exe
9820	Aimbot Ninja.exe
9552	Aimbot Ninja.exe
4116	Aimbot Ninja.exe

Loads dropped DLL 32 IoCs

pid	Process
3344	OperaGXSetup (1).exe
3104	OperaGXSetup (1).exe
4820	OperaGXSetup (1).exe
3956	OperaGXSetup (1).exe
1384	OperaGXSetup (1).exe
1940	OperaGXSetup (1).exe
1420	OperaGXSetup (1).exe
1520	OperaGXSetup (1).exe
3468	OperaGXSetup.exe
3568	OperaGXSetup.exe
1456	OperaGXSetup.exe
5736	Aimbot Ninja.exe
6072	Aimbot Ninja.exe
6104	Aimbot Ninja.exe
6116	Aimbot Ninja.exe
6072	Aimbot Ninja.exe
6072	Aimbot Ninja.exe
6072	Aimbot Ninja.exe
6072	Aimbot Ninja.exe
5332	Aimbot Ninja.exe
3204	Aimbot Ninja.exe
5852	Aimbot Ninja.exe
248	Aimbot Ninja.exe
5896	Aimbot Ninja.exe
2316	Aimbot Ninja.exe
5228	Aimbot Ninja.exe
5304	Aimbot Ninja.exe
4360	Aimbot Ninja.exe
5412	Aimbot Ninja.exe
1044	Aimbot Ninja.exe
7380	Aimbot Ninja.exe
7380	Aimbot Ninja.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

UPX packed file 27 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x000100000002a8d5-815.dat	upx
behavioral1/memory/3344-835-0x00000000007A0000-0x0000000000D61000-memory.dmp	upx
behavioral1/files/0x000100000002a8d5-843.dat	upx
behavioral1/memory/3104-848-0x00000000007A0000-0x0000000000D61000-memory.dmp	upx
behavioral1/files/0x000200000002a903-853.dat	upx
behavioral1/files/0x000200000002a903-855.dat	upx
behavioral1/files/0x000200000002a903-856.dat	upx
behavioral1/memory/4820-861-0x0000000000160000-0x0000000000721000-memory.dmp	upx
behavioral1/memory/4820-863-0x0000000000160000-0x0000000000721000-memory.dmp	upx
behavioral1/memory/3344-898-0x00000000007A0000-0x0000000000D61000-memory.dmp	upx
behavioral1/memory/3104-899-0x00000000007A0000-0x0000000000D61000-memory.dmp	upx
behavioral1/files/0x000100000002a8d5-900.dat	upx
behavioral1/files/0x000100000002a8d5-906.dat	upx
behavioral1/memory/3956-907-0x00000000007A0000-0x0000000000D61000-memory.dmp	upx
behavioral1/memory/1384-912-0x00000000007A0000-0x0000000000D61000-memory.dmp	upx
behavioral1/memory/1940-1030-0x00000000007A0000-0x0000000000D61000-memory.dmp	upx
behavioral1/memory/1420-1033-0x00000000007A0000-0x0000000000D61000-memory.dmp	upx
behavioral1/memory/1520-1041-0x00000000006A0000-0x0000000000C61000-memory.dmp	upx
behavioral1/memory/1520-1044-0x00000000006A0000-0x0000000000C61000-memory.dmp	upx
behavioral1/memory/1940-1047-0x00000000007A0000-0x0000000000D61000-memory.dmp	upx
behavioral1/memory/1420-1072-0x00000000007A0000-0x0000000000D61000-memory.dmp	upx
behavioral1/memory/3468-1113-0x0000000000F50000-0x0000000001511000-memory.dmp	upx
behavioral1/files/0x000100000002a943-1119.dat	upx
behavioral1/memory/3568-1120-0x0000000000F50000-0x0000000001511000-memory.dmp	upx
behavioral1/memory/1456-1127-0x0000000000BB0000-0x0000000001171000-memory.dmp	upx
behavioral1/memory/1456-1126-0x0000000000BB0000-0x0000000001171000-memory.dmp	upx
behavioral1/memory/3468-1129-0x0000000000F50000-0x0000000001511000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3852399462-405385529-394778097-1000\Software\Microsoft\Windows\CurrentVersion\Run\Aimbot Ninja = "C:\\Users\\Admin\\AppData\\Roaming\\Aimbot Ninja\\Aimbot Ninja.exe"	Aimbot Ninja.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Enumerates connected drives 3 TTPs 8 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\F:	OperaGXSetup (1).exe
File opened (read-only)	\??\D:	OperaGXSetup (1).exe
File opened (read-only)	\??\F:	OperaGXSetup (1).exe
File opened (read-only)	\??\D:	OperaGXSetup (1).exe
File opened (read-only)	\??\F:	OperaGXSetup (1).exe
File opened (read-only)	\??\D:	OperaGXSetup.exe
File opened (read-only)	\??\F:	OperaGXSetup.exe
File opened (read-only)	\??\D:	OperaGXSetup (1).exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 4 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3852399462-405385529-394778097-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-3852399462-405385529-394778097-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3852399462-405385529-394778097-1000\{C447EA41-486C-43AF-9437-2DC98BDAB406}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3852399462-405385529-394778097-1000_Classes\Local Settings	msedge.exe

Modifies system certificate store 2 TTPs 3 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4	OperaGXSetup (1).exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 0f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e42000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	OperaGXSetup (1).exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 190000000100000010000000ffac207997bb2cfe865570179ee037b9030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e19962000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	OperaGXSetup (1).exe

NTFS ADS 16 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 811721.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Aimbot.Ninja.zip:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 769523.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 718230.crdownload:SmartScreen	msedge.exe
File created	C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup.exe\:SmartScreen:$DATA	OperaGXSetup.exe
File opened for modification	C:\Users\Admin\Downloads\winrar-x64-700 (1).exe:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 459249.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 582580.crdownload:SmartScreen	msedge.exe
File created	C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup (1).exe\:Zone.Identifier:$DATA	OperaGXSetup (1).exe
File opened for modification	C:\Users\Admin\Downloads\OperaGXSetup.exe:Zone.Identifier	msedge.exe
File created	C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup (1).exe\:SmartScreen:$DATA	OperaGXSetup (1).exe
File created	C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup (1).exe\:Zone.Identifier:$DATA	OperaGXSetup (1).exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 58920.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\winrar-x64-700 (3).exe:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\OperaGXSetup (1).exe:Zone.Identifier	msedge.exe
File created	C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup (1).exe\:SmartScreen:$DATA	OperaGXSetup (1).exe

Suspicious behavior: EnumeratesProcesses 26 IoCs

pid	Process
2300	msedge.exe
2300	msedge.exe
2304	msedge.exe
2304	msedge.exe
2592	msedge.exe
2592	msedge.exe
1600	identity_helper.exe
1600	identity_helper.exe
4324	msedge.exe
4324	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
2432	msedge.exe
4732	msedge.exe
4732	msedge.exe
2404	msedge.exe
2404	msedge.exe
3204	msedge.exe
3204	msedge.exe
484	msedge.exe
484	msedge.exe
5484	msedge.exe
5484	msedge.exe
7380	Aimbot Ninja.exe
7380	Aimbot Ninja.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs

pid	Process
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: 33	5496	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	5496	AUDIODG.EXE
Token: SeShutdownPrivilege	5736	Aimbot Ninja.exe
Token: SeCreatePagefilePrivilege	5736	Aimbot Ninja.exe
Token: SeShutdownPrivilege	5736	Aimbot Ninja.exe
Token: SeCreatePagefilePrivilege	5736	Aimbot Ninja.exe
Token: SeShutdownPrivilege	5736	Aimbot Ninja.exe
Token: SeCreatePagefilePrivilege	5736	Aimbot Ninja.exe
Token: SeShutdownPrivilege	5736	Aimbot Ninja.exe
Token: SeCreatePagefilePrivilege	5736	Aimbot Ninja.exe
Token: SeShutdownPrivilege	5736	Aimbot Ninja.exe
Token: SeCreatePagefilePrivilege	5736	Aimbot Ninja.exe
Token: SeShutdownPrivilege	5736	Aimbot Ninja.exe
Token: SeCreatePagefilePrivilege	5736	Aimbot Ninja.exe
Token: SeShutdownPrivilege	5736	Aimbot Ninja.exe
Token: SeCreatePagefilePrivilege	5736	Aimbot Ninja.exe
Token: SeShutdownPrivilege	5736	Aimbot Ninja.exe
Token: SeCreatePagefilePrivilege	5736	Aimbot Ninja.exe
Token: SeShutdownPrivilege	5736	Aimbot Ninja.exe
Token: SeCreatePagefilePrivilege	5736	Aimbot Ninja.exe
Token: SeShutdownPrivilege	5736	Aimbot Ninja.exe
Token: SeCreatePagefilePrivilege	5736	Aimbot Ninja.exe
Token: SeShutdownPrivilege	5736	Aimbot Ninja.exe
Token: SeCreatePagefilePrivilege	5736	Aimbot Ninja.exe
Token: SeShutdownPrivilege	5736	Aimbot Ninja.exe
Token: SeCreatePagefilePrivilege	5736	Aimbot Ninja.exe
Token: SeShutdownPrivilege	5736	Aimbot Ninja.exe
Token: SeCreatePagefilePrivilege	5736	Aimbot Ninja.exe
Token: SeShutdownPrivilege	5736	Aimbot Ninja.exe
Token: SeCreatePagefilePrivilege	5736	Aimbot Ninja.exe
Token: SeShutdownPrivilege	5736	Aimbot Ninja.exe
Token: SeCreatePagefilePrivilege	5736	Aimbot Ninja.exe
Token: SeShutdownPrivilege	5736	Aimbot Ninja.exe
Token: SeCreatePagefilePrivilege	5736	Aimbot Ninja.exe
Token: SeShutdownPrivilege	5736	Aimbot Ninja.exe
Token: SeCreatePagefilePrivilege	5736	Aimbot Ninja.exe
Token: SeShutdownPrivilege	5736	Aimbot Ninja.exe
Token: SeCreatePagefilePrivilege	5736	Aimbot Ninja.exe
Token: SeShutdownPrivilege	5736	Aimbot Ninja.exe
Token: SeCreatePagefilePrivilege	5736	Aimbot Ninja.exe
Token: SeShutdownPrivilege	5736	Aimbot Ninja.exe
Token: SeCreatePagefilePrivilege	5736	Aimbot Ninja.exe
Token: SeShutdownPrivilege	5736	Aimbot Ninja.exe
Token: SeCreatePagefilePrivilege	5736	Aimbot Ninja.exe
Token: SeShutdownPrivilege	5736	Aimbot Ninja.exe
Token: SeCreatePagefilePrivilege	5736	Aimbot Ninja.exe
Token: SeShutdownPrivilege	5736	Aimbot Ninja.exe
Token: SeCreatePagefilePrivilege	5736	Aimbot Ninja.exe
Token: SeShutdownPrivilege	5736	Aimbot Ninja.exe
Token: SeCreatePagefilePrivilege	5736	Aimbot Ninja.exe
Token: SeShutdownPrivilege	5736	Aimbot Ninja.exe
Token: SeCreatePagefilePrivilege	5736	Aimbot Ninja.exe
Token: SeShutdownPrivilege	5736	Aimbot Ninja.exe
Token: SeCreatePagefilePrivilege	5736	Aimbot Ninja.exe
Token: SeShutdownPrivilege	5736	Aimbot Ninja.exe
Token: SeCreatePagefilePrivilege	5736	Aimbot Ninja.exe
Token: SeShutdownPrivilege	5736	Aimbot Ninja.exe
Token: SeCreatePagefilePrivilege	5736	Aimbot Ninja.exe
Token: SeShutdownPrivilege	5736	Aimbot Ninja.exe
Token: SeCreatePagefilePrivilege	5736	Aimbot Ninja.exe
Token: SeShutdownPrivilege	5736	Aimbot Ninja.exe
Token: SeCreatePagefilePrivilege	5736	Aimbot Ninja.exe
Token: SeShutdownPrivilege	5736	Aimbot Ninja.exe
Token: SeCreatePagefilePrivilege	5736	Aimbot Ninja.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe

Suspicious use of SendNotifyMessage 22 IoCs

pid	Process
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
5736	Aimbot Ninja.exe
5736	Aimbot Ninja.exe

Suspicious use of SetWindowsHookEx 11 IoCs

pid	Process
5012	OpenWith.exe
3344	OperaGXSetup (1).exe
3516	winrar-x64-700 (1).exe
3516	winrar-x64-700 (1).exe
3516	winrar-x64-700 (1).exe
1296	winrar-x64-700 (1).exe
1296	winrar-x64-700 (1).exe
1296	winrar-x64-700 (1).exe
1648	winrar-x64-700 (3).exe
1648	winrar-x64-700 (3).exe
1648	winrar-x64-700 (3).exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2300 wrote to memory of 3288	2300	msedge.exe	85
PID 2300 wrote to memory of 3288	2300	msedge.exe	85
PID 2300 wrote to memory of 2908	2300	msedge.exe	86
PID 2300 wrote to memory of 2908	2300	msedge.exe	86
PID 2300 wrote to memory of 2908	2300	msedge.exe	86
PID 2300 wrote to memory of 2908	2300	msedge.exe	86
PID 2300 wrote to memory of 2908	2300	msedge.exe	86
PID 2300 wrote to memory of 2908	2300	msedge.exe	86
PID 2300 wrote to memory of 2908	2300	msedge.exe	86
PID 2300 wrote to memory of 2908	2300	msedge.exe	86
PID 2300 wrote to memory of 2908	2300	msedge.exe	86
PID 2300 wrote to memory of 2908	2300	msedge.exe	86
PID 2300 wrote to memory of 2908	2300	msedge.exe	86
PID 2300 wrote to memory of 2908	2300	msedge.exe	86
PID 2300 wrote to memory of 2908	2300	msedge.exe	86
PID 2300 wrote to memory of 2908	2300	msedge.exe	86
PID 2300 wrote to memory of 2908	2300	msedge.exe	86
PID 2300 wrote to memory of 2908	2300	msedge.exe	86
PID 2300 wrote to memory of 2908	2300	msedge.exe	86
PID 2300 wrote to memory of 2908	2300	msedge.exe	86
PID 2300 wrote to memory of 2908	2300	msedge.exe	86
PID 2300 wrote to memory of 2908	2300	msedge.exe	86
PID 2300 wrote to memory of 2908	2300	msedge.exe	86
PID 2300 wrote to memory of 2908	2300	msedge.exe	86
PID 2300 wrote to memory of 2908	2300	msedge.exe	86
PID 2300 wrote to memory of 2908	2300	msedge.exe	86
PID 2300 wrote to memory of 2908	2300	msedge.exe	86
PID 2300 wrote to memory of 2908	2300	msedge.exe	86
PID 2300 wrote to memory of 2908	2300	msedge.exe	86
PID 2300 wrote to memory of 2908	2300	msedge.exe	86
PID 2300 wrote to memory of 2908	2300	msedge.exe	86
PID 2300 wrote to memory of 2908	2300	msedge.exe	86
PID 2300 wrote to memory of 2908	2300	msedge.exe	86
PID 2300 wrote to memory of 2908	2300	msedge.exe	86
PID 2300 wrote to memory of 2908	2300	msedge.exe	86
PID 2300 wrote to memory of 2908	2300	msedge.exe	86
PID 2300 wrote to memory of 2908	2300	msedge.exe	86
PID 2300 wrote to memory of 2908	2300	msedge.exe	86
PID 2300 wrote to memory of 2908	2300	msedge.exe	86
PID 2300 wrote to memory of 2908	2300	msedge.exe	86
PID 2300 wrote to memory of 2908	2300	msedge.exe	86
PID 2300 wrote to memory of 2908	2300	msedge.exe	86
PID 2300 wrote to memory of 2304	2300	msedge.exe	88
PID 2300 wrote to memory of 2304	2300	msedge.exe	88
PID 2300 wrote to memory of 344	2300	msedge.exe	87
PID 2300 wrote to memory of 344	2300	msedge.exe	87
PID 2300 wrote to memory of 344	2300	msedge.exe	87
PID 2300 wrote to memory of 344	2300	msedge.exe	87
PID 2300 wrote to memory of 344	2300	msedge.exe	87
PID 2300 wrote to memory of 344	2300	msedge.exe	87
PID 2300 wrote to memory of 344	2300	msedge.exe	87
PID 2300 wrote to memory of 344	2300	msedge.exe	87
PID 2300 wrote to memory of 344	2300	msedge.exe	87
PID 2300 wrote to memory of 344	2300	msedge.exe	87
PID 2300 wrote to memory of 344	2300	msedge.exe	87
PID 2300 wrote to memory of 344	2300	msedge.exe	87
PID 2300 wrote to memory of 344	2300	msedge.exe	87
PID 2300 wrote to memory of 344	2300	msedge.exe	87
PID 2300 wrote to memory of 344	2300	msedge.exe	87
PID 2300 wrote to memory of 344	2300	msedge.exe	87
PID 2300 wrote to memory of 344	2300	msedge.exe	87
PID 2300 wrote to memory of 344	2300	msedge.exe	87
PID 2300 wrote to memory of 344	2300	msedge.exe	87
PID 2300 wrote to memory of 344	2300	msedge.exe	87

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\ReShadePreset_by_GamboHub.ini
1⤵
- Modifies registry class
PID:4528

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:5012

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Modifies registry class
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff84bb83cb8,0x7ff84bb83cc8,0x7ff84bb83cd8
  2⤵
  PID:3288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1892,11133160257399952194,16487783309311011502,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1916 /prefetch:2
  2⤵
  PID:2908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1892,11133160257399952194,16487783309311011502,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2552 /prefetch:8
  2⤵
  PID:344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1892,11133160257399952194,16487783309311011502,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2304 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,11133160257399952194,16487783309311011502,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:4272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,11133160257399952194,16487783309311011502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
  2⤵
  PID:2444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,11133160257399952194,16487783309311011502,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4876 /prefetch:1
  2⤵
  PID:5060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,11133160257399952194,16487783309311011502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4468 /prefetch:1
  2⤵
  PID:3892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1892,11133160257399952194,16487783309311011502,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3460 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,11133160257399952194,16487783309311011502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4460 /prefetch:1
  2⤵
  PID:2540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,11133160257399952194,16487783309311011502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5404 /prefetch:1
  2⤵
  PID:4128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,11133160257399952194,16487783309311011502,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5428 /prefetch:1
  2⤵
  PID:4628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,11133160257399952194,16487783309311011502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5664 /prefetch:1
  2⤵
  PID:2100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,11133160257399952194,16487783309311011502,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5304 /prefetch:1
  2⤵
  PID:4124
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1892,11133160257399952194,16487783309311011502,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5776 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,11133160257399952194,16487783309311011502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4492 /prefetch:1
  2⤵
  PID:248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,11133160257399952194,16487783309311011502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5232 /prefetch:1
  2⤵
  PID:5048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,11133160257399952194,16487783309311011502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5632 /prefetch:1
  2⤵
  PID:3312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,11133160257399952194,16487783309311011502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4620 /prefetch:1
  2⤵
  PID:4944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1892,11133160257399952194,16487783309311011502,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5920 /prefetch:8
  2⤵
  PID:124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1892,11133160257399952194,16487783309311011502,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3324 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:4324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,11133160257399952194,16487783309311011502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4640 /prefetch:1
  2⤵
  PID:864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,11133160257399952194,16487783309311011502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6688 /prefetch:1
  2⤵
  PID:412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,11133160257399952194,16487783309311011502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6948 /prefetch:1
  2⤵
  PID:2416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1892,11133160257399952194,16487783309311011502,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7040 /prefetch:8
  2⤵
  PID:1532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1892,11133160257399952194,16487783309311011502,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7212 /prefetch:8
  2⤵
  PID:1548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,11133160257399952194,16487783309311011502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6056 /prefetch:1
  2⤵
  PID:4268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,11133160257399952194,16487783309311011502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6216 /prefetch:1
  2⤵
  PID:4928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,11133160257399952194,16487783309311011502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4672 /prefetch:1
  2⤵
  PID:4216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,11133160257399952194,16487783309311011502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5756 /prefetch:1
  2⤵
  PID:412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,11133160257399952194,16487783309311011502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6716 /prefetch:1
  2⤵
  PID:4064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1892,11133160257399952194,16487783309311011502,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=7892 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,11133160257399952194,16487783309311011502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7780 /prefetch:1
  2⤵
  PID:3088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,11133160257399952194,16487783309311011502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8056 /prefetch:1
  2⤵
  PID:408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,11133160257399952194,16487783309311011502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8108 /prefetch:1
  2⤵
  PID:1892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,11133160257399952194,16487783309311011502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6216 /prefetch:1
  2⤵
  PID:2728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1892,11133160257399952194,16487783309311011502,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7792 /prefetch:8
  2⤵
  PID:4608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1892,11133160257399952194,16487783309311011502,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3224 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:4732
- C:\Users\Admin\Downloads\OperaGXSetup (1).exe
  "C:\Users\Admin\Downloads\OperaGXSetup (1).exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Enumerates connected drives
  - Modifies system certificate store
  - NTFS ADS
  - Suspicious use of SetWindowsHookEx
  PID:3344
- - C:\Users\Admin\Downloads\OperaGXSetup (1).exe
    "C:\Users\Admin\Downloads\OperaGXSetup (1).exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=107.0.5045.37 --initial-client-data=0x32c,0x330,0x334,0x314,0x338,0x756561e4,0x756561f0,0x756561fc
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:3104
- - C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup (1).exe
    "C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup (1).exe" --version
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:4820
- - C:\Users\Admin\Downloads\OperaGXSetup (1).exe
    "C:\Users\Admin\Downloads\OperaGXSetup (1).exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=1 --general-interests=1 --general-location=1 --personalized-content=1 --personalized-ads=1 --launchopera=1 --installfolder="C:\Users\Admin\AppData\Local\Programs\Opera GX" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=0 --pintotaskbar=1 --pintostartmenu=0 --run-at-startup=1 --server-tracking-data=server_tracking_data --initial-pid=3344 --package-dir-prefix="C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_20240228215441" --session-guid=a1d6f8f3-d3ec-4169-805e-495dc1af62d4 --server-tracking-blob=ZTQ0YmIzMjYyOWJjZjFlNGY1NmRiYjQwYmU1ZTZhNzliMDBjNWJhNTNjNGY2OTcwZDYyOWI4OTE5ODZkMGNjOTp7ImNvdW50cnkiOiJHQiIsImh0dHBfcmVmZXJyZXIiOiJodHRwczovL3d3dy5vcGVyYS5jb20vIiwiaW5zdGFsbGVyX25hbWUiOiJPcGVyYUdYU2V0dXAuZXhlIiwicHJvZHVjdCI6eyJuYW1lIjoib3BlcmFfZ3gifSwicXVlcnkiOiIvb3BlcmFfZ3gvc3RhYmxlL3dpbmRvd3M/dXRtX3NvdXJjZT1iaW5nJnV0bV9tZWRpdW09cGEmdXRtX2NhbXBhaWduPU9HWF9HQl9TZWFyY2hfRU5fVDNfQnJvd3Nlci1HZW5lcmljX1YyX21zYWRzJmh0dHBfcmVmZXJyZXI9aHR0cHMlM0ElMkYlMkZ3d3cub3BlcmEuY29tJTJGZ3glM0Z1dG1faWQlM0QlMjZ1dG1fbWVkaXVtJTNEcGElMjZ1dG1fc291cmNlJTNEYmluZyUyNnV0bV9jYW1wYWlnbiUzRE9HWF9HQl9TZWFyY2hfRU5fVDNfQnJvd3Nlci1HZW5lcmljX1YyX21zYWRzJTI2bXNjbGtpZCUzRGI2NGUzMGEzMDY3MDFlNzQyZDNhNTU3Y2FkN2YwODc2JnV0bV9zaXRlPW9wZXJhX2NvbSZ1dG1fbGFzdHBhZ2U9b3BlcmEuY29tJTJGJnV0bV9pZD0mZGxfdG9rZW49Njc0NTY4OTAiLCJzeXN0ZW0iOnsicGxhdGZvcm0iOnsiYXJjaCI6Ing4Nl82NCIsIm9wc3lzIjoiV2luZG93cyIsIm9wc3lzLXZlcnNpb24iOiIxMSIsInBhY2thZ2UiOiJFWEUifX0sInRpbWVzdGFtcCI6IjE3MDkxNTcyNjEuMTgzNyIsInVzZXJhZ2VudCI6Ik1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS85MC4wLjQ0MzAuMjEyIFNhZmFyaS81MzcuMzYgRWRnLzkwLjAuODE4LjY2IiwidXRtIjp7ImNhbXBhaWduIjoiT0dYX0dCX1NlYXJjaF9FTl9UM19Ccm93c2VyLUdlbmVyaWNfVjJfbXNhZHMiLCJpZCI6IiIsImxhc3RwYWdlIjoib3BlcmEuY29tLyIsIm1lZGl1bSI6InBhIiwic2l0ZSI6Im9wZXJhX2NvbSIsInNvdXJjZSI6ImJpbmcifSwidXVpZCI6IjcxZTcyZTlmLWFlZDgtNDFiMi1hYmFmLWU3N2EyNWVjMGQxNiJ9 --desktopshortcut=1 --wait-for-package --initial-proc-handle=CC08000000000000
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Enumerates connected drives
    PID:3956
  - - C:\Users\Admin\Downloads\OperaGXSetup (1).exe
      "C:\Users\Admin\Downloads\OperaGXSetup (1).exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=107.0.5045.37 --initial-client-data=0x31c,0x320,0x324,0x2f8,0x328,0x72cb61e4,0x72cb61f0,0x72cb61fc
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:1384
- - C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402282154411\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe
    "C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402282154411\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe"
    3⤵
    - Executes dropped EXE
    PID:3700
- - C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402282154411\assistant\assistant_installer.exe
    "C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402282154411\assistant\assistant_installer.exe" --version
    3⤵
    - Executes dropped EXE
    PID:4928
  - - C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402282154411\assistant\assistant_installer.exe
      "C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402282154411\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=73.0.3856.382 --initial-client-data=0x2a4,0x2a8,0x2ac,0x280,0x2b0,0x5a4f48,0x5a4f58,0x5a4f64
      4⤵
      Executes dropped EXE
      PID:4996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,11133160257399952194,16487783309311011502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2640 /prefetch:1
  2⤵
  PID:2988
- C:\Users\Admin\Downloads\OperaGXSetup (1).exe
  "C:\Users\Admin\Downloads\OperaGXSetup (1).exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Enumerates connected drives
  - NTFS ADS
  PID:1940
- - C:\Users\Admin\Downloads\OperaGXSetup (1).exe
    "C:\Users\Admin\Downloads\OperaGXSetup (1).exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=107.0.5045.37 --initial-client-data=0x310,0x314,0x318,0x2ec,0x31c,0x721f61e4,0x721f61f0,0x721f61fc
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:1420
- - C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup (1).exe
    "C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup (1).exe" --version
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:1520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,11133160257399952194,16487783309311011502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8008 /prefetch:1
  2⤵
  PID:2904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1892,11133160257399952194,16487783309311011502,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5744 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:2404
- C:\Users\Admin\Downloads\OperaGXSetup.exe
  "C:\Users\Admin\Downloads\OperaGXSetup.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Enumerates connected drives
  - NTFS ADS
  PID:3468
- - C:\Users\Admin\Downloads\OperaGXSetup.exe
    C:\Users\Admin\Downloads\OperaGXSetup.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=107.0.5045.37 --initial-client-data=0x334,0x338,0x33c,0x308,0x340,0x721f61e4,0x721f61f0,0x721f61fc
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:3568
- - C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup.exe
    "C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup.exe" --version
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:1456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,11133160257399952194,16487783309311011502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5160 /prefetch:1
  2⤵
  PID:3180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,11133160257399952194,16487783309311011502,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8176 /prefetch:1
  2⤵
  PID:484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,11133160257399952194,16487783309311011502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5452 /prefetch:1
  2⤵
  PID:2720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,11133160257399952194,16487783309311011502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5892 /prefetch:1
  2⤵
  PID:2376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,11133160257399952194,16487783309311011502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7484 /prefetch:1
  2⤵
  PID:1832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,11133160257399952194,16487783309311011502,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5508 /prefetch:1
  2⤵
  PID:1560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,11133160257399952194,16487783309311011502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7040 /prefetch:1
  2⤵
  PID:4804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,11133160257399952194,16487783309311011502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7104 /prefetch:1
  2⤵
  PID:5076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,11133160257399952194,16487783309311011502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5276 /prefetch:1
  2⤵
  PID:840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,11133160257399952194,16487783309311011502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7772 /prefetch:1
  2⤵
  PID:32
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,11133160257399952194,16487783309311011502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6984 /prefetch:1
  2⤵
  PID:2096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,11133160257399952194,16487783309311011502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5872 /prefetch:1
  2⤵
  PID:1468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1892,11133160257399952194,16487783309311011502,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5844 /prefetch:8
  2⤵
  PID:4552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1892,11133160257399952194,16487783309311011502,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7476 /prefetch:8
  2⤵
  PID:4000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1892,11133160257399952194,16487783309311011502,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3452 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:3204
- C:\Users\Admin\Downloads\winrar-x64-700 (1).exe
  "C:\Users\Admin\Downloads\winrar-x64-700 (1).exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:3516
- C:\Users\Admin\Downloads\winrar-x64-700 (1).exe
  "C:\Users\Admin\Downloads\winrar-x64-700 (1).exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,11133160257399952194,16487783309311011502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5848 /prefetch:1
  2⤵
  PID:2060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1892,11133160257399952194,16487783309311011502,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6860 /prefetch:8
  2⤵
  PID:3748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1892,11133160257399952194,16487783309311011502,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4628 /prefetch:8
  2⤵
  PID:1232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1892,11133160257399952194,16487783309311011502,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1972 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:484
- C:\Users\Admin\Downloads\winrar-x64-700 (3).exe
  "C:\Users\Admin\Downloads\winrar-x64-700 (3).exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,11133160257399952194,16487783309311011502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7924 /prefetch:1
  2⤵
  PID:4020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,11133160257399952194,16487783309311011502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5524 /prefetch:1
  2⤵
  PID:2744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,11133160257399952194,16487783309311011502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5904 /prefetch:1
  2⤵
  PID:924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,11133160257399952194,16487783309311011502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5424 /prefetch:1
  2⤵
  PID:4540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,11133160257399952194,16487783309311011502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8052 /prefetch:1
  2⤵
  PID:2348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,11133160257399952194,16487783309311011502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1100 /prefetch:1
  2⤵
  PID:1196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,11133160257399952194,16487783309311011502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6872 /prefetch:1
  2⤵
  PID:2020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,11133160257399952194,16487783309311011502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6200 /prefetch:1
  2⤵
  PID:4744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,11133160257399952194,16487783309311011502,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6184 /prefetch:1
  2⤵
  PID:652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,11133160257399952194,16487783309311011502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8132 /prefetch:1
  2⤵
  PID:4728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,11133160257399952194,16487783309311011502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7732 /prefetch:1
  2⤵
  PID:1068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,11133160257399952194,16487783309311011502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3428 /prefetch:1
  2⤵
  PID:1520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,11133160257399952194,16487783309311011502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=81 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4868 /prefetch:1
  2⤵
  PID:2056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,11133160257399952194,16487783309311011502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=82 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7932 /prefetch:1
  2⤵
  PID:2176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,11133160257399952194,16487783309311011502,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=84 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7140 /prefetch:1
  2⤵
  PID:4236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,11133160257399952194,16487783309311011502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=83 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8072 /prefetch:1
  2⤵
  PID:4128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1892,11133160257399952194,16487783309311011502,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6948 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:5484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,11133160257399952194,16487783309311011502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=86 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3804 /prefetch:1
  2⤵
  PID:4808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,11133160257399952194,16487783309311011502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=87 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7224 /prefetch:1
  2⤵
  PID:2804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,11133160257399952194,16487783309311011502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=91 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6812 /prefetch:1
  2⤵
  PID:2912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,11133160257399952194,16487783309311011502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=90 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5932 /prefetch:1
  2⤵
  PID:2044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,11133160257399952194,16487783309311011502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=89 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4584 /prefetch:1
  2⤵
  PID:5432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,11133160257399952194,16487783309311011502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=88 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6168 /prefetch:1
  2⤵
  PID:1196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,11133160257399952194,16487783309311011502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=92 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2760 /prefetch:1
  2⤵
  PID:5796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,11133160257399952194,16487783309311011502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=93 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9032 /prefetch:1
  2⤵
  PID:2868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,11133160257399952194,16487783309311011502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=94 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4716 /prefetch:1
  2⤵
  PID:6188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,11133160257399952194,16487783309311011502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=95 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2916 /prefetch:1
  2⤵
  PID:6320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,11133160257399952194,16487783309311011502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=96 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5420 /prefetch:1
  2⤵
  PID:6492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,11133160257399952194,16487783309311011502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=97 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7164 /prefetch:1
  2⤵
  PID:6564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,11133160257399952194,16487783309311011502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=98 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9288 /prefetch:1
  2⤵
  PID:6728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,11133160257399952194,16487783309311011502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=99 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9500 /prefetch:1
  2⤵
  PID:6912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,11133160257399952194,16487783309311011502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=100 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9644 /prefetch:1
  2⤵
  PID:6964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,11133160257399952194,16487783309311011502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=101 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9872 /prefetch:1
  2⤵
  PID:7148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,11133160257399952194,16487783309311011502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=102 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10016 /prefetch:1
  2⤵
  PID:6704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,11133160257399952194,16487783309311011502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=103 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10204 /prefetch:1
  2⤵
  PID:6316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,11133160257399952194,16487783309311011502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=104 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10404 /prefetch:1
  2⤵
  PID:7284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,11133160257399952194,16487783309311011502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=105 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10592 /prefetch:1
  2⤵
  PID:7420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,11133160257399952194,16487783309311011502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=106 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10800 /prefetch:1
  2⤵
  PID:7552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,11133160257399952194,16487783309311011502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=107 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11120 /prefetch:1
  2⤵
  PID:7644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,11133160257399952194,16487783309311011502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=108 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9228 /prefetch:1
  2⤵
  PID:7868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,11133160257399952194,16487783309311011502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=110 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8896 /prefetch:1
  2⤵
  PID:7944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,11133160257399952194,16487783309311011502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=109 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8924 /prefetch:1
  2⤵
  PID:7936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,11133160257399952194,16487783309311011502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=111 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11540 /prefetch:1
  2⤵
  PID:8140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,11133160257399952194,16487783309311011502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=112 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6724 /prefetch:1
  2⤵
  PID:7280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,11133160257399952194,16487783309311011502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=113 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7988 /prefetch:1
  2⤵
  PID:7784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,11133160257399952194,16487783309311011502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=114 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1052 /prefetch:1
  2⤵
  PID:7800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,11133160257399952194,16487783309311011502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=115 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11860 /prefetch:1
  2⤵
  PID:7864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,11133160257399952194,16487783309311011502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=116 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11984 /prefetch:1
  2⤵
  PID:8316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,11133160257399952194,16487783309311011502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=117 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11960 /prefetch:1
  2⤵
  PID:8404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,11133160257399952194,16487783309311011502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=118 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10196 /prefetch:1
  2⤵
  PID:8484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,11133160257399952194,16487783309311011502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=119 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5248 /prefetch:1
  2⤵
  PID:8600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,11133160257399952194,16487783309311011502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=120 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9880 /prefetch:1
  2⤵
  PID:8732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,11133160257399952194,16487783309311011502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=121 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10732 /prefetch:1
  2⤵
  PID:8868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,11133160257399952194,16487783309311011502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=122 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6896 /prefetch:1
  2⤵
  PID:8944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,11133160257399952194,16487783309311011502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=123 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12608 /prefetch:1
  2⤵
  PID:9024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,11133160257399952194,16487783309311011502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=124 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12812 /prefetch:1
  2⤵
  PID:9124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,11133160257399952194,16487783309311011502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=125 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12788 /prefetch:1
  2⤵
  PID:9136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,11133160257399952194,16487783309311011502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=126 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12956 /prefetch:1
  2⤵
  PID:9152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,11133160257399952194,16487783309311011502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=127 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8660 /prefetch:1
  2⤵
  PID:8644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,11133160257399952194,16487783309311011502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=128 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12140 /prefetch:1
  2⤵
  PID:9104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,11133160257399952194,16487783309311011502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=129 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13252 /prefetch:1
  2⤵
  PID:9364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,11133160257399952194,16487783309311011502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=131 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10032 /prefetch:1
  2⤵
  PID:2696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,11133160257399952194,16487783309311011502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=130 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12796 /prefetch:1
  2⤵
  PID:4640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,11133160257399952194,16487783309311011502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=132 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10852 /prefetch:1
  2⤵
  PID:2492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,11133160257399952194,16487783309311011502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=133 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11852 /prefetch:1
  2⤵
  PID:9940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,11133160257399952194,16487783309311011502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=134 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12084 /prefetch:1
  2⤵
  PID:9164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,11133160257399952194,16487783309311011502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=135 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10096 /prefetch:1
  2⤵
  PID:8820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,11133160257399952194,16487783309311011502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=136 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13120 /prefetch:1
  2⤵
  PID:8492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,11133160257399952194,16487783309311011502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=137 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12984 /prefetch:1
  2⤵
  PID:6256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,11133160257399952194,16487783309311011502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=138 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5484 /prefetch:1
  2⤵
  PID:6372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,11133160257399952194,16487783309311011502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=139 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12708 /prefetch:1
  2⤵
  PID:6960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,11133160257399952194,16487783309311011502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=140 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8800 /prefetch:1
  2⤵
  PID:6996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,11133160257399952194,16487783309311011502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=141 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8132 /prefetch:1
  2⤵
  PID:8896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,11133160257399952194,16487783309311011502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=142 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9844 /prefetch:1
  2⤵
  PID:7864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,11133160257399952194,16487783309311011502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=143 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9148 /prefetch:1
  2⤵
  PID:5888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,11133160257399952194,16487783309311011502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=144 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8712 /prefetch:1
  2⤵
  PID:6324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,11133160257399952194,16487783309311011502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=145 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7140 /prefetch:1
  2⤵
  PID:7560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,11133160257399952194,16487783309311011502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=146 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8200 /prefetch:1
  2⤵
  PID:776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,11133160257399952194,16487783309311011502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=147 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9612 /prefetch:1
  2⤵
  PID:4828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,11133160257399952194,16487783309311011502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=148 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8268 /prefetch:1
  2⤵
  PID:9792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,11133160257399952194,16487783309311011502,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=149 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10080 /prefetch:1
  2⤵
  PID:4748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,11133160257399952194,16487783309311011502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=150 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12184 /prefetch:1
  2⤵
  PID:6316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,11133160257399952194,16487783309311011502,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=151 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12256 /prefetch:1
  2⤵
  PID:7220

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1188

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1952

C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\0faffc1eacb4453594e6478b1a907f63 /t 648 /p 3516
1⤵
PID:2824

C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\f51a12a6f763434496bd51f743f3887f /t 2392 /p 1296
1⤵
PID:2820

C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\4c89d62f102c4dc1853064bda13bb690 /t 4828 /p 1648
1⤵
PID:1320

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5724

C:\Users\Admin\AppData\Local\Temp\Temp1_Aimbot.Ninja.zip\Aimbot Ninja.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_Aimbot.Ninja.zip\Aimbot Ninja.exe"
1⤵
- Adds Run key to start application
PID:5820
- C:\Users\Admin\AppData\Roaming\Aimbot Ninja\Aimbot Ninja.exe
  "C:\Users\Admin\AppData\Roaming\Aimbot Ninja\Aimbot Ninja.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SendNotifyMessage
  PID:5736
- - C:\Users\Admin\AppData\Roaming\Aimbot Ninja\Aimbot Ninja.exe
    "C:\Users\Admin\AppData\Roaming\Aimbot Ninja\Aimbot Ninja.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\aimbot-ninja-nativefier-f36b2c" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1548 --field-trial-handle=1704,i,3660095899556401114,12585947060833372536,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:6072
- - C:\Users\Admin\AppData\Roaming\Aimbot Ninja\Aimbot Ninja.exe
    "C:\Users\Admin\AppData\Roaming\Aimbot Ninja\Aimbot Ninja.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\aimbot-ninja-nativefier-f36b2c" --mojo-platform-channel-handle=1960 --field-trial-handle=1704,i,3660095899556401114,12585947060833372536,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:6104
- - C:\Users\Admin\AppData\Roaming\Aimbot Ninja\Aimbot Ninja.exe
    "C:\Users\Admin\AppData\Roaming\Aimbot Ninja\Aimbot Ninja.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\aimbot-ninja-nativefier-f36b2c" --app-user-model-id=aimbot-ninja-nativefier-f36b2c --app-path="C:\Users\Admin\AppData\Roaming\Aimbot Ninja\resources\app" --no-sandbox --no-zygote --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2264 --field-trial-handle=1704,i,3660095899556401114,12585947060833372536,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:6116
- - C:\Users\Admin\AppData\Roaming\Aimbot Ninja\Aimbot Ninja.exe
    "C:\Users\Admin\AppData\Roaming\Aimbot Ninja\Aimbot Ninja.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\aimbot-ninja-nativefier-f36b2c" --app-user-model-id=aimbot-ninja-nativefier-f36b2c --app-path="C:\Users\Admin\AppData\Roaming\Aimbot Ninja\resources\app" --enable-sandbox --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3144 --field-trial-handle=1704,i,3660095899556401114,12585947060833372536,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:5332
- - C:\Users\Admin\AppData\Roaming\Aimbot Ninja\Aimbot Ninja.exe
    "C:\Users\Admin\AppData\Roaming\Aimbot Ninja\Aimbot Ninja.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\aimbot-ninja-nativefier-f36b2c" --app-user-model-id=aimbot-ninja-nativefier-f36b2c --app-path="C:\Users\Admin\AppData\Roaming\Aimbot Ninja\resources\app" --enable-sandbox --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=1508 --field-trial-handle=1704,i,3660095899556401114,12585947060833372536,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    - Executes dropped EXE
    PID:5600
- - C:\Users\Admin\AppData\Roaming\Aimbot Ninja\Aimbot Ninja.exe
    "C:\Users\Admin\AppData\Roaming\Aimbot Ninja\Aimbot Ninja.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\aimbot-ninja-nativefier-f36b2c" --app-user-model-id=aimbot-ninja-nativefier-f36b2c --app-path="C:\Users\Admin\AppData\Roaming\Aimbot Ninja\resources\app" --enable-sandbox --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=952 --field-trial-handle=1704,i,3660095899556401114,12585947060833372536,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    - Executes dropped EXE
    PID:4592
- - C:\Users\Admin\AppData\Roaming\Aimbot Ninja\Aimbot Ninja.exe
    "C:\Users\Admin\AppData\Roaming\Aimbot Ninja\Aimbot Ninja.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\aimbot-ninja-nativefier-f36b2c" --app-user-model-id=aimbot-ninja-nativefier-f36b2c --app-path="C:\Users\Admin\AppData\Roaming\Aimbot Ninja\resources\app" --enable-sandbox --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3420 --field-trial-handle=1704,i,3660095899556401114,12585947060833372536,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    - Executes dropped EXE
    PID:1832
- - C:\Users\Admin\AppData\Roaming\Aimbot Ninja\Aimbot Ninja.exe
    "C:\Users\Admin\AppData\Roaming\Aimbot Ninja\Aimbot Ninja.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\aimbot-ninja-nativefier-f36b2c" --app-user-model-id=aimbot-ninja-nativefier-f36b2c --app-path="C:\Users\Admin\AppData\Roaming\Aimbot Ninja\resources\app" --enable-sandbox --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=2060 --field-trial-handle=1704,i,3660095899556401114,12585947060833372536,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    - Executes dropped EXE
    PID:5816
- - C:\Users\Admin\AppData\Roaming\Aimbot Ninja\Aimbot Ninja.exe
    "C:\Users\Admin\AppData\Roaming\Aimbot Ninja\Aimbot Ninja.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\aimbot-ninja-nativefier-f36b2c" --app-user-model-id=aimbot-ninja-nativefier-f36b2c --app-path="C:\Users\Admin\AppData\Roaming\Aimbot Ninja\resources\app" --enable-sandbox --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3428 --field-trial-handle=1704,i,3660095899556401114,12585947060833372536,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:3204
- - C:\Users\Admin\AppData\Roaming\Aimbot Ninja\Aimbot Ninja.exe
    "C:\Users\Admin\AppData\Roaming\Aimbot Ninja\Aimbot Ninja.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\aimbot-ninja-nativefier-f36b2c" --app-user-model-id=aimbot-ninja-nativefier-f36b2c --app-path="C:\Users\Admin\AppData\Roaming\Aimbot Ninja\resources\app" --enable-sandbox --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3648 --field-trial-handle=1704,i,3660095899556401114,12585947060833372536,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:5852
- - C:\Users\Admin\AppData\Roaming\Aimbot Ninja\Aimbot Ninja.exe
    "C:\Users\Admin\AppData\Roaming\Aimbot Ninja\Aimbot Ninja.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\aimbot-ninja-nativefier-f36b2c" --app-user-model-id=aimbot-ninja-nativefier-f36b2c --app-path="C:\Users\Admin\AppData\Roaming\Aimbot Ninja\resources\app" --enable-sandbox --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=2060 --field-trial-handle=1704,i,3660095899556401114,12585947060833372536,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    - Executes dropped EXE
    PID:2196
- - C:\Users\Admin\AppData\Roaming\Aimbot Ninja\Aimbot Ninja.exe
    "C:\Users\Admin\AppData\Roaming\Aimbot Ninja\Aimbot Ninja.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\aimbot-ninja-nativefier-f36b2c" --app-user-model-id=aimbot-ninja-nativefier-f36b2c --app-path="C:\Users\Admin\AppData\Roaming\Aimbot Ninja\resources\app" --enable-sandbox --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3780 --field-trial-handle=1704,i,3660095899556401114,12585947060833372536,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:248
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://d3mhkph1su8h3c.cloudfront.net/public/dynamo/lockerClick.php?offer=53251401&offer_position=1&it=3845692&m=0&visitor_id=Vdbe961bd9568a&cpguid=&hash=ed498bec315e56ab2c9b2f92ae36d875
    3⤵
    PID:4284
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ff84bb83cb8,0x7ff84bb83cc8,0x7ff84bb83cd8
      4⤵
      PID:3804
- - C:\Users\Admin\AppData\Roaming\Aimbot Ninja\Aimbot Ninja.exe
    "C:\Users\Admin\AppData\Roaming\Aimbot Ninja\Aimbot Ninja.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\aimbot-ninja-nativefier-f36b2c" --app-user-model-id=aimbot-ninja-nativefier-f36b2c --app-path="C:\Users\Admin\AppData\Roaming\Aimbot Ninja\resources\app" --enable-sandbox --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3904 --field-trial-handle=1704,i,3660095899556401114,12585947060833372536,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:5896
- - C:\Users\Admin\AppData\Roaming\Aimbot Ninja\Aimbot Ninja.exe
    "C:\Users\Admin\AppData\Roaming\Aimbot Ninja\Aimbot Ninja.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\aimbot-ninja-nativefier-f36b2c" --app-user-model-id=aimbot-ninja-nativefier-f36b2c --app-path="C:\Users\Admin\AppData\Roaming\Aimbot Ninja\resources\app" --enable-sandbox --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4048 --field-trial-handle=1704,i,3660095899556401114,12585947060833372536,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:2316
- - C:\Users\Admin\AppData\Roaming\Aimbot Ninja\Aimbot Ninja.exe
    "C:\Users\Admin\AppData\Roaming\Aimbot Ninja\Aimbot Ninja.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\aimbot-ninja-nativefier-f36b2c" --app-user-model-id=aimbot-ninja-nativefier-f36b2c --app-path="C:\Users\Admin\AppData\Roaming\Aimbot Ninja\resources\app" --enable-sandbox --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4060 --field-trial-handle=1704,i,3660095899556401114,12585947060833372536,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:5304
- - C:\Users\Admin\AppData\Roaming\Aimbot Ninja\Aimbot Ninja.exe
    "C:\Users\Admin\AppData\Roaming\Aimbot Ninja\Aimbot Ninja.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\aimbot-ninja-nativefier-f36b2c" --app-user-model-id=aimbot-ninja-nativefier-f36b2c --app-path="C:\Users\Admin\AppData\Roaming\Aimbot Ninja\resources\app" --enable-sandbox --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4052 --field-trial-handle=1704,i,3660095899556401114,12585947060833372536,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:5228
- - C:\Users\Admin\AppData\Roaming\Aimbot Ninja\Aimbot Ninja.exe
    "C:\Users\Admin\AppData\Roaming\Aimbot Ninja\Aimbot Ninja.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\aimbot-ninja-nativefier-f36b2c" --app-user-model-id=aimbot-ninja-nativefier-f36b2c --app-path="C:\Users\Admin\AppData\Roaming\Aimbot Ninja\resources\app" --enable-sandbox --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4068 --field-trial-handle=1704,i,3660095899556401114,12585947060833372536,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:4360
- - C:\Users\Admin\AppData\Roaming\Aimbot Ninja\Aimbot Ninja.exe
    "C:\Users\Admin\AppData\Roaming\Aimbot Ninja\Aimbot Ninja.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\aimbot-ninja-nativefier-f36b2c" --app-user-model-id=aimbot-ninja-nativefier-f36b2c --app-path="C:\Users\Admin\AppData\Roaming\Aimbot Ninja\resources\app" --enable-sandbox --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=4080 --field-trial-handle=1704,i,3660095899556401114,12585947060833372536,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:5412
- - C:\Users\Admin\AppData\Roaming\Aimbot Ninja\Aimbot Ninja.exe
    "C:\Users\Admin\AppData\Roaming\Aimbot Ninja\Aimbot Ninja.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\aimbot-ninja-nativefier-f36b2c" --app-user-model-id=aimbot-ninja-nativefier-f36b2c --app-path="C:\Users\Admin\AppData\Roaming\Aimbot Ninja\resources\app" --enable-sandbox --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=4116 --field-trial-handle=1704,i,3660095899556401114,12585947060833372536,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:1044
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://d3mhkph1su8h3c.cloudfront.net/public/dynamo/lockerClick.php?offer=53251401&offer_position=1&it=3845692&m=0&visitor_id=Vdbe961bd9568a&cpguid=&hash=ed498bec315e56ab2c9b2f92ae36d875
    3⤵
    PID:3924
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff84bb83cb8,0x7ff84bb83cc8,0x7ff84bb83cd8
      4⤵
      PID:924
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://d3mhkph1su8h3c.cloudfront.net/public/dynamo/lockerClick.php?offer=53251401&offer_position=1&it=3845692&m=0&visitor_id=Vdbe961bd9568a&cpguid=&hash=ed498bec315e56ab2c9b2f92ae36d875
    3⤵
    PID:5964
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ff84bb83cb8,0x7ff84bb83cc8,0x7ff84bb83cd8
      4⤵
      PID:4656
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://d3mhkph1su8h3c.cloudfront.net/public/dynamo/lockerClick.php?offer=53251401&offer_position=1&it=3845692&m=0&visitor_id=Vdbe961bd9568a&cpguid=&hash=ed498bec315e56ab2c9b2f92ae36d875
    3⤵
    PID:6196
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ff84bb83cb8,0x7ff84bb83cc8,0x7ff84bb83cd8
      4⤵
      PID:6212
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://d3mhkph1su8h3c.cloudfront.net/public/dynamo/lockerClick.php?offer=53251401&offer_position=1&it=3845692&m=0&visitor_id=Vdbe961bd9568a&cpguid=&hash=ed498bec315e56ab2c9b2f92ae36d875
    3⤵
    PID:6336
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ff84bb83cb8,0x7ff84bb83cc8,0x7ff84bb83cd8
      4⤵
      PID:6360
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://d3mhkph1su8h3c.cloudfront.net/public/dynamo/lockerClick.php?offer=53251401&offer_position=1&it=3845692&m=0&visitor_id=Vdbe961bd9568a&cpguid=&hash=ed498bec315e56ab2c9b2f92ae36d875
    3⤵
    PID:6460
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://d3mhkph1su8h3c.cloudfront.net/public/dynamo/lockerClick.php?offer=53251401&offer_position=1&it=3845692&m=0&visitor_id=Vdbe961bd9568a&cpguid=&hash=ed498bec315e56ab2c9b2f92ae36d875
    3⤵
    PID:6556
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ff84bb83cb8,0x7ff84bb83cc8,0x7ff84bb83cd8
      4⤵
      PID:6588
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://d3mhkph1su8h3c.cloudfront.net/public/dynamo/lockerClick.php?offer=53251401&offer_position=1&it=3845692&m=0&visitor_id=Vdbe961bd9568a&cpguid=&hash=ed498bec315e56ab2c9b2f92ae36d875
    3⤵
    PID:6708
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ff84bb83cb8,0x7ff84bb83cc8,0x7ff84bb83cd8
      4⤵
      PID:6752
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://d3mhkph1su8h3c.cloudfront.net/public/dynamo/lockerClick.php?offer=53251401&offer_position=1&it=3845692&m=0&visitor_id=Vdbe961bd9568a&cpguid=&hash=ed498bec315e56ab2c9b2f92ae36d875
    3⤵
    PID:6836
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ff84bb83cb8,0x7ff84bb83cc8,0x7ff84bb83cd8
      4⤵
      PID:6888
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://d3mhkph1su8h3c.cloudfront.net/public/dynamo/lockerClick.php?offer=53251401&offer_position=1&it=3845692&m=0&visitor_id=Vdbe961bd9568a&cpguid=&hash=ed498bec315e56ab2c9b2f92ae36d875
    3⤵
    PID:6976
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x124,0x128,0x12c,0x120,0x130,0x7ff84bb83cb8,0x7ff84bb83cc8,0x7ff84bb83cd8
      4⤵
      PID:7064
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://d3mhkph1su8h3c.cloudfront.net/public/dynamo/lockerClick.php?offer=53251401&offer_position=1&it=3845692&m=0&visitor_id=Vdbe961bd9568a&cpguid=&hash=ed498bec315e56ab2c9b2f92ae36d875
    3⤵
    PID:7080
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff84bb83cb8,0x7ff84bb83cc8,0x7ff84bb83cd8
      4⤵
      PID:7128
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://d3mhkph1su8h3c.cloudfront.net/public/dynamo/lockerClick.php?offer=53251401&offer_position=1&it=3845692&m=0&visitor_id=Vdbe961bd9568a&cpguid=&hash=ed498bec315e56ab2c9b2f92ae36d875
    3⤵
    PID:6312
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ff84bb83cb8,0x7ff84bb83cc8,0x7ff84bb83cd8
      4⤵
      PID:6480
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://d3mhkph1su8h3c.cloudfront.net/public/dynamo/lockerClick.php?offer=53251401&offer_position=1&it=3845692&m=0&visitor_id=Vdbe961bd9568a&cpguid=&hash=ed498bec315e56ab2c9b2f92ae36d875
    3⤵
    PID:6724
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ff84bb83cb8,0x7ff84bb83cc8,0x7ff84bb83cd8
      4⤵
      PID:6356
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://d3mhkph1su8h3c.cloudfront.net/public/dynamo/lockerClick.php?offer=53251401&offer_position=1&it=3845692&m=0&visitor_id=Vdbe961bd9568a&cpguid=&hash=ed498bec315e56ab2c9b2f92ae36d875
    3⤵
    PID:7256
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://d3mhkph1su8h3c.cloudfront.net/public/dynamo/lockerClick.php?offer=53251401&offer_position=1&it=3845692&m=0&visitor_id=Vdbe961bd9568a&cpguid=&hash=ed498bec315e56ab2c9b2f92ae36d875
    3⤵
    PID:7412
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x124,0x128,0x12c,0xfc,0x130,0x7ff84bb83cb8,0x7ff84bb83cc8,0x7ff84bb83cd8
      4⤵
      PID:7444
- - C:\Users\Admin\AppData\Roaming\Aimbot Ninja\Aimbot Ninja.exe
    "C:\Users\Admin\AppData\Roaming\Aimbot Ninja\Aimbot Ninja.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --user-data-dir="C:\Users\Admin\AppData\Roaming\aimbot-ninja-nativefier-f36b2c" --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3340 --field-trial-handle=1704,i,3660095899556401114,12585947060833372536,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious behavior: EnumeratesProcesses
    PID:7380
- - C:\Users\Admin\AppData\Roaming\Aimbot Ninja\Aimbot Ninja.exe
    "C:\Users\Admin\AppData\Roaming\Aimbot Ninja\Aimbot Ninja.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\aimbot-ninja-nativefier-f36b2c" --app-user-model-id=aimbot-ninja-nativefier-f36b2c --app-path="C:\Users\Admin\AppData\Roaming\Aimbot Ninja\resources\app" --enable-sandbox --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=4028 --field-trial-handle=1704,i,3660095899556401114,12585947060833372536,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    - Executes dropped EXE
    PID:9820
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://d3mhkph1su8h3c.cloudfront.net/public/dynamo/lockerClick.php?offer=53251401&offer_position=1&it=3845692&m=0&visitor_id=Vdbe961bd9568a&cpguid=&hash=ed498bec315e56ab2c9b2f92ae36d875
    3⤵
    PID:5456
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ff84bb83cb8,0x7ff84bb83cc8,0x7ff84bb83cd8
      4⤵
      PID:8596
- - C:\Users\Admin\AppData\Roaming\Aimbot Ninja\Aimbot Ninja.exe
    "C:\Users\Admin\AppData\Roaming\Aimbot Ninja\Aimbot Ninja.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\aimbot-ninja-nativefier-f36b2c" --app-user-model-id=aimbot-ninja-nativefier-f36b2c --app-path="C:\Users\Admin\AppData\Roaming\Aimbot Ninja\resources\app" --enable-sandbox --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=4124 --field-trial-handle=1704,i,3660095899556401114,12585947060833372536,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    - Executes dropped EXE
    PID:9552
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://d3mhkph1su8h3c.cloudfront.net/public/dynamo/lockerClick.php?offer=53251401&offer_position=1&it=3845692&m=0&visitor_id=Vdbe961bd9568a&cpguid=&hash=ed498bec315e56ab2c9b2f92ae36d875
    3⤵
    PID:9200
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ff84bb83cb8,0x7ff84bb83cc8,0x7ff84bb83cd8
      4⤵
      PID:9180
- - C:\Users\Admin\AppData\Roaming\Aimbot Ninja\Aimbot Ninja.exe
    "C:\Users\Admin\AppData\Roaming\Aimbot Ninja\Aimbot Ninja.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\aimbot-ninja-nativefier-f36b2c" --app-user-model-id=aimbot-ninja-nativefier-f36b2c --app-path="C:\Users\Admin\AppData\Roaming\Aimbot Ninja\resources\app" --enable-sandbox --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=1532 --field-trial-handle=1704,i,3660095899556401114,12585947060833372536,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    - Executes dropped EXE
    PID:4116
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://d3mhkph1su8h3c.cloudfront.net/public/dynamo/lockerClick.php?offer=53174327&offer_position=4&it=3845692&m=0&visitor_id=Vdbe961bd9568a&cpguid=&hash=4c791c760c79bdc426b4185e19ff7a38
    3⤵
    PID:3208
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0x48,0x12c,0x7ff84bb83cb8,0x7ff84bb83cc8,0x7ff84bb83cd8
      4⤵
      PID:1748

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004DC 0x00000000000004D8
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5496

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ff84bb83cb8,0x7ff84bb83cc8,0x7ff84bb83cd8
1⤵
PID:6484

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7ff84bb83cb8,0x7ff84bb83cc8,0x7ff84bb83cd8
1⤵
PID:7300

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

Filesize
1KB

MD5
55540a230bdab55187a841cfe1aa1545

SHA1
363e4734f757bdeb89868efe94907774a327695e

SHA256
d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

SHA512
c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB

Filesize
471B

MD5
6e60c7d70f253cbb0fe9e4334cc493b5

SHA1
290ff5123a064905b2c5486084617bd230665608

SHA256
4d87456c38bb4c374d8e65f86a16165d991c3f925298d14677814ff1a4c3a454

SHA512
fd6664180fc351d412d25a15f427fa3bca27706395cc0ae12d99a71e4874213d4a4afb513dd282d9ca2122433df88e8f0ecf2a77fc091500f25c57521ccfc474

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_D93BCDBB00BD67AA36946A4CACDACE4C

Filesize
727B

MD5
9d22dc1bbf4f869b1af861221df946c5

SHA1
749a67ffc415314b97dfc8c467ed1c6dbf159c54

SHA256
50914a49e778828a1377d3176b59015f7d78708208863533a9dbdc6627d10586

SHA512
a74a7784368583325d5b26469606a0d8f186a0639bdb5fc219435061ebfbc1960f12dbecbbe3181702df0a561db762fcd5c08ffee9af42e264abc26ab5787616

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141

Filesize
727B

MD5
8ac93815df0d249f632402a25df0fbd5

SHA1
3b4a21f92b715d921330ffb6d1f65c6bc0a3c1e9

SHA256
dcc8725225582d7984c54812bc96b0ed136b2d23fc4eb9a327c5d8371d969c09

SHA512
15f0f616e5b0490a1cc0f556cc8486c62f88576e68365de8ccbaae48843b8f5f23a4f58252d4d42396aa3a1f2789dc3b00caa5eab3d0dd72a9899c32787f590a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

Filesize
230B

MD5
d81b7eaa3c5ea8619e8e4a2e412b2d96

SHA1
08671603b88b7aadb03539c2525b067c26131c62

SHA256
c8a019df3985cd801f4b5848d66d7035de5ce3b8d3a1c361ea7c9d2bd17734a0

SHA512
8e00f9e81bf0e3e8da6e42ae7e6780d541cbe8fe97fe8968539f71682bd4ef09c91f92280abaaad29fe1dfb3d048da03742faf9327e3bbe71b27f873cdecadaf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB

Filesize
400B

MD5
d4e301d2032c380c06f0a41ad0214075

SHA1
18eb37c7a0d12e2036836ea25081f9b8f66e5f97

SHA256
884dd72d56f5f5993876f263b872dd86e741670056250a786aeb9768adada381

SHA512
1fb5a73e95c8d34c9d47464ec57659f62f9127e29e07faaa736025df281bc8187afea0fca5ed839e9851a0902df74225598e9ef119efca714f4c9d7d3332fbe3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_D93BCDBB00BD67AA36946A4CACDACE4C

Filesize
404B

MD5
6c74ee50a3db2a1075c6f1805e15bf7b

SHA1
34a5de6ff4596c6b8bdaea2272cdfa57218badec

SHA256
56a17e93df9db58df13a0b7b87e0350774cce76ed4940cc216cd134f7487356b

SHA512
2eaa8dd78a23f680e0834c390cce68dbda6342d8f6280855b7af9d3e4ef06213b0ceb434fe97af5cde44f15b72905c95473013d94dcb3094f489e155300d6a75

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141

Filesize
412B

MD5
60ad0e9dc3ce5edee98371917bfdb218

SHA1
913281007488af6c195590af3d4bf48116569ae9

SHA256
daddb5a5ffb1450609a30cac503c8120da35ec8f3aabba16da86debe70e4a4a3

SHA512
a0f407860a4fd76fdea7d545ba8304cde75e602005a13700f3c7f0ff52ecb389542de975ac18baef3ce7dbd0df8a9f053c8d6ad8fa4b51decfee94f2b24c004c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\655dea81-b3c5-48ca-9a36-99973055b335.tmp

Filesize
12KB

MD5
94bb665d223ead41a1fb8e9072d25c70

SHA1
fb3f70626b497857e559fd452c7805957f6f1823

SHA256
fa30ae58d47a7600986af05296c3f586d69da61d6fbfde1c537c020c2d719244

SHA512
99e461cdc689e8e98db488bc5a4e55139a4a89689c2392a58a9a86e9ebb7f1ee89a33493a2248ec530cb5eea284270497b3d98a90155d36d0124cd23af6066ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
341f6b71eb8fcb1e52a749a673b2819c

SHA1
6c81b6acb3ce5f64180cb58a6aae927b882f4109

SHA256
57934852f04cef38bb4acbe4407f707f137fada0c36bab71b2cdfd58cc030a29

SHA512
57ecaa087bc5626752f89501c635a2da8404dbda89260895910a9cc31203e15095eba2e1ce9eee1481f02a43d0df77b75cb9b0d77a3bc3b894fdd1cf0f6ce6f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
88e9aaca62aa2aed293699f139d7e7e1

SHA1
09d9ccfbdff9680366291d5d1bc311b0b56a05e9

SHA256
27dcdb1cddab5d56ac53cff93489038de93f61b5504f8595b1eb2d3124bbc12c

SHA512
d90dabe34504dde422f5f6dec87851af8f4849f521759a768dfa0a38f50827b099dfde256d8f8467460c289bdb168358b2678772b8b49418c23b882ba21d4793

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
30KB

MD5
a6b4e8315405250e3796d15d51dcc2ba

SHA1
ecc9193572956a0d1b851656c225663697a7e74d

SHA256
72dc64af40f3f9a32933eaea03ad442fad1be9f8b2311138949ffc8aa731c99b

SHA512
2f372bf4ff32f19e3f44a7292d9f93112de888f2d42e951348f974fc169dd5dc2910c5869d5b1803cfc2721461fe299bd667c1907fe954895c853f1473945121

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
63KB

MD5
710d7637cc7e21b62fd3efe6aba1fd27

SHA1
8645d6b137064c7b38e10c736724e17787db6cf3

SHA256
c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b

SHA512
19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
62KB

MD5
c3c0eb5e044497577bec91b5970f6d30

SHA1
d833f81cf21f68d43ba64a6c28892945adc317a6

SHA256
eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb

SHA512
83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
69KB

MD5
a127a49f49671771565e01d883a5e4fa

SHA1
09ec098e238b34c09406628c6bee1b81472fc003

SHA256
3f208f049ffaf4a7ed808bf0ff759ce7986c177f476b380d0076fd1f5482fca6

SHA512
61b54222e54e7ab8743a2d6ca3c36768a7b2cf22d5689a3309dee9974b1f804533720ea9de2d3beab44853d565a94f1bc0e60b9382997abcf03945219f98d734

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
84KB

MD5
74e33b4b54f4d1f3da06ab47c5936a13

SHA1
6e5976d593b6ee3dca3c4dbbb90071b76e1cd85c

SHA256
535fc48679c38decd459ad656bdd6914e539754265244d0cc7b1da6bddf3e287

SHA512
79218e8ee50484af968480ff9b211815c97c3f3035414e685aa5d15d9b4152682d87b66202339f212bf3b463a074bf7a4431107b50303f28e2eb4b17843991c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
1.1MB

MD5
115d1f541c027bf6ff8463066c76bebe

SHA1
c7c8954fa5728e37a5826dd6bfe86b0bd9dc83d5

SHA256
72452b7030dccf63e908a6157f8409eb0f66eab6958d74de3706ee9156e084e8

SHA512
142fbf9c2538f7aecfde7c1ab7a585ce16b423b2b730084453d6f471b70c73175b23ea962dd477b4eebc6d1a623f5632c020054b17560f2af4e0db1f1ac0d275

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002c

Filesize
33KB

MD5
3cd0f2f60ab620c7be0c2c3dbf2cda97

SHA1
47fad82bfa9a32d578c0c84aed2840c55bd27bfb

SHA256
29a3b99e23b07099e1d2a3c0b4cff458a2eba2519f4654c26cf22d03f149e36b

SHA512
ef6e3bbd7e03be8e514936bcb0b5a59b4cf4e677ad24d6d2dfca8c1ec95f134ae37f2042d8bf9a0e343b68bff98a0fd748503f35d5e9d42cdaa1dc283dec89fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002d

Filesize
75KB

MD5
cf989be758e8dab43e0a5bc0798c71e0

SHA1
97537516ffd3621ffdd0219ede2a0771a9d1e01d

SHA256
beeca69af7bea038faf8f688bf2f10fda22dee6d9d9429306d379a7a4be0c615

SHA512
f8a88edb6bcd029ad02cba25cae57fdf9bbc7fa17c26e7d03f09040eb0559bc27bd4db11025706190ae548363a1d3b3f95519b9740e562bb9531c4d51e3ca2b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002e

Filesize
16KB

MD5
b3030fb26450db919cbe281a6ef24226

SHA1
1c7c4b3576ffa9a798f6b4e08f974d5811c9bcc1

SHA256
2304aeafc903500d8bbf81a6871d60f998756a2bc3cc0efb0a37e77836f35400

SHA512
5611dfe095b2e36a3fe19ac3b600cd639b5386943557f086d9d9402709f50f82ae55f65fcd3a180137e11486d804756b940c202da128e1cf9b223df27cfbc660

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000039

Filesize
42KB

MD5
e9d99129f3b7082a5eabe76e35a05e38

SHA1
c6e2ce09821f1cbc3f04e4893d3d2875125d62ae

SHA256
25fc5913224b7ab7a9a4a0baecc9746b6fc8cd500fff874527eb13e38e4a852b

SHA512
3fd244ea8e854a0a99c22d3d7d88f955ff1b413074928abebfba7434e365d1d4da3d5889de33bba2bbed213ed9bb0b3c3f409ea23faf718f0e3d50c750771248

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003a

Filesize
105KB

MD5
24cab279a1b1479cd2848b4cf4db97d8

SHA1
c59c889167dfa25ea85e0ab5b93db29270cd9a3a

SHA256
2feef54f715ea3e6192ec7a9d30e910044968a41d8fe91fc9b1b469ad574df51

SHA512
d1ec7ed765e5ec1b5e095a917437ddcd783ad01a1d6025f1125906617afc24e1d3a9cd702616d18c4231e5ffe60e5326a8dee855db42bc417568283c310e5c10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003b

Filesize
42KB

MD5
e08fb98321ab87fbb9eb9649bc7466cc

SHA1
0b62e5edc5dee4f1f9b4b6ae46e8b0631a5c2836

SHA256
93a9954464d2486f53fd9a92142a1883868d00df6e6bc5adb19a055809f4022c

SHA512
1f074e063bd4b89bc4283d6dd34777fb1e678811f78e412d4cfd5b5bce2b9f60d827c604ef28f2cb2c1a9923f9437f53d42b158fc03b2ba7aae1dd2bf28dfcad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004a

Filesize
195KB

MD5
873734b55d4c7d35a177c8318b0caec7

SHA1
469b913b09ea5b55e60098c95120cc9b935ddb28

SHA256
4ee3aa3dc43cb3ef3f6bfb91ed8214659e9c2600a45bee9728ebbcb6f33b088d

SHA512
24f05ed981e994475879ca2221b6948418c4412063b9c07f46b8de581047ddd5d73401562fa9ee54d4ce5f97a6288c54eac5de0ca29b1bb5797bdac5a1b30308

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004c

Filesize
3.8MB

MD5
48deabfacb5c8e88b81c7165ed4e3b0b

SHA1
de3dab0e9258f9ff3c93ab6738818c6ec399e6a4

SHA256
ff309d1430fc97fccaa9cb82ddf3d23ce9afdf62dcf8c69512de40820df15e24

SHA512
d1d30f6267349bb23334f72376fe3384ac14d202bc8e12c16773231f5f4a3f02b76563f05b11d89d5ef6c05d4acaacc79f72f1d617ee6d1b6eddab2b866426af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000074

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000079

Filesize
24KB

MD5
b82ca47ee5d42100e589bdd94e57936e

SHA1
0dad0cd7d0472248b9b409b02122d13bab513b4c

SHA256
d3c59060e591b3839ec59cad150c0a38a2a2a6ba4cc4dc5530f68be54f14ef1d

SHA512
58840a773a3a6cb0913e6a542934daecaef9c0eeab626446a29a70cd6d063fdb012229ff2ccfa283e3c05bc2a91a7cac331293965264715bdb9020f162dc7383

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000082

Filesize
293KB

MD5
6de43227311cf0d99f463d2f143b411c

SHA1
51951d981c808c662203335ec5c4bb3f306add72

SHA256
1f9410f7f8cf6bab0d4c1b12778b3dffff157c46c86b8012e01daa9635b0d0b9

SHA512
39b75df6a9b68f81f305e7b0a5f42d2984bd3ff6ddefe3ba3ca66c6c63ddb87bf9c7d7c1a51afda75ffcdcadfa5a3b129ddf55b1a9dc835565e789944c4a6d64

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000085

Filesize
89KB

MD5
d75ef4700ce9ec66f58b0083006d58be

SHA1
1dc470fab386a889889e03954c9344ad54d38e1b

SHA256
f0a7cab7e5e9bd20282ee1583bac5d588b8e9d97d54d84327cfe1c97577723f4

SHA512
95b3fedf10da776998db0639d85632df2416db82340106d202bf747c3f3f9754b75b68511318614125c7c5d974d9a8f51df298537ba22cce7a06702070d455b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000086

Filesize
40KB

MD5
d2d0c427f1d093c36a9fd6751a9a9d61

SHA1
dbd596ab1f2256ed3e3816be5eeb75d34f38f821

SHA256
b37bce0e0f504a7b54d3a01007169d4126c2a401be8f93afe35f665e62c3e34f

SHA512
b8418e074df9619ae62461b5c42fcc42d2ffb8b099e09ec0271bb481f8e1ad8d7655fd5149d8abdbce1d35226029f200623574946d6223df1c9c14c7824d63ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00010c

Filesize
76KB

MD5
60e67a20bb12cbcb0bc94e161470d0bf

SHA1
7594b549b595b7c2fdc1ac37ed0c1bd96742ca62

SHA256
102da3cbf4bc6ff4bf50caac7346a0a54f4ffa502f47a6a64d9ac5d675a0b417

SHA512
9b7977d9d9c4eb8fad888c190350434e431ee0d1c482100a4c51195bdc2957c9a9f46367bcd3155d3bad223346dbed563a87d2e92ed68fa1e15d905362bfac72

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00010e

Filesize
153KB

MD5
5c68fa313b41bcc8672cb9730e222167

SHA1
f79a414a00565e992a190eac1005fc2220812295

SHA256
bd0ccdc00a55717e0b61b236fc5f181a31932bcac1745f8bd3d1014bc2cc2c67

SHA512
b15a5306183b70a44da742877ce4e2604ff878f352fedac3da6de7b1ffc101b06b8d644936418a29ea59e083e1ba490836d0b31507054fc8297f0deb67b1612f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8869765962a93d50_0

Filesize
289B

MD5
3318f39f595228785a2cd1fab4c81ac7

SHA1
fc0d7db5b7ad2bf3f54ce13af1f7ae5afdb6ea49

SHA256
22deceab5798db32664d54b5be1b076baaf2c3340e7a118359b9ab2ec3507f7c

SHA512
88e7d2da8adab309ff048ef6796946caeb4a7089e4705354578d190f21cc9091e7eea28c99de78c0bf05dadfb8f772890b11c7186145bdde6f3d65547f4b3987

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b45bdb71e41a8eba_0

Filesize
18KB

MD5
94422053a467fa44e11e09303725eeca

SHA1
ae4db1d1fbc0dfecc2fe5f8b22304e8be6d48810

SHA256
bb4e95133706ab0a085e485f634a714418cdf3bab6c78ffe048b8e38e17f7db9

SHA512
b8f0dd118c7e7cda13d1549b4f322dec0d77ab85c9f8c70c157bf522ac77d2d4ad28fc94c8d572b863e9f15435d946efbe69d515b0b25b95aa00d58465183ec4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ee398079f47af5ab_0

Filesize
317KB

MD5
594ffaab454558bb8bec2bbf9e615665

SHA1
1ecadcaf2e604ab72dc23d4ece96ad7a0ef260cf

SHA256
79104f662d1734d4274e18231da354a9e3f16f40d770a9158ced4fdf6b5cc6ec

SHA512
f944f97fb6d0be22e679ee1866e1e4a29dd8e13c9431d2c49ee62cec6f13c36b5cf1a365ffc9b9a87f81a63a6081d63c194d7f3bbbafbc607c135e8f99ea348b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
4630461d739fb84d6223b2fd915b1b58

SHA1
7275654acdee41b23f448a7b0dad899e4db4ec82

SHA256
07e3e52c6dd7689bd9d6dd385acb4df95ae5547ecee94b89a3f885c89a97e788

SHA512
7ba9677fabb89c929dde766c58596faa97e6ba29fcafb0d5615f1174ebcdadfc3ae64e467939f4f573ae6c8d466fb596c49926991d413e20e5216151a546af0f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
71853cd60a3f56fa1026d796c810fe2e

SHA1
717d50796573959dffac9655f5226d5773be6e3c

SHA256
e4807ab102c5c1b826eca255d0bf95d0e882c9542681c2c13d0f061618ae2c15

SHA512
065d9f4b4ebaca57e388b50f422681ae6346d1e4ed18025a9b8351b18b9ad97795d4abe03370e484e30977266d865144c7b5b7bf384071f03e3e7b0f7c08aacb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
8ac194260005e2fffb43cdd854900d38

SHA1
a7d40da93ab968c69df04536575fffb8ddeea9c2

SHA256
84b2e69b539603e1cff8560b6074cbebfc1b246d5de388ef3404a60ee24fc356

SHA512
1f82c6c8466bd69ccf8320df8e5f10773b352f5bebf4238339f395a804e708e2baec99a5a2c1f8a8cba50848bb721100c568da5d6d9e59539209a43933ca453d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
ca0a73bb7a85fa9dd5d50192cdd79b9d

SHA1
9b81e3bfee5a4490eeb57ff0c68b7b8bf475f283

SHA256
eb8d854cf4aaefbdddcb6333c997eaa9605e1848bfb01dabf71f6e8e124bb021

SHA512
4228bf61ef29abc329d35c7269bd0afbd9df31fdedbc4681b9225fb8223dc981f7a962d54917a721689b1023a311d479d920e47303766d3540b7b6436ae665b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
06602e53b1d79ed2ddc876a66355e835

SHA1
e07289c308cc07f2397ccc65122f3652a0b68d9a

SHA256
9259b80213ae0c71e2ff776e8d4f024792c229e57c39a80a76a4087c204f276f

SHA512
4feaac0b45f3310b264219b58c8bf23edcaae3e401de01437fe1c19663d8f7e0214aaaea09f2359942988c11a33b48c7d6cb66f0c5d727849f0eedfad7740bd5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_1v1.lol_0.indexeddb.blob\5\00\9

Filesize
1.6MB

MD5
97eaeaa54ab24db4e2ec002076fd193a

SHA1
bbd30b15486d96ef026506046c020633d07f305f

SHA256
1b49b951cb570aaa77cd5eb47d2fc99b5c2864be0b474467e3c53df0ca4f19ac

SHA512
51838bbed2bfc36131c721d1f88bac0906c40fe63b1a0663ec4bbd601fc3653deab8310bc8c839f69e94349df338e7203485d61a8fa995ac2c6b0f411f8cfaf4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
d0998f9b84144c12628eed2b1834bc2d

SHA1
c31d94fe373f9e251f14ba602a0c443e891ff8d2

SHA256
47f8c55a30f81d293d4998665240e462cf19ba1165178e83ab1e1d389bbf93c1

SHA512
385bc9f61086a23640e676178e36b14fd5f0fb0e57aa0c35f39c84e66aed10e6682df0fc4cadd675ac4c90bf969f88e1bdc4e601a7c38dee0526386a13a07012

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
fb85b66b4880a8323f81d7da489bf705

SHA1
bab144b45a68a600e036bbd3f40989b3f0e05c53

SHA256
df9ad4adb1e71dcbaafa2052c8039c3c00946254501f6dc1368a938f21d7b5d0

SHA512
ad0f1831b11db05244f22a281c70472d757bb9e591bbdf505d4687f527dc8d4bf939439966301e1dfdd7d934dababdba088d5473e26596a6f86a3ffe12f56e5d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
9f7f916dc43b9ab66d42a993014f577e

SHA1
b4ff7e2e8b3a20cd96dd72090076f49c7701bf0a

SHA256
bca5ff1abfe115f6dfa02c0123a4b6cbe74a202182ca4faa4493cb27f3961d97

SHA512
636b46ae5dfb0eb2425e965614d57c166c7537e98031f2d11ac9cdbfafc6ba0ada0c3478c8519f0c3fa2da950496fb8146699d896799d299c874e513215e9d91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
9KB

MD5
c260f6aef5db3f6609a9da51a1a76e5b

SHA1
f6b13a3a80e70a0d92109434a1665990e998d736

SHA256
3f3ee25a016c3c05a407c7ba0feebbf83fcfb24b8b407516c00c42df82ae9299

SHA512
ffd39775834081a0d42d6d0ab06f8e6a135625d853fa003d40ab4c5ae08fb60a489abc1deac3c66a6efe11f3fe6cde7781d9d76fb7649d5b42942db238d98390

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
11KB

MD5
193c6503eb2f140dfdd4511e22570050

SHA1
dc8684f9af45306df1b94fa6e8ff6eefdceeb58f

SHA256
a1088bea470392b47780ff36e5551c25cca1910e0e859d6c11dfe163c927900d

SHA512
0c8e21ef2a63b557da0c07d9585b87ada1d62990a69538b4194ab208816eab080260bdc73fe713f8294c51abef7e54fbbed48dd8757fbee8f53508f05a8d22ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
6KB

MD5
0f878baeb8ee6f4233825d89119953f5

SHA1
0576a31b7b63b055e7fcd6cede0208aad7ca7be7

SHA256
0be6ad0b42e180037af3a76c41f6b39f5b7161a068149c76887f9eba9ed5f4ae

SHA512
727e7c5b59a7ceab245a0e13769c9bbfbf5874a2abe0f15e4a6d033e5249e1cb1d6bd3d2b121ee3e82918b7797b8aeddc7f4fc36735687be15ded834672fcfc4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
10KB

MD5
7f48c16ee5df60bc148cfcf68d154d49

SHA1
bedac594d3c04ce908db24a5b8dbf2a442900895

SHA256
3f2253654158caa5679a484c74a7a3c355c3d2b15ed60908adb735b47f0262d6

SHA512
059c1c2060dc81be08d9cc9ebc2093afae84b5d0cb35044c784d2a19dd33d77eb6b07dbae055872e613868dbf32a8f2eb248eca8608f31d61d8a7571e558ca39

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
db6d5d3013fb1748a598bf3b6492bdb7

SHA1
e63fc55c925f9268f4d5690e7c5b80f9d60c91a3

SHA256
1e07918f987efb73c9bed4b19b3822cee68282728353d07e31a143f26b1a6260

SHA512
9d14e2fc1498c52cf81dd3bb2a10e3db091f498c1e4e752edbf7e4bc36dbda0a96fe78005d4283fbe0472cfc949641e2a9e05c57a9533f34e47693f4d1fc07df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7a0e377e1d2b31756d096f3271413795

SHA1
c8491110ace279fd50868300e9998ebdba79cb54

SHA256
82bd8b041380efafc081b716ecd82a4c96d7288c08af196d5825c35571270f34

SHA512
c5482c04b99823e90d3d07ade8afab81b2c3f5b30c53fcb56863be336aa72bc2ca05b545afc7da8e0b641e1187e25fdfeadd7cfc4194fa67a38c616e061ad2ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
38828d0f932d5eb37bc757988992eace

SHA1
0cba3917a20628cdec024a27f085985a4a10c7de

SHA256
8588a37abf65cb9d9bc79c100a33f62c4a4019cdbe9aa5aade1f6ede40dd67d7

SHA512
45accf9957f4ec9e6e74faa0832d73d4df5c353ee9d38bd69d989f9d429a1ddceec5b664d4665654bf03962a9a3a0a4f4a6a79a3e455b5fafba79ff63cf475c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
9dd9b71db44a9292e3b1ae5f6db5285d

SHA1
f52c4a9e9d363a6009ac7aca7a853bec8f9cc8ab

SHA256
9eb3ffb315e696cb5683c9c12785bce9825d1e40584e3bff812a8a461499cd61

SHA512
1d2edd23ca20faef1c144a173dfd21c0bba0cb38e43b710d548ef66fe828f9ef01ebd9e63c7ef9ee82ca2a86a429ef2f9802560b609c5dd28794f2ec9d7ed093

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
f2a171cf11e11494cea7249637eddf36

SHA1
580e9cc27501c25454ed0ba9447cb06236cf6949

SHA256
1ce0c7800ab88da790c7fb2e86a11f4771528f810157e80fe99680a3a4b7e232

SHA512
cae565a5414ec36d19533b17e7815b7c898621e025686d971ad0cccc3ddd060fb2115641591ee00489f38138b171dc0e1a906a74e779fa342948c16fdec35d50

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
1f5eb1bd77464f8d701e5eb86b223bbd

SHA1
f20bbe627e9a2da73ffc95f155d5f7aafb3ab770

SHA256
5969388757de9153a28cb07b325df2823d45c345740952bfc0bedadfe1c0d8db

SHA512
88efca05c9cfdac57b8ad00396d5fcb8d957965fb3c1eac5c30a9266e3a728810ad27aba2ae4ab057ee9334ee0a831d0d0f2adf8a297768d588c01256bc0f227

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
7568f39b46792a8a1de2794df133587f

SHA1
02f02ea94fec80041102bcfb8e0749b0a4b3a7d0

SHA256
9f6487d8c9362e6955c2e397d13b2d645d2b269e41c97f316c7cd729e23639c6

SHA512
46a8d732aa9c471df690b3cb5e04558dad3132902775c7c7129825146d671d6de0a3a485ee33a212966c71cfbb0c6ce7cbc653ad2576318aa87fc125d0878f86

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
ebef05772c7a369869d8fccd07a5b19b

SHA1
d662487ebf352bd42f820f7d7b7ae96a918ca2df

SHA256
a6ffa180369ddb37c7c0ebec0b6dc2837af8cfc66e766d4a0b83b2fb7b6e0acc

SHA512
f66611e24f3690386126edaa92ac509d020948b7885808f6d9abce1c12e5544d74af41855aa0ba9cca5c2878e31b4b3ae05f7dfeca94faa272bafce4db3235a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
14KB

MD5
4544ff73c0463e23056576e189654596

SHA1
86f7cda6fa9593730b49622787324e393b5c4685

SHA256
3d4e9cbf2c1377dbaaced028b24ff2a9537429df324c02267220a548738e0cb0

SHA512
5e64b10910afcc95d456503ad04f2f395b83bf02d2f39db8a2b70eaf27c638f7a8ba8c8034b5bf7a42035594e2d574b5e616b7d2957a7396f52fc0a470a3d94e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
14KB

MD5
b46350fe17013d118d2f9178b62012bb

SHA1
df7a447986cac44ad806b85c4a2a98391f262c13

SHA256
14e41f4f1daadbdc7967b6a74200fc7406ecf1db1fd7b56be40376a617ad7c02

SHA512
a60cdadb8b388551cbe5be72a1cf71c51a4899dfbe524bf99c178b2c50e36afafb9b1276bd45206c60347d3faccd5c800da0c9fefec24aa4a8af3e63b65d9cc8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
14KB

MD5
b367a6238d61383d3127a4af4286c54a

SHA1
96907b541c54013ee01a9a13f659d74bc1aa8a0c

SHA256
61db034da9915f71ca0b636f9c2486b6ed7dac0c4436b43d1be6ae66ebe14d44

SHA512
0936ca2910c9e95f7aca9364e0b17b109fc43b5d70a2b0c38eebdcf7815dc5a29745cca4b155f057b11ad2d53d987cb761c5e00541508700af6a6a9be9301ed6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
e45f20d91ccef89fd4970d0ed04b7ed5

SHA1
20d10c479c9a461048e1a600b1a3de00042a4d31

SHA256
7cd4985054bb2c9a485615780a6576ccffd4276e564cbd7b03f7421eaa2f404a

SHA512
ec1a2f614301c69e61bbfeefe8b0e3175e89ce6148db05f9362dfda188ccf2f8303c14351bd12de2fd81c65c95572a06a855d1fc6a0eb977dfca3eb8fdb88bae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
9edc3ac1353576632b248a1c71a6ad61

SHA1
7edea2a6f4abe689a34ff73180fec5fd99c784d2

SHA256
31ac73b4fe97592e37a1c36586c9f8bb2e6146597643e6748987dff173eeb791

SHA512
97ef290076b8b1282658e9aaa4d7eae6279ab9896a3ba986dc3438f7d26ad84d85afb6dfa10b5f844e7d32410e2618a023f8d53853160e7d60b936a0ab32b877

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
15KB

MD5
e928699fdefaedde9155322740346290

SHA1
9b8f4ee1816267a5575e3fa62b2350e78055e582

SHA256
2f086fb9b54782daf428a7f05e62ba81bffcfc1d982eb27e4c0fffd0af8feada

SHA512
179601344c3d4777c79b6df0b7320d89dae54b0e861521711773c385a10bcef6142544dba3234fe153d6ed19e402b4df80584bb66c2029a50d8b917fa29ae5cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
d67c684ebd4d0f6af7fcdf6eba344599

SHA1
60b845ac10e0c3c8bfa28a02566ca387e2576eb8

SHA256
c4158bc268fe6e6124fb7e6538af93d5ff8e8d90cf362a4224e96b16bc2e4b73

SHA512
9f559a2d6e0a1d404701f68bc5086ed0834e4fcda8659d348a9e63983fb2875fefe9ce692d00d7aecd9edea051251ff103b5cc8c21c2e9bbb0a76e42cae5b694

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
896c79578aa770276ffdbfbbfaae3f6a

SHA1
a44449c9a9f53ec8d01a552278db37b46741661c

SHA256
60ca1846d17190af9d655d7b4dcc831b6296e537dc0204ff2394fa4890c56cf5

SHA512
72d983f683ea586107c120cb7d3edb0e83351d8e1891961cb5d052311d17cfc78dcb01bf2e954e7f0be1f0c8c72945aa27871880162146a1b5e498e4df6da894

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
198558abbca25cd54aaa04b35b5f4c78

SHA1
444adad294bc9ed96ece99d32f38680eb1903aa6

SHA256
da17247eb2df44d4e0cf33778e5b614651b7a730b9f08ae7c95848e8f09d940f

SHA512
6aeb5543ad45af0829192af53e27a6c452f4d10c62e05e2d39105b582bdac821e6be136d6da155d93903e9d78fc396de3ee73fbc8b6a8425ed58bc3bd6f37835

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
14KB

MD5
d1b5b86f52854d9dd8d40820db0a87d0

SHA1
cf17fb8b6f28bd2de81ff50cf14f4b0d29f40d5a

SHA256
3fb49f0be478c5bc68edd517bb4a489321328bb5567209c0ce625cf5cd06078e

SHA512
b426a16d58db13c574f9e3e28ca92c3f33c624ac2574aaaf97e10ce93173066ce60d511a79c9b07c142e0673dce0a181c1b7caa07f10d221e8ca6e17435e621a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
14KB

MD5
918988c0371e079ee1daa7bcf9775052

SHA1
5e424bf85ae6455dd9f9ee5a9768d315669e05ab

SHA256
d32c6183484881cdc0ecb366232e02dcf7af9af133d6f5ade180f8c8649903c4

SHA512
51c6ebbe9bb86dca12da9db90fcfc07e2fafd6de867d528b9c69581613724675ccdf912ef21f4837a86fa58e47f0a596d7044d1b928b0b3f5f2ebaae6235b2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
948956281149a5c9c78a6e9208a4d9e5

SHA1
bff8be6bf498c9168a484c620cf5aaf38d0b11b9

SHA256
4ed3d61551d93cc595238c9567ca7c18594657a9ad68761b1aba3c702fd5b2df

SHA512
231e6fc195e0498a6e0489ae255b035695d33d1fc7d3bddb2c4b9f26c976bf150c81cb525461a6ebfd43dd71919d7b996872784148c8c0ba8dbc9dd5d7a7d919

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
b85e9da9cab4d5a0e164592d060c36b9

SHA1
a6401779fcb2bea2f2cb40d47465f973a812e7cd

SHA256
c6d3b652075db829997d0788914795975451314e5c6c0d0d26500112c421143e

SHA512
fa18d42e061eedfc93f30e07b235c8ef543dabf389d8db8a0387807ea41477ce1f39ba120b25cbacfae8fbeb49bd9bbb341535176e83b71fec9ded4cd8683581

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
18dc7f157359e092fae060baf08a0027

SHA1
d15623046b836c50d5985666cc44314611cb3386

SHA256
48a9f932ed5d81d89a0336b739954f0c3a874cb587d3fc69aced5446b1ead80e

SHA512
273bac79250c1b8c4dc0198e882471d7bc1f3075cca76a2a34ad15a4cee00a59b2d9bd3cf0e3ea74eb882baea182464c2d563c61be17f96b777bf6576c772807

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
d86ff9b3d53dc840083a2885c94e9e86

SHA1
d268cfba9d0e9235c5b9ac2fc935a8b566b008f4

SHA256
bbc33c544f1904edfd57cf2d7ba02ac0caa8e23c06998be383befa6d4c70719c

SHA512
90f61bdea1d5d830c56cfb4fef2557f625a048ca0a0ef64525ccc0e2b137f534d20ea234af154c1211eee903aabd2fbc59cf13189b75dfa3b2af6cb74ca7ada9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
35d181a2084fd6931a765b279edca93b

SHA1
1e6f959d929656c3a9ff3c95340bc5d309f02061

SHA256
b4b5cbe62743a1c52577c3e4314a400f4c530cb935fb8e777dc11529b0228ab4

SHA512
4a2aed60acb3958c9ec369f984231cc6a86ef98f87c3ee3b5128aa74e48977ae4ba4ca59b4d1a6be261f1c23558c7868f894b2da4c86d95410403f30f96789d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
c62a305288aeed4574bb4e6e3c0ed7b2

SHA1
97ea3efe1d2c54fa2d12924ad05c782b05ba21e9

SHA256
3b966aa1f70c82d3c73ffd226fade04fe670b2cf49401fab6746a3ed2b6dcb81

SHA512
8ef9b5163516ba6acacfeda696d458cf13b157906c61337607168ab18cf8e7c45e8f6edc856c91117dc4a8e131a86cf91626712f0dd25af37c50bb85baa8826b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
0462a92fc740f3e1d258c6303d72694b

SHA1
df0fa3609626b12dfa06c0ad93e3cbac95310dbd

SHA256
ad13e3e3ebb0b83d56e8e2e484f7220ef4f1346e366675300fb2f07f1fa12ab9

SHA512
d30680bc363776ccba296eb7dea7270525736de61faa6811c0f4aabdbc6dda8adc75022d8be05e6926d454ab96df9b07ec88568c98e360201068f584b63923d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
d69449004ac998810dfe59b6c1887bc6

SHA1
5983c3b30e3cc2dfa9fbaa569de6fcd8fe6a895d

SHA256
60cd82b86656ea914a2589ea0e7f8b3e558ec68fa2475bcce99425192877ec1b

SHA512
0fec14ad2d3798cae4070cd4bda5ddf235fbbeee3e200f1fb2f2d72fd27bbb4d9499796d60eaaddbbc3482b93c49bbb48d49b2d7be70750a625dfecfa2e1fc27

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
ae164a055a4dce3c26aad6f5f45c75a0

SHA1
44b7648cafd6fac75cc265cb08c0ae90bfa71f2a

SHA256
9931bfaa09bab066a4955e9bd669d6701f7498278baa84807874b4ae0febbde7

SHA512
026824ecd0f4b4146ef4b02b0884de7235397766d6d2b1799d26c67cf5770a6f20cb7f1fc6c6393d996eb59d18e9bbe69dff8ed7756c40a2eeefa728c26815a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
d28c6fcd78819d6574f77d78f6acc870

SHA1
4f4cb7f10ced82d0ef1b8a75e9b2370a73f0e64a

SHA256
8fbb29c5c34cb2ccff480a0fd3a5847881ef82e90b5669958dc718b15c359a74

SHA512
bfb6fdb49cb535e4da5cd0edacc01a6338008274246e87d381d7e5a236c476910f4f183a209b2315df979eeb269a18c440bd90a74791a5c86a109ac064a93f5f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
10ba0551a73d2e0798abee39d8fe8115

SHA1
d397afb4041c57d757e141365f241ed3de2c8156

SHA256
8f22ff0d92f76a5456957bbb3f3f4cfd8d6317e59d72a24d1f3adde89749a5b7

SHA512
f701a65c05858b838274282eb0623672355e13dcff84418720ec4844187e98f584063f54a502b32be7e0e7a3951d6f4dbadfc95ab297db409f52ddd53da8651a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
f3da8a879ca09c7adad9c982ecb4f5d5

SHA1
1cba5a6a9646988cd6bdd94bf9e05204fb34da31

SHA256
54d293396bdb77a4b59af2a5d4e4be39f26576e48f88727de533a8927117a0e5

SHA512
821e481ad69ab7263f0bd06f41e1d5e0286160a33b5b4079e804f5190638f340da589d7dc1a0776f579f7da36271a85f5bc166a97651afc442f81deb554dbbe0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
b0cf75b2b25fba85d59c4f429584d5e4

SHA1
e634ece35ec74c98e4430031f06a46d93317a813

SHA256
50149b1e15f41e922c3d993db453e1a081e88fbe963cf1f9502925b252f797cd

SHA512
f14930c734e8ba2218579f841e7dd779e2bd802eb76ca8341f6d284177bd03d1054936c1af8805f849522d8eed82a21b32ceb0290e2feed889465ea17037f8ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
d4c287f4b4c89f18445fb01911da6eeb

SHA1
cd91ef7c79d34548b582cd12376e28adee1adc60

SHA256
86fe8a0e1c78493eb61f95c255c57f0f00b64e6d2d2a542a1ccf7e1233b2b49f

SHA512
c8cdbedf9708b6172b0fd1d68e077500bc9737b3822b800d7c2be8637c432e11bab0c33d87cb393ae3062a5d6413de5e8f79e8dd4af865a547ce1e56097bb558

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
491b05399aafd79e78d4f1ef29c9a6db

SHA1
31dc3132b08c72501d6587651ad411598e0f0148

SHA256
eff4b76236e3846a1269166775746b77f794d50db791371fb14dc84f38dda89b

SHA512
84d5bb0d37e072c660c6ac1c8bdcc05360e2e4afd3e514d09ed48dd02b36646aa785e489febc1e74a1dbb95072fa2d2bc46c0f75bb948a8290afdc1cc5007b8e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
5a42b1e6c36783198e0f280c36ae2710

SHA1
75aa8c2188e062e4d42c18024aa0e7181f1c830c

SHA256
67510cee79864e1687314a2dabdd1044ed9be3b7db5eb55766c9975528ccc0fd

SHA512
af55a8b533798bed0fac1db213586b89077053f806c4e8d75cc80cb07ea2ab273b2401fcdd85f7c6d716becd18fd90b46e9830adb5712ad0f0d99d96a2d02ab8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
7775f200454af664f47379bc8d87c5fc

SHA1
191fd1791c5d593da29fe7b98408152ecfc5b05c

SHA256
d3f3093c0826ebe4de5992f46c59bb247f25286879dc7d8bfdaae498c5a2e1c9

SHA512
9f2e427dae1c7627b2b4b0c596f4c5b6a938b8c5ca53b2c17f0337b39657d38b58a92971e0dcad3872d27fcf224b651b0a6aaeacca7a423107b48d933aef352b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
13835bbc07414c81eedbb0a63ef60585

SHA1
06e2f854ec81be2883e55c6f0cfb1cdec2ac2422

SHA256
88db0c786ac60d45531dd259c1e34c7c0dcfd95099fbc19abc544b5a142972cb

SHA512
c6018edc33ff0c4956be495722c53749942ec2d66b97b3aab2eae1521489ee34d87bcc43759e834701090627e5800714607894aac0a41e59f9c0dd745bdfde30

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
3780bc64b8d90d1a235cdd5f785ac987

SHA1
16ff4e58eb60a02767d4a952846ecb1122dfd4dd

SHA256
a66edeed8fdd268a7f357624ae4a4ee0efe5af0d7a097622c2e75ae9270152c6

SHA512
59cca9e45858e5609addcc7bf2658f0f1529f00e80feb1f9c2f794fb83d4573bf7b6ce5833bc89a406eacede550e4eba5e2b9a587e2d678707869324d7990fbb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b61e3f55018ff7d16b2aeff5722899b5

SHA1
19315708acfc92d082f80275c9e070e8113599a4

SHA256
665e0df3f6866d54f7c4d0ccf2952e11c16f11889df3a4bbc460320b4fc61a15

SHA512
bf138f00f293ea838efa9738cc50c7595b51d43c92f860693dac935a1579bccd373db1481352534d617e1bbad6c6f8f79a300c1603be9d183db107f6874b57e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
174dc32795a0d7edce7f7f6caffa306a

SHA1
95c4900a8f567a2b98d263600a051fa04500e327

SHA256
b65acfa15d1524708250859cb22a6c049f5ae0f5fd7327903ec3b03e258f3f6b

SHA512
68ab93c809f17cf57ec9baa760f41c6b26e316714f621c5af85d9b07aad14ff3ea14588331e42bae482def25157256e9c0791fa060e8682256e046f6b6f0fcac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe588f0c.TMP

Filesize
203B

MD5
86212b9b4cb05166dc4c120abd24801d

SHA1
09c7ad9e7504541b09c5b5003ba3d90bd26e8523

SHA256
21e479310f5bc341446ea9ca038a03940b033ef0d70ec911adbc808acdb9d71f

SHA512
34bafd77bc5c61195591ec4aa8317a3e11b5347cc6207592c8d58fd7e44c4a3e848a2b98e2e648d22c3d3377891bf55813b7330def6b66e6c449c3c99a8c2a2c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\blob_storage\4575781d-272b-4c15-b314-44e3efe38798\0

Filesize
9.4MB

MD5
e72c6cdc19bc938f11a9c0aa744b98da

SHA1
fb69acdf491858c7465178073f2affa85c1f143e

SHA256
241ba992e30b854a4c1c4c693d16ff9c7a4f882f8801eb6d590e000b46113d96

SHA512
d7c5350cb946c3d0d4aac7103a34e8f41f55098b2660056a4d4ad672f83dd8ea31836dee8b96aa66bc3e608118c133f9bddca3bdf812a5cc773aab4c08a0cbfc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
caf546bd818f691cc990d753b4def9b3

SHA1
9f977ede55ce48d5034abbba77d8cc952e131f4d

SHA256
0dbca32ad46b447e28b79ee11411d6aa88030cf5968d1686fb3a63e41bf71c59

SHA512
4cf6bed88e1c43813b2786bf13e4d33f281357b4d4e79b312230e950a6ba65881a9caaee76ba57a3d57ba659754415e788257fd88c59cd952b86af68d752c920

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
5d7b4c17fe3be536a8932a78fdd92a23

SHA1
0a60c34d951c1e5e8b36ed54f5fb71e45b723523

SHA256
9093bd24ca065efc11401bcd627c8b668e84d0a3b41a2f13dbece6bbfe05470a

SHA512
f693ee8b33698a4a6319d9707f260839306a7f0fe798b2c898f4e019e92c37ce206633071dd7468257a4717f49b4fd6a67a5a0f8bf9ae7687d76e088df5963ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
7bad42f4d170212cb4de0fa401188ac1

SHA1
bd973757e3f9708d2cef8e7469d3e63c23a5f8bb

SHA256
b40c4be9d92704f5d9c61d5021ace81eb8db497c0d2306297b03070e9f6f2803

SHA512
3464fb13120005f08900d88acd66452ffeef19fed6042ead899b6055e903aa92a30225db0003b7ea74046c03b0043e2b0285a53c989ce988bf26aa9495ec232e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
4b6e0d783ed42d83983ff669b6489d4b

SHA1
2cff987c7e1884824668c55bcb5d42c88da73748

SHA256
ea509aa71718b4004a13b722bffad4e740b6f9305b0650cb7fb26198f8c50a73

SHA512
17dd4fce025be0f31a93de59c84c62981ca1f465114a450ed6443edebacf8f89853128925495ed51f957b2823952e544644e545e6691cf9d1194e2bec0e1a5a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
273befb94ac49db71b54f3c671df7f93

SHA1
7666699e60cd2aaa31296093ffb0e0300e296bae

SHA256
9e77ce94e7e9b4d2c1618ccccf1c0cbb11780ddc1eff5c08178a285754ceff65

SHA512
cfafb0c32f29bc7b5687059d60591a9c51befc436603a3569780fd2c50a1641f6826192f2f5df196ce08848ba66d1580c3bf337893822d113027c6a5d0b272ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
c75d6338d59a066e5ccb73fe9a8791af

SHA1
64765fb4f599de991ee9c660c654a41cc97cbf91

SHA256
7915d586581ee68d31f72deec16cbeea69c421a9f5bb0be2927f3c0e79e5b825

SHA512
efbf24396602c0699852a931eac25a9abbc9996b9bb068b17178597e9e21f1608235a2b18fd83a374bbd846f2178b5b420bf85eb4eb026e0a3a23ea17a20f8bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
6a98ab193803fc03af44ac8406968d3e

SHA1
2903165aa9c9a96c74a60953abb0dcce87b513bc

SHA256
bff1481feb0a6371f3485577422a7654af7fdd7746c7c85a82ee28eb2cd10d44

SHA512
46a8ae983888a6eaa920aa719494ff2091c68e79a8f7996ee35778686bcba2de2338de35716b873cd7e29240cf88d9a97f3a0a85b432cd31304e294c67e69cab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
d9b7701e846eacd0e74df9f8e009723b

SHA1
232ab9d1278dcd1cb74edffed39b334a21ff84f4

SHA256
8d297817388bc63ae48b6f346678282bfca030f26479a7be305e36f2636097d6

SHA512
d218e13c5c1b04cfa11e80ed876d991cddc1cff99b789db025e83251a13c69959147f31f69dceea457b30f5e16e46d3625f6f3f4f67ac4ab5846c8c9f172e914

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
c6ccc6552ac4442aa748a6ab1bac8bab

SHA1
6f0c9b4e674ab91c76d272ca41ef8cd45c95acbc

SHA256
950b7b4a4222e89c16c912bc059707628a18faafcf83ef6ff9f83ee599353fad

SHA512
6e53650d23290906bad7fad35596368d6688585c337ce6a3c1997223ce077f8fc134b5f0ed9849ce8d779a201e78a38c5e8fd1450248f530c98aea696c215cee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
76a66d42de467317c0409705f09bc673

SHA1
c21acb9bb9973d2edde692fe0a4f61c2e876e402

SHA256
1c07496139af3bf624ba5c94d185c588a0c9b2686b0cb252b510d49d6a3c1aaa

SHA512
d498a6bde236e74e48f0f98574bf37cbb10b580e51eedd70bb5cbf7405ae2693d0be9cb5e28a2426380b3ddb7f4fbd33d4663cf91e2abb6b171f12a3dd604079

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
c7f94431c1b015c05dae9a1cddae7ff6

SHA1
a6b591ddfdf974bd98e0890e20791612afc38cbf

SHA256
48f2dedfc8dd1ee596a4472bca3b2c48f9e47d0d475e9c252a939679280bc60f

SHA512
541f2101dd2a63b824c6badacdabd6e654feac9347b0bc3c30ef8af7e1e58959acf3185d9a32ab1a99b098e11eb68c52df9e470413cf8b2f517c1d92df817f80

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
dc4f3893dbdc594f17fdfb0fa4465094

SHA1
c8108c2fa76d459a0bd1cfd5cb08bb36d61d7229

SHA256
0069ee550ef564084daee30afb30141d14076ba4f8bbb27d3e62d106f67683d4

SHA512
8d50923ac9e262ccfba25460e5cf6ba7e740e20b90e5dd5824e1235b2b7fa8b1ee10b1c9dd29cb8ccf34257873ea5709d6f56c6236b2a3b5615317c51072c271

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup (1).exe

Filesize
2.8MB

MD5
d7a9490e0c17cb406e0bff4558e019d8

SHA1
4b6a9e05a89c1ac78a876c0cb53b243091f09815

SHA256
9f24533bd1efa16773028b99af24e7ffe36fd1fe183a7ad698af79baa3e8bfe0

SHA512
bef92cb927876564032c449ea8fdf3deac8ee62f6ca9a558ff99da1a7e7c48921c16020e1c59d818ef2fe91a0a71266bffee4efae2e3b48f4c512351be8f7ea2

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup (1).exe

Filesize
2.5MB

MD5
4f0aad70ca2cd01e5a3f9f7980361e8d

SHA1
56f84f40835a45103a06598b55d7fd416756d96a

SHA256
88f121ba1f0bc343fbc8e84bcd2294dbb2e6430a9db898eb431357b419eb1555

SHA512
5b9e6d6a08286f3a33777ae76e28b019bf8505fd41af70521a18cd0ce58847045f926e8589fc26e68b58a6b87c9c9caaef679a3140aadda97ba8697db98a5679

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup (1).exe

Filesize
2.1MB

MD5
9c6b6a52b8e0378b50d1654ad6698fcf

SHA1
6e05e7b16b69ea6d0ebdee4cbe2e8bedef7e48ae

SHA256
d098e79c2f3614700ea938e0cab0c12f2d98f00655223b841981141ed9d4c03b

SHA512
5b27f9eb5c6e0965e4288de376131d40037a4305a1d06b9c6a641d414e0fe7416b5548374bd4ba7167d59019011b5182c9466b9c4a2da725b53df3faff136817

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup.exe

Filesize
2.5MB

MD5
aa134ec4d6e4e9be995ab8901fc144a1

SHA1
d9694354b70699ce882923b230d7b0a87b166e3d

SHA256
09397c524cf888687b1b166a27b59a6160f7e9fd15cfd36c69ae84db443e2842

SHA512
87bfae37217d7012bcf211b1fd527476b91b99dc72a3501bc7b456f84c625d8d122207135a0cd0f7979cad37086bd025e088aa4678dcf7bf7a978683c08c5b31

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup.exe:SmartScreen

Filesize
7B

MD5
4047530ecbc0170039e76fe1657bdb01

SHA1
32db7d5e662ebccdd1d71de285f907e3a1c68ac5

SHA256
82254025d1b98d60044d3aeb7c56eed7c61c07c3e30534d6e05dab9d6c326750

SHA512
8f002af3f4ed2b3dfb4ed8273318d160152da50ee4842c9f5d9915f50a3e643952494699c4258e6af993dc6e1695d0dc3db6d23f4d93c26b0bc6a20f4b4f336e

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402282154411\additional_file0.tmp

Filesize
1.4MB

MD5
e9a2209b61f4be34f25069a6e54affea

SHA1
6368b0a81608c701b06b97aeff194ce88fd0e3c0

SHA256
e950f17f4181009eeafa9f5306e8a9dfd26d88ca63b1838f44ff0efc738e7d1f

SHA512
59e46277ca79a43ed8b0a25b24eff013e251a75f90587e013b9c12851e5dd7283b6172f7d48583982f6a32069457778ee440025c1c754bf7bb6ce8ae1d2c3fc5

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402282154411\assistant\assistant_installer.exe

Filesize
1.8MB

MD5
4c8fbed0044da34ad25f781c3d117a66

SHA1
8dd93340e3d09de993c3bc12db82680a8e69d653

SHA256
afe569ce9e4f71c23ba5f6e8fd32be62ac9538e397cde8f2ecbe46faa721242a

SHA512
a04e6fd052d2d63a0737c83702c66a9af834f9df8423666508c42b3e1d8384300239c9ddacdc31c1e85140eb1193bcfac209f218750b40342492ffce6e9da481

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202402282154411\opera_package

Filesize
20.2MB

MD5
f35262cfcb3f0ece7f3cf78153bd34d6

SHA1
a90f537e9ef954a194f73e26555cc7e46eace133

SHA256
11d2fdbe354ce4fefdd0f556706346db22ad333166e9f14f53b2bb2546b22c51

SHA512
6e58534fedaafa1001250acaf3ccc8c339c47a329840742cc1a4e5f0774b91bdee38a78f7a319416a677e13bde778de30e3a4abcf8299d6dde29a234913d29f3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Opera_installer_2402282154376833344.dll

Filesize
4.1MB

MD5
755b151b807f1897cb451d7debfabf47

SHA1
3e11925d2109f9032f7a217b972d2db1369acb5f

SHA256
bb2f0fd97df2d0e3e77006c832c82efb3d4cdc22d0cd5a80004d56a2d9002569

SHA512
0c5e658d6f1ab34f093728f54671e4a89654a7376bf184a35bb1dc04d5fd2d0187560c4354facc1163a30f96411c4bd92b9db0d74e2575c0adf58d7a15963e7f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Opera_installer_2402282154385043104.dll

Filesize
320KB

MD5
5cf3281cee10483dd88e23679a009fe7

SHA1
1936035f5c4a77208bb03192bd6c8e0b16ef458e

SHA256
d2ae9615348bf674d8c8157b5888c1a3e2d8e771f235a39d2d8ef9fae1572241

SHA512
9ca7c8a124670c7a40f3a8b8ec850f2510cdbba17befb605d876408a885db30add50ed9d3edf3830da691ce816dd4c55e9b067d166f9104e51b8bbaba580668a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Opera_installer_2402282154385043104.dll

Filesize
281KB

MD5
235f54ff74a99c13384bbbac40f56ec3

SHA1
dc014515661df28b8199716f39a196c7d9a86827

SHA256
d782c3a3fd58e5c890064f9619aaefed029ed2af5efa4113428359f3cb17c9ee

SHA512
2c4710188d34b7d5e4809c9ba2d9f07bfafc5b69b0f281530b74a6da5c5fa9dec1d6b6e08a78b827b985beb439f2fd2d1d5fe1ee279ca0856d6cf78c47a3c189

Download Submit
C:\Users\Admin\AppData\Local\Temp\Opera_installer_2402282154417254820.dll

Filesize
2.2MB

MD5
bf75e48ef466020804dc7de6bcd5cfd1

SHA1
2cb5ef15a6aa6f3578233720cd1f47a0b48e11c8

SHA256
4126e88ac0d55dd7ce1ac4dc2b12285e289d99194da040d66ba57e7d5a413d8a

SHA512
be2f9c61d0646d6f404fef0043dbec87a5f8ea481dddaa358955b2f37f8febd3d473af344157503b9cdd4ff6973bb55716b56c38ea61eb039bcbe19d0dc9d3cf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Opera_installer_2402282154579853956.dll

Filesize
768KB

MD5
14c2779ad28df5ae24f2b2712c424bbc

SHA1
7348c4903b43c881c2d0f0e1694f20ee85b68f8c

SHA256
f74b842efb2625a116b7bebe80c9b1285ba56190c8762845f667a39f54f434b7

SHA512
5642881e71a826acac8b2f0fb78803965537573415a3c4bdd48b1ec679eba851fdff4fd69db33f5dbaa60e256c61a22229d90f65c80edf89a1b83d7d41f5cb9e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Opera_installer_2402282154582391384.dll

Filesize
42KB

MD5
cb6322e32a95e6f09250c039b3284490

SHA1
7a1f500867d85cad382c8b3b74bcb8c51b2d5205

SHA256
7a907e2801252c316d63d7012f70b71204d403d6afd079b171eaaf66f19c4fd0

SHA512
5211dc842010824df80633f4230682d15f126599399ca7cb9222630d3348251a4d6dec3bf209d6e6a01d0195c68c9780677d8fb8521ee3ef8f78c2a12bfbc502

Download Submit
C:\Users\Admin\AppData\Roaming\Aimbot Ninja\Aimbot Ninja.exe

Filesize
21.7MB

MD5
1d2e52a2ed181cc08dfdf77ad9752e26

SHA1
cc03999cd402943798eb348db7c823e274814b02

SHA256
7fd0852145d20345f8c7742379cf300d380216d864d3bdc1d891a58f65d11249

SHA512
d1e900a8b803f44eccc744f77009fb8830206227de2729c2f6aadfa707a35faa601ea8957a051f02a4267d374150e349253113b7d6fdf1bcc1d5a9f78e9c88e7

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\T2UZ0NMY2Q8IJBVWW9O6.temp

Filesize
10KB

MD5
8305d098c6f53f7a9be3c2c453b7aab2

SHA1
d4fb3b0890cba8f60cf0bbbaf2a369c3a4d7fd0c

SHA256
4e5e7ea3a358be224ddd777ad4855909883855e29eedd00f687582361609980c

SHA512
fc1498d4a7e5fb2967262e1bd45894b7bf84c56b2fdea957a70c0f98512a4f15e72181b7893d4a30f894aa76a9a72e002ff98beb71b6bf1867766417664ad3b0

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
a558617c932d30d2d00f65549b140415

SHA1
bb8474da9c71cc9715fb30e821067e47f5fbc6b3

SHA256
db759e1065335a0a8f3b162e7a5ef14796d2d702995a458342d367f483024341

SHA512
903fb05f01c3bddec263386929b9989f2bf4f3d6ccd73ea6ccb8a250795b37c16b2c1525925d2ead8a60449a1ffc26d99ca11715dad9f3bbdc67a4251a809a1e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
7d98a79018d02ac6ab3a4e1dfc75eb4a

SHA1
c101492f1d49cd99275f51c3abf5d568221a1ca8

SHA256
c07a3952948e9b36fd42723e0d597e8e42991b02070d155034a4cd87c10e8255

SHA512
2c955dd86d40f2242835318e94a7d62fa0d39df49412216afc4dd7e1cea318554b8be8fcd1267cfda582b78cc8b082770eb33193b182a3ec652a4091a3663a2f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
11KB

MD5
920887c63f5777f77ab92092ff25d98e

SHA1
a2a95d1194de87110eb04128b7664af85f4ed27e

SHA256
7b2730090fcf41a7eb334614291f5308abc4ecced2707e2ad79f2cff4086de4c

SHA512
3e120b2ec5cc0bb0b98e46ce359d4f0c625514a51df7c8fddca8cf1d39b14f08388b6432361932030233b992f08277f0967f9e9f28b1f0e3e501da9937c5539c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
6a92c08f1629e27ab110f1c205da3f2d

SHA1
ff039d8002dc92bac3a7df5fb06ed91e634c456d

SHA256
3f608bcf1bfdc561759026dc98b0270b21d7a07590cbb5eba46bfc561fb9970b

SHA512
59d5c28a97a35db0d18862afacccf6db6964190e891b2faebd1cea59ecbc125c45ea8ef63392f1c27a0936303296727d6d6418b7845290e8377bf41c67792f76

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
4fb071d368a2bb1db0b3588d469dab5a

SHA1
2994d7364433c4ad0ed692a229cd4b8adfab2b23

SHA256
fbe439eb36910a8ca488f4b0306e5c7290309b20e598c974b1d593d027c8a939

SHA512
daa8a908aa159a28f692137fed99f5982dfd35396cae5dafa7fc63b2f7fb03fb7b62bb1dfd8f380d7eedc633285f6ab35b80dfcaceb8c0f8b76548b08c735321

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
9b8198792cd93146e4781b1b549329f2

SHA1
5a63921a420042251a8736aeeedfcf29cd9c7297

SHA256
afa02e68c3b624cf3e62b33fdb5eeba0db80141fb92e2fe7a0a8ebd6131d0f1c

SHA512
4e726c2ae3c8cae75abdf70f277d6381a36a87a2ee34fc62c9db19dcf8f5669d493fe929ff5484dcd9435604e4243880c5fd645a54c677a5f307be3dd76d2885

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports\settings.dat

Filesize
40B

MD5
3151da6707917733bab0b1453bd07dd0

SHA1
ffb0936455194939814b8244f34785c28191b53f

SHA256
e729bfd026dd33e1576e29df05916f0bd2f8525fa8d2c008ca37df3ea81542f5

SHA512
a4955ebc5462eea1e71753399f349362ab332c472f51457f9b8a7d56336d41b47fce12fe578fc279d8db7acf64f1aec2791fa62ee01a8c0065e1bb45d30c5a2b

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports\settings.dat

Filesize
40B

MD5
18b29fb5abc9bf70ea5be01c1f0d3961

SHA1
85f88abaa367302e7406e08186f293edcc8b4ba8

SHA256
d67bd17f311f2c74952824d7edcbea769a93999e10147a876f95152d75a714e2

SHA512
25ef0a8b40c6a04d4c74a19efbf2813d9f7980b627e269b5a50ed2a863e751cddf264e3de245c7efb7071c71e0c29420d56ec748dace6e5435f995f9ad43d95e

Download Submit
C:\Users\Admin\AppData\Roaming\aimbot-ninja-nativefier-f36b2c\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
f6672a61072049950b326ee5cba69a00

SHA1
ba85fc5d24890b27ffa7145fbca12bff01b52fa7

SHA256
42165fb73773750268ce96c70f4ae881f48a3661524f88616ca17bf0dfd1879c

SHA512
ae0821bc36c409e1efd0d59b298471c1b73f8127015fcb3c29e6f0971b55cf36bfbbc621d9bbce6e406be468347d9a9e9aeac67db14854881fd745a4909f9b67

Download Submit
C:\Users\Admin\AppData\Roaming\aimbot-ninja-nativefier-f36b2c\Code Cache\js\index-dir\the-real-index~RFe65c58e.TMP

Filesize
48B

MD5
8bfe60b211be67fd42023976df7bc536

SHA1
ee5400baccf84a9a47353f76e14133fa823f1171

SHA256
d89cf8a754b6bee0ed7f08ac30331d27f2e47de17e9c1967e2312b266f333728

SHA512
0a59b6f14c24ec92078e02ffcb92d2ca9d5c6ca6317a645b1db13361c65659c9d4b72bb556a284ae18db36ef81fd0bb7caf587e9e18aeb3a246ee2e57b281ee0

Download Submit
C:\Users\Admin\AppData\Roaming\aimbot-ninja-nativefier-f36b2c\Local Storage\leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Roaming\aimbot-ninja-nativefier-f36b2c\Network\Network Persistent State

Filesize
1KB

MD5
d0d012b5c27f52d3f84bf80d8f939861

SHA1
28ecc918096c4be2a836923a891dee1a519f6810

SHA256
f04007569b95b83af7d8a90d8246f906ebd10b091f7c86fe5c021b09ec477deb

SHA512
f970e51b47022752f8a1f416763ca0937123be97d221933c0c55618daa64c55fd9210f747ef8f8f8b8a02876a205651c4cb2bd2028b933bcd90c24ad3729bdc0

Download Submit
C:\Users\Admin\AppData\Roaming\aimbot-ninja-nativefier-f36b2c\Network\Network Persistent State~RFe663b4b.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Roaming\aimbot-ninja-nativefier-f36b2c\Network\TransportSecurity

Filesize
539B

MD5
b3dd5c8e57beced7ab8456093274aa42

SHA1
602ea6282de3fe6e8cc1d109d918cfaf39bcd9f3

SHA256
3c145aad1aa18ea3feeb7a388c9b60f139c72cc93e6723c40bf04630b519a9fa

SHA512
9a24ad915d92ddfca045ebca050304f9abc5245cb39c88f6f667a6800052b0bce4dc75e6181ce73d6eed95759d1a35bd3d7aeef283229a4ef4b70f71c273af38

Download Submit
C:\Users\Admin\AppData\Roaming\aimbot-ninja-nativefier-f36b2c\Network\TransportSecurity

Filesize
539B

MD5
4b69d4b2bd81b59648e91cef04bd14dd

SHA1
7e7a299caaa0f1afdb31a3b01ea5e2f9fd87831e

SHA256
a638fbe0e3e00cbe838f63c4c6f56bbed942c6039b2d13fe21dd5b6b779bb4dc

SHA512
ad4256e39241be72c9f8271ccb3ea1124aa5158e4a54196a5eda98d339585806f76b208cd1ca6166f203e228819d68a279985b3a08f8b4f3952cbbab56af34a4

Download Submit
C:\Users\Admin\AppData\Roaming\aimbot-ninja-nativefier-f36b2c\Network\TransportSecurity~RFe65a360.TMP

Filesize
203B

MD5
5b67424ba749816c678baa4bc02b65e9

SHA1
eb54937c9e3398d16d0be033ed8395d66e4f907a

SHA256
d0ac13d57d72e46e41dc411d55c88b5e115a2f800ec697c6a72e2646c8e08561

SHA512
27ed1ab535a860f6b66fb0865622fa7029d0c1133ecb2cdf473dd202e5e2344ea535376e1d00654caf9c739751fbbaf3c2b4fb96affe2a8d8718f980cbfe1c44

Download Submit
C:\Users\Admin\Downloads\OperaGXSetup (1).exe

Filesize
3.4MB

MD5
ac3070def65225cbdce41800acfddf53

SHA1
826ac595fde4ce8c0deb123483fdd9df16226984

SHA256
5ee35c481565bfe9f4a27e8331a6922c2ea700d2d22e30066d3d5a5b6172c1d2

SHA512
9cf0a78389b7e5df24c01e498143fe7fd1d8a2e6fecdece30d1829725260b221199f86414d8d1d6a2823b7422839be7536bca33dd9e7c9bbc950b4b2527f08da

Download Submit
C:\Users\Admin\Downloads\OperaGXSetup (1).exe

Filesize
640KB

MD5
db0b390ef0958ec36a8490533d51db42

SHA1
80e7eacb3b92c235e0bf5c80cda29c72722c2877

SHA256
cd2d3a1aac26fa2e97462c235052bdbb68ab88e19a078924e94d23156a2b21aa

SHA512
78c626e6a433381f3e2fafc95aab426295af6b420adc5033388813f0293b26373cd723911acf0253dcb05ed1836ea70965f510ff401c8ed5032ee96ea1cf89ee

Download Submit
C:\Users\Admin\Downloads\OperaGXSetup (1).exe

Filesize
1.2MB

MD5
737e9c25ad08824f832e0a71095410f0

SHA1
0e00ff1c7bfba3205fcca0f774fedaecba7f2893

SHA256
0de47470c827dda9f4d43d62d4210688b68794fc064b879a8dca7e534283ff21

SHA512
bd54694b00680aa58f0c33e7193e768f2b44f0f08929d1346fc4e2b6c259c0e307bbfdf731034e2f7bc8e88f39a240b3a581dde45aa78f130985f00856a259e5

Download Submit
C:\Users\Admin\Downloads\OperaGXSetup (1).exe

Filesize
576KB

MD5
0dbe8496e9b864528a40be1003e5d0b3

SHA1
42080176be0b09b38d218cd8cc8a31518d4ffad5

SHA256
9c47eb9a702dfb23cc36431382186ccc7b3a78f4ddf733c386cd28e4e9ad950c

SHA512
b3ad56604364477a93508df9722fab2ff178d6d87f16cf53f7d4c1d67ae740ca424c124c552439e2e64864a8aa66bfce9de188b50ae8d69e4ea7b75d3e5dc246

Download Submit
C:\Users\Admin\Downloads\OperaGXSetup (1).exe:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
memory/1384-912-0x00000000007A0000-0x0000000000D61000-memory.dmp

Filesize
5.8MB

Download
memory/1420-1033-0x00000000007A0000-0x0000000000D61000-memory.dmp

Filesize
5.8MB

Download
memory/1420-1072-0x00000000007A0000-0x0000000000D61000-memory.dmp

Filesize
5.8MB

Download
memory/1456-1126-0x0000000000BB0000-0x0000000001171000-memory.dmp

Filesize
5.8MB

Download
memory/1456-1127-0x0000000000BB0000-0x0000000001171000-memory.dmp

Filesize
5.8MB

Download
memory/1520-1041-0x00000000006A0000-0x0000000000C61000-memory.dmp

Filesize
5.8MB

Download
memory/1520-1044-0x00000000006A0000-0x0000000000C61000-memory.dmp

Filesize
5.8MB

Download
memory/1940-1047-0x00000000007A0000-0x0000000000D61000-memory.dmp

Filesize
5.8MB

Download
memory/1940-1030-0x00000000007A0000-0x0000000000D61000-memory.dmp

Filesize
5.8MB

Download
memory/3104-848-0x00000000007A0000-0x0000000000D61000-memory.dmp

Filesize
5.8MB

Download
memory/3104-899-0x00000000007A0000-0x0000000000D61000-memory.dmp

Filesize
5.8MB

Download
memory/3344-835-0x00000000007A0000-0x0000000000D61000-memory.dmp

Filesize
5.8MB

Download
memory/3344-898-0x00000000007A0000-0x0000000000D61000-memory.dmp

Filesize
5.8MB

Download
memory/3468-1113-0x0000000000F50000-0x0000000001511000-memory.dmp

Filesize
5.8MB

Download
memory/3468-1129-0x0000000000F50000-0x0000000001511000-memory.dmp

Filesize
5.8MB

Download
memory/3568-1120-0x0000000000F50000-0x0000000001511000-memory.dmp

Filesize
5.8MB

Download
memory/3956-907-0x00000000007A0000-0x0000000000D61000-memory.dmp

Filesize
5.8MB

Download
memory/4820-863-0x0000000000160000-0x0000000000721000-memory.dmp

Filesize
5.8MB

Download
memory/4820-861-0x0000000000160000-0x0000000000721000-memory.dmp

Filesize
5.8MB

Download
memory/5820-2373-0x0000000001AC0000-0x0000000001AC1000-memory.dmp

Filesize
4KB

Download
memory/5820-2608-0x0000000001AC0000-0x0000000001AC1000-memory.dmp

Filesize
4KB

Download