Resubmissions

02/03/2024, 23:24

240302-3dxh7sac7x 7

02/03/2024, 23:23

240302-3dfkpaag29 1

02/03/2024, 23:20

240302-3br6psac5v 6

02/03/2024, 23:18

240302-3acdvsac4w 8

02/03/2024, 23:12

240302-2663nsac2y 1

Analysis

  • max time kernel
    289s
  • max time network
    289s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02/03/2024, 23:12

General

  • Target

    https://www.google.com/

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 8 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 6 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Modifies registry class 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 14 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 34 IoCs
  • Suspicious use of AdjustPrivilegeToken 38 IoCs
  • Suspicious use of FindShellTrayWindow 56 IoCs
  • Suspicious use of SendNotifyMessage 51 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

Processes

  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.google.com/
    1⤵
    • Enumerates system info in registry
    • Modifies data under HKEY_USERS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:1596
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff06cd9758,0x7fff06cd9768,0x7fff06cd9778
      2⤵
        PID:3476
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1652 --field-trial-handle=1940,i,12969581008913085050,7138933774102512019,131072 /prefetch:2
        2⤵
          PID:2040
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1904 --field-trial-handle=1940,i,12969581008913085050,7138933774102512019,131072 /prefetch:8
          2⤵
            PID:1656
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2100 --field-trial-handle=1940,i,12969581008913085050,7138933774102512019,131072 /prefetch:8
            2⤵
              PID:2404
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3068 --field-trial-handle=1940,i,12969581008913085050,7138933774102512019,131072 /prefetch:1
              2⤵
                PID:4676
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3080 --field-trial-handle=1940,i,12969581008913085050,7138933774102512019,131072 /prefetch:1
                2⤵
                  PID:1896
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4648 --field-trial-handle=1940,i,12969581008913085050,7138933774102512019,131072 /prefetch:1
                  2⤵
                    PID:1440
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3936 --field-trial-handle=1940,i,12969581008913085050,7138933774102512019,131072 /prefetch:8
                    2⤵
                      PID:4628
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3392 --field-trial-handle=1940,i,12969581008913085050,7138933774102512019,131072 /prefetch:8
                      2⤵
                        PID:2124
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5112 --field-trial-handle=1940,i,12969581008913085050,7138933774102512019,131072 /prefetch:1
                        2⤵
                          PID:5044
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5188 --field-trial-handle=1940,i,12969581008913085050,7138933774102512019,131072 /prefetch:1
                          2⤵
                            PID:5020
                        • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
                          "C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
                          1⤵
                            PID:2916
                          • C:\Windows\system32\svchost.exe
                            C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DeviceAssociationService
                            1⤵
                            • Suspicious use of AdjustPrivilegeToken
                            PID:3588
                            • C:\Windows\system32\dashost.exe
                              dashost.exe {809ea7af-fa84-446b-b70bfbbca6c49717}
                              2⤵
                                PID:4048
                            • C:\Program Files\Mozilla Firefox\firefox.exe
                              "C:\Program Files\Mozilla Firefox\firefox.exe"
                              1⤵
                                PID:3020
                                • C:\Program Files\Mozilla Firefox\firefox.exe
                                  "C:\Program Files\Mozilla Firefox\firefox.exe"
                                  2⤵
                                  • Checks processor information in registry
                                  • Modifies registry class
                                  • Suspicious use of AdjustPrivilegeToken
                                  • Suspicious use of FindShellTrayWindow
                                  • Suspicious use of SendNotifyMessage
                                  • Suspicious use of SetWindowsHookEx
                                  PID:3064
                                  • C:\Program Files\Mozilla Firefox\firefox.exe
                                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3064.0.411199874\1733598963" -parentBuildID 20221007134813 -prefsHandle 1868 -prefMapHandle 1860 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b4e59951-0f2f-4d8b-8015-321bda3ef834} 3064 "\\.\pipe\gecko-crash-server-pipe.3064" 1948 1ed0d2d6b58 gpu
                                    3⤵
                                      PID:8
                                    • C:\Program Files\Mozilla Firefox\firefox.exe
                                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3064.1.913670720\617347935" -parentBuildID 20221007134813 -prefsHandle 2320 -prefMapHandle 2316 -prefsLen 20785 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {22411928-611f-4b13-9f93-4ad83964d9bd} 3064 "\\.\pipe\gecko-crash-server-pipe.3064" 2348 1ed0cc42f58 socket
                                      3⤵
                                      • Checks processor information in registry
                                      PID:2488
                                    • C:\Program Files\Mozilla Firefox\firefox.exe
                                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3064.2.455450089\1616059827" -childID 1 -isForBrowser -prefsHandle 3140 -prefMapHandle 3136 -prefsLen 20888 -prefMapSize 233444 -jsInitHandle 1352 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ad231c3a-d578-49f3-9fd9-9c59629ebd94} 3064 "\\.\pipe\gecko-crash-server-pipe.3064" 3152 1ed111af958 tab
                                      3⤵
                                        PID:2084
                                      • C:\Program Files\Mozilla Firefox\firefox.exe
                                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3064.3.1236069258\881523333" -childID 2 -isForBrowser -prefsHandle 3484 -prefMapHandle 1056 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1352 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3b47e25f-fb25-4184-a44a-d0d6752c5f83} 3064 "\\.\pipe\gecko-crash-server-pipe.3064" 3608 1ed0082d558 tab
                                        3⤵
                                          PID:1224
                                        • C:\Program Files\Mozilla Firefox\firefox.exe
                                          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3064.4.1364981840\454227085" -childID 3 -isForBrowser -prefsHandle 4012 -prefMapHandle 4372 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1352 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {aaed0baa-01ff-45e3-87db-59b7f23df0e6} 3064 "\\.\pipe\gecko-crash-server-pipe.3064" 4472 1ed123d7358 tab
                                          3⤵
                                            PID:4320
                                          • C:\Program Files\Mozilla Firefox\firefox.exe
                                            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3064.5.1597381043\1995318756" -childID 4 -isForBrowser -prefsHandle 5144 -prefMapHandle 5140 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1352 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {768ae9d1-e44d-455a-83c6-b760b4a231b0} 3064 "\\.\pipe\gecko-crash-server-pipe.3064" 5156 1ed11793658 tab
                                            3⤵
                                              PID:5288
                                            • C:\Program Files\Mozilla Firefox\firefox.exe
                                              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3064.6.15231281\1761128257" -childID 5 -isForBrowser -prefsHandle 5432 -prefMapHandle 5428 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1352 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3f04cbc0-be17-4d3d-8ea4-610a4f04cd6a} 3064 "\\.\pipe\gecko-crash-server-pipe.3064" 5440 1ed135a2a58 tab
                                              3⤵
                                                PID:5328
                                              • C:\Program Files\Mozilla Firefox\firefox.exe
                                                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3064.7.657186137\1676569519" -childID 6 -isForBrowser -prefsHandle 5576 -prefMapHandle 5580 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1352 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c16a5da5-3eac-48df-8549-416a6af3c376} 3064 "\\.\pipe\gecko-crash-server-pipe.3064" 5568 1ed135a3358 tab
                                                3⤵
                                                  PID:5336
                                                • C:\Program Files\Mozilla Firefox\firefox.exe
                                                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3064.8.1255117466\1705175346" -childID 7 -isForBrowser -prefsHandle 5944 -prefMapHandle 5928 -prefsLen 26381 -prefMapSize 233444 -jsInitHandle 1352 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c343bace-15d8-4fa7-a1e7-4c9a4677f5c2} 3064 "\\.\pipe\gecko-crash-server-pipe.3064" 5912 1ed156edc58 tab
                                                  3⤵
                                                    PID:5832
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
                                                1⤵
                                                • Enumerates system info in registry
                                                • Suspicious behavior: EnumeratesProcesses
                                                • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                                                • Suspicious use of FindShellTrayWindow
                                                • Suspicious use of SendNotifyMessage
                                                PID:5712
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffef7e446f8,0x7ffef7e44708,0x7ffef7e44718
                                                  2⤵
                                                    PID:5768
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2000,12207109816454080528,5942614985071779883,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2044 /prefetch:2
                                                    2⤵
                                                      PID:6032
                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2000,12207109816454080528,5942614985071779883,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2520 /prefetch:3
                                                      2⤵
                                                      • Suspicious behavior: EnumeratesProcesses
                                                      PID:6056
                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2000,12207109816454080528,5942614985071779883,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2632 /prefetch:8
                                                      2⤵
                                                        PID:3508
                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,12207109816454080528,5942614985071779883,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
                                                        2⤵
                                                          PID:3940
                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,12207109816454080528,5942614985071779883,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
                                                          2⤵
                                                            PID:1688
                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,12207109816454080528,5942614985071779883,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4208 /prefetch:1
                                                            2⤵
                                                              PID:5888
                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,12207109816454080528,5942614985071779883,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4232 /prefetch:1
                                                              2⤵
                                                                PID:5896
                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2000,12207109816454080528,5942614985071779883,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4992 /prefetch:8
                                                                2⤵
                                                                  PID:5468
                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2000,12207109816454080528,5942614985071779883,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4992 /prefetch:8
                                                                  2⤵
                                                                  • Suspicious behavior: EnumeratesProcesses
                                                                  PID:5484
                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,12207109816454080528,5942614985071779883,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5008 /prefetch:1
                                                                  2⤵
                                                                    PID:736
                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,12207109816454080528,5942614985071779883,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5248 /prefetch:1
                                                                    2⤵
                                                                      PID:4516
                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2000,12207109816454080528,5942614985071779883,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5000 /prefetch:8
                                                                      2⤵
                                                                        PID:1704
                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2000,12207109816454080528,5942614985071779883,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5348 /prefetch:8
                                                                        2⤵
                                                                        • Modifies registry class
                                                                        • Suspicious behavior: EnumeratesProcesses
                                                                        PID:3348
                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,12207109816454080528,5942614985071779883,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5492 /prefetch:1
                                                                        2⤵
                                                                          PID:5416
                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,12207109816454080528,5942614985071779883,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5648 /prefetch:1
                                                                          2⤵
                                                                            PID:968
                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,12207109816454080528,5942614985071779883,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5712 /prefetch:1
                                                                            2⤵
                                                                              PID:4052
                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,12207109816454080528,5942614985071779883,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4124 /prefetch:1
                                                                              2⤵
                                                                                PID:5656
                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,12207109816454080528,5942614985071779883,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5080 /prefetch:1
                                                                                2⤵
                                                                                  PID:736
                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,12207109816454080528,5942614985071779883,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5776 /prefetch:1
                                                                                  2⤵
                                                                                    PID:2420
                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,12207109816454080528,5942614985071779883,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5772 /prefetch:1
                                                                                    2⤵
                                                                                      PID:2580
                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,12207109816454080528,5942614985071779883,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5288 /prefetch:1
                                                                                      2⤵
                                                                                        PID:3728
                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2000,12207109816454080528,5942614985071779883,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5188 /prefetch:2
                                                                                        2⤵
                                                                                        • Suspicious behavior: EnumeratesProcesses
                                                                                        PID:5476
                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,12207109816454080528,5942614985071779883,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5848 /prefetch:1
                                                                                        2⤵
                                                                                          PID:4912
                                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,12207109816454080528,5942614985071779883,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5632 /prefetch:1
                                                                                          2⤵
                                                                                            PID:5568
                                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,12207109816454080528,5942614985071779883,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5692 /prefetch:1
                                                                                            2⤵
                                                                                              PID:3484
                                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,12207109816454080528,5942614985071779883,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5332 /prefetch:1
                                                                                              2⤵
                                                                                                PID:2264
                                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,12207109816454080528,5942614985071779883,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6312 /prefetch:1
                                                                                                2⤵
                                                                                                  PID:3348
                                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,12207109816454080528,5942614985071779883,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
                                                                                                  2⤵
                                                                                                    PID:4632
                                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,12207109816454080528,5942614985071779883,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4808 /prefetch:1
                                                                                                    2⤵
                                                                                                      PID:3604
                                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,12207109816454080528,5942614985071779883,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3448 /prefetch:1
                                                                                                      2⤵
                                                                                                        PID:3276
                                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,12207109816454080528,5942614985071779883,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6044 /prefetch:1
                                                                                                        2⤵
                                                                                                          PID:2064
                                                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,12207109816454080528,5942614985071779883,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5108 /prefetch:1
                                                                                                          2⤵
                                                                                                            PID:5852
                                                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,12207109816454080528,5942614985071779883,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5664 /prefetch:1
                                                                                                            2⤵
                                                                                                              PID:3940
                                                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,12207109816454080528,5942614985071779883,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6408 /prefetch:1
                                                                                                              2⤵
                                                                                                                PID:5140
                                                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,12207109816454080528,5942614985071779883,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5688 /prefetch:1
                                                                                                                2⤵
                                                                                                                  PID:1524
                                                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,12207109816454080528,5942614985071779883,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6172 /prefetch:1
                                                                                                                  2⤵
                                                                                                                    PID:8
                                                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,12207109816454080528,5942614985071779883,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5828 /prefetch:1
                                                                                                                    2⤵
                                                                                                                      PID:5208
                                                                                                                  • C:\Windows\System32\CompPkgSrv.exe
                                                                                                                    C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                                                                    1⤵
                                                                                                                      PID:5252
                                                                                                                    • C:\Windows\System32\CompPkgSrv.exe
                                                                                                                      C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                                                                      1⤵
                                                                                                                        PID:4880
                                                                                                                      • C:\Windows\system32\AUDIODG.EXE
                                                                                                                        C:\Windows\system32\AUDIODG.EXE 0x314 0x300
                                                                                                                        1⤵
                                                                                                                        • Suspicious use of AdjustPrivilegeToken
                                                                                                                        PID:1888

                                                                                                                      Network

                                                                                                                            MITRE ATT&CK Enterprise v15

                                                                                                                            Replay Monitor

                                                                                                                            Loading Replay Monitor...

                                                                                                                            Downloads

                                                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

                                                                                                                              Filesize

                                                                                                                              195KB

                                                                                                                              MD5

                                                                                                                              89d79dbf26a3c2e22ddd95766fe3173d

                                                                                                                              SHA1

                                                                                                                              f38fd066eef4cf4e72a934548eafb5f6abb00b53

                                                                                                                              SHA256

                                                                                                                              367ef9ec8dc07f84fed51cac5c75dc1ac87688bbf8f5da8e17655e7917bd7b69

                                                                                                                              SHA512

                                                                                                                              ab7ce168e6f59e2250b82ec62857c2f2b08e5a548de85ac82177ac550729287ead40382a7c8a92fbce7f53b106d199b1c8adbb770e47287fc70ea0ea858faba6

                                                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                                                                              Filesize

                                                                                                                              168B

                                                                                                                              MD5

                                                                                                                              9a010fe2bfddf1e24b74bdae4dba2c3b

                                                                                                                              SHA1

                                                                                                                              60359dad7f252c74c5cd7af61826861700240763

                                                                                                                              SHA256

                                                                                                                              de2fb49aa41286937813d6c3222577e6a5c7dc5653eeb3ec4d860adbc7a5ee00

                                                                                                                              SHA512

                                                                                                                              879101467766d9b7b0c810a678f72e5ba7952e0d99bc13b957e1e939347cc78c46f5826223dead1ab9bca35a865ee9bbb19277b8c19d21226f52641f4bd13de3

                                                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                                                                                                              Filesize

                                                                                                                              1KB

                                                                                                                              MD5

                                                                                                                              6fed552a8aef6b422418bbe9543aa2a7

                                                                                                                              SHA1

                                                                                                                              b945d2227ac4cb20146b874a8465c1552e5869e0

                                                                                                                              SHA256

                                                                                                                              eea055f5bac8dba0768a671df823019e1cad759690da323cb7c9da3ef7c9aebd

                                                                                                                              SHA512

                                                                                                                              94e0cfc3ca8e2d51b1fef8c7252b5033f7a9ed4b38caf683fec025f3e2e2357d2d2046e3a2565433d9965cd29c2e96d9581537e205a9343c65c85905b8d4b28a

                                                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                                                              Filesize

                                                                                                                              371B

                                                                                                                              MD5

                                                                                                                              afaa8c148671232392f1127ce4e88c53

                                                                                                                              SHA1

                                                                                                                              ca692e7920865d238679f8c4da1cc814df169b9e

                                                                                                                              SHA256

                                                                                                                              4813edcf8e6c54401c5ca3abff8f53570d3574b601c28eafd8c9475d0003b9fb

                                                                                                                              SHA512

                                                                                                                              4593124360219a5bbca898c511e0967d93f6e64e248e10941de472c66006b95e66c232054efc2bd70f64cdca87cdd74985a893dadde3cf1a59c847c3dbdbd5cb

                                                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                                                              Filesize

                                                                                                                              371B

                                                                                                                              MD5

                                                                                                                              f15e51b38aa9bf5a96704e226509716a

                                                                                                                              SHA1

                                                                                                                              d46235e485450860176092a2e63c80c6adebec48

                                                                                                                              SHA256

                                                                                                                              b6e6043cd4924326fccb65000a83476620335803532383c51afa861610de8f7d

                                                                                                                              SHA512

                                                                                                                              bd03b070a5df0945ad501d85607275d01738a404beb3771baf16cb70f41416a47fd7039bb0e7f13aec26e6ecaefe42115b703af3df027bc0fa98601b8bf8edf1

                                                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                                              Filesize

                                                                                                                              6KB

                                                                                                                              MD5

                                                                                                                              9b23971f95e97affa62dd71d9f63d432

                                                                                                                              SHA1

                                                                                                                              00cb795468c278d62fbd5674846a09c174414eba

                                                                                                                              SHA256

                                                                                                                              63b19aa1ab87deb21ecfe64a146896dfcec390343ad2898fec44daf3c90d9e70

                                                                                                                              SHA512

                                                                                                                              ab1ddd0b7b87cd85ac21512d4f939d0fc618f025c1f4f5213e54f0cda61f09656223918a871e8c9e81e41d3c798591a9594275a71beaf47093c694f99c4a504f

                                                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                                              Filesize

                                                                                                                              6KB

                                                                                                                              MD5

                                                                                                                              c39f5980ae658dcec8582520710e6a31

                                                                                                                              SHA1

                                                                                                                              1f893b3abccb1d76df5b12d10d99e48a41da01b5

                                                                                                                              SHA256

                                                                                                                              2a933b0b8d6992c55e872298f2e1d3623f7047444f316c6dc6fbf5dd493b5cff

                                                                                                                              SHA512

                                                                                                                              d8a6fa6c9409175b3204ea5c3da34f20ab05f40d55982a5ca2a351680ae9fc772ac4112dc775f3479b8947f6880621e552bece0d272fcea59a15ebbf355d8b46

                                                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                                                                                              Filesize

                                                                                                                              128KB

                                                                                                                              MD5

                                                                                                                              dc4c7a46aca503e4bf30420d7ae51830

                                                                                                                              SHA1

                                                                                                                              2cf71e2fb070459776afb812ce58bbf3c49ac93c

                                                                                                                              SHA256

                                                                                                                              1bd3c130b30ae9f8517cea1ec39d1b763298256fe387d426a6b89c6c7b17b940

                                                                                                                              SHA512

                                                                                                                              52b33547e2538ba8f2f21f4810f20dedf7ae8bc747a75f80ba96140c0523765faea974e4e33d481942d59c263314a5dd9a23953397fee4530deb62cb6c87fd1e

                                                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                                                                                              Filesize

                                                                                                                              128KB

                                                                                                                              MD5

                                                                                                                              a7d22d03fb242683f15b0dbd61773215

                                                                                                                              SHA1

                                                                                                                              51d487746afb9a58f1bc3aad7f8a0ebce21f8333

                                                                                                                              SHA256

                                                                                                                              1f2baad7441c126b53fba2eb3f5711fca5b64afdba3ddbeac79fe979bdc5d3c0

                                                                                                                              SHA512

                                                                                                                              fdefad7194e242a410efb3c77aab14b9c6a2666d605b6fb7484e9dcd25daa6c6e4efa77aa867721a5f037e7e604bb8c19aa97a960fae01987d5b1ed39e70414b

                                                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

                                                                                                                              Filesize

                                                                                                                              264KB

                                                                                                                              MD5

                                                                                                                              f50f89a0a91564d0b8a211f8921aa7de

                                                                                                                              SHA1

                                                                                                                              112403a17dd69d5b9018b8cede023cb3b54eab7d

                                                                                                                              SHA256

                                                                                                                              b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

                                                                                                                              SHA512

                                                                                                                              bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

                                                                                                                            • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

                                                                                                                              Filesize

                                                                                                                              2B

                                                                                                                              MD5

                                                                                                                              99914b932bd37a50b983c5e7c90ae93b

                                                                                                                              SHA1

                                                                                                                              bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

                                                                                                                              SHA256

                                                                                                                              44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

                                                                                                                              SHA512

                                                                                                                              27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                                                              Filesize

                                                                                                                              152B

                                                                                                                              MD5

                                                                                                                              1eb86108cb8f5a956fdf48efbd5d06fe

                                                                                                                              SHA1

                                                                                                                              7b2b299f753798e4891df2d9cbf30f94b39ef924

                                                                                                                              SHA256

                                                                                                                              1b53367e0041d54af89e7dd59733231f5da1393c551ed2b943c89166c0baca40

                                                                                                                              SHA512

                                                                                                                              e2a661437688a4a01a6eb3b2bd7979ecf96b806f5a487d39354a7f0d44cb693a3b1c2cf6b1247b04e4106cc816105e982569572042bdddb3cd5bec23b4fce29d

                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                                                              Filesize

                                                                                                                              152B

                                                                                                                              MD5

                                                                                                                              f35bb0615bb9816f562b83304e456294

                                                                                                                              SHA1

                                                                                                                              1049e2bd3e1bbb4cea572467d7c4a96648659cb4

                                                                                                                              SHA256

                                                                                                                              05e80abd624454e5b860a08f40ddf33d672c3fed319aac180b7de5754bc07b71

                                                                                                                              SHA512

                                                                                                                              db9100f3e324e74a9c58c7d9f50c25eaa4c6c4553c93bab9b80c6f7bef777db04111ebcd679f94015203b240fe9f4f371cae0d4290ec891a4173c746ff4b11c1

                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

                                                                                                                              Filesize

                                                                                                                              62KB

                                                                                                                              MD5

                                                                                                                              c3c0eb5e044497577bec91b5970f6d30

                                                                                                                              SHA1

                                                                                                                              d833f81cf21f68d43ba64a6c28892945adc317a6

                                                                                                                              SHA256

                                                                                                                              eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb

                                                                                                                              SHA512

                                                                                                                              83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38

                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

                                                                                                                              Filesize

                                                                                                                              67KB

                                                                                                                              MD5

                                                                                                                              88a552e6be1ac3978c49143983276b3a

                                                                                                                              SHA1

                                                                                                                              dbf4f4dc62a3da564b1a87b5191dc9a72a9b9423

                                                                                                                              SHA256

                                                                                                                              927121d8118a41fa3460b9ad84daeae59ea60dc9607e462b7e1341bea60da8d5

                                                                                                                              SHA512

                                                                                                                              125b13be3d209ff5cc12d8f9f12d01d271cd50c2800059241ebb419167c21adfa9d979ff6b8d88052f5d302e98090b7c8ceff4894b397168d8ba6d8a6204fb9a

                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

                                                                                                                              Filesize

                                                                                                                              31KB

                                                                                                                              MD5

                                                                                                                              acd3f8bcdca044e4382c0bb6246b0234

                                                                                                                              SHA1

                                                                                                                              1c83d89a3c40835a82f06e6bea0af86f52901bc5

                                                                                                                              SHA256

                                                                                                                              cec8af8be960f3b13ad0f554c338ab88688ae5b4ddfcda5471fc8268ce66db25

                                                                                                                              SHA512

                                                                                                                              3cbf100cc72f4a63c7aebe0ec029fc3635b97addbb0a4e83febbd127e00ff1455fc0b4cb90839f3bec498a7cdb848d8fde4d6991cc6a1f479669e70ad220b5a1

                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

                                                                                                                              Filesize

                                                                                                                              65KB

                                                                                                                              MD5

                                                                                                                              56d57bc655526551f217536f19195495

                                                                                                                              SHA1

                                                                                                                              28b430886d1220855a805d78dc5d6414aeee6995

                                                                                                                              SHA256

                                                                                                                              f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

                                                                                                                              SHA512

                                                                                                                              7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

                                                                                                                              Filesize

                                                                                                                              19KB

                                                                                                                              MD5

                                                                                                                              2e86a72f4e82614cd4842950d2e0a716

                                                                                                                              SHA1

                                                                                                                              d7b4ee0c9af735d098bff474632fc2c0113e0b9c

                                                                                                                              SHA256

                                                                                                                              c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

                                                                                                                              SHA512

                                                                                                                              7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

                                                                                                                              Filesize

                                                                                                                              88KB

                                                                                                                              MD5

                                                                                                                              b38fbbd0b5c8e8b4452b33d6f85df7dc

                                                                                                                              SHA1

                                                                                                                              386ba241790252df01a6a028b3238de2f995a559

                                                                                                                              SHA256

                                                                                                                              b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd

                                                                                                                              SHA512

                                                                                                                              546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

                                                                                                                              Filesize

                                                                                                                              1.1MB

                                                                                                                              MD5

                                                                                                                              f07899b2fa8398870c2dcb5d7fe44fc5

                                                                                                                              SHA1

                                                                                                                              6efd418ec9d45e731cf848b75b52cfb6124e773b

                                                                                                                              SHA256

                                                                                                                              732fe8afbf4fda320d34ed9bb0d4d4f5525879ed87784870face53eb50ffbaeb

                                                                                                                              SHA512

                                                                                                                              0b30a0d01277d2f3abcb85f3fc16be3b07fd826e9cb523b73fd9e45bc5cacab03e6f0486ce84cdeab01adb70810d6891d87dae036e525959a4e97114588a900f

                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

                                                                                                                              Filesize

                                                                                                                              32KB

                                                                                                                              MD5

                                                                                                                              bbc7e5859c0d0757b3b1b15e1b11929d

                                                                                                                              SHA1

                                                                                                                              59df2c56b3c79ac1de9b400ddf3c5a693fa76c2d

                                                                                                                              SHA256

                                                                                                                              851c67fbabfda5b3151a6f73f283f7f0634cd1163719135a8de25c0518234fc2

                                                                                                                              SHA512

                                                                                                                              f1fecb77f4cdfe7165cc1f2da042048fd94033ca4e648e50ebc4171c806c3c174666bb321c6dda53f2f175dc310ad2459e8f01778acaee6e7c7606497c0a1dea

                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

                                                                                                                              Filesize

                                                                                                                              74KB

                                                                                                                              MD5

                                                                                                                              bc9faa8bb6aae687766b2db2e055a494

                                                                                                                              SHA1

                                                                                                                              34b2395d1b6908afcd60f92cdd8e7153939191e4

                                                                                                                              SHA256

                                                                                                                              4a725d21a3c98f0b9c5763b0a0796818d341579817af762448e1be522bc574ed

                                                                                                                              SHA512

                                                                                                                              621386935230595c3a00b9c53ea25daa78c2823d32085e22363dc438150f1cb6b3d50be5c58665886fac2286ae63bf1f62c8803cb38a0cac201c82ee2db975c4

                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023

                                                                                                                              Filesize

                                                                                                                              50KB

                                                                                                                              MD5

                                                                                                                              79338699716902f12e217018d00c797d

                                                                                                                              SHA1

                                                                                                                              9808817132abc4f5835e7a508dcf36edfdc67978

                                                                                                                              SHA256

                                                                                                                              f9f801e77a564c2aecb8a87116de2360b31eda664a7ffebb34e336d847f080c3

                                                                                                                              SHA512

                                                                                                                              ca3ef19f8b72e1da341d892c458e51329cd1b414db4170475eec95287d9ad4789767eea9889df1d7aecdceccea1c6a715a4c1d0c64e5825d6cc67872c4ea3977

                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000024

                                                                                                                              Filesize

                                                                                                                              118KB

                                                                                                                              MD5

                                                                                                                              ebebd969fc7cde543119ed53dcd93b20

                                                                                                                              SHA1

                                                                                                                              a0b024b8cd755fe076e838070d193a1b3ed3fd66

                                                                                                                              SHA256

                                                                                                                              d9c3d6f14a36f5ba9686aa96f5fd4088bf0a3fb129b310e88d4896cccbbef2e1

                                                                                                                              SHA512

                                                                                                                              3b051ee48c455604430988ac76350f8dd44a1ae32c38b0270c6af2fa1408712f6796c0cf44644af981e372114ab7e59d3349656c6d2d60816f04da3b0e6b0952

                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000025

                                                                                                                              Filesize

                                                                                                                              96KB

                                                                                                                              MD5

                                                                                                                              3f77c267427980ff5a057ca7ee92a4bd

                                                                                                                              SHA1

                                                                                                                              65e75d082bf47a64f2aa804660e99b6a8cf4019c

                                                                                                                              SHA256

                                                                                                                              ee0915adb9d6fe3254fa339b68336516e11ae2808a0e5176629ee332e7120f96

                                                                                                                              SHA512

                                                                                                                              23349512b6d9d2d699b1457837c68d81001ba6797c0aa5fe7ae38c7232e300ef2acfd59ee09deeccd4e921fa35141d06113b1bba3d47a3c5b285250b0959805f

                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000026

                                                                                                                              Filesize

                                                                                                                              56KB

                                                                                                                              MD5

                                                                                                                              bcde0c3201de21b2176279dacb749c64

                                                                                                                              SHA1

                                                                                                                              7d89d49ccad1fcaa4a553399aad7a30ed726da82

                                                                                                                              SHA256

                                                                                                                              4c0e33a492a15c35aa05c9e1249caf7b8ee634d67b34422cc1a5b0492bb75774

                                                                                                                              SHA512

                                                                                                                              06eabd458c943827bc222644114d79822e3b0881c2c9488cdf6637e706a08642429044ea85a9545926fe016271e786ab5d61b676b78150570a56f5edfe2ab1b5

                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000027

                                                                                                                              Filesize

                                                                                                                              25KB

                                                                                                                              MD5

                                                                                                                              7dbf5feaa88b8c4d69f19c253f52b257

                                                                                                                              SHA1

                                                                                                                              e591ee548194c543597080ba77d0e4180befd355

                                                                                                                              SHA256

                                                                                                                              7f1c5580f1669a353159551a9c43c874f209058a31466ef03cace97c24326523

                                                                                                                              SHA512

                                                                                                                              2b99c3ad2eb1e78508eea1cb9c1cc761238258c33b072e7057204c9fa8b8519b72afff68a8797a51ca2a29ea568533f7bcbd272647dde368fd07574f602adbfe

                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000028

                                                                                                                              Filesize

                                                                                                                              62KB

                                                                                                                              MD5

                                                                                                                              62c042449954ee27e4f26d9a89063f94

                                                                                                                              SHA1

                                                                                                                              5b428eafedf2e8843465153708b1f43c36ced6ed

                                                                                                                              SHA256

                                                                                                                              5999cf407cc0bc9a52fe3242e00882890626b84d01aa02f2d49648a3698f1316

                                                                                                                              SHA512

                                                                                                                              d3dea4bb12a5e893b6170d506a53ee3b5e75da238c349816a26c8c0d219b2a421fc05e83bb327821a2ca30bd4cdb9b3fa05f8ffc8e50d41d6429c0948dcbbcf6

                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000029

                                                                                                                              Filesize

                                                                                                                              78KB

                                                                                                                              MD5

                                                                                                                              b3d4ac9089566b881b2139e08b49dcfc

                                                                                                                              SHA1

                                                                                                                              720b195cc99323616e4f248e234db4f5d0bda834

                                                                                                                              SHA256

                                                                                                                              05680b7df740a411b42c2591401d82f8cb50f8fb17953411afa6f770a4fa8869

                                                                                                                              SHA512

                                                                                                                              c0b68740406f39483f2bd9dd6455a4ebba150b084c61b5331027db83ae868085ca20f3cf884e31e61a65408b98437677c6bcbf4b3a390da801acb638e200b82e

                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002a

                                                                                                                              Filesize

                                                                                                                              18KB

                                                                                                                              MD5

                                                                                                                              16a2aae2e91327ed7da5b999990c1d46

                                                                                                                              SHA1

                                                                                                                              a0f8cc16d7a503a5c6afbbd2fd51f6dc7e83f702

                                                                                                                              SHA256

                                                                                                                              01dabd36a8704658b264d5ce2d4edf6c359e2999070efb97afd46a5cdb390222

                                                                                                                              SHA512

                                                                                                                              52814577d311af03181a2cddf8d124f1f1cc2a290a1b94af98c246856ea07f1fc885a3dca9fa7f6d96b9c986fb90aad7baea1b3924c78b44143ab7eebd15012a

                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002b

                                                                                                                              Filesize

                                                                                                                              23KB

                                                                                                                              MD5

                                                                                                                              e1b3b5908c9cf23dfb2b9c52b9a023ab

                                                                                                                              SHA1

                                                                                                                              fcd4136085f2a03481d9958cc6793a5ed98e714c

                                                                                                                              SHA256

                                                                                                                              918b7dc3e2e2d015c16ce08b57bcb64d2253bafc1707658f361e72865498e537

                                                                                                                              SHA512

                                                                                                                              b2da7ef768385707afed62ca1f178efc6aa14519762e3f270129b3afee4d3782cb991e6fa66b3b08a2f81ff7caba0b4c34c726d952198b2ac4a784b36eb2a828

                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002c

                                                                                                                              Filesize

                                                                                                                              138KB

                                                                                                                              MD5

                                                                                                                              950829244a061d6a93ec3730704b2619

                                                                                                                              SHA1

                                                                                                                              138c8e8da5065d022e3e407232f0fa37edb0a00a

                                                                                                                              SHA256

                                                                                                                              3f323f5562812ad6c9dcf7d9e39d803b7b8067937b7ac4631a4ccb7932f84263

                                                                                                                              SHA512

                                                                                                                              e6139ac2d9d31a747e911f0adbeda262718a24af8b5621678426a95d0fe5b301acca5ca8b36ad006262f01e4b23f9ea7ee0f7a607d50eca7c52416b4e0efe1cc

                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002d

                                                                                                                              Filesize

                                                                                                                              737KB

                                                                                                                              MD5

                                                                                                                              5b26d81e458aba9b3df36a54bba55226

                                                                                                                              SHA1

                                                                                                                              57390a319891231b6bea205d618251815263d015

                                                                                                                              SHA256

                                                                                                                              3f87b3092f778d4b1a4fc0bda97c2455e1d873c53692b0b4ef5ad0f73c84cdd4

                                                                                                                              SHA512

                                                                                                                              48fc04ed97542a2a951f235d7ceddc1ecc6c570858a16bfad278a7156bb08b8fb464a825fd776f9c95cf921381fbc63c9a7bfd738670d7b106b0954f6e82d107

                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000030

                                                                                                                              Filesize

                                                                                                                              1024KB

                                                                                                                              MD5

                                                                                                                              98580d2c081b49f04e734c4a4ec94647

                                                                                                                              SHA1

                                                                                                                              1ae45bca31ab9cf1b7bdd4f25d21d8a9ebeea773

                                                                                                                              SHA256

                                                                                                                              ceda77f9f7f95fbc416e1ed337f7ac76676eb303a3b03023f6bcdee30704e8df

                                                                                                                              SHA512

                                                                                                                              9d5d358dfd24b40132a82ad4a1e9389c0557c071d2b2edbd5ad5c0fdeedfb23efa13104fc2b062544952bba8e443b05fba374d04d26e504de4622bac64761dee

                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                                                                              Filesize

                                                                                                                              3KB

                                                                                                                              MD5

                                                                                                                              e2331c8df10c15b8d1a4cfe36796ee97

                                                                                                                              SHA1

                                                                                                                              8626f660a4fe92d2f8a4f2eaec7ac70f471a74a6

                                                                                                                              SHA256

                                                                                                                              79c1369feaacdd175b275098da3f83093bf33e6d69f6ce63bc5d7286d801e1ca

                                                                                                                              SHA512

                                                                                                                              0b32e4ede44d311ed73e7b97473c4abf70021f1fd81983cfdb0bc55a73949c7864e69150ec5ab62c728cc88dabb1bf9060309d1b7c4d73ec35209649a28dac07

                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                                                                              Filesize

                                                                                                                              4KB

                                                                                                                              MD5

                                                                                                                              f0ce3c3e4a81410d3441a2a655da3ceb

                                                                                                                              SHA1

                                                                                                                              64dfcf2f13c4e0ea05c7f0eafa5cbf276bee698f

                                                                                                                              SHA256

                                                                                                                              4589f413cd31b23132fa02639593a45586a313065bdcc2e6841ea19c6bc2814a

                                                                                                                              SHA512

                                                                                                                              91eca777516eebc2718f38736712c3fe2f0f019bab56db9aef57ea6b7bb0c4123838a9b63340791d0baf6c243ac41c866ce84c364ac5afd4c485569266fa1bed

                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                                                                              Filesize

                                                                                                                              4KB

                                                                                                                              MD5

                                                                                                                              55f9e86908151f0337ab72642f89527e

                                                                                                                              SHA1

                                                                                                                              3ca54f0da0451e0c1502882c8ec1e261341df42b

                                                                                                                              SHA256

                                                                                                                              733355402181b4789c92c525e162ee5f4681baeaeaf31d54c4488a6f431c6a1c

                                                                                                                              SHA512

                                                                                                                              371c33e4e16dcc7f3d0c49c5bc50a868f501d70fcb5fd9e2165924e56d25f4711561a64bf2d53f57f9a2a858ef2101fa2cbeee56366c22c36769a6affc60920e

                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                                                                                                              Filesize

                                                                                                                              111B

                                                                                                                              MD5

                                                                                                                              285252a2f6327d41eab203dc2f402c67

                                                                                                                              SHA1

                                                                                                                              acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

                                                                                                                              SHA256

                                                                                                                              5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

                                                                                                                              SHA512

                                                                                                                              11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                                                                                                              Filesize

                                                                                                                              1KB

                                                                                                                              MD5

                                                                                                                              9bee550c3744531cd8494f17adaf4618

                                                                                                                              SHA1

                                                                                                                              0f04fa3d362e5d4cf6637a435bbbc56bd8c2fb9b

                                                                                                                              SHA256

                                                                                                                              0502420020d65df69bc5e15fc3f27c6a55353d122a1787afd7808827c2bef018

                                                                                                                              SHA512

                                                                                                                              fb8211fbac29e514dd4b153cb9f7590541d13666b4f0b048a4a7163e8c889670c9af6c44fc75fc22c97eeb526aa2e0a4a4ba68b3ca91491bd692a9f2369571ac

                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                                                                                                              Filesize

                                                                                                                              867B

                                                                                                                              MD5

                                                                                                                              13533a1603ce4d45c6cc44115f275a88

                                                                                                                              SHA1

                                                                                                                              7c2d31f67fabbf71ea7f4f96a932c5625dd0e47d

                                                                                                                              SHA256

                                                                                                                              4b54879ca18e92542b12fc89468df6fefb292e3f232a78511b1868902cfb941d

                                                                                                                              SHA512

                                                                                                                              948f1f8b4de970e8a145896d95e427cc4bff04e10b4e9e434cd269b4277d1aace259e3076b70cc74e61dcc1bb0bb5a0aca5d36ee4afd43bd221eee94a0298d33

                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                                              Filesize

                                                                                                                              6KB

                                                                                                                              MD5

                                                                                                                              399aa2e7ce4fc3c76734549037730481

                                                                                                                              SHA1

                                                                                                                              1817cc7fafc37cf94a86bb7f53d8f84506ed38c0

                                                                                                                              SHA256

                                                                                                                              fd91e7fce798fc4f25cd867bd59253b81b60858640d8e8ead19442f9da4fc759

                                                                                                                              SHA512

                                                                                                                              3849bee8cad6892f4acd787fc93c5d35076e779682a47706a5e2cd2531b4c75b6c9296a2f04e0265c906cc4d395ea514d813ae1fa3bcd32eea33d56a2d3c04d1

                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                                              Filesize

                                                                                                                              7KB

                                                                                                                              MD5

                                                                                                                              d457ee29c89b3f06f43e378cf91780ba

                                                                                                                              SHA1

                                                                                                                              b1c447da2e93f4c6f9e428e2ef051d83daa6ef94

                                                                                                                              SHA256

                                                                                                                              b073d3d4f8a301ff5aa968fbe89303b9a92057a02f54c50ef36b992e21071ab2

                                                                                                                              SHA512

                                                                                                                              8dd0a9a8c61e546d4620e106dae4f8810738e8a54ce938ff90ad293e4afc05bd68988f9974dc472f70764675643a5f3a59e99977d1a0a5b50549a998df6ae8cc

                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                                              Filesize

                                                                                                                              6KB

                                                                                                                              MD5

                                                                                                                              f3acac29e3e28ea829e018da85643a36

                                                                                                                              SHA1

                                                                                                                              8ac3da258d80065227ed115b447641c336f18141

                                                                                                                              SHA256

                                                                                                                              b479655442a79b4fe60f0165348dc2e7114850954c42d180d4af8ba384fed8a9

                                                                                                                              SHA512

                                                                                                                              5986a640c73a290d43b68c13d78c99f8fa3c6cf9bf5b6d4b57ae9b4c1ad8c09a88f9cacc7100aa545fef94cfb0692fb5199d26fa54a22a19cbd3ea68379f1b5f

                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                                              Filesize

                                                                                                                              7KB

                                                                                                                              MD5

                                                                                                                              e7db14344936ab9843cee4c282d4a831

                                                                                                                              SHA1

                                                                                                                              6b09fad4a6434118bb4b5c057d6dbb308aa5920a

                                                                                                                              SHA256

                                                                                                                              e5d3eb488fb3df9cfc55955568b02254efe2cdba59a57e210f44e1c6f32047a5

                                                                                                                              SHA512

                                                                                                                              562a2085d516526c56c34020e52a7d75a4064da7b15d5c5a7049f12428e6e0340f8af0a4e47cee82688ce8554502c30c74752c21b3b0ba4a0740d53ef8ca054b

                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                                              Filesize

                                                                                                                              7KB

                                                                                                                              MD5

                                                                                                                              d1a56354e32defca251a3bf392ec8d38

                                                                                                                              SHA1

                                                                                                                              0cc53f827ffb8f96a8c71c6181cff2e89e385e17

                                                                                                                              SHA256

                                                                                                                              9d8794dc5944571adb5a918d6ea22336fb2f2aa864507b4016087d9e9b5b5e17

                                                                                                                              SHA512

                                                                                                                              5ba582271f810acd8bbaa1e20be43e819dc0b50f3743f5146739d33d68cf7e3ea1790a0d64110c8734b97f8d7b3a7fcce2916a68c80ad9e530f631f419e42173

                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                                              Filesize

                                                                                                                              7KB

                                                                                                                              MD5

                                                                                                                              5b46f9b67828390a13e063eae4b7745a

                                                                                                                              SHA1

                                                                                                                              684e17d2660759fb4d3f7ad3ac3f66bb769ed68f

                                                                                                                              SHA256

                                                                                                                              d9ef4fd8c2aabc1f5b5a1fdcba0465ccaef87dde4495963aec555152ad9fa405

                                                                                                                              SHA512

                                                                                                                              fcf467e6cca90b232a83da29b466315cfe45f2a18fb09b29ff26ec2c9868395fdaf21e864475ae93453679aaadbf7916017461e489a44f60e86e46bbea5e2abf

                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                                              Filesize

                                                                                                                              7KB

                                                                                                                              MD5

                                                                                                                              07976382a1fdbea0231a71ebae5ef211

                                                                                                                              SHA1

                                                                                                                              c12c0fa3504aaebbb54e74ac276a0914e5f8e127

                                                                                                                              SHA256

                                                                                                                              d3cd6c7f4d6cc32948f4ad4d343dff826aeb7ba1dc6e205a45eb211fd68f8276

                                                                                                                              SHA512

                                                                                                                              65dbc339d3bd65a5e1d9bbac9404debc053f474d21244458f1533034126cb0cfbf4d93af192b8d32568530d2f4727cf65bf037eff0f2bff8f3c989f2b273bdc6

                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                                                              Filesize

                                                                                                                              1KB

                                                                                                                              MD5

                                                                                                                              042aca97b99ad5e322cc6bec6dc698ea

                                                                                                                              SHA1

                                                                                                                              475e478e6a6e42e0843c3e8afb60c9879571c575

                                                                                                                              SHA256

                                                                                                                              6f50f0c72e7dba7b5c958b19b56534308a474e6cce76658a0b0bf7b3c87fbf63

                                                                                                                              SHA512

                                                                                                                              4e4945c5c507714fb565988bab15e4dd311701b4a6863d4dadf3113bfbf845e894bfb341c234f8f71a7fbe423474b3190ac1ffef5a8fa5c89df8a5e0c60f7e27

                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                                                              Filesize

                                                                                                                              1KB

                                                                                                                              MD5

                                                                                                                              91811abac692603fb38b73dbbf69076a

                                                                                                                              SHA1

                                                                                                                              c90c353058420d297b2c8e49f88a4a35c142f2f2

                                                                                                                              SHA256

                                                                                                                              8bf1c3b0af796a4984b1168044d9aa2b73a6bdf6d5b9af0e35833c22200c03da

                                                                                                                              SHA512

                                                                                                                              f5858dae6e24722d116d07398dd083cf69e05a9af55e5026871e2d260826340af15b36b052870b841293d39714f59f303bc2eb63c949c133b6d65830fce659c7

                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe59eb41.TMP

                                                                                                                              Filesize

                                                                                                                              1KB

                                                                                                                              MD5

                                                                                                                              f69899dea2c42440b1936403a3ae0bf4

                                                                                                                              SHA1

                                                                                                                              063576c1d3d3a1b10ee69c22db4b687686559c09

                                                                                                                              SHA256

                                                                                                                              960475555dcd1fb65938def1f051c61ba6394b36a4dbadef1e902b336f3e1a92

                                                                                                                              SHA512

                                                                                                                              02c42e8e9aaaecd7976663130a683f6813407abede4236866f2d1d948eb6441e9b3852159925765e85bf7d50990dd5715de276487c905f8a62913762ae2dba0e

                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                                                                                                                              Filesize

                                                                                                                              16B

                                                                                                                              MD5

                                                                                                                              6752a1d65b201c13b62ea44016eb221f

                                                                                                                              SHA1

                                                                                                                              58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                                                                                                              SHA256

                                                                                                                              0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                                                                                                              SHA512

                                                                                                                              9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                                                                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                                                              Filesize

                                                                                                                              11KB

                                                                                                                              MD5

                                                                                                                              26fe55e6716617de272e67194a48e06e

                                                                                                                              SHA1

                                                                                                                              f03248ce97df4fa8445d6f244d315a2157bfa03a

                                                                                                                              SHA256

                                                                                                                              8f3c32b8278e51eb869e438bff81a831a92a911b16d2cdf00f7aab4fd93e05ff

                                                                                                                              SHA512

                                                                                                                              7a9b7aab53696a89e616419a6159b2fa34376263e8f0f9f146e1233e3bac2ca91e34c6b6227cea23ca348348412796948502fe8d44fcdaefe8dab69115987088

                                                                                                                            • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\on1px6pk.default-release\cache2\entries\36FB0FCEB190E58A7FD3A8C121CF0E03C989C185

                                                                                                                              Filesize

                                                                                                                              33KB

                                                                                                                              MD5

                                                                                                                              b57ed42e6860027955c8b30444a1ecbd

                                                                                                                              SHA1

                                                                                                                              4febd59bc5c180130f18b4cf56b7f81e3e4a947d

                                                                                                                              SHA256

                                                                                                                              1252897061ca3d5fb2b11e9d6953df5f36641c2df75d0c36bfdf67429dd2678f

                                                                                                                              SHA512

                                                                                                                              5aed06b5944d93387f5ec6635f844f89e161f7b0279283c1dfd2afd7bfca22448b929c6d7aacc06b00f6e31c219df747f5690d028f34be9ecab1d2e5418d3fe2

                                                                                                                            • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

                                                                                                                              Filesize

                                                                                                                              10KB

                                                                                                                              MD5

                                                                                                                              5fe9a9d6d8bd65f295dd461c33fbe255

                                                                                                                              SHA1

                                                                                                                              022b97d07f746fbe43946e665ded618e5fdf3f3a

                                                                                                                              SHA256

                                                                                                                              1661b339f406e39c36bf759e96a7baa1ece0e0b7113f9dc9d0f765ca7f7628dd

                                                                                                                              SHA512

                                                                                                                              ee6da5299617ea1ca838ae2d3135abfac83cae9644840b165250a811812f2fa80d7f67a68d4dc746cfd3f9b0471a006612d6ca99f7238086a9c4359456e918e1

                                                                                                                            • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

                                                                                                                              Filesize

                                                                                                                              11KB

                                                                                                                              MD5

                                                                                                                              5fd811e4de117e6ff4f1933e9248aae7

                                                                                                                              SHA1

                                                                                                                              d393bc14351b3c1010a368a90f0383a5a9d74735

                                                                                                                              SHA256

                                                                                                                              7346938f656ca20e9c2086d34986986fe6721ad8e05d8f1234d450193cac403f

                                                                                                                              SHA512

                                                                                                                              a1a6a68d7cf2931f461108af0f4ca438eb0a914a205a7c23a300521442e6030c0e660b1a5f71e0f80a04d8ef695e90af6745d010b301c4e63d6ed115bdb008f1

                                                                                                                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\on1px6pk.default-release\datareporting\glean\db\data.safe.bin

                                                                                                                              Filesize

                                                                                                                              2KB

                                                                                                                              MD5

                                                                                                                              0d17b9bb226b94aabc4a9d788c7932aa

                                                                                                                              SHA1

                                                                                                                              37eebc15a9d199fb0b760bd3e040776e802feeaf

                                                                                                                              SHA256

                                                                                                                              874344ba61aceccca6f512d8d1b59fa542b458c044967fb835fd9293774be514

                                                                                                                              SHA512

                                                                                                                              cc066778275dcf3d0372248ec2fc3922d186601f900a791e4003cdd8a09424fedbce5dc9e450c4a6f712c4ceeeb1684f3a589a9a91913bb8d597daad7e167c1b

                                                                                                                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\on1px6pk.default-release\datareporting\glean\pending_pings\713b1eea-5410-4658-9302-62ab51be625f

                                                                                                                              Filesize

                                                                                                                              11KB

                                                                                                                              MD5

                                                                                                                              72e201a928f8847a2a6456230e0d2b9a

                                                                                                                              SHA1

                                                                                                                              f5b9cf0a5e29c4573dc4b1b1e5694c9ff1e8b2cb

                                                                                                                              SHA256

                                                                                                                              03f2631252d635cad86db4a888da2742a5d1b7a4a42d4d45dbea585b466ef40d

                                                                                                                              SHA512

                                                                                                                              346f152265a495651c050cd6df0d5d37023934c6f59ec633cf4935c84618c2d44fb6b3664392a960122d8f15eebf791070cb09d236e01fc50ad4133f0f0043cf

                                                                                                                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\on1px6pk.default-release\datareporting\glean\pending_pings\82cdc918-fd8a-4e04-af0e-2e5497edc87b

                                                                                                                              Filesize

                                                                                                                              746B

                                                                                                                              MD5

                                                                                                                              88e384f28c2f15b3a5be0bb9f24741ca

                                                                                                                              SHA1

                                                                                                                              0a1b12440ccec97e081aefe827fa070815196888

                                                                                                                              SHA256

                                                                                                                              ad1cae11330181d91772007f99f406056660e3a2045d09e451b8ec96c17872ca

                                                                                                                              SHA512

                                                                                                                              5665c277c357bd9a8b0a77c91cdb9ff7ee1ffa333e400eda15ad37331d594a7dfee9b5d5eed770175e7c290f9e3e2b1707329037ca9eaf82dc1f496f40248d61

                                                                                                                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\on1px6pk.default-release\prefs.js

                                                                                                                              Filesize

                                                                                                                              6KB

                                                                                                                              MD5

                                                                                                                              8001d721e641f741db9be94f58638114

                                                                                                                              SHA1

                                                                                                                              350aa85037495ec44cdff8028acb16259aea2025

                                                                                                                              SHA256

                                                                                                                              23f2a96265100defbaeb59fdb135aefdb83399d422c6e5b4170fa6ba64fa32a1

                                                                                                                              SHA512

                                                                                                                              42813c0acb6a759c69bdb8d4e4096c06743b4688825659cc402e2fee764d327ca259285933b7e6965e046c63e984c52d8664847a0a32353a494f6d8e70ea35a1

                                                                                                                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\on1px6pk.default-release\prefs.js

                                                                                                                              Filesize

                                                                                                                              6KB

                                                                                                                              MD5

                                                                                                                              f65f6eeb0ecc0103ab27eb35bc95f111

                                                                                                                              SHA1

                                                                                                                              1d6c6ad390162c75d585c5d01c9069b0ee14c16a

                                                                                                                              SHA256

                                                                                                                              a3a8981a3def7b4e30556aabcd9be4f3883745e172f6008682b0239ea8c15124

                                                                                                                              SHA512

                                                                                                                              4e7e74f4dd3a63cde6eb4d7e641eb95958768076b584160ade4d08ff993b4ae9c9af91322dd807ceed5ce551af8d5099e2aa7bcfeaa6a3072849813a8a66335b

                                                                                                                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\on1px6pk.default-release\sessionstore-backups\recovery.jsonlz4

                                                                                                                              Filesize

                                                                                                                              3KB

                                                                                                                              MD5

                                                                                                                              0b28d811d3366d503fdb1d67bd4316c5

                                                                                                                              SHA1

                                                                                                                              db5fa2d9a96b2f52643ebb1882cd220ec7c0a005

                                                                                                                              SHA256

                                                                                                                              a26d7d870146652c997ed0f23bf0cb2b7b77fa71505571d122cc190c504c7401

                                                                                                                              SHA512

                                                                                                                              9754303366c52378229f42bb898bf9df596315393b8e9371cf8aae3b4d78cb57fe96440cb3439dd86be6418e9c076c8b8a130c46b60964996101e74ac01a4275

                                                                                                                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\on1px6pk.default-release\sessionstore.jsonlz4

                                                                                                                              Filesize

                                                                                                                              4KB

                                                                                                                              MD5

                                                                                                                              d3148bde57f5d8eba482ad4b2bcf3a2d

                                                                                                                              SHA1

                                                                                                                              38405bc11d1ec7a2ecdea8b46182b75f5accc14e

                                                                                                                              SHA256

                                                                                                                              59a5ea8396ca407ad6d6a1cd957381a12cd22e47f6af9ace7a302f62b567c211

                                                                                                                              SHA512

                                                                                                                              0ba8d3785fbd9ebd68c84a33889b72feb436470c901e1a8c82077581984da2f03d1c90ac82d4f41f112d6c5b0467db42b73cc4993431ad52afa3f640135dbb36

                                                                                                                            • C:\Users\Admin\Desktop\AddRename.mp4

                                                                                                                              Filesize

                                                                                                                              865KB

                                                                                                                              MD5

                                                                                                                              b7cc0f64f62d295c83e46cd4d0a7877a

                                                                                                                              SHA1

                                                                                                                              bda745037c5290a2b33a51d98c3a058df0518d84

                                                                                                                              SHA256

                                                                                                                              9a2e688b09b589ea013c0129078f80aefc51cbcc19bb75c182a72278d60b2282

                                                                                                                              SHA512

                                                                                                                              67f42959e812b46467eb3ea72b77987820d11ee3861211b3821e64eef28fab95550df712b8e50b02fe4e6e9c2d5f234dfd60dc6d7ea183533ed74c0d2b833ea8

                                                                                                                            • C:\Users\Admin\Desktop\ClearDisconnect.php

                                                                                                                              Filesize

                                                                                                                              821KB

                                                                                                                              MD5

                                                                                                                              fb864f636ed8234605be429ec95634da

                                                                                                                              SHA1

                                                                                                                              27a4a4bdf015cc687948462cbea7913b9e57e44d

                                                                                                                              SHA256

                                                                                                                              98b4c5cf59568bec977d3c40b6e3aff886e4434915ff196a0d5c4d45c22874ab

                                                                                                                              SHA512

                                                                                                                              7669bb7d9b6092713b4ed795d02f61ee8678682c2cabcfe43cff4d1cdaf248eca91e37ac5f24b3584efc417cc6b3e7217e866a15acef81686820f92fc8bbe026

                                                                                                                            • C:\Users\Admin\Desktop\ConnectStop.ps1

                                                                                                                              Filesize

                                                                                                                              488KB

                                                                                                                              MD5

                                                                                                                              314efccb03cb31e5f0e0bb7e9e8f10ad

                                                                                                                              SHA1

                                                                                                                              be45420e9853849e66cae2a4a09a99a70dfedfe7

                                                                                                                              SHA256

                                                                                                                              bcbd1641d1e3619846ae70e86a242a6cbb17141967cb7b711942d87cdc7d682d

                                                                                                                              SHA512

                                                                                                                              4cebb7f87aaa01c8ee89ec1bef7745262024d043eef42b3669c978597163f00bb905094cabffb9d408f01c69fd316f6db6986831adc0953c765f17eb39e47b49

                                                                                                                            • C:\Users\Admin\Desktop\ConvertSplit.vst

                                                                                                                              Filesize

                                                                                                                              444KB

                                                                                                                              MD5

                                                                                                                              bc879bfc88cb68883aa4a717d1a70e6f

                                                                                                                              SHA1

                                                                                                                              46cd381229d74176994614d93308cc1865bb181f

                                                                                                                              SHA256

                                                                                                                              e80a26a3f58dcb5b7a2a4c4a3b823909878f4a5052489cb26adbb04e23e93f17

                                                                                                                              SHA512

                                                                                                                              38746275594242e02788e48e91c22aa40476b7ba06cff416874fe586cf4b776df41f43f3b9d295165c9f2e63817eec61746d17373c03c57134f2ba01b086d82b

                                                                                                                            • C:\Users\Admin\Desktop\DisableInitialize.vssm

                                                                                                                              Filesize

                                                                                                                              643KB

                                                                                                                              MD5

                                                                                                                              6abb5061ff042a45995f80c931947bfc

                                                                                                                              SHA1

                                                                                                                              0db8d495612bd202fb78feeea55d0516002b26a2

                                                                                                                              SHA256

                                                                                                                              e2766e70ca144d09b6162e622047dad908638db51add2f5d6654956891a54ef6

                                                                                                                              SHA512

                                                                                                                              dd66e365c37de084002b17a73a08600302f8f99d2f5c8aa1708c602d24a2e2b719f7d666402df75e3041ee17b8c7fac98359318960af8e8f14e734428d2b6897

                                                                                                                            • C:\Users\Admin\Desktop\EditRestore.DVR-MS

                                                                                                                              Filesize

                                                                                                                              799KB

                                                                                                                              MD5

                                                                                                                              64d72c5c8e7690c0055e3a26a4e7a664

                                                                                                                              SHA1

                                                                                                                              743dddb7f9c1a6c3d7cb7cf12dc403370c5ef396

                                                                                                                              SHA256

                                                                                                                              66fe00f1425ea5e5620a843230f2e6e3d78c55c9f656de93890e965292e1f932

                                                                                                                              SHA512

                                                                                                                              cc2bc4271334f3b9ab02aea009573eb758043a6931a8bcba886f74fc738a033aeb9cf68939b82a607b34fa5247995ab4e20bf5606488423f99952e153cc2a489

                                                                                                                            • C:\Users\Admin\Desktop\EnterSwitch.tmp

                                                                                                                              Filesize

                                                                                                                              621KB

                                                                                                                              MD5

                                                                                                                              a771276adcc101eced3c559edfa06a8e

                                                                                                                              SHA1

                                                                                                                              360957914d429bd9575a116408509b26ceaec03e

                                                                                                                              SHA256

                                                                                                                              48f8ad33ba0c6b7ce9b57f9d9882e2449bbc3b91cdddfb78fba78697eeb2e049

                                                                                                                              SHA512

                                                                                                                              34635ecf2bb49ea418542f3d0979d497012aa04e591805191a81199c3601f60977c6038300c32abab1c78f8875acd25e9ececec82194b1d9857f8ab261e3f06d

                                                                                                                            • C:\Users\Admin\Desktop\ExportBackup.tif

                                                                                                                              Filesize

                                                                                                                              710KB

                                                                                                                              MD5

                                                                                                                              2f567bbcba440ce7b5c7bb6fdca06962

                                                                                                                              SHA1

                                                                                                                              c4af8da9792bd8ca88c55aadf73bfa7e04b0cc19

                                                                                                                              SHA256

                                                                                                                              dea3fdbf508f26f029ecc2b07b0abd9f99550e5010a280ac66216d63376f4583

                                                                                                                              SHA512

                                                                                                                              a849c1ef2f589840a44fb5650e73c6bc119c8648beed49fd3e6cd7c5191d0c7be5814a543de411c5f353f6cfa1e921126e486b9737f6efb7794dfdc167a84b74

                                                                                                                            • C:\Users\Admin\Desktop\ExportShow.wmf

                                                                                                                              Filesize

                                                                                                                              577KB

                                                                                                                              MD5

                                                                                                                              c2c0babfb3a7aa48d45f25a3a6ee3384

                                                                                                                              SHA1

                                                                                                                              fa6efa006321e9cebcddcad5dec475cab56f6896

                                                                                                                              SHA256

                                                                                                                              f3ef47cdb92d5191c3e7df9d3c6a87e9957ca1fe73237d6cceddfa47f6d9bfb3

                                                                                                                              SHA512

                                                                                                                              2765337bc2aeee1e5d3cc187b797cf8b6563c13361e39abf4809fab2498c1ee23df640ecc784f17a49902525030aa28f0cd372e266025894f5820439b297d822

                                                                                                                            • C:\Users\Admin\Desktop\ExportWatch.jpeg

                                                                                                                              Filesize

                                                                                                                              466KB

                                                                                                                              MD5

                                                                                                                              a8a3c3df0a7caeae8ffcecc118c7b38f

                                                                                                                              SHA1

                                                                                                                              5fdb8ccd251484208504a1b10fc979d83aca6a9b

                                                                                                                              SHA256

                                                                                                                              c9ea5dbb8b47a136c7df538f4b6a4430839ac10d1a788a9e3c2422ef7f7a916b

                                                                                                                              SHA512

                                                                                                                              c66a99467ab924d1eef6df8b51ad23f03dbc1533b34cb1482e921425088e852bd69bd5341051bf98450b7954d4b27f4cc0a401499d948d6ad12b50b3e5bccb24

                                                                                                                            • C:\Users\Admin\Desktop\GrantReset.reg

                                                                                                                              Filesize

                                                                                                                              421KB

                                                                                                                              MD5

                                                                                                                              4f187606dc95f60ec59a578566bf1353

                                                                                                                              SHA1

                                                                                                                              7143e95bf0384563af4aefcd5e5dd0929ff54b57

                                                                                                                              SHA256

                                                                                                                              c1fc7c9f8222051b87b3768abe632a7ccd94113542435b46767ee5e44bfdc71a

                                                                                                                              SHA512

                                                                                                                              c34db4f5d3ac5db2b66e5156f61d98678b172de8dc1e285b7759bdba9ddc9734cd65831e309311ac7268a6ba0ad4083dbd7cf725a0e439664790a3b118088d4a

                                                                                                                            • C:\Users\Admin\Desktop\ImportGroup.dwg

                                                                                                                              Filesize

                                                                                                                              399KB

                                                                                                                              MD5

                                                                                                                              a5827b9d2fba8a24e7282e6566a0cd96

                                                                                                                              SHA1

                                                                                                                              17ab34205302bc9be517eedb6e1df31441c08c4c

                                                                                                                              SHA256

                                                                                                                              f2a3993160d9bd21bcdbd22221feefcdbbae38bddfdfec1ef589441bea98ba07

                                                                                                                              SHA512

                                                                                                                              5b967e7dd92e80c43248f75cf2162231602b49951cc3cea7f1bd1ee9e482c4fe4df0ae60ddec25921ba858c2814b9637ecac4483b46c5bd25ca674792d6704ed

                                                                                                                            • C:\Users\Admin\Desktop\LockBackup.wps

                                                                                                                              Filesize

                                                                                                                              754KB

                                                                                                                              MD5

                                                                                                                              f6176e545ff398361d029aec07941642

                                                                                                                              SHA1

                                                                                                                              d984d7b6b5fdae3a7fc8aef3d271539913fdac22

                                                                                                                              SHA256

                                                                                                                              d30949a15261ad914ccdd8bdb62a1cb02fa7e436a81915754a2818b01d9a3836

                                                                                                                              SHA512

                                                                                                                              42aa551c3b78cc9ac651b613e352c883742001b2da02c5c136f880b685387d5d52f2998595d031553997b488b1f8b94350efba9ed3249ee235a4df8078fafd41

                                                                                                                            • C:\Users\Admin\Desktop\MoveDeny.shtml

                                                                                                                              Filesize

                                                                                                                              555KB

                                                                                                                              MD5

                                                                                                                              a03c6d96c4083ce1fd4a6e6b5def1a99

                                                                                                                              SHA1

                                                                                                                              65e856fcbd33bb955e1759633eb135edb4f38fe9

                                                                                                                              SHA256

                                                                                                                              68ee0db108cb3a40f648d9ecc5581c5d5068f60281b6a8fe608568d127d17d5b

                                                                                                                              SHA512

                                                                                                                              92810c8581e2cc2bbfa3cdb0772ab827c69daae23de1e8c21711e500f571d08c5edde28df67c458f8ee6fab6b52cafa38ae509859ffc934041639a7938920446

                                                                                                                            • C:\Users\Admin\Desktop\NewEdit.fon

                                                                                                                              Filesize

                                                                                                                              377KB

                                                                                                                              MD5

                                                                                                                              5df0b1a6fa6d24a510487ca536c1fa94

                                                                                                                              SHA1

                                                                                                                              6643fd78d5d970a9d8892ad40424a311aba20b4e

                                                                                                                              SHA256

                                                                                                                              d6444993fbbeb624a2b97ba42a5a420eae1772125421ba85d14277c7a5990ce8

                                                                                                                              SHA512

                                                                                                                              22441b03e79bb15de22dbe9ad961747ef314852af5a158abab390d8145432a68db686e4b34b2e1734eead0d9a4685cee000bc9d2a3e0ed844553530b03c4a537

                                                                                                                            • C:\Users\Admin\Desktop\OutSubmit.aiff

                                                                                                                              Filesize

                                                                                                                              843KB

                                                                                                                              MD5

                                                                                                                              b6dc1c7a93a3529e9df95761e0fce053

                                                                                                                              SHA1

                                                                                                                              88b2febe541fc17c411a0e043af22b2f297f8e5d

                                                                                                                              SHA256

                                                                                                                              ba0fc0818f714735cbf063fa6e29bdf73b9d238db626685a214613900acbfffc

                                                                                                                              SHA512

                                                                                                                              570522de948536b6d1a49b6249a0a54dc4a8f1c455dd21f9829356071556d4c11fb9a87caef338b0e24f9e76292bfe317743d4dafa59da706e86a448803a6c43

                                                                                                                            • C:\Users\Admin\Desktop\RedoApprove.ps1

                                                                                                                              Filesize

                                                                                                                              666KB

                                                                                                                              MD5

                                                                                                                              e355b6d527762f9dd1de744cb6c0e04d

                                                                                                                              SHA1

                                                                                                                              fce758839661ba96a17fa30342be3a96e62c741c

                                                                                                                              SHA256

                                                                                                                              328f8cfb75bd9116c1456929dd644939bde38345584c54f434b83bddd493e7b4

                                                                                                                              SHA512

                                                                                                                              fdf0a56cedde322bafe7b071cc3118a6c6ac86a08a3b7088f6e65a1fc62623a8777e6a92b67bb3ff1ff559f40ce512b75ff015ba617995a084f5e5b50573e879

                                                                                                                            • C:\Users\Admin\Desktop\RepairSkip.vbs

                                                                                                                              Filesize

                                                                                                                              688KB

                                                                                                                              MD5

                                                                                                                              a98b01b54333712b401f235524f36f36

                                                                                                                              SHA1

                                                                                                                              acf8679a19b0dd5f4e24daf3b70bc129a098b761

                                                                                                                              SHA256

                                                                                                                              91bff70f35e31dd984f2bd3a9230451a4176f9244967c920917d325f13b02b11

                                                                                                                              SHA512

                                                                                                                              fb171804098963171ab05995ff87d59ceaee536d6c4e6b9fe32644eb20cbfadbadfcfb57ebf1b845a8d32026bab808369a40d76bc95eb9d745f1eee9c143986a

                                                                                                                            • C:\Users\Admin\Desktop\RequestEnable.asf

                                                                                                                              Filesize

                                                                                                                              599KB

                                                                                                                              MD5

                                                                                                                              1cef2e7327fc4aeb352d0721bdfea5b8

                                                                                                                              SHA1

                                                                                                                              cee10df33580bcd84e18181c92edfabf5967db38

                                                                                                                              SHA256

                                                                                                                              f326a5b0d896211ad1ac244f009ad772c184115727ede975c739ce178978e4b1

                                                                                                                              SHA512

                                                                                                                              2d82e5e7f9d7d36f7d213bdd395c8014d8d445a2b3a19a15f0b50640eb5c995ef9cdc15273d4f42563c7e0640bb2b7b22cd62e70b2a47c170e3050951c6d3417

                                                                                                                            • C:\Users\Admin\Desktop\RequestEnable.hta

                                                                                                                              Filesize

                                                                                                                              310KB

                                                                                                                              MD5

                                                                                                                              2439ff7f14c87cebde5ba81ff0cb4ee2

                                                                                                                              SHA1

                                                                                                                              f73a27eed0f9de9b9ef1139f8f74b8b3198172c1

                                                                                                                              SHA256

                                                                                                                              c1d86ffd4c21786118f94ee844829840d9dd2771e0ec53815c7dd2a658ce65f7

                                                                                                                              SHA512

                                                                                                                              671cc1be12af6b599c253163173b56f33a8505e90dcbd85abe49940593991ff13f6a814fd9695b0cd6fc1b5a2e8b5121e4314d2c7084b5debcd4c6879877de52

                                                                                                                            • C:\Users\Admin\Desktop\ResetWait.wm

                                                                                                                              Filesize

                                                                                                                              888KB

                                                                                                                              MD5

                                                                                                                              70c360999613bd698605ce7243b060bc

                                                                                                                              SHA1

                                                                                                                              14a7a9da4dda44099ea3f7f505cf0dbf7f45cb5e

                                                                                                                              SHA256

                                                                                                                              6dca239db608092771d5e557a83be85962e84dc93df5b0397ddef8889874b19d

                                                                                                                              SHA512

                                                                                                                              c293382ddf9c44d0126052f2a840a3203918c8d40392ac8c518248509ac77d745e0c5faa0685ab5e23d0d719cf147438491ec72b677dd1864af236fc02f2d755

                                                                                                                            • C:\Users\Admin\Desktop\SelectRegister.dwg

                                                                                                                              Filesize

                                                                                                                              777KB

                                                                                                                              MD5

                                                                                                                              a806dc26e1568f3fe837155e20ca6821

                                                                                                                              SHA1

                                                                                                                              d47e3fd79c09a61cb5caa139587751cdc276d842

                                                                                                                              SHA256

                                                                                                                              2968bd194e0ceee1179a8202473a27b82586ada8066f064ce9ae587d1ba1fd59

                                                                                                                              SHA512

                                                                                                                              75eb5529762dc9b472183bf544883c7788acdb0fb8a6df9fe420079cc1d37abc2c95a9b542d62dc64ac540c6a069d663f22e4b54913f44eac2a8f2b60408f763

                                                                                                                            • C:\Users\Admin\Desktop\ShowJoin.cfg

                                                                                                                              Filesize

                                                                                                                              1.2MB

                                                                                                                              MD5

                                                                                                                              dfdf18f8e74b77da2159b7405de8f784

                                                                                                                              SHA1

                                                                                                                              4a5b9b42cb16fff6bf368c387654d52c376d5be1

                                                                                                                              SHA256

                                                                                                                              b7b03f25640d08158525e3a02eb1b3ab8a4fc811c81f3e51bef6e8d02bf78a21

                                                                                                                              SHA512

                                                                                                                              b2f5f3ca00951d318d904b13511baf734cd206dc1a9602183bda7cc044d5fe64324d0debab6bb7886450b1b630d4ff2551a9c219ff99891e3661b4eb53d36486

                                                                                                                            • C:\Users\Admin\Desktop\ShowUnprotect.wav

                                                                                                                              Filesize

                                                                                                                              355KB

                                                                                                                              MD5

                                                                                                                              f6c8a6b8f810348ea270e9dc06878914

                                                                                                                              SHA1

                                                                                                                              d85977da34aa8c8d79172125051b40daa1b2933e

                                                                                                                              SHA256

                                                                                                                              38e7562523e79200aa82cf275ea59795cb6f546b0b9efa79fcbedca181bb08e0

                                                                                                                              SHA512

                                                                                                                              8dbb31341ed1f3ea4b683c8bc98f4be694f574b0ae97c9fc1bbad7900fe10e60af39f07fe286aabe69920f7fb35ee5a4555166a7d1859101a178ad1427c77a39

                                                                                                                            • C:\Users\Admin\Desktop\SkipStep.dot

                                                                                                                              Filesize

                                                                                                                              732KB

                                                                                                                              MD5

                                                                                                                              31becd64eb24345588f54efb41ab918b

                                                                                                                              SHA1

                                                                                                                              c0aa422b74c919427835da9e58bafc77bad3e26d

                                                                                                                              SHA256

                                                                                                                              6a963b7777578698951b1f34ddf81f81dad187d920e2b57ee4f5946b7b0c32e0

                                                                                                                              SHA512

                                                                                                                              b25feef196ce792ecb49506a8f9cb7ef528da872de97690db624abb0f34313237b27263fda61a0252fa7d75b1536f1213eb31fda2851fa44ee1b2f0d9b0a57d6

                                                                                                                            • C:\Users\Admin\Desktop\StartInvoke.tif

                                                                                                                              Filesize

                                                                                                                              532KB

                                                                                                                              MD5

                                                                                                                              863e0957417ab00b5ce01e33ef72a8ad

                                                                                                                              SHA1

                                                                                                                              36c77752ac6f8bc00d5cf877108b01b6edda3cc3

                                                                                                                              SHA256

                                                                                                                              d9706281fba3f0679ffc0374d2553127af72249bb5a8e5f9c4c5b5a42612a165

                                                                                                                              SHA512

                                                                                                                              d21664f926e74dcdebcdaceb0591138c5ae3fe11117611ed1b187e996e1a60aca03ab4637db95ddca759199a807a185786a65a8f7a23c22ca04fd8f038753240

                                                                                                                            • C:\Users\Admin\Desktop\UnpublishMeasure.3gpp

                                                                                                                              Filesize

                                                                                                                              333KB

                                                                                                                              MD5

                                                                                                                              3eb89df2be10c5f7d2bb713033d5093d

                                                                                                                              SHA1

                                                                                                                              e04abffd2ac021eaae298dfa41ab2a607c92c5c4

                                                                                                                              SHA256

                                                                                                                              b816b328e655237749b3d853f61319dd46c8bc08935f166caca8ee33b4c666da

                                                                                                                              SHA512

                                                                                                                              bf772625d11b10f828f825b6b22f8a8d3c17b55c33d002ae54c8e0614b441b6e916f845423a809c76f807ef789915091d8bef6aa6438c4b68b6823c3cd9cdbeb

                                                                                                                            • C:\Users\Admin\Desktop\UnregisterStart.doc

                                                                                                                              Filesize

                                                                                                                              510KB

                                                                                                                              MD5

                                                                                                                              a5c8e63d6b63a23867bb643f21adf1e3

                                                                                                                              SHA1

                                                                                                                              4cab0181d7fd16c68ffb3a7ed711da19b4658f28

                                                                                                                              SHA256

                                                                                                                              3a3cba124f93bed4eff7c286ca01d59a0ceed400c86489a7a6b32914ae87cbbb

                                                                                                                              SHA512

                                                                                                                              0dddc68630134adf675b81dce1c2a5119aff605fdd8483c60a94a80fa0d14113a83f69df6d7b89488ce307626e020af4819121255a9e2891c472c4f1b1ccf3a6

                                                                                                                            • C:\Users\Public\Desktop\Acrobat Reader DC.lnk

                                                                                                                              Filesize

                                                                                                                              2KB

                                                                                                                              MD5

                                                                                                                              bdcabc5f01aba8812a09a80512159dfe

                                                                                                                              SHA1

                                                                                                                              da421ee703a7ca3315770630af6918ac965cc1b0

                                                                                                                              SHA256

                                                                                                                              798c07368838af1da058f44022a315ceffffb14b3b9169dfeff84298123e6142

                                                                                                                              SHA512

                                                                                                                              d6d25e0f1ca368a82c7f59f4494003a6fb3ee2deabd8d90b2c237772923eb0f8ee9bcba5d11aa3d7549aa51c938a2887e9cfd3ab84cdc9b8e1242c3af1fcf619

                                                                                                                            • C:\Users\Public\Desktop\Firefox.lnk

                                                                                                                              Filesize

                                                                                                                              1000B

                                                                                                                              MD5

                                                                                                                              d041a332cb6677d58a13c46d9672a8f1

                                                                                                                              SHA1

                                                                                                                              6c3d2325359fac8bfe6ebd981fd732e581c1d362

                                                                                                                              SHA256

                                                                                                                              fc92fe3088a702384825559a3e6bec93e345d4e46386fe0a6367e210642063a8

                                                                                                                              SHA512

                                                                                                                              7472c8f89e4f584e0c38ee1d7cab15f454d49f694f298c9451f682480908f677bd3d9968d093356d8a71315c36f9ef9448159b9f87734ef1b8c2f6cd99313c20

                                                                                                                            • C:\Users\Public\Desktop\Google Chrome.lnk

                                                                                                                              Filesize

                                                                                                                              2KB

                                                                                                                              MD5

                                                                                                                              d2bbdb4d4e96db7209a5a32f829db8ba

                                                                                                                              SHA1

                                                                                                                              b98da38fe98b18b987ba909e1f977015c101a1ec

                                                                                                                              SHA256

                                                                                                                              175dd27a1c06858193950ac318c5d52cbc20fb985993a2ab15035d8bd82b21d3

                                                                                                                              SHA512

                                                                                                                              b860798e718133ee2f5350ba78e64398adece60f6860459115270f5c96ecb8a424319e1c836638ac9f1f959afb6dd47902815755bf8ed50d5749393a82437d84

                                                                                                                            • C:\Users\Public\Desktop\Microsoft Edge.lnk

                                                                                                                              Filesize

                                                                                                                              2KB

                                                                                                                              MD5

                                                                                                                              33ca698866a37204e88b3cab073f5510

                                                                                                                              SHA1

                                                                                                                              b7c4ab9b7cca0c89bb3d606d972d55bd3ea013fd

                                                                                                                              SHA256

                                                                                                                              d8e5507a45cb61a293a4e0aa83a502b67140d74c81457a03b2135e8a9b3c12b8

                                                                                                                              SHA512

                                                                                                                              f742486e2e2ca0646fa6ea4480d1ff702ea61118773ddd267f4008f6b02dee2a6023df1c9930717967efd9d6cd265c9fcf1ea684a0ddd0823f20d8e66957621d

                                                                                                                            • C:\Users\Public\Desktop\VLC media player.lnk

                                                                                                                              Filesize

                                                                                                                              923B

                                                                                                                              MD5

                                                                                                                              7e058a31ec4728a6ffa9cbade6418522

                                                                                                                              SHA1

                                                                                                                              373bf8360fb8f8f7e80bafbdc2b6a6c678d5a04e

                                                                                                                              SHA256

                                                                                                                              46e7a5d0664f94af5b67110ec7674f295219faa310dc9688edaab961bf9a4ac6

                                                                                                                              SHA512

                                                                                                                              8939bae7a47d805f8457cb0f8b2ee67a6f7edf023ce48bde6f349455882ad861e497ca239a45278340dcec0bec653d1a6ac8384b7b15e24eba3eb18a599154e4