Analysis

  • max time kernel
    159s
  • max time network
    256s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02-03-2024 20:26

General

  • Target

    TrashMalwares-main/Antivirus_Installer.exe

  • Size

    89KB

  • MD5

    70ec6f9bec87d67c435a2b8505a72629

  • SHA1

    8dae4c1727c73b3c1135b633e4db69e60ed522f1

  • SHA256

    1bfef2733f357e531be53b406b65661893b97a8b18a699b6e65f201dd0eeeae8

  • SHA512

    4a164019ae25e21007f2678bdf0e002b2e1eee115ddc4e101a909712d2bbaff3987339b6059c9db69988918296692839c47c49da9ca9ff3310a9e0088ab7d56c

  • SSDEEP

    1536:X7fbN3eEDhDPA/pICdUkbBtW7upvaLU0bI5taxKo0IOlnToIfrwFOO:L7DhdC6kzWypvaQ0FxyNTBfrS

Score
8/10

Malware Config

Signatures

  • Downloads MZ/PE file
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Enumerates system info in registry 2 TTPs 6 IoCs
  • NTFS ADS 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 24 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 25 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 48 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\TrashMalwares-main\Antivirus_Installer.exe
    "C:\Users\Admin\AppData\Local\Temp\TrashMalwares-main\Antivirus_Installer.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3372
    • C:\Windows\system32\cmd.exe
      "C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\DCCE.tmp\DCCF.tmp\DCD0.bat C:\Users\Admin\AppData\Local\Temp\TrashMalwares-main\Antivirus_Installer.exe"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:3452
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/watch?v=oAkRBqxm8tM
        3⤵
          PID:2284
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7fff759146f8,0x7fff75914708,0x7fff75914718
            4⤵
              PID:5540
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/watch?v=lPySS7mt4eo
            3⤵
            • Suspicious use of WriteProcessMemory
            PID:1784
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff759146f8,0x7fff75914708,0x7fff75914718
              4⤵
                PID:2920
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,3094581865193263331,17048407883914289705,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
                4⤵
                  PID:6000
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,3094581865193263331,17048407883914289705,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 /prefetch:3
                  4⤵
                  • Suspicious behavior: EnumeratesProcesses
                  PID:2244
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://custom-gwent.com/cardsBg/1efae8b0c69810654f16b400426049fd.jpeg
                3⤵
                • Suspicious use of WriteProcessMemory
                PID:2160
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7fff759146f8,0x7fff75914708,0x7fff75914718
                  4⤵
                    PID:5036
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,7206838472252035411,1182414051228374865,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2
                    4⤵
                      PID:5984
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,7206838472252035411,1182414051228374865,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 /prefetch:3
                      4⤵
                      • Suspicious behavior: EnumeratesProcesses
                      PID:5992
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.protegent360.com/softwares/PAVSetup.exe
                    3⤵
                    • Enumerates system info in registry
                    • NTFS ADS
                    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                    • Suspicious use of FindShellTrayWindow
                    • Suspicious use of SendNotifyMessage
                    • Suspicious use of WriteProcessMemory
                    PID:4336
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7fff759146f8,0x7fff75914708,0x7fff75914718
                      4⤵
                        PID:2908
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,7069511233774617223,2428054952094498860,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
                        4⤵
                          PID:5436
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,7069511233774617223,2428054952094498860,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2408 /prefetch:3
                          4⤵
                          • Suspicious behavior: EnumeratesProcesses
                          PID:5580
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,7069511233774617223,2428054952094498860,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2800 /prefetch:8
                          4⤵
                            PID:6304
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7069511233774617223,2428054952094498860,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
                            4⤵
                              PID:6404
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7069511233774617223,2428054952094498860,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
                              4⤵
                                PID:6424
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7069511233774617223,2428054952094498860,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3944 /prefetch:1
                                4⤵
                                  PID:6940
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7069511233774617223,2428054952094498860,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4912 /prefetch:1
                                  4⤵
                                    PID:1260
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7069511233774617223,2428054952094498860,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4960 /prefetch:1
                                    4⤵
                                      PID:7068
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7069511233774617223,2428054952094498860,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4752 /prefetch:1
                                      4⤵
                                        PID:2444
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2120,7069511233774617223,2428054952094498860,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3632 /prefetch:8
                                        4⤵
                                          PID:2568
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7069511233774617223,2428054952094498860,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5896 /prefetch:1
                                          4⤵
                                            PID:5320
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2120,7069511233774617223,2428054952094498860,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6536 /prefetch:8
                                            4⤵
                                              PID:4924
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7069511233774617223,2428054952094498860,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3624 /prefetch:1
                                              4⤵
                                                PID:6408
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7069511233774617223,2428054952094498860,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3712 /prefetch:1
                                                4⤵
                                                  PID:7024
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7069511233774617223,2428054952094498860,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6372 /prefetch:1
                                                  4⤵
                                                    PID:3608
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7069511233774617223,2428054952094498860,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6100 /prefetch:1
                                                    4⤵
                                                      PID:4528
                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7069511233774617223,2428054952094498860,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6860 /prefetch:1
                                                      4⤵
                                                        PID:3236
                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,7069511233774617223,2428054952094498860,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7644 /prefetch:8
                                                        4⤵
                                                          PID:3212
                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,7069511233774617223,2428054952094498860,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7644 /prefetch:8
                                                          4⤵
                                                          • Suspicious behavior: EnumeratesProcesses
                                                          PID:5048
                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7069511233774617223,2428054952094498860,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7696 /prefetch:1
                                                          4⤵
                                                            PID:3656
                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7069511233774617223,2428054952094498860,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7724 /prefetch:1
                                                            4⤵
                                                              PID:4100
                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7069511233774617223,2428054952094498860,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6996 /prefetch:1
                                                              4⤵
                                                                PID:1820
                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7069511233774617223,2428054952094498860,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4080 /prefetch:1
                                                                4⤵
                                                                  PID:6468
                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7069511233774617223,2428054952094498860,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5728 /prefetch:1
                                                                  4⤵
                                                                    PID:4748
                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7069511233774617223,2428054952094498860,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5524 /prefetch:1
                                                                    4⤵
                                                                      PID:6480
                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7069511233774617223,2428054952094498860,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7736 /prefetch:1
                                                                      4⤵
                                                                        PID:1556
                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2120,7069511233774617223,2428054952094498860,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5708 /prefetch:8
                                                                        4⤵
                                                                          PID:6624
                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7069511233774617223,2428054952094498860,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6196 /prefetch:1
                                                                          4⤵
                                                                            PID:6208
                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7069511233774617223,2428054952094498860,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6728 /prefetch:1
                                                                            4⤵
                                                                              PID:5796
                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,7069511233774617223,2428054952094498860,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6324 /prefetch:2
                                                                              4⤵
                                                                              • Suspicious behavior: EnumeratesProcesses
                                                                              PID:6152
                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/watch?v=ymbw2R3uIqc
                                                                            3⤵
                                                                            • Suspicious use of WriteProcessMemory
                                                                            PID:3804
                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7fff759146f8,0x7fff75914708,0x7fff75914718
                                                                              4⤵
                                                                                PID:3724
                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,13113444218560925127,7190203414713117747,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
                                                                                4⤵
                                                                                  PID:5944
                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,13113444218560925127,7190203414713117747,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3
                                                                                  4⤵
                                                                                  • Suspicious behavior: EnumeratesProcesses
                                                                                  PID:6012
                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://files.fm/f/hfkwsdkmj
                                                                                3⤵
                                                                                • Suspicious use of WriteProcessMemory
                                                                                PID:3240
                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7fff759146f8,0x7fff75914708,0x7fff75914718
                                                                                  4⤵
                                                                                    PID:2752
                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,772615986883967298,10356735890533463369,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
                                                                                    4⤵
                                                                                      PID:5952
                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,772615986883967298,10356735890533463369,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:3
                                                                                      4⤵
                                                                                      • Suspicious behavior: EnumeratesProcesses
                                                                                      PID:5960
                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://download2389.mediafire.com/xzhsf9dl17ng/9f8fds9s3efg7so/WannaCry+by+Rafael.rar
                                                                                    3⤵
                                                                                    • Suspicious use of WriteProcessMemory
                                                                                    PID:1384
                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7fff759146f8,0x7fff75914708,0x7fff75914718
                                                                                      4⤵
                                                                                        PID:448
                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,805125742054450437,10762031736811608025,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
                                                                                        4⤵
                                                                                          PID:6064
                                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,805125742054450437,10762031736811608025,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3
                                                                                          4⤵
                                                                                          • Suspicious behavior: EnumeratesProcesses
                                                                                          PID:6080
                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/959038855737147432/967723261284724796/Setup_File_Pass_1234.rar
                                                                                        3⤵
                                                                                        • Suspicious use of WriteProcessMemory
                                                                                        PID:4084
                                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7fff759146f8,0x7fff75914708,0x7fff75914718
                                                                                          4⤵
                                                                                            PID:2776
                                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,3254011041425604286,3353583623344606669,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2060 /prefetch:2
                                                                                            4⤵
                                                                                              PID:5968
                                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2044,3254011041425604286,3353583623344606669,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:3
                                                                                              4⤵
                                                                                              • Suspicious behavior: EnumeratesProcesses
                                                                                              PID:5976
                                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/959038855737147432/967723261284724796/Setup_File_Pass_1234.rar
                                                                                            3⤵
                                                                                            • Enumerates system info in registry
                                                                                            • Suspicious behavior: EnumeratesProcesses
                                                                                            • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                                                                                            • Suspicious use of FindShellTrayWindow
                                                                                            • Suspicious use of SendNotifyMessage
                                                                                            • Suspicious use of WriteProcessMemory
                                                                                            PID:740
                                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7fff759146f8,0x7fff75914708,0x7fff75914718
                                                                                              4⤵
                                                                                                PID:1992
                                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2204,1131942136845274283,8504092740489053096,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2212 /prefetch:2
                                                                                                4⤵
                                                                                                  PID:2228
                                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2204,1131942136845274283,8504092740489053096,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:3
                                                                                                  4⤵
                                                                                                  • Suspicious behavior: EnumeratesProcesses
                                                                                                  PID:4408
                                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2204,1131942136845274283,8504092740489053096,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2792 /prefetch:8
                                                                                                  4⤵
                                                                                                    PID:2768
                                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,1131942136845274283,8504092740489053096,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3660 /prefetch:1
                                                                                                    4⤵
                                                                                                      PID:2444
                                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,1131942136845274283,8504092740489053096,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3680 /prefetch:1
                                                                                                      4⤵
                                                                                                        PID:3372
                                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,1131942136845274283,8504092740489053096,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5188 /prefetch:1
                                                                                                        4⤵
                                                                                                          PID:5600
                                                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,1131942136845274283,8504092740489053096,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5204 /prefetch:1
                                                                                                          4⤵
                                                                                                            PID:5612
                                                                                                    • C:\Windows\System32\CompPkgSrv.exe
                                                                                                      C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                                                      1⤵
                                                                                                        PID:6948
                                                                                                      • C:\Windows\System32\CompPkgSrv.exe
                                                                                                        C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                                                        1⤵
                                                                                                          PID:7128
                                                                                                        • C:\Windows\System32\CompPkgSrv.exe
                                                                                                          C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                                                          1⤵
                                                                                                            PID:3628
                                                                                                          • C:\Windows\system32\AUDIODG.EXE
                                                                                                            C:\Windows\system32\AUDIODG.EXE 0x308 0x508
                                                                                                            1⤵
                                                                                                            • Suspicious use of AdjustPrivilegeToken
                                                                                                            PID:5232

                                                                                                          Network

                                                                                                          MITRE ATT&CK Enterprise v15

                                                                                                          Replay Monitor

                                                                                                          Loading Replay Monitor...

                                                                                                          Downloads

                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                                            Filesize

                                                                                                            152B

                                                                                                            MD5

                                                                                                            36bb45cb1262fcfcab1e3e7960784eaa

                                                                                                            SHA1

                                                                                                            ab0e15841b027632c9e1b0a47d3dec42162fc637

                                                                                                            SHA256

                                                                                                            7c6b0de6f9b4c3ca1f5d6af23c3380f849825af00b58420b76c72b62cfae44ae

                                                                                                            SHA512

                                                                                                            02c54c919f8cf3fc28f5f965fe1755955636d7d89b5f0504a02fcd9d94de8c50e046c7c2d6cf349fabde03b0fbbcc61df6e9968f2af237106bf7edd697e07456

                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                                            Filesize

                                                                                                            152B

                                                                                                            MD5

                                                                                                            1e3dc6a82a2cb341f7c9feeaf53f466f

                                                                                                            SHA1

                                                                                                            915decb72e1f86e14114f14ac9bfd9ba198fdfce

                                                                                                            SHA256

                                                                                                            a56135007f4dadf6606bc237cb75ff5ff77326ba093dff30d6881ce9a04a114c

                                                                                                            SHA512

                                                                                                            0a5223e8cecce77613b1c02535c79b3795e5ad89fc0a934e9795e488712e02b527413109ad1f94bbd4eb35dd07b86dd6e9f4b57d4d7c8a0a57ec3f7f76c7890a

                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

                                                                                                            Filesize

                                                                                                            44KB

                                                                                                            MD5

                                                                                                            63bc86f6c3cc14787ff8a9116e61ce96

                                                                                                            SHA1

                                                                                                            9ac37467054f19ce291a79ac21e0099d018c23dc

                                                                                                            SHA256

                                                                                                            a340ef5e6a6225531ad4ac2eabb6eaa434bcf0ef6aab77620a8fc19ac27ab80d

                                                                                                            SHA512

                                                                                                            4fbd5410f19803b42d9bff49389ff6a63baba4668bbf7e6ea9f5805655004a5a18c57035475e09c91ee5f07bc1ba57b61a1ed44a3c732c93d0db5eca083a8f1e

                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

                                                                                                            Filesize

                                                                                                            264KB

                                                                                                            MD5

                                                                                                            279457fbbb30ce4ddb3ff96b593e0828

                                                                                                            SHA1

                                                                                                            8fadee49ac3fdcc21877c8178113f7f3295fad46

                                                                                                            SHA256

                                                                                                            6a0df2302baf411612dbeddf4d710cb435b917ad4dc43bddd4b0cf174371fa0a

                                                                                                            SHA512

                                                                                                            8990aaae9040841aa4e4179eb22161735a2e7d52000a522630c9bdd50c5b2bd0ac0b95d5ec52d052d9518aa7f74a681c4676d9f662086c6520d336ad3d029219

                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

                                                                                                            Filesize

                                                                                                            22KB

                                                                                                            MD5

                                                                                                            7a204d478c8dfe822bf86f9103bbd9b3

                                                                                                            SHA1

                                                                                                            7114b36ea1588d9372d730b2ee5dec7a3aee36d1

                                                                                                            SHA256

                                                                                                            d9134e3cf60db564c49cc181251c7308bc568acf060444c443a90c0f464ebfeb

                                                                                                            SHA512

                                                                                                            f5fb06a9808e9370a5fb3b926ffa27746ca7942eba36a2f63135168218e326abc74195453b9bcd8a045d5870a71b7f250dfc281515c7fa51857410acb316763e

                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

                                                                                                            Filesize

                                                                                                            46KB

                                                                                                            MD5

                                                                                                            8de2c3401fef13f5c0f8e82a2fb76354

                                                                                                            SHA1

                                                                                                            f208974c5f866e071c838d0407a6a72d2d1ef1e9

                                                                                                            SHA256

                                                                                                            3fa1c740fe39c7ac18b90935c9d64505c77ab4b95256356ffaf9c0cdee5f7643

                                                                                                            SHA512

                                                                                                            ce357e11fbb1ddfd15be9d2534e392799b94af0c2ce614980e3c9124e4267857989662ed2b7e46e0697d0d3ee222e259f66f5a03d0f321152cb5622f5a8bae5b

                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

                                                                                                            Filesize

                                                                                                            212KB

                                                                                                            MD5

                                                                                                            dccf12096bb297369451afc6db16a236

                                                                                                            SHA1

                                                                                                            571bc48377a985f63fc7899142a7224e24aa4c8f

                                                                                                            SHA256

                                                                                                            7715812d50fd87d35cbcb910abad64fcc94360346e7728011c71820c8bc73a54

                                                                                                            SHA512

                                                                                                            d14341f35d251ad4870d686a810feba0c1b802e552c13a050f34af51aa491645d4cad9dc72a8d664a567844d54ff758c09165e41f8cc9c9a03966dbc91efe8c1

                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

                                                                                                            Filesize

                                                                                                            776KB

                                                                                                            MD5

                                                                                                            00494c10001e5d3506062fe05b3be14b

                                                                                                            SHA1

                                                                                                            b6863374fbf468a7e7ed8c5c229b6b47e9e158a9

                                                                                                            SHA256

                                                                                                            a474b4dbc3de7f01ae792b12f5950955fc94e31fc77c523d1676590b244c2a65

                                                                                                            SHA512

                                                                                                            9f68ffec822ef1bb4c479ff206d65305dc17b498caa5821c9a9da70111bf457eee594894189fa9ea4e50bba50bac876024d3a82349d35ab42adf523870fbbbde

                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

                                                                                                            Filesize

                                                                                                            1.5MB

                                                                                                            MD5

                                                                                                            20c445cbe3e4ce22a27adb4c9e6abc31

                                                                                                            SHA1

                                                                                                            20720f5abfd8fc516ba11d5431d7878a99ab0209

                                                                                                            SHA256

                                                                                                            a64877eb7b067cf0a182dd5e7422f44248178a8dc9269334df4284338d08fe10

                                                                                                            SHA512

                                                                                                            2b9270ac5117361553a356e6b2ae133f01d56bce53bb673f81d177eb91e9bed65ce5fd49dea20f6fb6cfee0904a8af18b885a31b7b92af143dec0d9db254ec1e

                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

                                                                                                            Filesize

                                                                                                            31KB

                                                                                                            MD5

                                                                                                            e9fec90d4af8805b11e69a53eb21aca8

                                                                                                            SHA1

                                                                                                            e546322eb933862fa653f20fd4bd38bc6c3375a1

                                                                                                            SHA256

                                                                                                            e3801b7cfce7b9fc9ad44dc8569bb007c4cd934fdb7b4c3fea8c23a79e4775b6

                                                                                                            SHA512

                                                                                                            9ee5f9f118d869b2f7ae5d30903cc081710a7fb2f3912fef3bc178e6ad9bd3556f227fc6db940def5049f855938ebc4e2d4d855afbeac5b1ef2305642f8a7b95

                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

                                                                                                            Filesize

                                                                                                            33KB

                                                                                                            MD5

                                                                                                            1862a084867804c6446e31f801a6ca10

                                                                                                            SHA1

                                                                                                            9f0addd7e5407ad6adc297d83e71864bf5d234ef

                                                                                                            SHA256

                                                                                                            fddbb692490ae3a98abc3505688261ed1d9de4440367b2b83dfc26237dab2637

                                                                                                            SHA512

                                                                                                            110160df85746bedc1b5c56c9837a0e6850f47b27b18b804077179821932ea5e4317d1e42407304d3b96f9848504f0ca879c02030510f509d6409285aa90d144

                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

                                                                                                            Filesize

                                                                                                            19KB

                                                                                                            MD5

                                                                                                            56cf88a250e483d0b17bd6b3a5cf245d

                                                                                                            SHA1

                                                                                                            7ee18462db98275a742167c02a7bcb9b9cd9ed56

                                                                                                            SHA256

                                                                                                            287c5696a5e55b44b025c7356abaeaae0859487c581a26ccb5ca02fd6b7fea9a

                                                                                                            SHA512

                                                                                                            23ff85c0e6e4c073fbacea6325663ab4a60f6d5226cfb57bdf8ac05117d01ba4a324650be599d4cb3b3081b31cbcb4ce9555fec6ffacf8376a7269f406b09e00

                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                                                            Filesize

                                                                                                            2KB

                                                                                                            MD5

                                                                                                            a5d6c1761f943c0545461dc0039380e6

                                                                                                            SHA1

                                                                                                            64033d53d8aabed06559ebbebf92299ac6f44d01

                                                                                                            SHA256

                                                                                                            1e8e8444728d86de5966a57ef4742b3497537fde68cc9b2ae3727e6bd26494ce

                                                                                                            SHA512

                                                                                                            09e2c099e4809258b3045064a1cc7c5ae7ff606ed4d39752b12c3e8adb8945ef7786705be52b914a38dc4d577962896ec70a5e177b5cbd62405a625dc5b12ac9

                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

                                                                                                            Filesize

                                                                                                            319B

                                                                                                            MD5

                                                                                                            344322223f0ccbea61c08a44531f4c54

                                                                                                            SHA1

                                                                                                            d06a1eb002f866f7dde8f71c59bddd7f4e0e7457

                                                                                                            SHA256

                                                                                                            c940a6018885a426226df13b481fd6b00c69a1656e53412c0743d5897d5155af

                                                                                                            SHA512

                                                                                                            e9f3d2dafd6d67e9e32e41e3c86023e631e25734cfdd7f37a035d599855071649a582084f54445d9cbc1d28eb667929cfa0123e4b477de9443a5a1cc096fe9b0

                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

                                                                                                            Filesize

                                                                                                            331B

                                                                                                            MD5

                                                                                                            b2b065ca79fdd521c559229ff45fea9b

                                                                                                            SHA1

                                                                                                            fa9678dfe7244f7f641c7acdfc49552bc40bbc29

                                                                                                            SHA256

                                                                                                            29b40f3f708febb5a8bbf7b121471f072267ea1d3c06406986f812201be1608c

                                                                                                            SHA512

                                                                                                            c12f8ee23c11a8143a41aaebc0bd6567d880f2d3aaa862cf8a4edee3c6a259cd1ad4f912816ba59948cdd950cf1c9e17fea86911a238d0e238be60a94609365c

                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                                                                                            Filesize

                                                                                                            7KB

                                                                                                            MD5

                                                                                                            5033cdbd0ed9622d2570d883b04b4724

                                                                                                            SHA1

                                                                                                            74d961b02af77e67d855f8a2deea0bbb6ac16bba

                                                                                                            SHA256

                                                                                                            d9da5fb3912e8bbbc006a2c716b6d51f672374584cba5edb106bd3cc9679518b

                                                                                                            SHA512

                                                                                                            49ad2f61cc6b1d7531050c2234237b6f9b1d2822baf3519977963377447d9f3898f3701f18c11f68ebff836330ee415a5c076eb47c97c3384d881b5a50f9d744

                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                            Filesize

                                                                                                            7KB

                                                                                                            MD5

                                                                                                            0e42477e017971631e1a4d1e30220acf

                                                                                                            SHA1

                                                                                                            92e8a1ba2d60ace44462a14214f9ca5bd8cf2dc3

                                                                                                            SHA256

                                                                                                            0b78dc0b45f126cea6a5e0dfc1b1c98c9cdbc966a505d3ca00f10ff1db1ad661

                                                                                                            SHA512

                                                                                                            e856fe50792158df4e6fe7abc66b62ebd377666aa31fbba5514457d3c943a177f706dfa58ab9ae71e89aa1adc0a44a57f9446fdd33a792c8799933cbfde6ea56

                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                            Filesize

                                                                                                            8KB

                                                                                                            MD5

                                                                                                            ff877407df56b9eaa5e1f4467f98b577

                                                                                                            SHA1

                                                                                                            a641170824630cdd1aec3c3f7578ecc424ccc197

                                                                                                            SHA256

                                                                                                            447cb613bb78b3d8c0c84de5204211dcf3d8fa130660d947c6bbbbdf02f121fb

                                                                                                            SHA512

                                                                                                            c484dd823c32f5f17753126cd34b0592ca0d4bd3e4bd320af93b8cb9b152e0b52e2fb5ad69455889e1930a18a2d19a343baa6240838389a03adcd4165d463cc6

                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                            Filesize

                                                                                                            10KB

                                                                                                            MD5

                                                                                                            d647b9c29dd523d544c881fc1c716794

                                                                                                            SHA1

                                                                                                            160ce2ccc86bf07797eae9539a7a7891ff453f68

                                                                                                            SHA256

                                                                                                            a6fcc34b62b1c8a6b8bf12e8b1c7473806c4e198c5ffa7aa63f996037afb80ce

                                                                                                            SHA512

                                                                                                            884ad7f53599c97cf6ada99d21f5e64735c68d39c567541f4a909db6ab6fd65acbc19b95c6d6bd6ba165711d8cecf5430a6b52ccb14309c89c4fc2101750743c

                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                            Filesize

                                                                                                            6KB

                                                                                                            MD5

                                                                                                            4952d02b0f2608b6a21a49bc6706078e

                                                                                                            SHA1

                                                                                                            b5a30eaabadca9db2b3596e32b1c0757365db5b6

                                                                                                            SHA256

                                                                                                            0d181f741156c97c5ca830e4cd2d58f3398f0ab0641fcb261dc85903634ecd97

                                                                                                            SHA512

                                                                                                            d56dfd91ff17f7d15991a193637889a5ec1f3995baac2bca3198fa87dd2ed760214cf26ec0e58a3103889f096c6a97b198a092578db633a6dcd39e33585d1660

                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                            Filesize

                                                                                                            6KB

                                                                                                            MD5

                                                                                                            0ad4ee0141cde3619577aa6284373e4a

                                                                                                            SHA1

                                                                                                            3ab357a94fcd0082917967933debe1092c720795

                                                                                                            SHA256

                                                                                                            357eeac43f451f41c9f7bc271567bcc85a197571c3dd60025615a37f7425e25a

                                                                                                            SHA512

                                                                                                            92cbaf0b484dcccae03d44b23200386fdebbb477fd4acfb09f34989efcb369f2510637e1b4dad46b129e196d9722bba2819806f8f3ad578d4d484e62fcf871bf

                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                            Filesize

                                                                                                            9KB

                                                                                                            MD5

                                                                                                            afea75e39305cc3569f99265fcb548ba

                                                                                                            SHA1

                                                                                                            aa0e9ee9bb9ba93a4c2a645b10c2faf1e84dd2e6

                                                                                                            SHA256

                                                                                                            e642ac406facc7a2e6a8bfcc87ee6ec787c80ecf7164e0354a3a025d4e606ba8

                                                                                                            SHA512

                                                                                                            e92d0daaa762b38da49df560d48e7d7a4175d87ea5af136012e8ffe1c6556c585ec17cd4f902ce0d6197d4ede808ab5037d20732893a84a85e8e2406c00acf36

                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\06970815-d0fd-4f9a-b1b1-d33b27eabdd7\index

                                                                                                            Filesize

                                                                                                            24B

                                                                                                            MD5

                                                                                                            54cb446f628b2ea4a5bce5769910512e

                                                                                                            SHA1

                                                                                                            c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

                                                                                                            SHA256

                                                                                                            fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

                                                                                                            SHA512

                                                                                                            8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\e20b7581-2e51-4d25-9e5b-0b6449ed3a8b\index-dir\the-real-index

                                                                                                            Filesize

                                                                                                            2KB

                                                                                                            MD5

                                                                                                            88302b60088b2a8929346f3a955117bb

                                                                                                            SHA1

                                                                                                            f361e3c213c3049fdfa2081e7fe8a49b1148169c

                                                                                                            SHA256

                                                                                                            2067635aeadb95277d65c10a5a0f9853d968fb8d52bbc9f1062e2f6c972100b2

                                                                                                            SHA512

                                                                                                            ea5ec595d14c0cad075551237bbed5150a6b64df40e6ac62df656059b25a112f5f7df86d661541dc4964644f250483c0903ce589bf2e86a9ba1b835b531df268

                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\e20b7581-2e51-4d25-9e5b-0b6449ed3a8b\index-dir\the-real-index~RFe5a9ba5.TMP

                                                                                                            Filesize

                                                                                                            48B

                                                                                                            MD5

                                                                                                            7f69422f82441a5e2899be4b0665211b

                                                                                                            SHA1

                                                                                                            e7840a3be7eb48aeacf7ead1ddc92639d7a50e90

                                                                                                            SHA256

                                                                                                            83442da987bfb0c761866a4a773d9dddd7b6fb9a0b56179e202c209be8b366df

                                                                                                            SHA512

                                                                                                            72b3b4d4ebcfc03886a18c28c6bbdd6b0b8ce75603ec8e941c10b812f6e879d9a7d51e10e7af8f9e3a019ef4f90595b46396872c8bfa7a339448f9d3c0528c08

                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

                                                                                                            Filesize

                                                                                                            146B

                                                                                                            MD5

                                                                                                            a14ba0942c5250220f964a0e9714e60f

                                                                                                            SHA1

                                                                                                            c1dbb75e0322be720fcc23814d9a6741b175efae

                                                                                                            SHA256

                                                                                                            ad3650a0da82ce7b464f1989813aecb0554510189a12d5877a6d320406225395

                                                                                                            SHA512

                                                                                                            f742f856c4869030eec126c251f277f2a4b8379ee696fd4dd3e5f2aa44fb175a1af97fcc67835bfa6c01b31993e272ef911aa201fee501f3bdcd795f4cf697c6

                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

                                                                                                            Filesize

                                                                                                            146B

                                                                                                            MD5

                                                                                                            cced56344c314d98b862423129163c84

                                                                                                            SHA1

                                                                                                            158732882eece8038df49d5ad978b0c2dfba3fe8

                                                                                                            SHA256

                                                                                                            cc929ec822b863b9a5521a2f55d05203f2587271c450f2ee6c79bd6e967078d3

                                                                                                            SHA512

                                                                                                            52174bc0345fedc3cb66b0ab007eb7e1610b41fa8ce8e27cc4323993a59deb6fb7bafc965e0992a834639d5a4d99dfff75891afc3afbe4f448c1e239b766bff2

                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

                                                                                                            Filesize

                                                                                                            146B

                                                                                                            MD5

                                                                                                            6bd349906eb33fb2634187f3fdab856f

                                                                                                            SHA1

                                                                                                            8e59b494932ef51a3c871492b298d820e7e74e12

                                                                                                            SHA256

                                                                                                            eafbc00fb7251d5bed88dd2dae2b5ee6d6b71045b63d1fbf924a017637dac253

                                                                                                            SHA512

                                                                                                            ab7c9ccb57458c644cc63bff792b662d1c65db5ab03cf9bda928cfdfae24abe9a6c352c7593db5d068867e9c2baa66a0d173b00e0b532f0ce458a8dcd75843fb

                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

                                                                                                            Filesize

                                                                                                            84B

                                                                                                            MD5

                                                                                                            8021cb0fe3e7f40e59c39554e864a9ae

                                                                                                            SHA1

                                                                                                            b6c44e8bfb3950fa9fe735e311dec1a4b7cbe887

                                                                                                            SHA256

                                                                                                            42e951da1e02f12379d747a01e2c103188e2b1ce199cca549487f5ffc64fbb51

                                                                                                            SHA512

                                                                                                            1dc41c9901f271db1083c00bfef9bc09388dd6d21cd6063bac4319c6ec01cecebe86cb419292d6b55c5ff55b6ef7815585baa6c3c5de7fe864fff70d09290b71

                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

                                                                                                            Filesize

                                                                                                            82B

                                                                                                            MD5

                                                                                                            c6386f384fab12bdac9346dd2873f5eb

                                                                                                            SHA1

                                                                                                            be6462efd752a0acae54b66ac5769989c1631f8d

                                                                                                            SHA256

                                                                                                            a22ca15295fdb399034363bdd7ec8e5c53a3b6b5c4549c36089d24e46598a167

                                                                                                            SHA512

                                                                                                            29ec4a8a455075327fbcf429c712907f8e48915ac7dde665772912a81b96e215b5d11273133d1b9433a9121190685b097277266467bebf72fe875c1f323e592e

                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe599e2a.TMP

                                                                                                            Filesize

                                                                                                            89B

                                                                                                            MD5

                                                                                                            eb95a62aa0fb04a2547cf0767a83281b

                                                                                                            SHA1

                                                                                                            b8c0213e98d3070471bd30a87bf8c875274171c4

                                                                                                            SHA256

                                                                                                            a2087dedf94004deccc8998854370ecf3b1c92acc40f4d573a4cba6312c45ffb

                                                                                                            SHA512

                                                                                                            b841b12965f9bc2b7cdfa56b564fabc82d3101eff88ef9ed992272169e51402889968369d151e3f37d2235a37ff6e4f6968fabed5d03f1b0a7a9d3a88b7ee374

                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

                                                                                                            Filesize

                                                                                                            16B

                                                                                                            MD5

                                                                                                            46295cac801e5d4857d09837238a6394

                                                                                                            SHA1

                                                                                                            44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                                                                                            SHA256

                                                                                                            0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                                                                                            SHA512

                                                                                                            8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

                                                                                                            Filesize

                                                                                                            72B

                                                                                                            MD5

                                                                                                            d632f6c98568d23b5951fc8b30445205

                                                                                                            SHA1

                                                                                                            5de9f2b13b104e2beedfaae0fd87bd6eebd59a28

                                                                                                            SHA256

                                                                                                            4df24a47fc341108a2ebe26b8f07cc95c747bb0eef303e51b67d34ccd76165a1

                                                                                                            SHA512

                                                                                                            b85b1e4488df589a9003ede76c1efc71f97900701caf4c9740cee88aa1e3a19e5080d986c82d82e7b73a8026af801691523d238f26a3f6afd8bf7c95d4f15a1a

                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe59f1f7.TMP

                                                                                                            Filesize

                                                                                                            48B

                                                                                                            MD5

                                                                                                            e45b6ce8db578ed000e07f804140e2c9

                                                                                                            SHA1

                                                                                                            3cc3992f773c9b2923c0f7d1e6769826a1651c1b

                                                                                                            SHA256

                                                                                                            70a3d26a640ba944be6f01f2cb22bd5d8df6956aff50168ee1c2eae5fb831224

                                                                                                            SHA512

                                                                                                            1f23f7831bdd526665943e894d82369c32035a3fa67160c5b05380657b7d63502696f77a4dfbe8a9e300059c52b56f070e90fbf74bf890ff40576ed14fb87fae

                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

                                                                                                            Filesize

                                                                                                            156B

                                                                                                            MD5

                                                                                                            fa1af62bdaf3c63591454d2631d5dd6d

                                                                                                            SHA1

                                                                                                            14fc1fc51a9b7ccab8f04c45d84442ed02eb9466

                                                                                                            SHA256

                                                                                                            00dd3c8077c2cca17ea9b94804490326ae6f43e6070d06b1516dfd5c4736d94d

                                                                                                            SHA512

                                                                                                            2c3184f563b9a9bff088114f0547f204ee1e0b864115366c86506215f42d7dbf161bc2534ccaee783e62cc01105edffc5f5dabf229da5ebd839c96af1d45de77

                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

                                                                                                            Filesize

                                                                                                            319B

                                                                                                            MD5

                                                                                                            bf1e418bd0ce3722fdf6e3a34b263e74

                                                                                                            SHA1

                                                                                                            cc3e0531ea8fd5269185efd08c92d33ff7a26693

                                                                                                            SHA256

                                                                                                            b71f79d52c61e0fd894972f6adc5c5893279b4828f84149f812fdbc5e606d106

                                                                                                            SHA512

                                                                                                            4b7843d923b03d9e5a747abcbaaada3e8b439c74f1b24cbd2a8f1fd1d0377dc140de94f92cf201021d2526b448db795f2950d3a34514c23cb59b52522e2543c5

                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13353885193125083

                                                                                                            Filesize

                                                                                                            373B

                                                                                                            MD5

                                                                                                            128b53fc2d526f2d1ee7ce4a11bd907d

                                                                                                            SHA1

                                                                                                            da497f43cbc0f7bceb94187a8c37775343038ee5

                                                                                                            SHA256

                                                                                                            69353cf31c9d5406374f5c60e45ccaff091acd558a5ecd4462371955aa208524

                                                                                                            SHA512

                                                                                                            439f48eb1554e15d50fe092c796425815107fa2557efe5bf38f86ada228694e1e95d46f846ff12c923d799d328a137d562bf25de168f44ef5041df306c0221e4

                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13353885193925083

                                                                                                            Filesize

                                                                                                            933B

                                                                                                            MD5

                                                                                                            46e511ee32bfa006164e2cd10f354868

                                                                                                            SHA1

                                                                                                            f3126d58922abff380516179801dc9083e0106c7

                                                                                                            SHA256

                                                                                                            2721c4f40399439d4e8db2fd6f07571776708f8e0ab046b75ec293a788515743

                                                                                                            SHA512

                                                                                                            f691ef22f3a2d0e4060430a7bbf0de9999fd5e1f8c01378493c0fb72a55bf276fe9c066c7240fbe134391db124955be3f3fd687d6a53af1d68abc0bf017988cc

                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

                                                                                                            Filesize

                                                                                                            347B

                                                                                                            MD5

                                                                                                            9c5defa4ccef814d628965bc1a843520

                                                                                                            SHA1

                                                                                                            2cb58a38b9a27721871bad1c4148eedc303488ae

                                                                                                            SHA256

                                                                                                            372e3744093f5a4f2016c0bdd39264339c1b73fad9f2fbd83c0b183b0c8b271e

                                                                                                            SHA512

                                                                                                            fb9286d2f0a7b0ea5b861224253d3cc74486268fbe2d258221b459f8a88dfb6e7a5f1cec033a3dbaa88f8e7ec4609a03a7ed8a6cc735a668fd902c08e72a26aa

                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

                                                                                                            Filesize

                                                                                                            323B

                                                                                                            MD5

                                                                                                            6c541c15bacd30cd67b91dd1745ea809

                                                                                                            SHA1

                                                                                                            f0e6a8ebcb7a1f13644317c46dbf7560ba0318ab

                                                                                                            SHA256

                                                                                                            05cf5d29bd984d6a8180b6bba8327bab19d6c711709f52d7215b99389ad894ed

                                                                                                            SHA512

                                                                                                            57254dc2f40b0c16120ff6c011fb34fc555589f5a9116e2711f36f04b9c4d9e8165c35792a360a617e911f22dcaca9d6ee6c16a0adec412e76f61feb87c1d237

                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                                            Filesize

                                                                                                            1KB

                                                                                                            MD5

                                                                                                            92959fa9757bf93c4b4b99a3a807a123

                                                                                                            SHA1

                                                                                                            c22cd28c96219036beeeabe09e9f910e50dd812d

                                                                                                            SHA256

                                                                                                            7a3500ad86f6ece190ed078a8687f24e00af4a8160bc3429bc17d75a07411dfa

                                                                                                            SHA512

                                                                                                            57a206f5f7d0288f2b0470031448d3b5feecd7358c2f251394bcf95608bc86ec20aaa0497bbbe1abef9c4d9c50ca5dcb2c4aa25dcd771b2d3006bf3a290d8c50

                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                                            Filesize

                                                                                                            1KB

                                                                                                            MD5

                                                                                                            d37bd45c3ab706cb265b3ccd520bad52

                                                                                                            SHA1

                                                                                                            d70b937ac2db8cf93d1a0db398025f61891253c2

                                                                                                            SHA256

                                                                                                            a2c316c4407ee15c02e9f612ad2aaeb0e9615c3d7a02344be32aff5c7a4fb8d4

                                                                                                            SHA512

                                                                                                            2f54db9342e1a1fe28c2796480349c81acb122eae041f6f660e8c4797d5230358b9e733ab66f354e8569b554e06779cac91e4ccc2d00880e525df24644094021

                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                                            Filesize

                                                                                                            1KB

                                                                                                            MD5

                                                                                                            de2495686c6ca82f4a25505c1e652861

                                                                                                            SHA1

                                                                                                            fc2771120c984a790778a7f9ccbf2ed129273afe

                                                                                                            SHA256

                                                                                                            8e99515d955278ffa8fb6646980e2a18b884447f085265f72270c17513a02fae

                                                                                                            SHA512

                                                                                                            493bf434aad941ec0f086a09c6b7c1ecb4aec602f2bacae488e50387e9146f8c507d700148fa7c48fba3a5e6bfc2d98fadeb543887e166aa1d630b6aa8e28ec8

                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                                            Filesize

                                                                                                            1KB

                                                                                                            MD5

                                                                                                            1977775f015b0adcf4d4e7aaadd5466d

                                                                                                            SHA1

                                                                                                            e2ceaa2724fc7681e43ede7dd30406ac228f6359

                                                                                                            SHA256

                                                                                                            378f65db2169da56cba03d5ccf836a9ccc5121cb43d908230dd1040e90c3a4ba

                                                                                                            SHA512

                                                                                                            f9b63fb8a7dcbebd672326c7da50539fa129ea85d5e1a53e5b37e2cb41d71867702c6f7460f9b4bd308561ecea4e3c4fc530b46e7a24ea3c53cb75121903b91a

                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe59d45d.TMP

                                                                                                            Filesize

                                                                                                            706B

                                                                                                            MD5

                                                                                                            d69c7037eef887eabaa5cd057a9894fa

                                                                                                            SHA1

                                                                                                            94cdc8618dc2ac278c8ef2b87a533575439fbd28

                                                                                                            SHA256

                                                                                                            c5174c96793851e68591b9167b3730938312732a43a9e9529a5e8ac0669809bf

                                                                                                            SHA512

                                                                                                            c3b2624481e850383513c21dc206470a9bed46a55d66d454fe90e8a5d30ae80584a4db19a087e800af06cddf30a41c670b94a34334829c2ceba72545c6db000c

                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                                                                                                            Filesize

                                                                                                            16B

                                                                                                            MD5

                                                                                                            6752a1d65b201c13b62ea44016eb221f

                                                                                                            SHA1

                                                                                                            58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                                                                                            SHA256

                                                                                                            0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                                                                                            SHA512

                                                                                                            9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal

                                                                                                            Filesize

                                                                                                            32KB

                                                                                                            MD5

                                                                                                            c267930c2a88e164828dd8d0a4933c74

                                                                                                            SHA1

                                                                                                            d18af9909cfb44ee3ad7557b9c90fb683966ec92

                                                                                                            SHA256

                                                                                                            54a2c37ecfa57973eb82ef0a28f29fdad1771e2768429d77701839a4d1c927bb

                                                                                                            SHA512

                                                                                                            3a014d44a828e193c6d9920e7bd6a46693c966f612890f2d28411b341ea02a7dac6fe3a80ade64fa861661c751fb2f29ef611c689e21baa59725a3c2c50a6693

                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

                                                                                                            Filesize

                                                                                                            322B

                                                                                                            MD5

                                                                                                            876470cfd40f2d195f3ca46cec51f87a

                                                                                                            SHA1

                                                                                                            f3ce7cf41a4ba2da291024410ccd26424a7cb4c2

                                                                                                            SHA256

                                                                                                            e76b4d97171602f28448cac0cb619b85734d2b1cb89fb6297caf594675e43e42

                                                                                                            SHA512

                                                                                                            ae24bebdbd6e2dace8c5a7622e63d865fab181067337de5750f2d0c30ed184595d1a3507283f87061455394670179464347ab7581efe696ff2b69d5a3513e8a5

                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

                                                                                                            Filesize

                                                                                                            565B

                                                                                                            MD5

                                                                                                            dbb805a0ebd21bca3d0aa93ccd995326

                                                                                                            SHA1

                                                                                                            d839471308547b9fba1fdb2d4d9a120df099367b

                                                                                                            SHA256

                                                                                                            218e73d1cc5296bbf8382d9951d4ce0740edb39dee874b2b93e1e3c34115440d

                                                                                                            SHA512

                                                                                                            878fffc094ed461d24088ec641c317044cbd25deb24dc19d2c24d5d90104819c1c45e9d65aee4a188969ecd4ff98a20b93db13e877e024079cc5e8016a4ba879

                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

                                                                                                            Filesize

                                                                                                            340B

                                                                                                            MD5

                                                                                                            1132832de7574d1b208ca6c6a195f005

                                                                                                            SHA1

                                                                                                            e37577d3ccd1894efb3cbd0145d47ca786180cd0

                                                                                                            SHA256

                                                                                                            044c3b77503ab1d9fc5f1aee98122ef8a3b6c8998eff9b16b66d3315de00a03b

                                                                                                            SHA512

                                                                                                            7e8537607b77c0cb530ab6e9fd9f69ed22944de864e37c508083be430e446b8407b7b0b19d91b52da51247d3110b7ed59c997fb307e97030d84f510016de05e0

                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

                                                                                                            Filesize

                                                                                                            11B

                                                                                                            MD5

                                                                                                            838a7b32aefb618130392bc7d006aa2e

                                                                                                            SHA1

                                                                                                            5159e0f18c9e68f0e75e2239875aa994847b8290

                                                                                                            SHA256

                                                                                                            ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

                                                                                                            SHA512

                                                                                                            9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                                            Filesize

                                                                                                            8KB

                                                                                                            MD5

                                                                                                            d252e1947b4f4d720670732a258e1ec8

                                                                                                            SHA1

                                                                                                            6978bec1c8b52fc5278f2a8ae01680bd32dd1986

                                                                                                            SHA256

                                                                                                            50a4117814481e837669f6849c82d9bafbef3b5691e91b0ba45648f5c8a28ffe

                                                                                                            SHA512

                                                                                                            88f0089c564af7a20c8dc6ce3b4179d798366f8037e9614fd954f1e96998140b44b021c4d8c13f6a2e74fdd30b8b7952927789d3478e364c21dbfe258bad682e

                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                                            Filesize

                                                                                                            11KB

                                                                                                            MD5

                                                                                                            6954ed3e0e649263e016f545ad96c151

                                                                                                            SHA1

                                                                                                            727e1102dcd1d69eb8a7ea6749cf2559fb075883

                                                                                                            SHA256

                                                                                                            3b3407f9292fc28f38936ad6f0b1f4b61117f419396b93e35bcc457a29d478ff

                                                                                                            SHA512

                                                                                                            2cb46c047c53d79f5d664b5ce8aa94a8a9c5bc1c067f52674384af53b4280972622bb34c13c05338ef71705e12accda223616ba0e7d12e4b5194e4abc2ea39fd

                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                                            Filesize

                                                                                                            8KB

                                                                                                            MD5

                                                                                                            6df850440499bf47a8cc3c848c08603c

                                                                                                            SHA1

                                                                                                            2b8a8c14381241291eac45302cb3766909f3b532

                                                                                                            SHA256

                                                                                                            1de550200649e2dad5ac2ac6b802346cabd2722f65609a9fb34564939f02039b

                                                                                                            SHA512

                                                                                                            b236244a2ff0bcf8d935dc479366be51f929b62c97ea2ff4603158815ade1e94b296ec7fe90ca846348a0cea653f96995a75bbc08c4b1ca867066d46a644162d

                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                                            Filesize

                                                                                                            8KB

                                                                                                            MD5

                                                                                                            62d58388cee158390aee2e922ad8fc8a

                                                                                                            SHA1

                                                                                                            d828fa3b27eb6eccaa4bed8a32262a73057631c0

                                                                                                            SHA256

                                                                                                            b56934f2d515f1a4632841927ef435ae4b78ee332836f1e15b6b954fc63fbbb8

                                                                                                            SHA512

                                                                                                            a972634aff9a658b6e64052c77e27c6f37b1b7de03023ec96ee898993f05127f8a46fe06d44988d26f4967957f431140a68a923be14df8df97b17695731d890f

                                                                                                          • C:\Users\Admin\AppData\Local\Temp\DCCE.tmp\DCCF.tmp\DCD0.bat

                                                                                                            Filesize

                                                                                                            725B

                                                                                                            MD5

                                                                                                            6882363dd125a39e084667ddd43532a4

                                                                                                            SHA1

                                                                                                            a5b6e74b292d96424d7b39ee9f71e98701f4548d

                                                                                                            SHA256

                                                                                                            b998f488ff63337265c33a7e298e85679393d54e6094d223cd97e549a17078ba

                                                                                                            SHA512

                                                                                                            7bec550ded2c532f279638050638db8abe48f7a31f1175a8caf34dd6ff4ccddfc01331211088ab0b2e3fe980846657f609a897be88eace28c0347f56d7b91a19

                                                                                                          • \??\pipe\LOCAL\crashpad_740_ASNHTARLTNPOXQGP

                                                                                                            MD5

                                                                                                            d41d8cd98f00b204e9800998ecf8427e

                                                                                                            SHA1

                                                                                                            da39a3ee5e6b4b0d3255bfef95601890afd80709

                                                                                                            SHA256

                                                                                                            e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                                                                                            SHA512

                                                                                                            cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e