hxxps://gofile[.]io/d/OFYOqG

Analysis

max time kernel
299s
max time network
303s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
09/03/2024, 18:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://gofile.io/d/OFYOqG

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 4 IoCs

pid	Process
5872	VMAX PERMANENT UNBAN.exe
3360	VMAX PERMANENT UNBAN.exe
2420	VMAX PERMANENT UNBAN.exe
7048	VMAX PERMANENT UNBAN.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-566096764-1992588923-1249862864-1000\{CDFF4BEF-BE6D-45D5-B922-1E833D89B1A4}	msedge.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 767197.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

pid	Process
3028	msedge.exe
3028	msedge.exe
4400	msedge.exe
4400	msedge.exe
1404	identity_helper.exe
1404	identity_helper.exe
1940	msedge.exe
1940	msedge.exe
3684	msedge.exe
3684	msedge.exe
2336	msedge.exe
2336	msedge.exe
3032	msedge.exe
3032	msedge.exe
6584	msedge.exe
6584	msedge.exe
6584	msedge.exe
6584	msedge.exe
6532	msedge.exe
6532	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
4664	7zFM.exe
2112	7zFM.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 54 IoCs

pid	Process
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeRestorePrivilege	4664	7zFM.exe
Token: 35	4664	7zFM.exe
Token: SeSecurityPrivilege	4664	7zFM.exe
Token: SeRestorePrivilege	2112	7zFM.exe
Token: 35	2112	7zFM.exe
Token: SeSecurityPrivilege	2112	7zFM.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4664	7zFM.exe
4664	7zFM.exe
4664	7zFM.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe

Suspicious use of SendNotifyMessage 30 IoCs

pid	Process
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4400 wrote to memory of 3920	4400	msedge.exe	88
PID 4400 wrote to memory of 3920	4400	msedge.exe	88
PID 4400 wrote to memory of 4860	4400	msedge.exe	89
PID 4400 wrote to memory of 4860	4400	msedge.exe	89
PID 4400 wrote to memory of 4860	4400	msedge.exe	89
PID 4400 wrote to memory of 4860	4400	msedge.exe	89
PID 4400 wrote to memory of 4860	4400	msedge.exe	89
PID 4400 wrote to memory of 4860	4400	msedge.exe	89
PID 4400 wrote to memory of 4860	4400	msedge.exe	89
PID 4400 wrote to memory of 4860	4400	msedge.exe	89
PID 4400 wrote to memory of 4860	4400	msedge.exe	89
PID 4400 wrote to memory of 4860	4400	msedge.exe	89
PID 4400 wrote to memory of 4860	4400	msedge.exe	89
PID 4400 wrote to memory of 4860	4400	msedge.exe	89
PID 4400 wrote to memory of 4860	4400	msedge.exe	89
PID 4400 wrote to memory of 4860	4400	msedge.exe	89
PID 4400 wrote to memory of 4860	4400	msedge.exe	89
PID 4400 wrote to memory of 4860	4400	msedge.exe	89
PID 4400 wrote to memory of 4860	4400	msedge.exe	89
PID 4400 wrote to memory of 4860	4400	msedge.exe	89
PID 4400 wrote to memory of 4860	4400	msedge.exe	89
PID 4400 wrote to memory of 4860	4400	msedge.exe	89
PID 4400 wrote to memory of 4860	4400	msedge.exe	89
PID 4400 wrote to memory of 4860	4400	msedge.exe	89
PID 4400 wrote to memory of 4860	4400	msedge.exe	89
PID 4400 wrote to memory of 4860	4400	msedge.exe	89
PID 4400 wrote to memory of 4860	4400	msedge.exe	89
PID 4400 wrote to memory of 4860	4400	msedge.exe	89
PID 4400 wrote to memory of 4860	4400	msedge.exe	89
PID 4400 wrote to memory of 4860	4400	msedge.exe	89
PID 4400 wrote to memory of 4860	4400	msedge.exe	89
PID 4400 wrote to memory of 4860	4400	msedge.exe	89
PID 4400 wrote to memory of 4860	4400	msedge.exe	89
PID 4400 wrote to memory of 4860	4400	msedge.exe	89
PID 4400 wrote to memory of 4860	4400	msedge.exe	89
PID 4400 wrote to memory of 4860	4400	msedge.exe	89
PID 4400 wrote to memory of 4860	4400	msedge.exe	89
PID 4400 wrote to memory of 4860	4400	msedge.exe	89
PID 4400 wrote to memory of 4860	4400	msedge.exe	89
PID 4400 wrote to memory of 4860	4400	msedge.exe	89
PID 4400 wrote to memory of 4860	4400	msedge.exe	89
PID 4400 wrote to memory of 4860	4400	msedge.exe	89
PID 4400 wrote to memory of 3028	4400	msedge.exe	90
PID 4400 wrote to memory of 3028	4400	msedge.exe	90
PID 4400 wrote to memory of 3404	4400	msedge.exe	91
PID 4400 wrote to memory of 3404	4400	msedge.exe	91
PID 4400 wrote to memory of 3404	4400	msedge.exe	91
PID 4400 wrote to memory of 3404	4400	msedge.exe	91
PID 4400 wrote to memory of 3404	4400	msedge.exe	91
PID 4400 wrote to memory of 3404	4400	msedge.exe	91
PID 4400 wrote to memory of 3404	4400	msedge.exe	91
PID 4400 wrote to memory of 3404	4400	msedge.exe	91
PID 4400 wrote to memory of 3404	4400	msedge.exe	91
PID 4400 wrote to memory of 3404	4400	msedge.exe	91
PID 4400 wrote to memory of 3404	4400	msedge.exe	91
PID 4400 wrote to memory of 3404	4400	msedge.exe	91
PID 4400 wrote to memory of 3404	4400	msedge.exe	91
PID 4400 wrote to memory of 3404	4400	msedge.exe	91
PID 4400 wrote to memory of 3404	4400	msedge.exe	91
PID 4400 wrote to memory of 3404	4400	msedge.exe	91
PID 4400 wrote to memory of 3404	4400	msedge.exe	91
PID 4400 wrote to memory of 3404	4400	msedge.exe	91
PID 4400 wrote to memory of 3404	4400	msedge.exe	91
PID 4400 wrote to memory of 3404	4400	msedge.exe	91

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://gofile.io/d/OFYOqG
1⤵
- Enumerates system info in registry
- Modifies registry class
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa53df46f8,0x7ffa53df4708,0x7ffa53df4718
  2⤵
  PID:3920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,18318689807835555369,920506013874202495,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2180 /prefetch:2
  2⤵
  PID:4860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2168,18318689807835555369,920506013874202495,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2328 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2168,18318689807835555369,920506013874202495,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2668 /prefetch:8
  2⤵
  PID:3404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,18318689807835555369,920506013874202495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
  2⤵
  PID:3060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,18318689807835555369,920506013874202495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
  2⤵
  PID:2920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,18318689807835555369,920506013874202495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4704 /prefetch:1
  2⤵
  PID:3052
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,18318689807835555369,920506013874202495,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5284 /prefetch:8
  2⤵
  PID:3728
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,18318689807835555369,920506013874202495,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5284 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,18318689807835555369,920506013874202495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5164 /prefetch:1
  2⤵
  PID:2744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,18318689807835555369,920506013874202495,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5380 /prefetch:1
  2⤵
  PID:4392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,18318689807835555369,920506013874202495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4188 /prefetch:1
  2⤵
  PID:4020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,18318689807835555369,920506013874202495,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4972 /prefetch:1
  2⤵
  PID:2004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,18318689807835555369,920506013874202495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5384 /prefetch:1
  2⤵
  PID:2988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,18318689807835555369,920506013874202495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5948 /prefetch:1
  2⤵
  PID:5168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,18318689807835555369,920506013874202495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5816 /prefetch:1
  2⤵
  PID:5544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,18318689807835555369,920506013874202495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5972 /prefetch:1
  2⤵
  PID:5732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,18318689807835555369,920506013874202495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6116 /prefetch:1
  2⤵
  PID:5992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,18318689807835555369,920506013874202495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5428 /prefetch:1
  2⤵
  PID:6104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2168,18318689807835555369,920506013874202495,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4220 /prefetch:8
  2⤵
  PID:6112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2168,18318689807835555369,920506013874202495,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5524 /prefetch:8
  2⤵
  PID:3368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,18318689807835555369,920506013874202495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6308 /prefetch:1
  2⤵
  PID:544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,18318689807835555369,920506013874202495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6464 /prefetch:1
  2⤵
  PID:952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2168,18318689807835555369,920506013874202495,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5972 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2168,18318689807835555369,920506013874202495,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6228 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3684
- C:\Program Files\7-Zip\7zFM.exe
  "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\dlls_1.rar"
  2⤵
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  PID:4664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,18318689807835555369,920506013874202495,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5792 /prefetch:1
  2⤵
  PID:5160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2168,18318689807835555369,920506013874202495,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6348 /prefetch:8
  2⤵
  PID:6044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --field-trial-handle=2168,18318689807835555369,920506013874202495,131072 --lang=en-US --service-sandbox-type=entity_extraction --mojo-platform-channel-handle=6416 /prefetch:8
  2⤵
  PID:6076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,18318689807835555369,920506013874202495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5988 /prefetch:1
  2⤵
  PID:4012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,18318689807835555369,920506013874202495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5420 /prefetch:1
  2⤵
  PID:5776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,18318689807835555369,920506013874202495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5920 /prefetch:1
  2⤵
  PID:5396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,18318689807835555369,920506013874202495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6640 /prefetch:1
  2⤵
  PID:5296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,18318689807835555369,920506013874202495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1976 /prefetch:1
  2⤵
  PID:860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2168,18318689807835555369,920506013874202495,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4980 /prefetch:8
  2⤵
  PID:1032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2168,18318689807835555369,920506013874202495,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5456 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:2336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,18318689807835555369,920506013874202495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6664 /prefetch:1
  2⤵
  PID:5856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,18318689807835555369,920506013874202495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6372 /prefetch:1
  2⤵
  PID:4880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,18318689807835555369,920506013874202495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3592 /prefetch:1
  2⤵
  PID:3244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,18318689807835555369,920506013874202495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6952 /prefetch:1
  2⤵
  PID:5924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,18318689807835555369,920506013874202495,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2060 /prefetch:1
  2⤵
  PID:2948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,18318689807835555369,920506013874202495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7236 /prefetch:1
  2⤵
  PID:5852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,18318689807835555369,920506013874202495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7204 /prefetch:1
  2⤵
  PID:4392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,18318689807835555369,920506013874202495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7560 /prefetch:1
  2⤵
  PID:3732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,18318689807835555369,920506013874202495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7800 /prefetch:1
  2⤵
  PID:1584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,18318689807835555369,920506013874202495,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7648 /prefetch:1
  2⤵
  PID:5516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,18318689807835555369,920506013874202495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7052 /prefetch:1
  2⤵
  PID:4032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2168,18318689807835555369,920506013874202495,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7104 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,18318689807835555369,920506013874202495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7596 /prefetch:1
  2⤵
  PID:2336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,18318689807835555369,920506013874202495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7028 /prefetch:1
  2⤵
  PID:3536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,18318689807835555369,920506013874202495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4216 /prefetch:1
  2⤵
  PID:5300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,18318689807835555369,920506013874202495,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6152 /prefetch:1
  2⤵
  PID:2844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,18318689807835555369,920506013874202495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8360 /prefetch:1
  2⤵
  PID:3792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,18318689807835555369,920506013874202495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4968 /prefetch:1
  2⤵
  PID:652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,18318689807835555369,920506013874202495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8224 /prefetch:1
  2⤵
  PID:5584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,18318689807835555369,920506013874202495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7788 /prefetch:1
  2⤵
  PID:5984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,18318689807835555369,920506013874202495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8468 /prefetch:1
  2⤵
  PID:5180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,18318689807835555369,920506013874202495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8116 /prefetch:1
  2⤵
  PID:2772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,18318689807835555369,920506013874202495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8740 /prefetch:1
  2⤵
  PID:2876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,18318689807835555369,920506013874202495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1700 /prefetch:1
  2⤵
  PID:6484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,18318689807835555369,920506013874202495,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=9196 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,18318689807835555369,920506013874202495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2520 /prefetch:1
  2⤵
  PID:7092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,18318689807835555369,920506013874202495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8324 /prefetch:1
  2⤵
  PID:7160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,18318689807835555369,920506013874202495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9160 /prefetch:1
  2⤵
  PID:6372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2168,18318689807835555369,920506013874202495,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=180 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,18318689807835555369,920506013874202495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5324 /prefetch:1
  2⤵
  PID:6808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,18318689807835555369,920506013874202495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9312 /prefetch:1
  2⤵
  PID:6596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,18318689807835555369,920506013874202495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9236 /prefetch:1
  2⤵
  PID:2028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,18318689807835555369,920506013874202495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8488 /prefetch:1
  2⤵
  PID:2032
- C:\Program Files\7-Zip\7zFM.exe
  "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\dlls_1.rar"
  2⤵
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of AdjustPrivilegeToken
  PID:2112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,18318689807835555369,920506013874202495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9200 /prefetch:1
  2⤵
  PID:6188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,18318689807835555369,920506013874202495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7896 /prefetch:1
  2⤵
  PID:5952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,18318689807835555369,920506013874202495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
  2⤵
  PID:3932

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4928

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3792

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5936

C:\Users\Admin\Downloads\VMAX PERMANENT UNBAN.exe
"C:\Users\Admin\Downloads\VMAX PERMANENT UNBAN.exe"
1⤵
- Executes dropped EXE
PID:5872

C:\Users\Admin\Downloads\VMAX PERMANENT UNBAN.exe
"C:\Users\Admin\Downloads\VMAX PERMANENT UNBAN.exe"
1⤵
- Executes dropped EXE
PID:3360

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3f8 0x404
1⤵
PID:3164

C:\Users\Admin\Downloads\VMAX PERMANENT UNBAN.exe
"C:\Users\Admin\Downloads\VMAX PERMANENT UNBAN.exe"
1⤵
- Executes dropped EXE
PID:2420

C:\Users\Admin\Downloads\VMAX PERMANENT UNBAN.exe
"C:\Users\Admin\Downloads\VMAX PERMANENT UNBAN.exe"
1⤵
- Executes dropped EXE
PID:7048

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9ffb5f81e8eccd0963c46cbfea1abc20

SHA1
a02a610afd3543de215565bc488a4343bb5c1a59

SHA256
3a654b499247e59e34040f3b192a0069e8f3904e2398cbed90e86d981378e8bc

SHA512
2d21e18ef3f800e6e43b8cf03639d04510433c04215923f5a96432a8aa361fdda282cd444210150d9dbf8f028825d5bc8a451fd53bd3e0c9528eeb80d6e86597

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e1b45169ebca0dceadb0f45697799d62

SHA1
803604277318898e6f5c6fb92270ca83b5609cd5

SHA256
4c0224fb7cc26ccf74f5be586f18401db57cce935c767a446659b828a7b5ee60

SHA512
357965b8d5cfaf773dbd9b371d7e308d1c86a6c428e542adbfe6bac34a7d2061d0a2f59e84e5b42768930e9b109e9e9f2a87e95cf26b3a69cbff05654ee42b4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
122KB

MD5
a8baea40ac6ad8cc7ab6930256c95420

SHA1
1e4221c6c7219c4bee3da8dc2dfc529ea276ef80

SHA256
89e208cdc8e2af3dadcc1a62d115d25ce3db66e3292ac71b5a006ea025aac1b9

SHA512
1ea9a4aa54ec95d5a7259b36f681492d05f34df3c4a2bfe43cf6c632c34d13c27c5f628aa6f6963ff8684052ba78da4f58799d00383273527521b91688548b61

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
31KB

MD5
1fddfdab08937ca30e43dc454840c64d

SHA1
25af586ab7462e30465c9306426062b9d10bd058

SHA256
c578d1b5c5f608df3926d2658217ae728beace6455244c0cd9e3e3d15e455013

SHA512
b0f5666b0fed1321f525f72b5950b8c694032160e6e5fe101201f4fda3ea3c04fae226a997f949478a93705c8a2f25e3567eb69e35dd7bb6bff85d4bdc481fb9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
67KB

MD5
88a552e6be1ac3978c49143983276b3a

SHA1
dbf4f4dc62a3da564b1a87b5191dc9a72a9b9423

SHA256
927121d8118a41fa3460b9ad84daeae59ea60dc9607e462b7e1341bea60da8d5

SHA512
125b13be3d209ff5cc12d8f9f12d01d271cd50c2800059241ebb419167c21adfa9d979ff6b8d88052f5d302e98090b7c8ceff4894b397168d8ba6d8a6204fb9a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
63KB

MD5
710d7637cc7e21b62fd3efe6aba1fd27

SHA1
8645d6b137064c7b38e10c736724e17787db6cf3

SHA256
c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b

SHA512
19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
88KB

MD5
b38fbbd0b5c8e8b4452b33d6f85df7dc

SHA1
386ba241790252df01a6a028b3238de2f995a559

SHA256
b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd

SHA512
546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

Filesize
1.1MB

MD5
e211d6f9c73674cf3acd9381f2583e64

SHA1
906822d2ff32de7a218342784a6eca9277324096

SHA256
3ddda4dac80d8779a3ce8697cc8132b717bcaf58417936c68a24c5f4b34baa60

SHA512
f4cc5d4b277f489ba93cc3b9f926d567da229f5ca3cf1d0b722f33c031e01fada39052f35de592b6eb655efb223abd769d2108f31150358277339d0b02ac4e50

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

Filesize
35KB

MD5
58c85ce205bbb09da8a0c1710c42c8df

SHA1
64a7d19e763b74e587889e2bba4b33dd2c3227f7

SHA256
fa8c4446cfc3cf7f9a3c3be743b69d2f11b02c86e630e24987a1565cbb57c6ec

SHA512
4230d402fc7c6d6d2dbe8eb7ccd5fb906964f1f98dca1763a3ba3e7383e75af0f2618397844ae25b7d74e6754511124e487f1ecbc11fcd1e79f45d54680aacb3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

Filesize
166KB

MD5
a21c8fdc262a005522cffd579e71b439

SHA1
0558ad0c4fb0b6ccab855a7ba8128768558ff7ae

SHA256
7389bd56ec25c0a756ef61e9881036ac1d7c280402482232472f13d6e9a3f798

SHA512
1d7e9a119df152707fcaac8aa9ab5634c330ffc8f8018ec10d1b7261d3fee52665be7e09ddd093c6e268c454cd28afff1180b49c3c6959108a65c100e4f63320

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019

Filesize
88KB

MD5
e1bc0247e984cd9971a816789ced0400

SHA1
0af8e445e0819c7049472947e5fcdc2d9089a964

SHA256
ed8deebcdc4fd4717c423b61ef47f4a4f3912bff85c6e9de57c52c70b5faf4e0

SHA512
6fcebbfc2e8110f4bbde784dfb947bf384448df2c9cd2fa3e2dc4728906a4afe05794be38b35de4583bf1fac8193ee1834743b806b2feb2f8533073e1cb90261

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a

Filesize
28KB

MD5
aef96aca6c3546a94cf733db9bb2b9ad

SHA1
649808eac50a1d21f4c707076d9bd25be0f6fbda

SHA256
fad838a0fab15baa80e7bd773a998c2570e679dd060f07d70601e4f122df59ae

SHA512
fca94c7dd1ca3cd4322ddebf1958423b0d7e08572ed8c12b09788c3f553b1b8d33989cc5209ecea513cae21507088239c1b4e73a119adbd082280537ce84337f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001b

Filesize
135KB

MD5
2193abc39e3cae261dfa0e9e39e2e771

SHA1
f0b1aa22ee4cd0d8a3fd9f32d1eacf8a9a3d3566

SHA256
1a1784f63628b068bb3053a6a7b7bfcd5485c843bb4e5a8e1c998a13134682bf

SHA512
843bba1a1b68179ed7244e46e06c1069dc87bed71e6198b19b61770fa83cbf3f33a84f40c24b48cf9fb51884da1c52eb3ed799b2c4819c4a09b143b0c8069ef7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001c

Filesize
137KB

MD5
3816c9538e2c5942442f029412fd7346

SHA1
cf524fc78875a287e2c66285d9efd6c9f76558cd

SHA256
4fb3e43363019b5232b1175c097d14fde8611989c2aba0192eb6d7b79251a503

SHA512
01b239111b9d8730375cacd2bda149886bce23a0571890ae9ca360eacd1d20a22e05fa5b56dcef27eaf17e9f837d64f2c018d2322e9a86327e6cbaeca0afd33b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d

Filesize
84KB

MD5
d6492a8883a86cb0bcc259d80a3aaa12

SHA1
4d751d23ccad6fccd76e0d09cb6e146280d65749

SHA256
0f3b41bede093d48d60e554236bd338d3baa8dafbe23ea3b6481802d966310db

SHA512
646b7bafa1d01f237628792d316a9cb30f1374c0b63263cc7a888f0671e327e65d5e687180d8cca569442140a13ebbd61646b4067808a838911470d4b7088367

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001e

Filesize
640KB

MD5
cb36002487b81f69f079294fba6526c4

SHA1
d7f0364465d16b183849dcf707e6af587f53e9d7

SHA256
0c65b90d65e8566512009c0c531fcb50679bc58bee2ded05e91249b3a942a4a8

SHA512
885482094f28861b4d24d25ccf3912650bf9dfe10c17c7459ad08149c25e3b15c954c962d7f6397612256fc20ec64b622a4a94af2633f0be604cd0438361d495

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023

Filesize
136KB

MD5
78c7e79b40bd39844ebff7853680a07e

SHA1
d592549143b08237fb10d4f5e49d6e004d0b74c5

SHA256
3eb75274059506dd50cc246feb78e4342a99b831d770119b9e3eb1b2ec276970

SHA512
00d9f657e11c6944c6712c5707f1dd9de31c2ab73e4e617a4d43f22877f27c5192d1db8f2b92ffe7ec3b68c2f046466f55e7d77d4c95cc15d4cb6a89e4569d75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000024

Filesize
30KB

MD5
2e26a2f79fc452a508dd1a168bd3b3b6

SHA1
cdde80d84e6d126967436c253dd44079faa21c77

SHA256
17d3615cb818009a92220f3c454edf857412fbef55838fbe81bfb01947b580b8

SHA512
85096d566a40028d8ace6a32ec2f6848bebd370e9753081559795a1aabd1c29165a653f33119ed96b6e75000e5480a66d556bca3274652c5101a6794a1bdeb0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000027

Filesize
133KB

MD5
1848ed3bd746e0026315b90f8fb352b8

SHA1
b44df928ba83b05f6e07aebb803cda8a87f3341d

SHA256
e49719a9148292140e7ef64a8bc26ef6c0b5f231dfa8c3b4aed684682586cfb7

SHA512
012bbcc403a1fa7b01bb0ca8af6d8a7068d375486f1003c4b559d710f4aae6c8712baf7e456ca56f6674efbdbfd6328b0a3110885361aaa9c84e94999b9d7665

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000028

Filesize
241KB

MD5
19d732f78b1d478be68b187ca5cc8e1d

SHA1
6b73b141bb383fd383ed5a8d9485c936906ce34f

SHA256
8705e7177d1da224ad02367b62db8d67b004723458a2439db02b8ce71d504091

SHA512
e246f0c9b1e9b01bd4f5eb1b73d8917d88c3f405bb958d42fd15e39e9bb96e1ad5642ec754627efba3d8e8e67cab11a9961c8713149c7e5820b1e35e4914defe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002a

Filesize
62KB

MD5
47953bcd62e93772ee22d834d1438f17

SHA1
5d1dd3b5dcb3e1fd32d552eaf0e583ef02f2acd2

SHA256
f17878d7c848d8cdc3652e58692f7636a9d19a48e94030d64009dfd66b0e8425

SHA512
5590afbb8a596d3b4f329458f05c5be230048a1e65aa9559aa18ba5e46a14362788e61e728dbe0ecf9fea6caae8b455dd6e29cb50b497f85eafd0f89c5b5910c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002d

Filesize
31KB

MD5
e22be493da1dc48a98d8d6f0178cd1f6

SHA1
8c9b7faba91939dd36b502417d1a9eb35714314d

SHA256
ac73feacde76fe096b76b0e319ffd553366a25e73b326c4bfd0d565e0babc845

SHA512
b471700ab86108c321ede5c805bf043be8b13fd1e7073ab072a99f45a417eec3b627501a5d996eb0665303397f99b59c4270993c54e613e7d9438c74ca494257

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002e

Filesize
54KB

MD5
f1e99bee7ea494112875d78a76138b4c

SHA1
41b602c619d030fdc9125af824336349cb803027

SHA256
be181b1f954190e3dc5d1c733d9839433f88379d72257b14d012e811326914ac

SHA512
a68dc21f46275db35e52c6a93bb5e3df05b76af75d270a9aaca6aaa7f6f8738d92c25c25e6afbd69104f91a078894f9cc316436c059564a98307de6e922d7082

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002f

Filesize
62KB

MD5
daa01cc5a9b8b3a7730d8c940015554c

SHA1
6d3091870737fffb408000a4664c8a6f088b5cf7

SHA256
60dfc7c4f1adc5282ff9d3a0bd9445b59874ce5e123226d3d6f5339d1b998a6d

SHA512
7de57bc1ef544432cd0cf5e27b87fd19af248d2adde11b9b0b7f1cd5e762fe8ab08954344027b7fe32a62c142ba8411e3db42df87ed47a009437aaa511d6246e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000030

Filesize
33KB

MD5
c15d33a9508923be839d315a999ab9c7

SHA1
d17f6e786a1464e13d4ec8e842f4eb121b103842

SHA256
65c99d3b9f1a1b905046e30d00a97f2d4d605e565c32917e7a89a35926e04b98

SHA512
959490e7ae26d4821170482d302e8772dd641ffbbe08cfee47f3aa2d7b1126dccd6dec5f1448ca71a4a8602981966ef8790ae0077429857367a33718b5097d06

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000031

Filesize
38KB

MD5
2b7ec9fe5044c75348bc52964bf50b78

SHA1
039e784c53ba423877c5c845ffb044abbf4c110e

SHA256
71c9403962b1f930169325d2c812125a0088d2a695609486bb6f31185e84ff97

SHA512
92cb64599e198177093bda32e1c962fdccaa049d9875292b97c6b014d0d0afde750dcef27151751dda3f8639df41bed611bce7816c04d4e581b17b132d169016

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000032

Filesize
16KB

MD5
49295de6ccd23cf80b6418a2d209868f

SHA1
42a955b4560bb22cb9b5b39577f7a691ea345018

SHA256
d5a29c73c6200af2ed6918a61106e649b92098ecd476830d725ed4d2ea5a8efa

SHA512
2954ab185fd84a08933bb6e79d91e301021fce4e632b477e765c172cacf72913561e101ed2f7e66bfbdc5946b35f2b63eb2b6f878e0afc9d26ffe71ee112a1c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000033

Filesize
19KB

MD5
3063a7e62c0b62d1df750848304a77c0

SHA1
2e93091ad21938d525b69cbacb1072cab03281e8

SHA256
bafc3557a30f9a45ae9feef34f3bf71d46d5c23c462ea584b131384adb712d35

SHA512
359be0ff7f43d7a2d21dbb49c58734e8c2d659c29b1e45b8392fe1adecd2c26e6b49e8783cf0449cb802dc5ec68ee3d3d822fa57c8f078df2b49a3bcb4e29475

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003c

Filesize
16KB

MD5
9c6b5ce6b3452e98573e6409c34dd73c

SHA1
de607fadef62e36945a409a838eb8fc36d819b42

SHA256
cd729039a1b314b25ea94b5c45c8d575d3387f7df83f98c233614bf09484a1fc

SHA512
4cfd6cc6e7af1e1c300a363a9be2c973d1797d2cd9b9009d9e1389b418dde76f5f976a6b4c2bf7ad075d784b5459f46420677370d72a0aaacd0bd477b251b8d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005c

Filesize
162KB

MD5
ac7847f3deb95d535b305a733befa7df

SHA1
99132a253fc6e59fe02301711546236a1b15a4e8

SHA256
529743243b327ec0ce211d84d7a46849ffce55ae3c54d22352e316102be498a2

SHA512
fa7195c202b6cd88f7865c17791517d416904eea5e1ca285647dfceffb2f9618f89e3583028d8dccd8571d8ddd05d190fcc71c05d8d925ca09918610cc96c3db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005f

Filesize
62KB

MD5
292a7144ac6076827ee286446a70333b

SHA1
c44f65af003ad27b49ee90ecb3c8b1788ae0ddf6

SHA256
650a416042a408cbbe2448fb2ef009e0a3cab8c6344d32a52c1ae3d9a70dbe61

SHA512
0275591d449699dc3a65e49d4bbe457746b34f42f4fa7207e237a74bc75c2738dd2cc0a897cc01d91cf628f0ed0dc68619f219b85582bb99baccf1d78926e3e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000062

Filesize
93KB

MD5
0adc72745c658a261acadf8c6021db3d

SHA1
7ab315ffe32dab611ce6f5d9bd64f88261ef94af

SHA256
64c0106db286e6983cbafba6f3db0aec40dd59c91b2a0da4ef34417fa96de5b7

SHA512
8195054d8cacce3a0dc94b38f2676f928be492ecca0c0ac65ccbf0edeaf99a391e5eda54a9ce41798a7d3945e3444cc4959c260b3753e769a64fdba20eeac1e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00006c

Filesize
608KB

MD5
ffdb1bc779ca73d6e0a5151639620262

SHA1
65f20618be8390cf51cdf2f7d1e3315b1e4077f7

SHA256
6cde26289443033ce999a98797191a750ea29f185297f36d7aa2dfee7a7d698f

SHA512
03a4d7aab69711db08cca1e1197bffceb9968ccc66d11251867d421b81d6a99d3f9e372009b179846c394f6dfb30826db8a7b395c74d01f9f1069f4769f44091

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000076

Filesize
1024KB

MD5
5aa1ccfff1d8d9868d4c0eb35300c78e

SHA1
7f811d5c85b7e4f02ccc80c30d334487e18cf819

SHA256
956185c7dc8db71f65b2d466e473e1782cbacd7b779cbdc8cca533928f2f9516

SHA512
03975a02d0c84ca77dfaa8ca7fd1519c957161e247e197b7f42ab90cae063854452e149394aef34560ccf7b02e743b236b2dba912a11053db8784ad616826f7f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0c480c18bb43f33d_0

Filesize
38KB

MD5
b5f2c7553bd98d0d31edf4328ea5f568

SHA1
bd72dd87eacf4091f1da22504760cbce3c5141f3

SHA256
6bcedcbe926a50af9e39ef1da6df79565931d7264efe76cd720a8dbe92ee6be9

SHA512
97bab8ab480043ac215a12b5038dcf32b7c5a2de93f598f81b12de42679b0b6446ab3b41139a8b8e93f05e407ea88a2d05f3a36f17f2f03c00fd200777eaca5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\2bfde39962961371_0

Filesize
39KB

MD5
e512e90269cd59ea7a932f6f47416e83

SHA1
ca1a9af3f861a1c25cdffd4ef8ccf2b2bad32622

SHA256
80e4462b4c0e9f8515f0f6d95787a4159eb7eeebad70a9f6ea37bd6106c0f996

SHA512
4b6995b60ba071a65c08d2142864ade4d1b06b2969710f3dbbfaf924748ca9e1ae7443a9f44e5a42576cadfa3cca293222c37296f33d8ed2bc2af5540fb565c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\31a348db14f7f7b1_0

Filesize
1KB

MD5
72824fb713692738873f937db3fe7d56

SHA1
51e9f8a8fd0a577d95d1f546b6243b42553d5489

SHA256
0af2c26dc8e896dee10eeb80adf2f3506e02aa51f8fe564b4f6e2d2ebd17d515

SHA512
e669bf0cb9c887b98e36199681f5d39dfe0f9aa158c996452ae1e7e231f64299da74ecbc5e59d3383f7bc2736fd8e6d59ed3177459f40920f104aacda1d49153

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\33339a5e1cdb8b2d_0

Filesize
5KB

MD5
104433ec5318ef271003c2fe2f2331d0

SHA1
e8a773dbd8cf6f2de0945782a5ac56ad58379650

SHA256
fde6b9e392d4d797a27416839f31cf219c266630091b8774829aa91ee41e753a

SHA512
48045f5315c6b0cb4ef871cfeeec90971e696f03b6777980b217340b61b802a155d28cced56b7f18bae08c3daab8d347183b42279ed8545a0c3f02eccf973ee6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7b56ad39a0e04346_0

Filesize
9KB

MD5
4b3a8597be314553455f2e91b23df87f

SHA1
007abd360fa2f39a191174d7fb034aa4c385850f

SHA256
516e81c8a150f2dfbdc0c54ba9ab6ddc9d1ffc15f361ca3837f9eb80633f12e5

SHA512
17a44e317f0d5209e7630d5eadf93d86b74ede23a4013816f8f90cca6d269c0e380f6e36c2a53daa8b05263f684c1453f9684f969f6c8b5db306a3d5d8c40428

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\83f3698632cf81aa_0

Filesize
52KB

MD5
f0834e5cb495eb28fb33378bf196c7d6

SHA1
5df4c41258baf61581d80b38bdb1b48dedab80b5

SHA256
7fb9b3f0ac2f80a2566866eaea3e514c3b076e48b1e0e207f2c71242f308eae1

SHA512
067a765710b98a09e731200123e1aa5e3566cb073521dd4cb1e1382b2ddfba40a770ad3a2418915ac3f6e26096cdbeb5340095f31cfd55655455f93a83fd3257

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\cb8e49513c02b519_0

Filesize
5KB

MD5
e8fffd4157dcaa764d2678a01db9da5d

SHA1
d74518e77f445a3b96fe249c09d40f29ef5b7887

SHA256
de8d623ede6dfb66cf615336ae4eab68e07fafb697bb4924d5c8e03819097d35

SHA512
777880c31f6e59eb645c1e41ffce136eefc3684766ab03271f7ab3274cfa2fbbfcbe3d6f22aebd4d847ba094f2c605659d15d8ee57f61af5c70d44fb54bb42a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
33bc2443afd8ca9df495f33fd42b2ae9

SHA1
68a920159df6a856ca30323a9978363c332d868e

SHA256
f36a63b0da9d4ca679c92d84a9ec9d2557cc035781685dab556e98d78cc57de6

SHA512
27ef17319b53aee63ad58b859bc5c3538d4367637551d8b470baf0de1ec04e02dc1d68f4ba7f4ec567a965ad34d16a26819e52215b5919a724b573c93f688a43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
2dcb5ce604f811d83481c7a5d268236f

SHA1
a2152e7e5961b797d34901527ca046fea1cb8aa4

SHA256
38e930e64e387a81342fa1c387cd3034ed32c9a2fba7067917e2dc3a99c79bb5

SHA512
165a5282f38567419b2dee56140fdc6fd690f0c17a20cdc851d6995a2c090a26ecb56d6392b284b628e76c58d8c894b9f65d6299be2a0a4c84f3a8cabf0d53d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
3b30e568fb1ad1d29a6e4064c8a6f349

SHA1
a716cfedc96554bb8d73259cdfa4d2493faaedf0

SHA256
d5280509ca45c586e56bfc6c25f505a746f4716d09da5963624ed277debc4560

SHA512
1f0f9b2074fe8db292e75dbf46b35b7e1ec75122e2d0137367d316bc197e4a73ee5e8b2b5d7fac924f225af097f183d81cf74164de1ff23ead431a1bf2318329

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
ae918d72943af824a02191cf58a6614f

SHA1
9d1be0e1f23b07d20e37a3bbab0ded86904e6777

SHA256
1621d2ec13a1949677bfbd24416e33866474b0b222c172c0ec85752c214f1e48

SHA512
b9e8286b0b948f38286cb30c35294887e6d8cd1dd1426160f023717df27e845447b56ff6a9e33ca339ceb3933318598e385b70b5bb3d69feca34f46e6760518b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
18b4af5064da71a9b34322273eab97e1

SHA1
b88b8c0c42c089b87dd7ce2626f2727082f796b2

SHA256
e1b432356a26bed98a7dac5a48cdb1945df7cd6663e6dbe77dd2a17868def1da

SHA512
e9ebe4b43df6f453326098d3c8a5d8183497e63166cc90ffd3eb772af1b35f27da5886656c58ce6e43559a4cc7e571fa467e3d8c70e65488ec2facc6b244356a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
312B

MD5
be7938cfac10526013997cd3bad9e387

SHA1
f8910ce7443f74d7f4085436c2e5b96bb941574e

SHA256
574a2d94d327af7943b8287a02a114224b6b81397f90f71670d9c55f0540e053

SHA512
4c46e51fb18ef91f2922644f060d7654a5a6cb7eede833dd7687cd3670107b06d65f631c4fbdf4c834077e35645de53218f339081365da9afab6fe45d57fa93d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
12KB

MD5
e0966fecaf5299bd45fd37e0ef2d66e3

SHA1
4cdb6604645f946b831f7253da511efb71b36d44

SHA256
828729d7a179e4868b335e9a7ee75e97267752277e89c4764d8c949dde9af019

SHA512
107cbad26d8269ab9fe9c464ed277a606bb06fe9d1b0c8832f7900a02d88156ca7a670928ba34d361d56f617295b2b1cf291ed26fc89acd3e070ae398280f342

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
10KB

MD5
362d9ac7d28efc18425ff92638189c48

SHA1
12ee826e37d4a81f4b067f55ee423da9af61cd48

SHA256
fb87bda1ed9859a4ff3b62045404bf97be5bf38ef0aa518bd7e05d6624660833

SHA512
f85c06ba658d238ccc7ab8f9be51084d515ca8995d81badaf54166257b02ce66faf8a26bd5fae92efb5211e5588690dfd41619d13096f1a06da38be41ffdc87c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
317B

MD5
f7882637afc8b3a8573ee92354ac52fd

SHA1
57f51eab9658e1b2125ceb9f2542b238638210ca

SHA256
f283cbe13d4f8e24cbcab3dd49e62a50d45ca40080cccdb55d2b7e0ec2d90ae9

SHA512
25dc3f0569e9e4e01d11b8362e068f19590b4f81dfec23c89beba2edca96436a150d31f4c747622ff9484939ad98bb2e7a0b3553fe7388f49b0d3fb24c4a6baa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
0036fa2704a90201f182cd65b03261e5

SHA1
3e255170060a94bc3b23a9deaa96ffe87370ab5d

SHA256
5d3511bc47edca2071a29513a91eb9356bd6bdcf919c9e1adb961a80d207f0e8

SHA512
4334d8beb1bb17e702cfd3f956c7d05e7681cdb9c8d999d26c74130ac0571134c5a02057c934456632488bbba982e68b83ff9e5c5925410951936cbc866567eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
781f098d518237a5f18919ef908bf149

SHA1
6140bdff56c67a4d07a953090abd21427a20a339

SHA256
86e39ee843e864d432de3608b78491f945526b1d797fc0032d586d1ee01e2c77

SHA512
b79ed79119bf6678530e5d3d9feda1f82d8b0ab18815e494152c745bf63cf19da3ef4a6bb2be4a95ac07759f08d2fe1ad832ce79e9b233f133f4a9705b493ee4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c40c2e2da0e37cfc32ea7029e2250c25

SHA1
cb28f82da40beee958e41f33e70d4329e7038b44

SHA256
2f763b2ce77de5cd5feb666fc267f76abc9a21957419e3b0cf758e4f34877048

SHA512
84c24e48f3cb50c53c8f922e948832e3bfd18523a119dabe38da03c2d549923e40d8c288aec505fec5af3c4887c78affdc962abfc12c603f2ac69f8e78ef46a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
7aa43316d40dd496b689e714d8670004

SHA1
911292a6765e8c2d78fd61a0b5c2e7fe6a644c8f

SHA256
0af4d44e9c57b72d509ec1eef3e6647da9d6f2291a63a1178c71682b86c752cc

SHA512
3eda6f51b7cb6739b1657d164a407a6317a998e1a968935705b00bbbd2b06c16737ede3f56247d7042e862b28d08813ce3d89ab36f616905d007430b31436b58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
14KB

MD5
56d6e2b9a3087f3c158eb9d5d781c4ed

SHA1
c1cf9176444e7457bad61a1ca88a753ad1a4128a

SHA256
ce3ce4bc33b7ed510b3c6dc413b269cbc1c1bf729b14e2a0a50defa4854cc488

SHA512
b1aee1890724d433069dbd5ac74f5a567e360a6e3c46c2f3c48f976aa84c4411f161641095051f947d13dc43f5176e9783df2281a685bb10e504f12825190690

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f72554cddc53b54d307a94c8e58eb5cc

SHA1
3f7885f62546fcf391857be2bd045bc828a5e55e

SHA256
e67d547585a950c7a0fb4a5a8cb1999f286cf7b73a3bc4d86b9e7af652f19ae5

SHA512
e4428ccf4e92492b23498037ad0e937292744b7b87ad057f6a33189d8ec2f8fe012a16eb484404c526ba66a320a48eb9e9361bc3dafea9519cc9dbce3db3b503

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
0c4c5ee9c224aaa11c719d9bc62e134f

SHA1
23b25f4f76913d202f171d4e07bc82aaea4b308a

SHA256
c7be3d6eb4f12c0d2bd7fec488c143c954bbb8a7c126cf0478dc2d4f9a2f85da

SHA512
e7a888805b906b9fe57cbebcd107a2f7c9504088f619961b1d3ea5c5d5e6715280094df2a1eca9d8f6e9af713e33b44b258b630f9b88f24987d4032fdc1adca4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
88e61eaa3eb14b1404ae039f9d644aa7

SHA1
f814f111799980ad2f7c9c385368548e34e4f02e

SHA256
c96e4d16613fa6d7a4a8e3592b067aaa0f9628663d8f79378f0b5fb6b2bef889

SHA512
470298769636e4d44044552997bb04a70f53c957caa4cc49844a306ce76b76e96bc2da3093037f67ce317b06ea3e2ad4e648c3655696d1d514ec20b9b3b5cd33

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
15KB

MD5
9e971f59b7a644355483e9f47cf4d855

SHA1
1d352eae59504f6360ff4636858718ceab47dabc

SHA256
e843e4613ff8ad95dc6e889dee4a8463a636b075b44eee2a848001cc62bd36c9

SHA512
ae362791d785fc61e6c5f5f4ffd504c10cf703fec4eaa735915ab15d6a8405d4ba8bc8c6734f5a1f5003d897bcb808b363e29a886cb1804ed83483df1ba9d8f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
dc4ca35f6c57591ed1166191a48e5694

SHA1
078fe3c038de7dbc30e589b086cc8af4dacdd405

SHA256
db31c21fcc144b59deab2a81815508252eed331fe9961f0b851e92a1c56ff962

SHA512
ec95cf88fb5525732a1e5e4328ba1762ed3865ab6a70cdf25816ee0c82dafc86d3b1d2cde2ef1564137be793bbf7080b6f65d8fe06725c015e3e1d3200e4c119

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
8c998a48d245099b85bbc672458c11e6

SHA1
29665dc1f8dcb2de3c11226f2642f8f7354549b1

SHA256
2eafeb282ad5198f629bd64d4644b70a58423fd52a4197fe2d0da08a7562597e

SHA512
bc1954bfecf6bb4032e9b0d684496a81df4205d04cabfb3fda1ba16f8a285493b954c7e8283fc4f5685c16618b56217d09a40434420675278340ea712c0007b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
83f2f6ca9fe1d179ee1b24a7c1830d79

SHA1
ffcca517b28f96ec291ef5338fd05fb37be7c8b8

SHA256
ebb8ac1a235596cd534c016ddb7fd1d2bbc28c09cb488aae3900205bcb9a8ec1

SHA512
7c499e4856107286ed252c888205160d7e65183f3eadec372052a62f2010465ae48159868684055aa2d9e0ff409bfa1e4066749cc1d0bcc3498eb309d08ce06e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
1cdba94468d1f0610a2d323a805a6f5a

SHA1
ca4dfc9b129f5a5d978b9e2bb38cf4370e5d71c3

SHA256
167ceccbfdb3f265e8dd6e1bea46a730a9755924afcad547a011ee38548943ef

SHA512
a201ca3b86b728255029c60f637e78f159ea68c9054cae0b16d237618103c5a51fabddacaef24e2dc97c5064cdf2d5056538b75644f7da4bd88ead52541b427c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
8b34de9588d242b12b309a0201cb668c

SHA1
fcc857e274d373f29d535f2c9adb77b6977ea257

SHA256
300c330c408ee07d62f388576276920c05eaaebe24d831f0ef0ac8a5ddfb9d42

SHA512
a70ad9b60949d84cecfa5330b5cbc1d64828f7a42b81cfbb6d07f7b1706ce299b4357063417b41ad507e82cd9ca241dc2f946e3ce888fb7c81858e7a3ae7270b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
a0f6a2356b91b75b7b27c4964372f4a3

SHA1
0b20b14de0d7ac359956fd6a4b21c250e18a6520

SHA256
af2f317c1d1192b1e912e37adee1c4cca799538edefb4c8d78ca58cf3ce7582b

SHA512
2d37c0eb900451605e7db2ee84248f472e43d3ec80a98776b6a9c6e46f369c9af0425621f7765dc7d6b5d43c568d074ab8a6c00e290c6f8b2502f111ce875afb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
8ec343eaca4766b2f203d7daf22166bd

SHA1
1fc9baf4a6f8072fbbc90f1c0dfc08aacb304925

SHA256
2695be487863041065ab3b8175a566ca6dc3f072722dfa75cc23c0a5ab48be0e

SHA512
74babcd770ba3beacd99ecaedf1e306fd539abf2cb79e2e6db726122d4634977104ccb524f0fd9118144768f21d796439adca1e20e7286e4d4040d8484360b36

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
9d62cb184328417cd182b8661e739de7

SHA1
4156bfb941834ce45d879f26d0ab0871b57006a4

SHA256
cfaa5ee9217ceb590ff021a0ebf28930a46811c041dbb441d6b88c0f7658a9a8

SHA512
898bfca13d7047daed9781572b622904ef9633d250c2f5b2a4777252a6e38e0515320a9820afabc34c2ea13fe7a64df0e0e64fc7f8b398fe710e4c610250c5d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
2d096c50c97418baf198951944642b83

SHA1
be7088d416bfb922c3fa2f4c68cfdf6c1e656304

SHA256
10aecdb73762cfb7827c183cef7944278c7ae7dc2af18e0f783b1a048be815c0

SHA512
601545bfd2c1f29d68e46ed28e0b294712c8ec52330e4cf42b576be9cf240aaae32203fe5c63a2307407fac4d7549fc910a5b3bcbef05036c3f1127f1686b913

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
c3d4d1e7ccca91484a4cd621da1e61b0

SHA1
4c89aea9f888592180e13fb7653126aa71ecfda0

SHA256
f10366b3b874f816ac679b2401ad44cda0d24e1f72ef9b348dde18e87a93c2da

SHA512
131d643ddd45bea216a0bdd9d852747f1ad3a51259afd73cde1d0b5a11a5aa3cc14668331d036118d0353f4fc116d155f2524af21f392b3f3647ace8cb3e4025

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
c5b5b5febec6524fa724567cce43d072

SHA1
be11244351ac0a604f046d76a120bfd5d250cc19

SHA256
9089c268008ff701821345c1226f401e38f440b7a045ce7c6a8e147e3bb75b38

SHA512
b160fcac2e9109a4ea2ceee9aedd80e3450d8e2a2388c2e890842c4dc8f4fcd924b75fc1b0e9178f9c4ee3ca10b5b668ff88db335c2b3263e7e41ee095fdaa66

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
6a67fc78df7df9fa45f039b2ed76b0a3

SHA1
36202ffa415ab101727577c5f3c701d8dae08b53

SHA256
70b87f7c955f915440b0f93bc32b7d9ed47c2c2857eff80783c33209ed1617dd

SHA512
dc2688d780d9321bc2dda058135d1b5d559545808314dcc2e308b469130d4652c7d03388ea6f4a4514090eac8679e8e6ee8004380244afa2c181a34f0e956e0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57a22b.TMP

Filesize
362B

MD5
e993c6ddc8714cb1d880a8e26672f007

SHA1
ce948c613d2e6b653d26c587d60a6d5777231ad0

SHA256
88e329082a01cc30f7dd875245bbdb9357baa3637449e24cf737f9583a9533c0

SHA512
5a8c73db457da1f8c726762048cea9208015c9b51c6624bbf30a57dadb2dfdf220fe3d24aae8f0a8ed5b3d7c0e9ee7bdd96517fb4d5833a69b437f6ad78da65d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
f22f1d44d449fe9632ef3ae88f3ee187

SHA1
5f2d7e9951bb8886efc04d1d56fce39d28d2c06c

SHA256
e3ac3fa6f2ca7f6ade6ddfa58bd14e90a7443927f7175912618e12ae56b20883

SHA512
0754bc8dc584d2f8e32551a4e8d43b34097744e5aaf768af839348bd2d42a3660f01f98b327f82980a5c4d2981f0173e07f2c0d5a34412c303a35f38877ff743

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
d1f71dfb95b37b3ccb5aa67bd0e86063

SHA1
20b6079fb8b28aebbb6f0fe75f83f0dfe9b67d38

SHA256
b12ad904a921ef0b5b65844e5cceb5f4ffa8378fd815a9753f09ccad70f901cc

SHA512
ab14db97ef4da3745e1d48b24cd4669f413d1d9a4643bc91e6804f1c322360168450bdb8aa4ddbfa28e214ba07357f4e2954c5d63a6f7bb7a35a7c2112510ad8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
2e31a231cb4e80f511cac158d09bde34

SHA1
7c040c5a51a5c9525560a1ff34022a7f60180bab

SHA256
c9ef5bfe29e6ee45ff8ff87d4f84f8b5669a030fbe60131cec5e7446bc87d0f5

SHA512
48537988f1f40fadddbf6baca13d854265da0db667df4cf04b67e8d87d8f279101d371a6ae751a08eea8e00421676ed6a739c13f2c4f58d7dc24d5e171817bc8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
273d792b8fa0ecd7138f2902f5a39029

SHA1
aa7375651935cb574b8c1e6ead5975b99c00b68c

SHA256
d33755ca1f039e78de94a88edde2fc06e6506573f6252e4084860de320d81efe

SHA512
a6193e676ec3d950267a2c35868ace8c0325bbf85b80789e6adff320211a38e315b645c826d48c0ead0be29f407135e8e36fce2a663048bbd3f75512b1577dd4

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 721668.crdownload

Filesize
3.8MB

MD5
aa644bf8d605ae6761c4853f9b7fe092

SHA1
8b455ae8215208b38374d7fd07d206a338645f56

SHA256
d84dd10fb246fcadc13afdcc125c445124bd73e47a42ec91d5d7a25bc8691aa4

SHA512
8b30cd7392d2b81e973f5ed4ebc5fc51785146f2d5c4c3560016c3fb51ade8a34a78c18931ec089ee7a176c461c0c4d9b39164590357cfc136def35e3de3bd2a

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 767197.crdownload

Filesize
6.4MB

MD5
6c2de5a70a676edbeb42bc136a9ce061

SHA1
832761e4b75945490763c4af01f3d33e7a308e40

SHA256
30dfa8cb240dd864a1364fdb58ece79dfd78c097b964de3ac23cfa174c615818

SHA512
42628fb60fd7fa36dcca987df67a4624066e77b6a0f99babecb5714534947465b18995dba9cabe4b5784452c186f62df95afd67b2e4fdfd8004ec5cd0ef272d9

Download Submit
C:\Users\Admin\Downloads\VMAX PERMANENT UNBAN.exe

Filesize
1.7MB

MD5
285621d2174799249f01342d302b017c

SHA1
25559ca41b420c7731ce3382b0f088c3428e7425

SHA256
a1ae3a8b3993cb2491ab6003a2a07f84b8ce19803a85117f686e836afe272a4c

SHA512
bb1e15f5fb07783fdb2681a8dede9ac75dcd6ec2af53154593e266ca90571b1bc567ee8b72a08ac3fc18d02309bd1bada664567bd6b254590982f5fd3b020d1a

Download Submit
C:\Users\Admin\Downloads\VMAX PERMANENT UNBAN.exe

Filesize
2.0MB

MD5
ec27b0dbdd5cb394ef2f9b8e4065d9c2

SHA1
441223d039077fee1bc250c22754f1544dc748c5

SHA256
4b6049e2344d6f40309fd601b5e2e945fb4b9222f4501a1f89f1b3ac51d5a2a2

SHA512
07e70a8e949b4538277d6e38bd4374a57de701ba6b62d63aa19cc65409f46918efcd15ed1fc11b7b8ff016ad6773061f3256d6be42e6ff5151a51626875a4d65

Download Submit
C:\Users\Admin\Downloads\VMAX PERMANENT UNBAN.exe

Filesize
6.1MB

MD5
c8b92237f96d9d291ea62f8eb7577b6f

SHA1
b4291ed28a7765bc03b9e63ee9bac035fbf42e69

SHA256
92677b1c79d838edd775097c8c167d2f16de426f77833cf7ed18cd8efa237a0a

SHA512
c131c2e2110765119a42c79d87a19c8ed4cf7f6d7bac39397710ca02f7be6ed546fdb70e4dabe812888f1b01db1f84770c2b1403c3cd93ef089978cf4d4783a4

Download Submit
C:\Users\Admin\Downloads\d3dcompiler_43.zip

Filesize
906KB

MD5
a389a8e84447749fabe9a6284116f608

SHA1
aec515a5970b09a7341a5366c6d10968ce6a9c76

SHA256
dca69bd5bb280aba14fc1dac35abe2dde2da74d11e89573f3cc7eb03114c48bf

SHA512
200fbc0f6ce79b9c8e3629bc4cc757632a0b51afdf9369636d01e5fc3a2ff104f4d35a34e55ea1847245f2eeeea71a50de24d1c753cc048b5d7a1d024bcbf623

Download Submit
C:\Users\Admin\Downloads\d3dx11_43.zip

Filesize
100KB

MD5
6a9c3a02cd18e02c77a8d199e17470ed

SHA1
f6a690e9f6d9f7b01fb6a5eb4e70221b2f25e425

SHA256
404d6d4c57dbed76622d5cfbf95037e86714ab7d8533885f0944ac1de59cbdd6

SHA512
0fc25a80b0a4f407b7ecc51599c2620f342f6cc584301a257024d4b4331ee4c28342fd02b9f76d80254b732ec771bc8987ddfbe447c30264760defd15e259920

Download Submit
C:\Users\Admin\Downloads\dlls_1.rar

Filesize
7.1MB

MD5
7166cc462d737420ed881152257758d8

SHA1
6806a0bee3e91c9b590a409c4c0a98d828be3399

SHA256
daa6321e23ac03345efaad5901efa213ccb5f3952337f57324bb4fd5e261160b

SHA512
1eff7b91d3fb343151d6fa9ccbdf7336b464529505ca5571441b9293064653e8e630181c5156f656ff388e3b067b308c0e962161296e682e5d964a4ea9cab4ca

Download Submit
memory/5872-292-0x0000000140000000-0x0000000140EE8000-memory.dmp

Filesize
14.9MB

Download