xenorat | c8d4fa9014587bb65b9bfe3cd7898edc4b0ff214874a9324148a3432ed03d516

Analysis

max time kernel
2685s
max time network
2697s
platform
windows11-21h2_x64
resource
win11-20240221-en
resource tags

arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
submitted
24-03-2024 17:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

frowning_tool build 1.3.exe
Size

156KB
MD5

ac0419c1af343890250f5fca61517f9d
SHA1

d9a2685fbc661003b35b18bde3aa8a71e6a8d888
SHA256

98c5b5e5f167fd7ba7a18652c83cbd8d2dfaf52e1dcbcd91853ef9a259042ab0
SHA512

2b6bbe49d57efb14082d1d1bcf23645c3e0ccfbc5f69cc2c6d9df30ef1144b246b93e4ce8d6663afa7ee9ccb4307f52bcf9c37fe212c450846824ce6c7a1a6b1
SSDEEP

1536:EgpHmVauo3mL/pDj6CSYebFNTf43joObhfT7zM:Egp4L/pHvQbFNmjo0FPzM

Score

10^/10

xenorat rat spyware stealer trojan

Malware Config

Extracted

Family

xenorat

37.120.141.155

Mutex

modtool2

Attributes

delay
5000
install_path
appdata
port
22914
startup_name
WinSCVUpdate

Signatures

XenorRat
XenorRat is a remote access trojan written in C#.
trojan rat xenorat

Executes dropped EXE 8 IoCs

pid	Process
1652	frowning_tool build 1.3.exe
3656	frowning_tool build 1.3.exe
2796	frowning_tool build 1.3.exe
5024	frowning_tool build 1.3.exe
912	frowning_tool build 1.3.exe
4632	frowning_tool build 1.3.exe
3412	frowning_tool build 1.3.exe
4892	frowning_tool build 1.3.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe

Creates scheduled task(s) 1 TTPs 2 IoCs

Schtasks is often used by malware for persistence or to perform post-infection execution.

persistence

Scheduled Task/Job

T1053

pid	Process
1456	schtasks.exe
1584	schtasks.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000\Software\Microsoft\Internet Explorer\TypedURLs	taskmgr.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\IconSize = "48"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a000000a000000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByDirection = "1"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 020000000100000000000000ffffffff	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000_Classes\Local Settings	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 020000000100000000000000ffffffff	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\SniffedFolderType = "Generic"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616193"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 010000000200000000000000ffffffff	msedge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 010000000200000000000000ffffffff	taskmgr.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616193"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\LogicalViewMode = "3"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616193"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupView = "0"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:PID = "0"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\SniffedFolderType = "Generic"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\0	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0	taskmgr.exe
Key created	\REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\1	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\0	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\SniffedFolderType = "Generic"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0	taskmgr.exe
Key created	\REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 020000000100000000000000ffffffff	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\0	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000_Classes\Local Settings	taskmgr.exe
Key created	\REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2930051783-2551506282-3430162621-1000\{AFE3142B-C7E1-4C4E-B40B-93F646C0F48D}	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	msedge.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
1652	frowning_tool build 1.3.exe
1652	frowning_tool build 1.3.exe
1652	frowning_tool build 1.3.exe
1652	frowning_tool build 1.3.exe
1652	frowning_tool build 1.3.exe
1652	frowning_tool build 1.3.exe
1652	frowning_tool build 1.3.exe
1652	frowning_tool build 1.3.exe
1652	frowning_tool build 1.3.exe
1652	frowning_tool build 1.3.exe
1652	frowning_tool build 1.3.exe
1652	frowning_tool build 1.3.exe
1652	frowning_tool build 1.3.exe
1652	frowning_tool build 1.3.exe
1652	frowning_tool build 1.3.exe
1652	frowning_tool build 1.3.exe
1652	frowning_tool build 1.3.exe
1652	frowning_tool build 1.3.exe
1652	frowning_tool build 1.3.exe
1652	frowning_tool build 1.3.exe
1652	frowning_tool build 1.3.exe
1652	frowning_tool build 1.3.exe
1652	frowning_tool build 1.3.exe
1652	frowning_tool build 1.3.exe
1652	frowning_tool build 1.3.exe
1652	frowning_tool build 1.3.exe
1652	frowning_tool build 1.3.exe
1652	frowning_tool build 1.3.exe
1652	frowning_tool build 1.3.exe
1652	frowning_tool build 1.3.exe
1652	frowning_tool build 1.3.exe
1652	frowning_tool build 1.3.exe
1652	frowning_tool build 1.3.exe
1652	frowning_tool build 1.3.exe
1652	frowning_tool build 1.3.exe
1652	frowning_tool build 1.3.exe
1652	frowning_tool build 1.3.exe
1652	frowning_tool build 1.3.exe
1652	frowning_tool build 1.3.exe
1652	frowning_tool build 1.3.exe
1652	frowning_tool build 1.3.exe
1652	frowning_tool build 1.3.exe
1652	frowning_tool build 1.3.exe
1652	frowning_tool build 1.3.exe
1652	frowning_tool build 1.3.exe
1652	frowning_tool build 1.3.exe
1652	frowning_tool build 1.3.exe
1652	frowning_tool build 1.3.exe
1652	frowning_tool build 1.3.exe
1652	frowning_tool build 1.3.exe
1652	frowning_tool build 1.3.exe
1652	frowning_tool build 1.3.exe
1652	frowning_tool build 1.3.exe
1652	frowning_tool build 1.3.exe
1652	frowning_tool build 1.3.exe
1652	frowning_tool build 1.3.exe
1652	frowning_tool build 1.3.exe
1652	frowning_tool build 1.3.exe
1652	frowning_tool build 1.3.exe
1652	frowning_tool build 1.3.exe
1652	frowning_tool build 1.3.exe
1652	frowning_tool build 1.3.exe
1652	frowning_tool build 1.3.exe
1652	frowning_tool build 1.3.exe

Suspicious behavior: GetForegroundWindowSpam 3 IoCs

pid	Process
4524	taskmgr.exe
912	frowning_tool build 1.3.exe
1788	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 44 IoCs

pid	Process
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe

Suspicious use of AdjustPrivilegeToken 9 IoCs

description	pid	Process
Token: SeDebugPrivilege	1652	frowning_tool build 1.3.exe
Token: SeDebugPrivilege	4524	taskmgr.exe
Token: SeSystemProfilePrivilege	4524	taskmgr.exe
Token: SeCreateGlobalPrivilege	4524	taskmgr.exe
Token: SeDebugPrivilege	912	frowning_tool build 1.3.exe
Token: 33	1124	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1124	AUDIODG.EXE
Token: 33	4524	taskmgr.exe
Token: SeIncBasePriorityPrivilege	4524	taskmgr.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4524	taskmgr.exe
4524	taskmgr.exe
4524	taskmgr.exe
4524	taskmgr.exe
4524	taskmgr.exe
4524	taskmgr.exe
4524	taskmgr.exe
4524	taskmgr.exe
4524	taskmgr.exe
4524	taskmgr.exe
4524	taskmgr.exe
4524	taskmgr.exe
4524	taskmgr.exe
4524	taskmgr.exe
4524	taskmgr.exe
4524	taskmgr.exe
4524	taskmgr.exe
4524	taskmgr.exe
4524	taskmgr.exe
4524	taskmgr.exe
4524	taskmgr.exe
4524	taskmgr.exe
4524	taskmgr.exe
4524	taskmgr.exe
4524	taskmgr.exe
4524	taskmgr.exe
4524	taskmgr.exe
4524	taskmgr.exe
4524	taskmgr.exe
4524	taskmgr.exe
4524	taskmgr.exe
4524	taskmgr.exe
4524	taskmgr.exe
4524	taskmgr.exe
4524	taskmgr.exe
4524	taskmgr.exe
4524	taskmgr.exe
4524	taskmgr.exe
4524	taskmgr.exe
4524	taskmgr.exe
4524	taskmgr.exe
4524	taskmgr.exe
4524	taskmgr.exe
4524	taskmgr.exe
4524	taskmgr.exe
4524	taskmgr.exe
4524	taskmgr.exe
4524	taskmgr.exe
4524	taskmgr.exe
4524	taskmgr.exe
4524	taskmgr.exe
4524	taskmgr.exe
4524	taskmgr.exe
4524	taskmgr.exe
4524	taskmgr.exe
4524	taskmgr.exe
4524	taskmgr.exe
4524	taskmgr.exe
4524	taskmgr.exe
4524	taskmgr.exe
4524	taskmgr.exe
4524	taskmgr.exe
4524	taskmgr.exe
4524	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
4524	taskmgr.exe
4524	taskmgr.exe
4524	taskmgr.exe
4524	taskmgr.exe
4524	taskmgr.exe
4524	taskmgr.exe
4524	taskmgr.exe
4524	taskmgr.exe
4524	taskmgr.exe
4524	taskmgr.exe
4524	taskmgr.exe
4524	taskmgr.exe
4524	taskmgr.exe
4524	taskmgr.exe
4524	taskmgr.exe
4524	taskmgr.exe
4524	taskmgr.exe
4524	taskmgr.exe
4524	taskmgr.exe
4524	taskmgr.exe
4524	taskmgr.exe
4524	taskmgr.exe
4524	taskmgr.exe
4524	taskmgr.exe
4524	taskmgr.exe
4524	taskmgr.exe
4524	taskmgr.exe
4524	taskmgr.exe
4524	taskmgr.exe
4524	taskmgr.exe
4524	taskmgr.exe
4524	taskmgr.exe
4524	taskmgr.exe
4524	taskmgr.exe
4524	taskmgr.exe
4524	taskmgr.exe
4524	taskmgr.exe
4524	taskmgr.exe
4524	taskmgr.exe
4524	taskmgr.exe
4524	taskmgr.exe
4524	taskmgr.exe
4524	taskmgr.exe
4524	taskmgr.exe
4524	taskmgr.exe
4524	taskmgr.exe
4524	taskmgr.exe
4524	taskmgr.exe
4524	taskmgr.exe
4524	taskmgr.exe
4524	taskmgr.exe
4524	taskmgr.exe
4524	taskmgr.exe
4524	taskmgr.exe
4524	taskmgr.exe
4524	taskmgr.exe
4524	taskmgr.exe
4524	taskmgr.exe
4524	taskmgr.exe
4524	taskmgr.exe
4524	taskmgr.exe
4524	taskmgr.exe
4524	taskmgr.exe
4524	taskmgr.exe

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
1788	msedge.exe
2136	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4760 wrote to memory of 1652	4760	frowning_tool build 1.3.exe	76
PID 4760 wrote to memory of 1652	4760	frowning_tool build 1.3.exe	76
PID 4760 wrote to memory of 1652	4760	frowning_tool build 1.3.exe	76
PID 1652 wrote to memory of 1456	1652	frowning_tool build 1.3.exe	77
PID 1652 wrote to memory of 1456	1652	frowning_tool build 1.3.exe	77
PID 1652 wrote to memory of 1456	1652	frowning_tool build 1.3.exe	77
PID 3656 wrote to memory of 2796	3656	frowning_tool build 1.3.exe	101
PID 3656 wrote to memory of 2796	3656	frowning_tool build 1.3.exe	101
PID 3656 wrote to memory of 2796	3656	frowning_tool build 1.3.exe	101
PID 912 wrote to memory of 1584	912	frowning_tool build 1.3.exe	104
PID 912 wrote to memory of 1584	912	frowning_tool build 1.3.exe	104
PID 912 wrote to memory of 1584	912	frowning_tool build 1.3.exe	104
PID 4920 wrote to memory of 488	4920	msedge.exe	113
PID 4920 wrote to memory of 488	4920	msedge.exe	113
PID 4920 wrote to memory of 3720	4920	msedge.exe	114
PID 4920 wrote to memory of 3720	4920	msedge.exe	114
PID 4920 wrote to memory of 3720	4920	msedge.exe	114
PID 4920 wrote to memory of 3720	4920	msedge.exe	114
PID 4920 wrote to memory of 3720	4920	msedge.exe	114
PID 4920 wrote to memory of 3720	4920	msedge.exe	114
PID 4920 wrote to memory of 3720	4920	msedge.exe	114
PID 4920 wrote to memory of 3720	4920	msedge.exe	114
PID 4920 wrote to memory of 3720	4920	msedge.exe	114
PID 4920 wrote to memory of 3720	4920	msedge.exe	114
PID 4920 wrote to memory of 3720	4920	msedge.exe	114
PID 4920 wrote to memory of 3720	4920	msedge.exe	114
PID 4920 wrote to memory of 3720	4920	msedge.exe	114
PID 4920 wrote to memory of 3720	4920	msedge.exe	114
PID 4920 wrote to memory of 3720	4920	msedge.exe	114
PID 4920 wrote to memory of 3720	4920	msedge.exe	114
PID 4920 wrote to memory of 3720	4920	msedge.exe	114
PID 4920 wrote to memory of 3720	4920	msedge.exe	114
PID 4920 wrote to memory of 3720	4920	msedge.exe	114
PID 4920 wrote to memory of 3720	4920	msedge.exe	114
PID 4920 wrote to memory of 3720	4920	msedge.exe	114
PID 4920 wrote to memory of 3720	4920	msedge.exe	114
PID 4920 wrote to memory of 3720	4920	msedge.exe	114
PID 4920 wrote to memory of 3720	4920	msedge.exe	114
PID 4920 wrote to memory of 3720	4920	msedge.exe	114
PID 4920 wrote to memory of 3720	4920	msedge.exe	114
PID 4920 wrote to memory of 3720	4920	msedge.exe	114
PID 4920 wrote to memory of 3720	4920	msedge.exe	114
PID 4920 wrote to memory of 3720	4920	msedge.exe	114
PID 4920 wrote to memory of 3720	4920	msedge.exe	114
PID 4920 wrote to memory of 3720	4920	msedge.exe	114
PID 4920 wrote to memory of 3720	4920	msedge.exe	114
PID 4920 wrote to memory of 3720	4920	msedge.exe	114
PID 4920 wrote to memory of 3720	4920	msedge.exe	114
PID 4920 wrote to memory of 3720	4920	msedge.exe	114
PID 4920 wrote to memory of 3720	4920	msedge.exe	114
PID 4920 wrote to memory of 3720	4920	msedge.exe	114
PID 4920 wrote to memory of 3720	4920	msedge.exe	114
PID 4920 wrote to memory of 3720	4920	msedge.exe	114
PID 4920 wrote to memory of 3720	4920	msedge.exe	114
PID 4920 wrote to memory of 4020	4920	msedge.exe	115
PID 4920 wrote to memory of 4020	4920	msedge.exe	115
PID 4920 wrote to memory of 3308	4920	msedge.exe	116
PID 4920 wrote to memory of 3308	4920	msedge.exe	116
PID 4920 wrote to memory of 3308	4920	msedge.exe	116
PID 4920 wrote to memory of 3308	4920	msedge.exe	116
PID 4920 wrote to memory of 3308	4920	msedge.exe	116
PID 4920 wrote to memory of 3308	4920	msedge.exe	116
PID 4920 wrote to memory of 3308	4920	msedge.exe	116
PID 4920 wrote to memory of 3308	4920	msedge.exe	116

C:\Users\Admin\AppData\Local\Temp\frowning_tool build 1.3.exe
"C:\Users\Admin\AppData\Local\Temp\frowning_tool build 1.3.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4760
- C:\Users\Admin\AppData\Roaming\XenoManager\frowning_tool build 1.3.exe
  "C:\Users\Admin\AppData\Roaming\XenoManager\frowning_tool build 1.3.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:1652
- - C:\Windows\SysWOW64\schtasks.exe
    "schtasks.exe" /Create /TN "WinSCVUpdate" /XML "C:\Users\Admin\AppData\Local\Temp\tmp5B8D.tmp" /F
    3⤵
    - Creates scheduled task(s)
    PID:1456

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:3520

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1124

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /0
1⤵
- Checks SCSI registry key(s)
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4524

C:\Users\Admin\Desktop\frowning_tool build 1.3.exe
"C:\Users\Admin\Desktop\frowning_tool build 1.3.exe"
1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3656
- C:\Users\Admin\AppData\Roaming\XenoManager\frowning_tool build 1.3.exe
  "C:\Users\Admin\AppData\Roaming\XenoManager\frowning_tool build 1.3.exe"
  2⤵
  - Executes dropped EXE
  PID:2796

C:\Users\Admin\Desktop\frowning_tool build 1.3.exe
"C:\Users\Admin\Desktop\frowning_tool build 1.3.exe"
1⤵
- Executes dropped EXE
PID:5024

C:\Users\Admin\Desktop\frowning_tool build 1.3.exe
"C:\Users\Admin\Desktop\frowning_tool build 1.3.exe"
1⤵
- Executes dropped EXE
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:912
- C:\Windows\SysWOW64\schtasks.exe
  "schtasks.exe" /Create /TN "WinSCVUpdate" /XML "C:\Users\Admin\AppData\Local\Temp\tmp134B.tmp" /F
  2⤵
  - Creates scheduled task(s)
  PID:1584

C:\Users\Admin\Desktop\frowning_tool build 1.3.exe
"C:\Users\Admin\Desktop\frowning_tool build 1.3.exe"
1⤵
- Executes dropped EXE
PID:4632

C:\Users\Admin\Desktop\frowning_tool build 1.3.exe
"C:\Users\Admin\Desktop\frowning_tool build 1.3.exe"
1⤵
- Executes dropped EXE
PID:3412

C:\Windows\System32\ns6kv-.exe
"C:\Windows\System32\ns6kv-.exe"
1⤵
PID:2516

C:\Users\Admin\Desktop\frowning_tool build 1.3.exe
"C:\Users\Admin\Desktop\frowning_tool build 1.3.exe" C:\Users\Admin\Desktop\ns6kv-.zip
1⤵
- Executes dropped EXE
PID:4892

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of WriteProcessMemory
PID:4920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff88e83cb8,0x7fff88e83cc8,0x7fff88e83cd8
  2⤵
  PID:488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1848,13533209344441691047,8435221207456126346,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1824 /prefetch:2
  2⤵
  PID:3720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1848,13533209344441691047,8435221207456126346,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2332 /prefetch:3
  2⤵
  PID:4020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1848,13533209344441691047,8435221207456126346,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2556 /prefetch:8
  2⤵
  PID:3308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,13533209344441691047,8435221207456126346,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
  2⤵
  PID:4612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,13533209344441691047,8435221207456126346,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
  2⤵
  PID:4372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,13533209344441691047,8435221207456126346,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5040 /prefetch:1
  2⤵
  PID:3404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,13533209344441691047,8435221207456126346,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5068 /prefetch:1
  2⤵
  PID:872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1848,13533209344441691047,8435221207456126346,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4728 /prefetch:8
  2⤵
  PID:2288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,13533209344441691047,8435221207456126346,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3908 /prefetch:1
  2⤵
  PID:468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,13533209344441691047,8435221207456126346,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5380 /prefetch:1
  2⤵
  PID:4604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,13533209344441691047,8435221207456126346,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5692 /prefetch:1
  2⤵
  PID:1016
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1848,13533209344441691047,8435221207456126346,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5828 /prefetch:8
  2⤵
  PID:1296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,13533209344441691047,8435221207456126346,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4960 /prefetch:1
  2⤵
  PID:4040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,13533209344441691047,8435221207456126346,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6120 /prefetch:1
  2⤵
  PID:4204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,13533209344441691047,8435221207456126346,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4748 /prefetch:1
  2⤵
  PID:3224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,13533209344441691047,8435221207456126346,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2644 /prefetch:1
  2⤵
  PID:3052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,13533209344441691047,8435221207456126346,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2620 /prefetch:1
  2⤵
  PID:3148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,13533209344441691047,8435221207456126346,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4696 /prefetch:1
  2⤵
  PID:1652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,13533209344441691047,8435221207456126346,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6300 /prefetch:1
  2⤵
  PID:3804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,13533209344441691047,8435221207456126346,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5540 /prefetch:1
  2⤵
  PID:2900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,13533209344441691047,8435221207456126346,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6200 /prefetch:1
  2⤵
  PID:2028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,13533209344441691047,8435221207456126346,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2508 /prefetch:1
  2⤵
  PID:2932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,13533209344441691047,8435221207456126346,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3536 /prefetch:1
  2⤵
  PID:1996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,13533209344441691047,8435221207456126346,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6204 /prefetch:1
  2⤵
  PID:1992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1848,13533209344441691047,8435221207456126346,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3480 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:1788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1848,13533209344441691047,8435221207456126346,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5356 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:2136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1848,13533209344441691047,8435221207456126346,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3616 /prefetch:8
  2⤵
  PID:3844

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4956

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3148

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
PID:4604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x110,0x114,0x118,0xec,0x11c,0x7fff88e83cb8,0x7fff88e83cc8,0x7fff88e83cd8
  2⤵
  PID:2696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1904,14122113060463453445,5518795902985836411,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1744 /prefetch:2
  2⤵
  PID:3804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1904,14122113060463453445,5518795902985836411,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2120 /prefetch:3
  2⤵
  PID:1716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1904,14122113060463453445,5518795902985836411,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2536 /prefetch:8
  2⤵
  PID:3492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,14122113060463453445,5518795902985836411,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:3640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,14122113060463453445,5518795902985836411,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
  2⤵
  PID:756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,14122113060463453445,5518795902985836411,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4796 /prefetch:1
  2⤵
  PID:2784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,14122113060463453445,5518795902985836411,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4364 /prefetch:1
  2⤵
  PID:864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,14122113060463453445,5518795902985836411,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5040 /prefetch:1
  2⤵
  PID:3212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,14122113060463453445,5518795902985836411,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5220 /prefetch:1
  2⤵
  PID:1744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,14122113060463453445,5518795902985836411,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4936 /prefetch:1
  2⤵
  PID:1996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1904,14122113060463453445,5518795902985836411,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5052 /prefetch:8
  2⤵
  PID:1992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,14122113060463453445,5518795902985836411,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3620 /prefetch:1
  2⤵
  PID:1372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1904,14122113060463453445,5518795902985836411,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5600 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:1924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,14122113060463453445,5518795902985836411,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5916 /prefetch:1
  2⤵
  PID:2408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,14122113060463453445,5518795902985836411,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5452 /prefetch:1
  2⤵
  PID:3456
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1904,14122113060463453445,5518795902985836411,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6576 /prefetch:8
  2⤵
  PID:4980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,14122113060463453445,5518795902985836411,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6488 /prefetch:1
  2⤵
  PID:4948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,14122113060463453445,5518795902985836411,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6160 /prefetch:1
  2⤵
  PID:1044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,14122113060463453445,5518795902985836411,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4816 /prefetch:1
  2⤵
  PID:3884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,14122113060463453445,5518795902985836411,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6068 /prefetch:1
  2⤵
  PID:1640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,14122113060463453445,5518795902985836411,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5752 /prefetch:1
  2⤵
  PID:4904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1904,14122113060463453445,5518795902985836411,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1580 /prefetch:2
  2⤵
  PID:5944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,14122113060463453445,5518795902985836411,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2812 /prefetch:1
  2⤵
  PID:2472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,14122113060463453445,5518795902985836411,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1
  2⤵
  PID:3120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1904,14122113060463453445,5518795902985836411,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4944 /prefetch:8
  2⤵
  PID:5404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1904,14122113060463453445,5518795902985836411,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=4036 /prefetch:8
  2⤵
  - Modifies registry class
  PID:2704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,14122113060463453445,5518795902985836411,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6580 /prefetch:1
  2⤵
  PID:1924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,14122113060463453445,5518795902985836411,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6492 /prefetch:1
  2⤵
  PID:3016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,14122113060463453445,5518795902985836411,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6864 /prefetch:1
  2⤵
  PID:2164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,14122113060463453445,5518795902985836411,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7100 /prefetch:1
  2⤵
  PID:1892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1904,14122113060463453445,5518795902985836411,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=7016 /prefetch:8
  2⤵
  PID:5380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,14122113060463453445,5518795902985836411,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7048 /prefetch:1
  2⤵
  PID:6112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,14122113060463453445,5518795902985836411,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6836 /prefetch:1
  2⤵
  PID:5164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,14122113060463453445,5518795902985836411,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5464 /prefetch:1
  2⤵
  PID:3428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,14122113060463453445,5518795902985836411,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3860 /prefetch:1
  2⤵
  PID:5456

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3468

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3556

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004DC 0x00000000000004D4
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1124

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5328

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

T1053

Persistence

Scheduled Task/Job

T1053

Privilege Escalation

Scheduled Task/Job

T1053

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\frowning_tool build 1.3.exe.log

Filesize
226B

MD5
1294de804ea5400409324a82fdc7ec59

SHA1
9a39506bc6cadf99c1f2129265b610c69d1518f7

SHA256
494398ec6108c68573c366c96aae23d35e7f9bdbb440a4aab96e86fcad5871d0

SHA512
033905cc5b4d0c0ffab2138da47e3223765146fa751c9f84b199284b653a04874c32a23aae577d2e06ce6c6b34fec62331b5fc928e3baf68dc53263ecdfa10c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
19a8bcb40a17253313345edd2a0da1e7

SHA1
86fac74b5bbc59e910248caebd1176a48a46d72e

SHA256
b8024fbed11683ef4b53f5afac0ff691025b7eecca0f6a95737da1585558227e

SHA512
9f8780f49d30aad01b28189804329aeca6ad2b7ffb6be505d40bb1af7802bb62622f518cb1c43a5815bbbb46638f6c52aead3d68f14fa957d18157edb42e95c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
96899614360333c9904499393c6e3d75

SHA1
bbfa17cf8df01c266323965735f00f0e9e04cd34

SHA256
486e4b4bb11f664c91c675e73cfeabe53b5009ae719459813be17814cd97e43c

SHA512
974735b40a9f92b40a37a698f7f333590f32ff45633c6e619500e74ec274bc20bf7dbc830b1685777b714d37a3ca103d741ee056f4ff45ef08c07b38a7895df7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
36108d6e76ddc41cc3835276d7b03626

SHA1
3259627972c543fc2dbb9889e942b7ec8d5c1dcb

SHA256
591a07a099d4de7d6e41c2441634313d4efc687075c790139bf9c1ca2a594fcc

SHA512
f8eb36bb6eb0c2686c870e2a594c7547ef6e9bbb8d9c095388a2cdd8cb44845a26f765c9abf0f9482e14fb2ac2f0359e7f6cd31991bd6e4e818b62225bf19276

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c99479c70a2317c358ffa5d55d2cad90

SHA1
ed4f293b637eaeee781d7adf57c10bd9dea16f69

SHA256
16a8066d8f730e42bf0f8eac018bfa79c7422c8870e5e5f9bbc5ddb1e1d1979f

SHA512
21c322ca3df96cbb186f361228915eaba709586806dad61643b4739dceb7d732587c966add57d22c2fcde7ffe3edc6cff348b1ae4282aa4fa6b317832b6d6467

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
62KB

MD5
ca364fd2c9f44191498bd1d53bd060ea

SHA1
3ae7c733b21d40a1ac2c8d0df1b013e600e5d813

SHA256
46518c41bbbbb6f782f4aeb930b2199d888e5554a4e66b20901e16213885ed6e

SHA512
2967e9e0b20d359be36fc9ac79e83d1c40535d9d4f13893cb16a5fec5215699a4447fde2a7820fd661589a45434be9841b28b21fd6322a559b52ede6e699d05a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
19KB

MD5
053a36fcfd628bd3b03571251d44d0ed

SHA1
1075ce0271bf805ac14015fdfa8b63b1ecf6fd0a

SHA256
1a76ba2eb254dc2199418984ef05af9d813d682c9f78f1caa51168a8d84485e6

SHA512
2949befe55653019ab623de1519a8fda520592e26b311f9bf2be8caad2abd4058205576dc936875b878cc93bd6f4f0fdf325d39e80745c11e568fbde0c145405

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a

Filesize
77KB

MD5
ac2b3f747f6dcaf911ab07b7edae9261

SHA1
a4a092594067d950a742eccf96a61a839f9084cf

SHA256
439c5f4128e6485bcbbcff7abdce9a40716ea301b5489c8918751182e131d050

SHA512
f68529de62fb73f3ddcb586091e436ac7a3f590ceae212b333b7ad2013f5cb81c2a0ffc51165945a757212fff2fcfe37537eaf4f742dfc505c666a609ec22637

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001c

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d

Filesize
69KB

MD5
a127a49f49671771565e01d883a5e4fa

SHA1
09ec098e238b34c09406628c6bee1b81472fc003

SHA256
3f208f049ffaf4a7ed808bf0ff759ce7986c177f476b380d0076fd1f5482fca6

SHA512
61b54222e54e7ab8743a2d6ca3c36768a7b2cf22d5689a3309dee9974b1f804533720ea9de2d3beab44853d565a94f1bc0e60b9382997abcf03945219f98d734

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001e

Filesize
34KB

MD5
02214b097305a8302b21e630fa201576

SHA1
90c2a31521803b73e847f7a3e0cfceec84df9fa5

SHA256
1d98076cfae6a0a8f0b0b1c654270b900de83e633cc01d98ef63e6a8e485a3f4

SHA512
553c81eb51880f83b9918aef766ff0f41170895b1cda2589f0b69c3d1362de8e8decf14a413f6b5df1fb7ce07fc939211407b29046188b37c290133c9d5e1cd4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001f

Filesize
63KB

MD5
710d7637cc7e21b62fd3efe6aba1fd27

SHA1
8645d6b137064c7b38e10c736724e17787db6cf3

SHA256
c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b

SHA512
19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000020

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000021

Filesize
84KB

MD5
74e33b4b54f4d1f3da06ab47c5936a13

SHA1
6e5976d593b6ee3dca3c4dbbb90071b76e1cd85c

SHA256
535fc48679c38decd459ad656bdd6914e539754265244d0cc7b1da6bddf3e287

SHA512
79218e8ee50484af968480ff9b211815c97c3f3035414e685aa5d15d9b4152682d87b66202339f212bf3b463a074bf7a4431107b50303f28e2eb4b17843991c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022

Filesize
1.1MB

MD5
fcb3b79b4ee2a97d69020a59b8d5caee

SHA1
4c8c8dc00b8c71694cdadbfd1fe70358d34a0883

SHA256
36b4ec7a0ae8d3b2f907b88735287ffc68c0c35e472b3c8cc30f49f4387c9f8b

SHA512
7874b3e78d0c0ef2f1f2e417a989550208c20aab398ef9ec800104dc047ec3866863dbbeab379fdbda7643210b03e20d7305a5fb776df88bef72ad89023cb558

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000041

Filesize
16KB

MD5
217cbc215dee0fc391501f43c73024d0

SHA1
c6da544f46b50772791af0484044a5c8e9c1155d

SHA256
445d1c73346f518bb0b9ef9ac1164117e7788adaf17420b39ef59aed98b725e0

SHA512
0b7ce28ad53f9a15008c78c5334d48a9f2e813836c813b8f60bf0ee17223d5375a62c2095b64c43b44611dcd750536f42570e18f085d2e6f759cb8d6c6d9a1cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000042

Filesize
19KB

MD5
cdc8eebc5968b93310be705973258f07

SHA1
9330a2fdd0c76768176dfc208e575a0f14e9c8c4

SHA256
caf19c50017498e002e2db63f5f69ed0df35b84831b6faae80c6c7272fdf88d4

SHA512
2cce3b115f4e0115c21f9790320b41f2715d550793cf8d65e462758cb16371ff063a330ab1291a1adcba6a63b994a32b476ff95b14eb88052455952f6f223fab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000048

Filesize
30KB

MD5
b41228c15479633e60b1bc5664370908

SHA1
f80d41213eef8aaffc8e179133d72675d4a7900b

SHA256
50d8445116a3206e05e64c8e63f522836c0d1611b9b2ac7553409ab54a47af8c

SHA512
a8f9b12a58d5e304562cc2b8019000266be66632e2fc610bb7805622e4d2c428366403eac9f5de69116708f8e5e163c44ac815e26ae6c3fce438bbe8fa7e4b98

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000049

Filesize
49KB

MD5
85e1cc841ea82ceffae75ad695fc9def

SHA1
d402e481f51493b478d3d7cb79683c953213800f

SHA256
024fe2974ec1e6838f38a223a4eae28be9a6c9324076f8610c8db727aab7bcd9

SHA512
2217a701970198c2657f048d483051de8baa1d378c04be4b7b5d219f8f6145917f1cfab66ba29be017ba625a3ae2deb1699ac30cbd6215b464c87c70e7a47925

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004a

Filesize
69KB

MD5
e8d9c90df9b4a0828bcab7fd2db69ebd

SHA1
94d0072e2e8270ad97edc2d1a4efd17831400e68

SHA256
b08ded8b8d6aeb4eb10af28f69bd3b94cbd85e135c34bed82a8a4191f6432f0e

SHA512
a6e57f0a9599161fdc655df9dce105cbea13408ff132dba1bcfd1d1713686303009968aa7c47256683d73fbfa19e1fbc4941812c0690c09be243deb87fb5e549

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
bca7c183d1f20c1676f63ad9a3973753

SHA1
64b334a05d9c3c0ec5f3a3a421426921fc0e0d7f

SHA256
8735d7063cc0c36522b9614210fa9d4a16dbd651e1aedddb6fdc28322a0b7212

SHA512
bdac3add8b773f4b0aa767d21e960461dcfcfd35231614253750663e5ff31f9fe2efccdd338446797c0f797ff1183f8fb4f859d04a17775f9d90efff3ecca679

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
960B

MD5
e35815b689a091bf47545fae2914cae8

SHA1
8a8f0516995c0d3b56a08171ceb9e87e28d44f2f

SHA256
a9c9d23cde7c85726cfd4128e8c1e0dd1c771e6c9ab111103dd10fc9ff9d1c8e

SHA512
7a4530ccbb2d9bf24eeebccc4e691361601344eb8a6bc79110bcb64e889fc17def7b58bff16b2597bcc7eb78e389bf642056561f58a65f84056097da7891a1db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
313f539cc3cf3136448e81fc0dbca910

SHA1
4f3de64dfd826547f68f76817ada7cc1478db99e

SHA256
0055cc28b8b082c3e3548e1baafe9eab793e655baeb1fc7e47cab79fd7ad7f60

SHA512
519c9ab043b3f50c9405b767247328c1d5c36179f86ffc5a747470cae64d42e6baf812961986fdd15ddd774d38a5cbd4b31d24d32e258c1fe11956444b64fe32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
84eacacabeeb6b72c3281a297f3e33ac

SHA1
4ea3a599782a3f9dda95ee361ee6737513f83d75

SHA256
2fce88f9eb20773b2f2f45002af85d6ae9374b8a29ab5fe90b6697e54f565bcc

SHA512
261f8081b642f62af1a6f202963d505f6a2ad1b8be4816df5821855e2393ef9877af82f571acd254dd795dc8138e2bafc034775f39f1111a9061f180b5a8f641

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
fbec4cd8bbbba46abe195321263a2b0e

SHA1
c8f4561bdc33f6c7baae2aff9f6486f0f1b08879

SHA256
e24ac38da5a6e518ef0dc4818978497669dcdc3122ccbd6102ee39e3c3a2a269

SHA512
220a9215059d8c8db47cc83c235437d79a478291811e0bdc349c35e08a1c779205578bc9dffde5ed9d417f8100ca953f8eaa151046e5e554ec184c05586253ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
98722e76dd93789bd22a97a8e55c0e24

SHA1
4c4040a207abfc2ae31557d170377061fe68e96d

SHA256
b100bd67d6a2bf3541a2ac38f703d64fd05143f04de1e43933d8384c221ae946

SHA512
6da072626ddb3c833c4bcb8c2c6fb98a0cf6ad9762452a6dd9d5391694bcb1478499f333edf387a147618469853211ba4f9fa1aae007b6ee9e1e265bf18e4388

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
771d10b53fb294838fbefa26c2b8a89c

SHA1
e228c47cd255cdbefde7a2b0a3b3b434b65521b2

SHA256
07d79e6f9760450d1e9dc3e1321324e44bb5a9c9fae3ca9affc1dc85b5d4cb2f

SHA512
c9eec9306a578331553c9138ca06fcb99b64bdc2b58c3b566b582cda69f2d81a435cceb34137fa262f873dbf1f8550f022c73b4e51eb50ec4f051827b3d8909a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
78e9eef0a6f4edabf475c22b09b3df62

SHA1
cf85ada1b26610750041c75e155ae34b3103c482

SHA256
0cd7a880cf4d888f780ff2ba1cd35baa0f30fcaca065a6a89c58256b8bca6719

SHA512
4dad76137eb3aa2b05162e1f3cca60c30aa5abff1f0b21f15a16cd28132f6245b3276c1973efa7120b999bca2554b71fd02ad0c08febe6bf5d3163a0d580441e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

Filesize
24KB

MD5
150e0a56a30742e81237568f486f1c84

SHA1
86bae91b42ee2c3bfc7f7ce0057dd18dbd1088ba

SHA256
18087010f6aaa93c25473ad33f738c179b296f449d97a738bbb09c3bb1f4c17c

SHA512
88ef0ea92bf99f04641912f4c6321389b5187a01246f1f70bcd29483b14929de4a973866ed27f21c02ca41547e781fee9624916e04ef3a61ceaecf22690adfcf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
76086f31d9128bd831388f38bd0a9e6d

SHA1
64d1536bd10f020d318861b3593d00483666337d

SHA256
2eaa15b44840556e20249368feac0b3b2f60285d8899b3ae2a77db9261471ab7

SHA512
3b56acf0edd9ed706ccccd0b964c84963d091bf624eed47a26f14078f68b0553ef01d563eb5fa02d660365344c54667b20d0d11d34ae7be37ae4308d6ec01288

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
116KB

MD5
b37762f3e2367c0313955109271ab316

SHA1
5bcc47f5f3eb79094439fd5560345e85c64cb6bb

SHA256
56fcd9df5cfce73d7e85c6bfb92c5f5ad30234f351d7ef221f9e4ab61c921ca6

SHA512
2de0150034f6aa0812be5e0ae1f339e7369ac2027a0a3b303fe4fede088482e2393a461fa5d553080792bcadcf62be1d1cc10a68adc484961054605a3b621959

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
605B

MD5
0e12e00607c8f544bcbb9dca7f9dba3c

SHA1
a116942df3becfc0f1c516745f0cbeb9569ec565

SHA256
17bac8b1c9ef6de1ea1b0f46fb4d7e35937f835e04f5f451b9844b8e9b9e6088

SHA512
53b2fd79f6cf1e7645d169e9ddae037736018e94276bb8ffdf04e073950310b3ffb2a1741277059be530f3d445cbdb6872fdd6db9dc2b88a4fa6aadfe4594b92

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

Filesize
2KB

MD5
15fa272abb76f9244acca9f4b3ddb776

SHA1
a334390abd07d24f9810352ac5a1e9efcaf3b4eb

SHA256
4fac223598d19320a833ceb54a73a6c0e093cdeea726a974d263f3c3ce2a544f

SHA512
2f9dbb29e994cce950f20973c5e95599235fa10e95c91a97c7de6b5f18a680d375f3749145ffafd6d622e7c3e2b2a973605d8f2af866e0bd38489f81b4e6b53b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
331B

MD5
2499e8d0cebe7a16cdceba52c5fe946c

SHA1
4fc09c4738074d1f66dd71a26f16eb79f4794bc2

SHA256
c9ac3fb8ee2f5ade82008822a5d5dffabf48d057f67b9298ca5bc27c0e2e8210

SHA512
b8b3e0e64de5431ddb590ad235917a0120b11e6becbdfc0344e8ada89343feee5f48b6340f3dc51e2ab0b50c6572aea6320b9d9c619d9c3018cee6ac34ec261d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
fea931b54f0a92181bdc017bc35e229f

SHA1
0ebfbc71b7f4d23507b85a84b6f414d84838a15e

SHA256
c35cad7eb9e004248364769b46a1d550df7dfab950afe6aa7428623ab8a78aaa

SHA512
3d79d5cc4c0353831eb60da0e8b8ac9928e6d0f5fd38e4d02d189ab258ee5a971ee3590fe2aec0267d3495fe881518baddd9af9177ef71ed64777ed28c369f27

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
6KB

MD5
27dd13b66774e7888a091aa4e6f9ca36

SHA1
3c6faa0a5fad4183928827db1ac56d0cc433650f

SHA256
ea09dfd0338b496a6e8c2a0da6d3424ce67096c9d8e7604feb2816cad29c2854

SHA512
dcd5db4b5a122de2d5e1a55d82c014e0e586bc80253c24ccfb3accd4c0adb74e90ba9d4785e21dd98560437cbd5f834999482789f8ec948a089dae96045561d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
6KB

MD5
795326ca293a790149830d61d5944f94

SHA1
2d60e3e57634a7f159c369d14e53ee352a330388

SHA256
52f7299270b3dc9563cdb8a6bfb44b02010c685fa88e0a34fe107fc1ca804833

SHA512
aabdc452df614f15f0de751ba01ef090c8d563f6b9326a17d95f9fa2bf5219424734d83d89dbd46a122824ddbab1c4d0ad3602cc75c89d6b83d641e5cf75207c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
fd7d05d609197fd645dfb1c5703698c7

SHA1
8f5c3bcd7b49f6fe87b062e59b9e70fe3fa2c62a

SHA256
00ad03337f63e021fbda64bf32808ac3af5145a4976c5ba4df61b9a487035a49

SHA512
72fec982f9b9df5f7bdf97e26b041f7c7ce026e6403fb8454c25f45abd2e3401685c722654813d12e91fb48b7a7aa385fa048f7aaf5c50b09f1e91e144c643cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
6KB

MD5
b65ddea9ff2c63f41c602620a08ca977

SHA1
7ad89bac83b4b9eebc532050227c07075d2ef5bd

SHA256
c5b993d547c15998cf67429418fc09604fa41837a4ed6c18d5599c279909958d

SHA512
bca9a45ca1e23ebc9a48d01839ddc2b6c60f25a65d3eca2dfc2b6c3ffc78d181766f68d5826ae1b051d3a2e6aea6840e668aa673655ed802c9e824b9ab67cbef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
4faa87b47a65956416db4bf1cd2e6ed6

SHA1
7a351e291039c24aff9443aada111fecfe335215

SHA256
78e4d1cbf16d84dc5c1f06c650908932bcb5b2228cc720b512b2580e1b7f2305

SHA512
d3e05d737561dce23aa73e293b83f7e2157e267c1e51464c5c6641276ab37aa1a70dc7bec7b3cdc427752c25e8987851090a989029b8ac97e6d4b464299884dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
6KB

MD5
127c229c197c3729ec1aa76e3146f83d

SHA1
a88578fd5d2189d1496fe2d5d7ffeb3740a200c3

SHA256
6d065e3853f2e2e30dbf2ae41605eeb21111edb10c3facccf4f6a964e446a0a6

SHA512
12d9b23742231c2d67cea0e86d188d904944148b44569cf833cdf9e202fbabb26946e48cd19d89a147ff0d770110b0c222114b4024aabdea4079da9a09561135

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
7KB

MD5
7fb0324883a4ee7ffc47ae76c41b465a

SHA1
2b3685a9ee41a5517bd16c5e307849c9670c8add

SHA256
66082dfa51fd383bf12f21c1258444cafeb54cb77083e6170eff039915c9d474

SHA512
bb0b53bd8b4511233a7336d78046cae00ccf5c0e669bf763f6e20e1a14dd7fa718e9aefdb173d2a4b617fb63d120d0dff78cb1c0867274b05f0af159a059e077

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
6KB

MD5
fc2594322ff475330eff55c5ba4bcdd8

SHA1
2f73d024de2b7dae5534a70948aa003109e84a57

SHA256
d2df4cf451bc6a05c68b070024230e046cbcfb41b05ae178394617b5d5a626d4

SHA512
832088c7de6d8659e8a55a5198961ecac7b631b267056d0903cdc5a28854b34cd92f550b98c8af3d807b46d35599b0ca4cfb843549cfc908e17aeaa154a70eb5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
7KB

MD5
10d48cde58f9ccdcf1f7fb1aba78c0f8

SHA1
b48bc4bd2731a660402afa6a6344de01d26d0851

SHA256
d18ef49b2a598b9e9ae6e9a0a584bf54231c2700ac112419e54d0731fb975ad6

SHA512
d8d8719d686152ad928c45c76a759e73c1e554a695c17f2f43a20a296eb0e42dac7f238ed887e640a4024ece09c982c7426fe685839bcadc5674147caf207243

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
7KB

MD5
f4342bdb5377f7e9cd358e2b4cc360e0

SHA1
fd23f80b2228b9ffefb10c9ff8ae7f99b2b3f42e

SHA256
7077a45cef1ab1badfe1a30962d072a6eb5f7d2f809119b3f834a4f1396c8aa7

SHA512
262788ae80a2253086b4d38e7633ece35280ccbb84fcec13fac4e0bff6898fbf6f519de299a932bc3314dbdf1d58456602f56a6499260b4ad04812a664cec333

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
29631238483716168fa50a37a043e749

SHA1
b56376a2b463d8113c01925515cc2383e9b5130a

SHA256
362ad89579f59e350334ee514f861243eff174f7702d05b3be5973a2eb7dc988

SHA512
1a87e736a8b96faedd1d8c0175cdd0e32fa5db7709c6f0e1774dc87dab0b5f80ad24a4575c0c56dddcc5e4eafc1b122663ff630da8cdba892921f9ce9b5b98ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
9689753ddf32fa011606ddcb8266dc4d

SHA1
d04d3113fbcfaf58d3669ca5cb693ddc69d12380

SHA256
6de5d73dc0d790ae63e231123a55dd2c99f2d7d33eaf489d7cfac757d4bbc955

SHA512
857711e0671fb87da0fd9e56e4c2e1dc2fb6611a5b12fbde81a91990130ff1dbef096d975d8a27b232e8d28e00b5f0e14b3a0070ee24516902f6636484ee8c6c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
b1c045f22df0c5c5be94d49eef7513f6

SHA1
c316cd7adc8b69dc7715f59ad8acbb3113fc2d24

SHA256
c7f6b7b03e9ce7de312feb6ad494577025a875fbd579daf7f59d8ea213059a42

SHA512
f07f2b0b112fb9fd83966d52e3c254073df04ae995f3f7e91ac22fad05ccebc223be5b8f61328bf78710bd5104a7694c88c719a60552f9bd72c22e9c76e52830

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
fbd31d46031b7597d63c8b36a9565b5a

SHA1
a33020913cec69c41ce96fbb5b7d87e8d14c18cd

SHA256
e4e7432f26ccda609e2720864a292ea64d8b251dd8729023471d9489142013a7

SHA512
8fa2a49d0350b9531f6f4be5fe0c2f6786b9ed34545817e7fb79398aa1fd031569b89000f74fe5c8c5e5fa10d0576dbc26fe742cc2441346dbef445afacac8a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
47bba9e1409f04d4dbf22bab297947b5

SHA1
57a628501b78666e203d088317df3c9055180515

SHA256
9ce39012950b41f8407ea7f136706b388cf74d418d1bf20546bd9b74dfe67b99

SHA512
92e51afb4e96ec490605c900198ab6bcec72b932c8f2555f1bf1864fc52310d3cd4ad80d8e9ac7355931ade346ad2ab07269080f7d967c65ac486cc19a76c9b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
95d1eb9113f93bd012afa83baebd3993

SHA1
63956e02a2cf1b609cb532b49849285903a489bc

SHA256
c884988f72b8fb0e4a8106971f7b11a1213f061bf8ab2bcd98cdf3bb77001331

SHA512
30131dd312c6f95d1174e57035d26c7f0a3be03711b275842406b9b4dcbda3610637bd1de6b0306230898ea619e41a03af532caf04495a97221aa32d6fb09290

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
b1e0d07b85c8666ad6acb502c5dc8684

SHA1
c479ef94c950c5553d988a5792680bac580e4460

SHA256
92ac222bf014f03521b051125775fd50e955d9266be46f2a61718d56bff45b4d

SHA512
bbd1ec902411a79985ba0d4b1c3c90489014f1a4a0d94666e7b3b8e2afef1dff7b9096dd8d726e1bb4dd0eeb4201fba8b063b6644a2e242c5e61b574c99363f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
3626a2058cd1e5d0df264a020968950f

SHA1
4d5ac247e1fdb08877729ea939627f4935344440

SHA256
1177fbdc56749cb3ca07f41b70f83c842437bd7a9d87fb3cd94d12651ac5e04a

SHA512
a9f1fe38a778a99f51be7e3802e32a6591ffeb47799f72eded71e581b06077d6809f8891ae43898e62768620b2e6663e1be62dfd05f0265439b2125d50c5ac2e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
8ffef9676e79caed87d084403065fca3

SHA1
64a7b209f8cfb1ebde0d4a33b07ea97c24536ffe

SHA256
9cd7121b144a9857f8ecbff49b229e03fa380ba5c24dfe3afa137ae91e46e7c5

SHA512
3b4b5c972d924858837fbdefd6b8d04eb3cd8ecab191183de65958cc0a5be9f1e1a207d9e5441c9980e39cfc3b8399a6ec52fcf4540b9400719b839ab3577894

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
0b6b1d52a4939ee049b3929ea9c2461a

SHA1
a2c126e38e22d97f19f0518ef0b1313f909c1a22

SHA256
9dbc5878bfd0f68b8ca6ab40722c612adab3394c6f78962f94c8f204bca5713d

SHA512
6a55e55149a9497d9b2962a6d26b5738358f14b0295e6d6e10d6f6e22ffeb95bbd28714ac0c3de61d72eea205c70da7a5a00e33822d61ada33ac872b56f3e18b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
324c15ae153dff81031a76bc82bff702

SHA1
cbcff3339f286ab84b1b46f4d96da0addeb510d2

SHA256
498677a2f91dc5d3ba873249808f89c41cf9ae93aab716c5641c043685afd48e

SHA512
4c68d4a666bf55a908acb75d2108d0916627354219e21d528d312c8be71defffcd7aaf60caa10acbfbd566fc5dba2bb1f327b8c9e44d83c9241daed4799ba955

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
4e62bdb933412d9e5d3acf1e987ad101

SHA1
1a99d80146fd8512105b494921ffacaf06f712fa

SHA256
fc72eac33576766f33dff70706b06f93fd17b8f62bb1996e3bd6a7aaa7381234

SHA512
1930eaaf5981944dd9dcafa8ac5a61f643eaf86b5a05546ce1b65ed2a9ff58c63c9bc9d2ffd077428f1ded029d8f41e259b40790d7f801ac6557ac88529b3a4a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
09383667c93b0c502cabefb1012652f8

SHA1
c2fd3e8dfdb62741a199660cd6a8074f4a53b5aa

SHA256
5c4004b6e7a734170b07fb2438ffb6c9eed5cdc778a73c0aed491eb35f7a5dad

SHA512
e19ec82b026c41641fd7098094732d6d814fb873ff227cf01a2537eb0c72651a79f994a09939aa7b9defce6d8c7c9b58f161c24ce17802d7120c9adecc48fad4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
65939800fa62c67c1a9b601bda371bd1

SHA1
9eed1f0f3f4bb72c0eb983bcfb1bc300d390e2ed

SHA256
f7cab4bfdb52184cfe9fdd7992a53fbb302bae5ab12dd22d42e4a17218bda4f4

SHA512
3bf4db2c0c1dd27995b7bb2a460287d5b0ee5d63b7e16f30eef3a289e5cc350da7d1f74ed565f6ddb029399b44c1a7871b5b6f9b3e503ad0bddb3fb0d8d966f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
eeab9bb1259ed3d8a793a0e70bb38aaa

SHA1
cfba4b09ddb05b378481fd5baf43ab975342650f

SHA256
58f3eb94a44268f5c7d6a09860dd42a8fa86717e3d28db212df5f4fcf7c3eb74

SHA512
531ae8695937197da5cf98e35058ae8cb464e2c0552b62d54dd2d4f777cff1d2af63ab9bb4f7c525e55ee2f20586a08d8d96a42a56ff0911a60d395920ea3fbd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
9a5d6c1ca04f7fc833cdead7d588a56e

SHA1
a40aeec590ea708de2898be59c8a86755f9ac356

SHA256
f93eacf8cb46a340c9ef86211505a19b848c1db12cc88e21326461c9add803d4

SHA512
c47d72a11747df4a8f43f342a422d4bbc5fd3a234a3f7a17a062e00bf50a3989838eb37dc87707d93b32eb5be67fd234536e1840014f8bc366379ad6115f76e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
67c199e354cecd336d21e7d41ff32d7d

SHA1
00a7c442df7868c51642f5625034812f6da382e6

SHA256
dea5b9de1cb98924f1e9b0bd7a094fb146336af536a32b41a8b3e52738a55002

SHA512
e6757deb8409545ed67e1434cc8731d23c5ba5944bb4e2e53533f025c9f199840ebfbfe29e09a32501bc6e33fe4882a6ea697f3b8d2d9084d841083737591ded

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\5aceba30-c4ff-4b53-938c-f521dea9a63f\index-dir\the-real-index

Filesize
624B

MD5
8f81fa11934bdb0932549c982053ee2f

SHA1
78685de3f9aa130cbfb8ace67c7690f110f5ca3c

SHA256
1c513115c17a7c543779eff54614ced288ddf0d3f97075b2592f3213df75eca4

SHA512
4195217742c978debb65f05d45d267831683f2fac76e623e3eca988b189889b4e0943ecacbd12a9bc2fb2ecae8fb1ed93e13a508be8f1cf8a2c8224821f3691c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\5aceba30-c4ff-4b53-938c-f521dea9a63f\index-dir\the-real-index~RFe6e2db7.TMP

Filesize
48B

MD5
d1f563cd13382363a78a96e8b7d88a9e

SHA1
138367ff701b769c431ad7d540ae503b52ee8cb1

SHA256
a797f8ff10af9d84a89442b7a3971f63d9d31bf1a8e54265b69d14e6e6443d6c

SHA512
1c2da7eda98bc060547ca1ec651bbb1b338bebbd43b3bc35f5c3ea1683bbf3ffe203c2f50a5b6e5a7761a8b4643a94128259439db6addc404fc58d6b002b26d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\63a803d8-e313-4179-928d-615a9e5e90b6\index-dir\the-real-index

Filesize
2KB

MD5
07b8fd21210ca20e593569bdb20802d7

SHA1
eb02981aeb3534e02c3182022da5ca6aa858f3da

SHA256
caa334aac5ff94d1cf876cd588967bd0c90425ae29c3c7418585a85e295189cd

SHA512
813bddff27fa14782869c793e26d343830e934eecc5743640e5015dca59b85b474447c1a1052c1081ad8464218ec80697fa68596389e5185818dfd29f943cd2e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\63a803d8-e313-4179-928d-615a9e5e90b6\index-dir\the-real-index

Filesize
2KB

MD5
67846e85f2a8f91326379b0c5e88fa2f

SHA1
c03fd96dcc5b72cc6dd5a1af0d393b2612aa4be5

SHA256
f2118cf98ea4a3a4041e0321761c02d1e53b6d60c7270740fddfb82b80f67d09

SHA512
2f60cb5b5d61b82bba86cb43bfe674cbfaedd5c36e809b21f9a554359e7a9496a777123304dbd688d10a0408b04de4f771dd09c0563c9d1d7eac59c34d1e150b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\63a803d8-e313-4179-928d-615a9e5e90b6\index-dir\the-real-index

Filesize
2KB

MD5
d198d9d33cabd3ab9340469f623c9d30

SHA1
523a06011d4bee3071eb1709a7d036fd6e97ae7d

SHA256
ef8d45cf62b00795dcedbef3170c9120f9181e1931e86a4e167f9c0670906f00

SHA512
78e74e20a2c5b92b24772867850432be6ab87d4505a40ea96abedcb05000053b02caad98e90e080f0cfb0717676ef7102269549d0474526ab627b01503e9b140

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\63a803d8-e313-4179-928d-615a9e5e90b6\index-dir\the-real-index

Filesize
2KB

MD5
11f4fd07ed0d05bb407d63c06c1f35a2

SHA1
40761c2cda934136cef28895ab1bfed804cdfad4

SHA256
d89c309864d6f62ef14186b1fca83cb82c9bf5b764f9a8eddd43a647259e2248

SHA512
10d4efb82d9f8642d2985ff3de9790040e28ef1037d3682afb9ab354bae3996bc566e36f8fd4106c71094811f964f9c751703f3ba3bae3631b92601e2b3180b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\63a803d8-e313-4179-928d-615a9e5e90b6\index-dir\the-real-index~RFe6e89e1.TMP

Filesize
48B

MD5
75e148fb806862d9a70814f95b6929d9

SHA1
a8883474fc3fc6e9af5744d1eee76db670b46b36

SHA256
2ccbbaef5bbcb98384507a5a777623e2c74b1043435d77d4fb2b0bb6ed024917

SHA512
fe523a89dc1f302fc01d9bdd361689e9b6f665f943f98e2b4fce5a899f6a91686031ed1b04045c8353c6f5437bf215d5682922b8824aff75675fbfe4ba5839ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
6f385d2f9db78acecf60d3dab3908093

SHA1
ca955fe2f45842680faa019e2f6a473330f03a58

SHA256
7b1ecf18d81fa4be63288b0efb79a1741976410b3212778395824a5548b7ee84

SHA512
58874d96a6276e6214f9fba2687c059a949228a886879b34043f3a16832d3e47edefab23ceb82d4f2777c640f23f1dd96193c58712be011e08553091c87cdeb3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
f81a5bd0fed10dc19b6b884cccdf2d4f

SHA1
b3d8bae8f7cf9f8b811af5fe7ee00b2cccad5f06

SHA256
a848d2c4fbbde755d330dbc114be3dc5ebe1aaf369d6442316ee5244dc30585b

SHA512
752be7e9f49a8e14bfaa533ac8dfd850032d33564fb8d46abbe55c053380000ee00abcbf888e125ac5d9540b5598ad89af9392071427a9db920c36584a8a1cfa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
155B

MD5
433acaa4babfa199118aadd5e3cf5bae

SHA1
65a420f52e8afb70e172e65bbb55e5fa6c372cc3

SHA256
264eebe6538852fc3766a8f8ced919b4458b944a0a3d70db96f3ad52e275dcca

SHA512
4dfa2e9f47ee7c0748cd1f62394aaf53f258879d1cc8cd504cbefe39f6cfca641000c73064ddb886cc97e44030f532f7e9c8b25e6166ae5d3c4916eee7241239

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
153B

MD5
0abc13e2eebeb8d970dfa1fa881115fe

SHA1
38058a587346fbe0900d5228df0c4f2c2649fb7a

SHA256
c99c6f76bd97e18bb059513ad167cb18a3975a1bffc8694bd230e751bef8bf65

SHA512
a9279d3b3d3dbd4fe0f53ab2c1a86582e41a4e35e040cd620081d8e9629921509ec0a2a39188f5c1c38ee019ea85b00b494b525302e12bab0fcdbae656f06c0c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
cbfa9506d3e5f5beac87e378ef8e6bd4

SHA1
3d2217061d9c8340a95ea8afde3f87c5f406daf0

SHA256
43468a3eafdd8c9f9bc2b488e7554065f56ce5ee6366faa1a9b7bef4ce377525

SHA512
e8781cbba39d9406c9a1ac8d8032042f66a7ae928ce47b7c5953b19cf5402e3604f0caba3251a87ff230b1d4f955c3d93717eaa4f0ba5fcd8b9a96074b587d34

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
153B

MD5
ddcbd75b502a231a8d70511c4fef7c8e

SHA1
f26977defd4d455827147516a5ded9ecea64a540

SHA256
a335f0c136849676f050dedc892859fe701577457fb9762d82969eba033e8e36

SHA512
7bc2fade8f22ebc9ee10a8f46cf04592361687057500dba0cadbe51518a01cb81c4a514f839b7b6363d2d4231f0ca218441cf2bc41a139cf36dff185a31ba32e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
153B

MD5
700d1c427d4de633d37707814773f411

SHA1
36db0bee7cb2dd170c7f606481cb29bc7a7ffd00

SHA256
1ef9956822a33f6117002879a040a48f41a7fc1e7ab132feb28dc3a03ae58a7c

SHA512
fbf7d5e4a2ef9c32c8152308523bcf5e4a5c6d1be8500db277c8cc47276e866c21485ee7ac112aed010eec46208156d00ddc6e6d555c27f035b1bec2a4952ca7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
153B

MD5
5f76153006171c9c9070a0117c6da669

SHA1
ce99d3f9249a70c4529b04c44957db64cd33e10a

SHA256
4a2e1f7703465c5ca6c1aec3f951a0a2285afd10cbbaa3e252fc4fe02d40b5f6

SHA512
67e76e4343c37cee31c3758eca44d1b9f4d5ca3192f634a5a08defeaabbfa767cbdc62732cad5027acb835ecb87b063c422715fea76535e58c4a9984a9591a21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe6dd46c.TMP

Filesize
89B

MD5
38ef3067a72fd22577d29ef5468005f1

SHA1
d40ed88377db2a2d6c2a4809db90c70712795377

SHA256
664b3f9839c0020c1fe9ea8de4b6dfe8fc2c94e8579d9932aedc715e12136237

SHA512
5b3d9b4c38973259a8437fada1390f57a76f2f54eebbcf1ae8dec68d04b28f388ca98c4506830c35ab99b3ac6853049d91473f17f626f09b6e2586139e6f941c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
a034dbef9b97e621427728291df0e688

SHA1
3e5aba4a0e54f12dafba8e9b2b20b76016ae7ce0

SHA256
89d4a4407fe2a296dd57cbebd17a2a7b3212eb844a9066cb93491d85f80ca8af

SHA512
f2f89d19acb7860d5d76c6d8effbcd26205877a2d22ca721bbe6067d0f702b9db1890e4492c73634f5dee4d462040aa9b401a9678f16610aa8e356ad073aa859

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe6e26c2.TMP

Filesize
48B

MD5
aa34ba269633bb7fe69a6a15e97f905d

SHA1
09689952840d8e7b3f6acb1673c714c6652cd3b9

SHA256
c5f9f80a530fab295d95939376dec42fc4218d2d7457aa31e85fc9732c20775e

SHA512
4a4390bfce67b265d458d17149ef540946b5c466959f1714583f7263e165fcbe4a5028456114ffca0d4a30f1699dd301ef1d70349063440184f98fd20c5e2d50

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13355774470569676

Filesize
3KB

MD5
6739e84ef98c8f7a29225e11a60adf30

SHA1
13497c456912b1acf1804c2d87d77f812fb6b9ea

SHA256
cd401b44abefb530744bfa65f702f536760dbc4f2cdb164be4d4c05ae317b938

SHA512
9cce02e8110df267826b10695272af6369346e0dcf0b0b3c8c6cdbb6f3dda8a06262f6bffbe000d925f065a83900d227339f59b04a9f108cea0c3d1ff6212782

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
172B

MD5
dcf7ac285065f02ade90bb60f9ad9d55

SHA1
74e4dcb5d33c5184f80cbdf0d49f197ec3d51076

SHA256
a26074e328c848f17718a011732e272efeda0ddca381f0e6b2c6c609d4d1dce2

SHA512
1651915dbf350ff1d7f3d137c8829210edc1c9282f634ae17eb0f7d902dd4bde2348bc87ba9c54b3b9e61fdd1d57f4aee44bcba38f57cd9b4af92218ff577061

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
350B

MD5
86e4904544f4c2b797150fb496046cfa

SHA1
93c8914646b4fc4259100dd66b48245745c3d28a

SHA256
a50982559c8f2722433ea73ab8ec0ec873682ab8f11c16dc9b0be69c192c2f28

SHA512
3d3b239ca547970ec98a7fb337c65f8668c567102b5e711f7e80be87dfdfb03d2e12686fc3ce18c93454f404597bc0d9580e411aa63700c901661421305b830c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
30fdc9ec74810a16353f05f71ce19148

SHA1
30e2e36030f8e3cd9403494d01ccb94d8410d179

SHA256
019e4a370376dd62a8ebbef7b8c326f584f9a1e95f40708d35457dec3fe74c34

SHA512
2224bf974d10044d60fc1c8d947f594ee0b1929bb5484cd0aae01d1cfb31383d4452adeb6fb2f0309046d3943a7728085b3498695c4442d59d214f8e70c2c451

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
537B

MD5
ed5e3bd58c80499f42d481056a565ab9

SHA1
435b24febcf01ad5d4dbf8c8ad797a5f52e1721b

SHA256
93bd7bdc23466440dee8bb274a40713d4570afa5e5a3256f044717725160d8a2

SHA512
7bfa80005c61631c67ddd27066b977e4e21a65cc2bcfc7165e4a3e9ae6b0bd46abfc53fe2ff89df4839af898d9375abc16c9977a5f82dd1cdf5db99c95bcf49b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
f1338819a22f304dc0a5fc3a5442adcd

SHA1
afdca161c0cac45ff8ad32f72493c165683233a2

SHA256
d5c1af5681b71ae270bf11fa7fed871439ffa183c529c26a1531cdce84795e25

SHA512
e2e75f7118e49a781c70df33b1382f5f3da032bd515a1605cbdea4be4f4f2764f1a7acd41b1275268e775fd147e76c2e370006c278402848734fc86f899f1f5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
707B

MD5
1ac515d199ec5077ee0d3ac96332cdf5

SHA1
859010ef42fcc00960bdaff5c21926ca561c183d

SHA256
aae8b0f53ac0331fc9103201d9f91ecaca8796671589e19dc49f79be9a565a06

SHA512
1b8f1b76e4ae6a07962fb42d78e81fa0ef4bc8215e03207c7dda748664506b63110aa00d4eb57a8ebdc98e50a5686f9102fb6d18ded42cb6455f3e9512709092

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b1fd879dd137c214277f3e333baf3711

SHA1
97f90df43743f55cd3cbc87155e8da66cee57b80

SHA256
c00651beeb530abacd8bc2cd2d40af0073456413ee2ec3488c39895f4cc4a423

SHA512
3ce1f82e4e83e63828623e0f88c5e33002830034df5e4fc4c1951de3514e7fadd8a34d3bb980ae24b7e2decf1e9015bff5afc55754e1e1c143103f5d424e60dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
707B

MD5
380b658687aff5289eb7c38d0032ec9a

SHA1
d4348c4da1b723eac8f829b7461b16081e8a2d62

SHA256
21594d935009ed9505b3341b08edcedac4cbc8c08843bf13617910282f72b12f

SHA512
f6ac66675e1d5f625c80dbbb00b32661a0e35f60e71303c6b573f61da3dece1d811e3f587b657c7e65492de8b405d23ff211e571153250da32372273b7c6cd4b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe602f90.TMP

Filesize
539B

MD5
c74534fe89263764a454d403c9b725af

SHA1
cdb824ec45a5c73288d5bc56f625e8f44a4f3c26

SHA256
b0349f418f1ff3e8a53ca58cdaac50ca99373e3f163cbd840a88de6db91d002b

SHA512
ab628b033e6c217b321e484016fb8c3f7d00e53828bd3d134a8084d3283e871c7ebe4d31b1182c44d930c5eba081fe202e6547a7304f4a5bdff38c449e8f7bfd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
9aea16e09e49d7091733fe87ac8e55fa

SHA1
5ba116329e905239e3a9533368160cd1f3318b12

SHA256
7a0386b2c5dab72f1ab1166a07c3bdd8c9f0a2ae006897f93a8dda4ea6a4692d

SHA512
ba38c81b73979c169c7a09a911069a6833112301d8c74f0fc42cc4ca7e81720f4e7a2fd0da052bd833d5fa20e6c886f3ff283663f6b800c143f94560d05dfdaf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
72KB

MD5
0d3e003428d9edba4b072e2a5fa15158

SHA1
831c2e86e6a0ba62f1fea2aaa15facbffd01a097

SHA256
b06720f4672c7707238e8bc6e44ff4565d27858eb9b33c4ad6825b45c4ca3b80

SHA512
359655c2f2206bf37bc4ed01b59b88d0548448adc45d8dcdea7f89eef9675be5efd42211bde20c15f79c0e2dba92602d40f3669380d9de08ee5dc2659b6d5b83

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
b29bcf9cd0e55f93000b4bb265a9810b

SHA1
e662b8c98bd5eced29495dbe2a8f1930e3f714b8

SHA256
f53ab2877a33ef4dbde62f23f0cbfb572924a80a3921f47fc080d680107064b4

SHA512
e15f515e4177d38d6bb83a939a0a8f901ce64dffe45e635063161497d527fbddaf2b1261195fde90b72b4c3e64ac0a0500003faceffcc749471733c9e83eb011

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
f709522f45e20b749d3a8698d56545c9

SHA1
1b4bf9b49dc99738482dd5cb327b3289289ec881

SHA256
53f044fa79bd72036f6e1410257e29eb6c1b87bf5d3a0604f54a3f37d65eb032

SHA512
a37d1aab18c8ab1f0326f1e2c57227929fefb1916cc1ec2846bcd6523f55d207392f605c85d2de5fc234c23ad3b3500ca253ce6d09be3262aec6dce1b33617cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
93bb7662dd8cb9ba1ac80d17b60ae1ae

SHA1
0c9933af459a00d23abd5f431d00cfe799217c92

SHA256
92369c66f1e3cad5c33a25e6e8c90c39659e3a64d7085ab9e39a62c11a0f9e96

SHA512
6831fae1039246accd8c612b4775bfd81640d8c0b967ce6328873becb8ee0aae87355a2476b7479ebffa7b6de33a51de959f502fbc41814ad3f1253a771f313b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
7ce626670c7998b975697d7b30c9c506

SHA1
0667c08e29fffeeef85202bf6b2f3a6dbb43de52

SHA256
b924115af01deeebb2f359b1eaa20490b32210c45a80fb37901c407cc0ea4e39

SHA512
e9e1a3255745c70e87eff048c98c0e0fe7bd854aa4dee31835cc6aa2fd715543b10508c7835cfd9737cc086444e44427a280d0aae64db2f7f7bac01165943a12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
83fdf602014a4d5700f2c9d4cc1b38c4

SHA1
6ee157b2a2160e1c2da5719883f8077b09bda7d0

SHA256
9487af6a63f133de6f7b9fcfb13465e466dd258ac310d1d7ee832bfe8f7dcb26

SHA512
52ac51229db50d75987b940a05c3f3d3521435b72515c002bddfe0da5e0671f84cc39659c2b5f98b8facda2cb023f5bd0b54f6351c709cc2df5af6277c7afcfa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
6d34e754d33e7f7a75a2c12ad217f9a3

SHA1
21df11cda14e56202f5463e46c8ee05f78247082

SHA256
f7ad0b5c8ce4d1e24dc69bd639ef40bd4896dbccfdd919362d63d7a8f2fbe944

SHA512
53645e50d23918a6ebde016186ff72b8ab4d008d380998eba1d7b6cc4c64b85014054f35da4e28e47e72be6ed19e5c1d021744333426d1716ba9b9fce86a02fc

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp134B.tmp

Filesize
1KB

MD5
677cede94073e4a5f61696a0f075ffb9

SHA1
44c4a8d9192f0c419e0f0102a3d3b9345d5580aa

SHA256
5c310071bf82cefb6d2e1235feac27a4b6a5899bf594c013e58a767e9653d26d

SHA512
620ecdc1b1a127010c23a680da03015b2c179531782694acacc9daea82bf885ca4dc3b544029af1be6d27cfd68feff9f56fd9d3dae5fb05093ce15446032cfdc

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp5B8D.tmp

Filesize
1KB

MD5
afb3de9c9257d84b80ae19eed399ff00

SHA1
fd59a58bcdf9c4623210a88dd931ca06364f1902

SHA256
c72543cc3e18540ec4eb5062524f83cde84368fe720ce30d1042f8ae81a5b76b

SHA512
ad40e43a99cc2ebe52501479749276fbe204596f3f8a3864f26206ea09d16c20bcd97208d3132ddd1b739e0b7d69a19f90db6c24372f4f24142be0c8fb67c04d

Download Submit
C:\Users\Admin\AppData\Local\Temp\ucj4t0ue.ha1

Filesize
116KB

MD5
4e2922249bf476fb3067795f2fa5e794

SHA1
d2db6b2759d9e650ae031eb62247d457ccaa57d2

SHA256
c2c17166e7468877d1e80822f8a5f35a7700ac0b68f3b369a1f4154ae4f811e1

SHA512
8e5e12daf11f9f6e73fb30f563c8f2a64bbc7bb9deffe4969e23081ec1c4073cdf6c74e8dbcc65a271142083ad8312ec7d59505c90e718a5228d369f4240e1da

Download Submit
C:\Users\Admin\AppData\Local\Temp\vkv0zrfn.r2i

Filesize
148KB

MD5
90a1d4b55edf36fa8b4cc6974ed7d4c4

SHA1
aba1b8d0e05421e7df5982899f626211c3c4b5c1

SHA256
7cf3e9e8619904e72ea6608cc43e9b6c9f8aa2af02476f60c2b3daf33075981c

SHA512
ea0838be754e1258c230111900c5937d2b0788f90bbf7c5f82b2ceda7868e50afb86c301f313267eaa912778da45755560b5434885521bf915967a7863922ae2

Download Submit
C:\Users\Admin\AppData\Roaming\XenoManager\frowning_tool build 1.3.exe

Filesize
156KB

MD5
ac0419c1af343890250f5fca61517f9d

SHA1
d9a2685fbc661003b35b18bde3aa8a71e6a8d888

SHA256
98c5b5e5f167fd7ba7a18652c83cbd8d2dfaf52e1dcbcd91853ef9a259042ab0

SHA512
2b6bbe49d57efb14082d1d1bcf23645c3e0ccfbc5f69cc2c6d9df30ef1144b246b93e4ce8d6663afa7ee9ccb4307f52bcf9c37fe212c450846824ce6c7a1a6b1

Download Submit
C:\Users\Public\Desktop\Acrobat Reader DC.lnk

Filesize
2KB

MD5
7fdda83cf01ee93d1d92f4518d05aca1

SHA1
658fa399c1e5c713c056e3c4ccb9a66b5a947215

SHA256
11b994eb2572d93df0eb061e549015b14d7b52d75fcebfb9ea7d48fd7debc532

SHA512
abe2e8f437f08448bf27d9b4c681b2d3c31424e3bc14845c7f06c876ecc80b097cb7528076558a921f7e4ea23668b0b17eaf99ca846d0bc3b6752e48564becba

Download Submit
C:\Users\Public\Desktop\Firefox.lnk

Filesize
1000B

MD5
b88e568112ba70ba71e14f0a74746ef1

SHA1
1ce75c63fb91178377633f4a0e4d13234049af07

SHA256
0494d50db0617bf649d8fc42cbfe1e9ca925783d9f2646a80f28c74acc85d16c

SHA512
db97ddfea8fc82479655310586fc3c08e8d9ecadefcc1e77a33a80a45380de6ae33f32d5aea1b9b154704d9300fb860e837cbd9c57e2267410038a875b897e64

Download Submit
C:\Users\Public\Desktop\Google Chrome.lnk

Filesize
2KB

MD5
a61e130824723561d705b61be064afbf

SHA1
c22faa4fbf041ca192b4a517f834d1661aa9d488

SHA256
1def505cd797b45bb6c1eae60a3f4ff5b505bd63623653fc1b05fc7e1ba19663

SHA512
65074fc23ff046454233cdedabedb355e5bf969520f1e2ebb0d889066b446da9ad51cb411d41524d4671a72c52967fba00f94c3fbb80e228a3589b6735602632

Download Submit
C:\Users\Public\Desktop\VLC media player.lnk

Filesize
923B

MD5
a7e134aed6e8d69dce2f18228b00eb32

SHA1
3d04f47a302f4f315cc0d85152e443446c927cf9

SHA256
a7196280673c0fb8c6ac759e1864e7e2a04825ff76cd413eecb0d4c3871106ff

SHA512
13cd69f7cd142a695af0f450cf5203dbb31fa52991233f7a373a2f11e9bf82fd856f46446cb5f7b52cb51420c027450408b152449c7b7575f6e35881ad713d78

Download Submit
memory/912-93-0x00000000743B0000-0x0000000074B61000-memory.dmp

Filesize
7.7MB

Download
memory/912-2241-0x00000000743B0000-0x0000000074B61000-memory.dmp

Filesize
7.7MB

Download
memory/912-94-0x0000000004B60000-0x0000000004B70000-memory.dmp

Filesize
64KB

Download
memory/912-99-0x00000000743B0000-0x0000000074B61000-memory.dmp

Filesize
7.7MB

Download
memory/912-101-0x0000000004B60000-0x0000000004B70000-memory.dmp

Filesize
64KB

Download
memory/1652-23-0x0000000005E80000-0x0000000005EF6000-memory.dmp

Filesize
472KB

Download
memory/1652-20-0x0000000005940000-0x00000000059A6000-memory.dmp

Filesize
408KB

Download
memory/1652-91-0x0000000074310000-0x0000000074AC1000-memory.dmp

Filesize
7.7MB

Download
memory/1652-16-0x0000000074310000-0x0000000074AC1000-memory.dmp

Filesize
7.7MB

Download
memory/1652-17-0x0000000004FE0000-0x0000000004FF0000-memory.dmp

Filesize
64KB

Download
memory/1652-21-0x0000000005D00000-0x0000000005DFC000-memory.dmp

Filesize
1008KB

Download
memory/1652-22-0x0000000005FD0000-0x0000000006192000-memory.dmp

Filesize
1.8MB

Download
memory/1652-24-0x0000000005F00000-0x0000000005F50000-memory.dmp

Filesize
320KB

Download
memory/1652-25-0x00000000066D0000-0x0000000006BFC000-memory.dmp

Filesize
5.2MB

Download
memory/1652-26-0x00000000061F0000-0x000000000620E000-memory.dmp

Filesize
120KB

Download
memory/1652-28-0x0000000006430000-0x00000000064CC000-memory.dmp

Filesize
624KB

Download
memory/1652-55-0x0000000074310000-0x0000000074AC1000-memory.dmp

Filesize
7.7MB

Download
memory/1652-56-0x0000000004FE0000-0x0000000004FF0000-memory.dmp

Filesize
64KB

Download
memory/2796-95-0x0000000074310000-0x0000000074AC1000-memory.dmp

Filesize
7.7MB

Download
memory/2796-88-0x0000000074310000-0x0000000074AC1000-memory.dmp

Filesize
7.7MB

Download
memory/3412-132-0x00000000743B0000-0x0000000074B61000-memory.dmp

Filesize
7.7MB

Download
memory/3412-134-0x00000000743B0000-0x0000000074B61000-memory.dmp

Filesize
7.7MB

Download
memory/3656-76-0x0000000074310000-0x0000000074AC1000-memory.dmp

Filesize
7.7MB

Download
memory/3656-87-0x0000000074310000-0x0000000074AC1000-memory.dmp

Filesize
7.7MB

Download
memory/4524-69-0x0000021897860000-0x0000021897861000-memory.dmp

Filesize
4KB

Download
memory/4524-71-0x0000021897860000-0x0000021897861000-memory.dmp

Filesize
4KB

Download
memory/4524-72-0x0000021897860000-0x0000021897861000-memory.dmp

Filesize
4KB

Download
memory/4524-61-0x0000021897860000-0x0000021897861000-memory.dmp

Filesize
4KB

Download
memory/4524-70-0x0000021897860000-0x0000021897861000-memory.dmp

Filesize
4KB

Download
memory/4524-62-0x0000021897860000-0x0000021897861000-memory.dmp

Filesize
4KB

Download
memory/4524-67-0x0000021897860000-0x0000021897861000-memory.dmp

Filesize
4KB

Download
memory/4524-63-0x0000021897860000-0x0000021897861000-memory.dmp

Filesize
4KB

Download
memory/4524-68-0x0000021897860000-0x0000021897861000-memory.dmp

Filesize
4KB

Download
memory/4524-73-0x0000021897860000-0x0000021897861000-memory.dmp

Filesize
4KB

Download
memory/4632-133-0x00000000743B0000-0x0000000074B61000-memory.dmp

Filesize
7.7MB

Download
memory/4632-130-0x00000000743B0000-0x0000000074B61000-memory.dmp

Filesize
7.7MB

Download
memory/4760-15-0x0000000074310000-0x0000000074AC1000-memory.dmp

Filesize
7.7MB

Download
memory/4760-0-0x0000000000790000-0x00000000007BE000-memory.dmp

Filesize
184KB

Download
memory/4760-1-0x0000000074310000-0x0000000074AC1000-memory.dmp

Filesize
7.7MB

Download
memory/4892-197-0x00000000743B0000-0x0000000074B61000-memory.dmp

Filesize
7.7MB

Download
memory/4892-136-0x00000000743B0000-0x0000000074B61000-memory.dmp

Filesize
7.7MB

Download
memory/5024-98-0x0000000074310000-0x0000000074AC1000-memory.dmp

Filesize
7.7MB

Download
memory/5024-90-0x0000000074310000-0x0000000074AC1000-memory.dmp

Filesize
7.7MB

Download