chaos | 0c959b40d661215b2d4cc720c2aaa5485adc9698ab2b7accf275c674fb8c32aa

Resubmissions

Analysis

max time kernel
1799s
max time network
1801s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
29/03/2024, 19:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

HelpMe.miobject
Size

15KB
MD5

89be17d8e6296b2fda026040939ae36f
SHA1

bc1b258aa095def48ffde9ce7590dc3d62759e03
SHA256

0c959b40d661215b2d4cc720c2aaa5485adc9698ab2b7accf275c674fb8c32aa
SHA512

0f55e7f8f7b324b9ee152f3901063c3db3266cbd68f218db38114bc06969e2dbe5d07e93d3cc4e975f859406a9820ab7b53a8f68faf4decf2dfcbcfc1a832d75
SSDEEP

384:5VJyIdBgew5k2cowqNM+aRgmbKC9NBBV4ocS:5jvdBjwhi92IPsY

Score

10^/10

chaos wannacry zgrat adware bootkit discovery evasion persistence ransomware rat spyware stealer trojan worm

Malware Config

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]

Family

wannacry

Ransom Note

Q: What's wrong with my files? A: Ooops, your important files are encrypted. It means you will not be able to access them anymore until they are decrypted. If you follow our instructions, we guarantee that you can decrypt all your files quickly and safely! Let's start decrypting! Q: What do I do? A: First, you need to pay service fees for the decryption. Please send $300 worth of bitcoin to this bitcoin address: 13AM4VW2dhxYgXeQepoHkHSQuy6NgaEb94 Next, please find an application file named "@[email protected]". It is the decrypt software. Run and follow the instructions! (You may need to disable your antivirus for a while.) Q: How can I trust? A: Don't worry about decryption. We will decrypt your files surely because nobody will trust us if we cheat users. * If you need our assistance, send a message by clicking <Contact Us> on the decryptor window. �

Wallets

13AM4VW2dhxYgXeQepoHkHSQuy6NgaEb94

Signatures

Chaos
Ransomware family first seen in June 2021.
ransomware chaos

Chaos Ransomware 1 IoCs

resource	yara_rule
behavioral1/files/0x0007000000025a9c-28312.dat	family_chaos

Detect ZGRat V1 1 IoCs

resource	yara_rule
behavioral1/files/0x000700000002414f-11689.dat	family_zgrat_v1

Wannacry
WannaCry is a ransomware cryptoworm.
ransomware worm wannacry
ZGRat
ZGRat is remote access trojan written in C#.
rat zgrat
Deletes shadow copies 2 TTPs
Ransomware often targets backup files to inhibit system recovery.
ransomware

File Deletion
T1070.004

Inhibit System Recovery
T1490
Contacts a large (590) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Discovery
T1046
Downloads MZ/PE file

Drops file in Drivers directory 4 IoCs

description	ioc	Process
File created	C:\Windows\system32\drivers\kwatch64.sys	driver64.exe
File opened for modification	C:\Windows\system32\drivers\kwatch64.sys	driver64.exe
File created	C:\Windows\system32\drivers\KAVBootC64.sys	bcinstall64.exe
File opened for modification	C:\Windows\system32\drivers\KAVBootC64.sys	bcinstall64.exe

Modifies Installed Components in the registry 2 TTPs 7 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\Version = "43,0,0,0"	setup.exe
Key created	\REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components	setup.exe
Key created	\REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\ = "Microsoft Edge"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\StubPath = "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\123.0.2420.65\\Installer\\setup.exe\" --configure-user-settings --verbose-logging --system-level --msedge --channel=stable"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\Localized Name = "Microsoft Edge"	setup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9459C573-B17A-45AE-9F64-1857B5D58CEE}\IsInstalled = "1"	setup.exe

Sets file execution options in registry 2 TTPs 52 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Key deleted	\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\NGEN.EXE	kavsetup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MSFEEDSSYNC.EXE	kavsetup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe	MicrosoftEdgeUpdate.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\SELFCERT.EXE	kavsetup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\IE4UINIT.EXE	kavsetup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MSOASB.EXE	kavsetup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MSQRY32.EXE	kavsetup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\ACRORD32INFO.EXE	kavsetup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\IELOWUTIL.EXE	kavsetup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\SYSTEMSETTINGS.EXE	kavsetup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\ACRORD32.EXE	kavsetup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\PRESENTATIONHOST.EXE	kavsetup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\SPOOLSV.EXE	kavsetup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MSHTA.EXE	kavsetup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MSOADFSB.EXE	kavsetup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MSOSREC.EXE	kavsetup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MSOXMLED.EXE	kavsetup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\ONENOTEM.EXE	kavsetup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\WINWORD.EXE	kavsetup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\CLVIEW.EXE	kavsetup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MSCORSVW.EXE	kavsetup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\POWERPNT.EXE	kavsetup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\SPLWOW64.EXE	kavsetup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\EXTEXPORT.EXE	kavsetup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\IEXPLORE.EXE	kavsetup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MRT.EXE	kavsetup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MSOHTMED.EXE	kavsetup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\PRINTDIALOG.EXE	kavsetup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GOOGLEUPDATE.EXE	kavsetup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\SETLANG.EXE	kavsetup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe\DisableExceptionChainValidation = "0"	MicrosoftEdgeUpdate.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\EXCELCNV.EXE	kavsetup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\RDRSERVICESUPDATER.EXE	kavsetup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options	MicrosoftEdgeUpdate.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\ONENOTE.EXE	kavsetup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\PRINTISOLATIONHOST.EXE	kavsetup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe	MicrosoftEdgeUpdate.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\ORGCHART.EXE	kavsetup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MICROSOFTEDGEUPDATE.EXE	kavsetup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\RDRCEF.EXE	kavsetup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options	kavsetup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\IEINSTAL.EXE	kavsetup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MSOSYNC.EXE	kavsetup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\NGENTASK.EXE	kavsetup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\RUNTIMEBROKER.EXE	kavsetup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\SVCHOST.EXE	kavsetup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\WORDCONV.EXE	kavsetup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe\DisableExceptionChainValidation = "0"	MicrosoftEdgeUpdate.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GRAPH.EXE	kavsetup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\IEUNATT.EXE	kavsetup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\SDXHELPER.EXE	kavsetup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\EXCEL.EXE	kavsetup.exe

Checks computer location settings 2 TTPs 7 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Control Panel\International\Geo\Nation	rcpg_direct-sysweb.tmp
Key value queried	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Control Panel\International\Geo\Nation	rcpg_direct-sysweb.tmp
Key value queried	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Control Panel\International\Geo\Nation	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Control Panel\International\Geo\Nation	msedge.exe
Key value queried	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Control Panel\International\Geo\Nation	msedge.exe
Key value queried	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Control Panel\International\Geo\Nation	msedge.exe
Key value queried	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Control Panel\International\Geo\Nation	msedge.exe

Drops startup file 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\~SD380E.tmp	ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\~SD3815.tmp	ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe

Executes dropped EXE 64 IoCs

pid	Process
892	taskdl.exe
2388	@[email protected]
5312	@[email protected]
4396	taskhsvc.exe
1792	@[email protected]
4608	taskdl.exe
5308	taskse.exe
5868	@[email protected]
2992	taskdl.exe
4516	taskse.exe
2548	@[email protected]
5288	taskdl.exe
5688	taskse.exe
4128	@[email protected]
1640	taskse.exe
1148	@[email protected]
5096	taskdl.exe
2240	taskse.exe
4604	@[email protected]
6016	taskdl.exe
3580	taskse.exe
4984	@[email protected]
4784	taskdl.exe
868	taskse.exe
5944	@[email protected]
5756	taskdl.exe
4812	taskse.exe
4956	@[email protected]
3836	taskdl.exe
1168	KAV100720_ENU_DOWN_331020_10.EXE
4840	kavsetup.exe
7256	kupdata.exe
6336	setupwiz.exe
7076	scomregsvrv8.exe
7176	taskse.exe
7204	@[email protected]
7124	scomregsvrv8.exe
7364	scomregsvrv8.exe
7368	taskdl.exe
7568	kxeserv.exe
7804	scomregsvrv8.exe
7812	scomregsvrv8.exe
7648	upsvc.exe
6620	kavlog2.exe
7928	kxetray.exe
8040	kxetray.exe
6384	kxeserv.exe
6584	upsvc.exe
6604	upsvc.exe
7228	scomregsvrv8.exe
7032	scomregsvrv8.exe
7144	scomregsvrv8.exe
5800	scomregsvrv8.exe
2852	scomregsvrv8.exe
7520	scomregsvrv8.exe
7576	scomregsvrv8.exe
7432	scomregsvrv8.exe
7772	scomregsvrv8.exe
7828	scomregsvrv8.exe
7852	scomregsvrv8.exe
4916	kdevmgr.exe
8168	driver64.exe
7992	bcinstall64.exe
1420	kxescore.exe

Loads dropped DLL 64 IoCs

pid	Process
4396	taskhsvc.exe
4396	taskhsvc.exe
4396	taskhsvc.exe
4396	taskhsvc.exe
4396	taskhsvc.exe
4396	taskhsvc.exe
4396	taskhsvc.exe
4396	taskhsvc.exe
4840	kavsetup.exe
4840	kavsetup.exe
4840	kavsetup.exe
4840	kavsetup.exe
4840	kavsetup.exe
4840	kavsetup.exe
4840	kavsetup.exe
4840	kavsetup.exe
4840	kavsetup.exe
4840	kavsetup.exe
4840	kavsetup.exe
4840	kavsetup.exe
4840	kavsetup.exe
4840	kavsetup.exe
4840	kavsetup.exe
4840	kavsetup.exe
4840	kavsetup.exe
4840	kavsetup.exe
4840	kavsetup.exe
4840	kavsetup.exe
4840	kavsetup.exe
4840	kavsetup.exe
4840	kavsetup.exe
4840	kavsetup.exe
4840	kavsetup.exe
4840	kavsetup.exe
4840	kavsetup.exe
4840	kavsetup.exe
4840	kavsetup.exe
4840	kavsetup.exe
4840	kavsetup.exe
4840	kavsetup.exe
4840	kavsetup.exe
4840	kavsetup.exe
4840	kavsetup.exe
4840	kavsetup.exe
4840	kavsetup.exe
4840	kavsetup.exe
4840	kavsetup.exe
4840	kavsetup.exe
4840	kavsetup.exe
4840	kavsetup.exe
7256	kupdata.exe
4840	kavsetup.exe
4840	kavsetup.exe
4840	kavsetup.exe
4840	kavsetup.exe
4840	kavsetup.exe
4840	kavsetup.exe
4840	kavsetup.exe
4840	kavsetup.exe
4840	kavsetup.exe
4840	kavsetup.exe
4840	kavsetup.exe
4840	kavsetup.exe
4840	kavsetup.exe

Modifies file permissions 1 TTPs 1 IoCs

discovery

File and Directory Permissions Modification

T1222

pid	Process
3780	icacls.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Registers COM server for autorun 1 TTPs 64 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.27\\psmachine_64.dll"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\INPROCSERVER32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C54F392B-CBA7-4F57-AE2E-DDCE3A1A801F}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.27\\psmachine_64.dll"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{DDEA5705-1BB0-4C03-AC1E-8FF9716A0D51}\InprocServer32\ = "C:\\Program Files (x86)\\Kingsoft\\Kingsoft Internet Security\\kavmenu64.dll"	setup64.dat
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C54F392B-CBA7-4F57-AE2E-DDCE3A1A801F}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.27\\psmachine_64.dll"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4A749F25-A9E2-4CBE-9859-CF7B15255E14}\LocalServer32\ = "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\123.0.2420.65\\notification_click_helper.exe\""	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4A749F25-A9E2-4CBE-9859-CF7B15255E14}\LocalServer32\ServerExecutable = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\123.0.2420.65\\notification_click_helper.exe"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C54F392B-CBA7-4F57-AE2E-DDCE3A1A801F}\InProcServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C54F392B-CBA7-4F57-AE2E-DDCE3A1A801F}\InProcServer32\ThreadingModel = "Both"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{628ACE20-B77A-456F-A88D-547DB6CEEDD5}\LocalServer32	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B54934CD-71A6-4698-BDC2-AFEA5B86504C}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\123.0.2420.65\\EBWebView\\x64\\EmbeddedBrowserWebView.dll"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{628ACE20-B77A-456F-A88D-547DB6CEEDD5}\LocalServer32\ = "\"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\123.0.2420.65\\notification_helper.exe\""	setup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\INPROCSERVER32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C54F392B-CBA7-4F57-AE2E-DDCE3A1A801F}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.27\\psmachine_64.dll"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B54934CD-71A6-4698-BDC2-AFEA5B86504C}\InprocServer32\ThreadingModel = "Apartment"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\INPROCSERVER32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.27\\psmachine_64.dll"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C54F392B-CBA7-4F57-AE2E-DDCE3A1A801F}\InProcServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\InprocServer32\ThreadingModel = "Apartment"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C54F392B-CBA7-4F57-AE2E-DDCE3A1A801F}\InProcServer32\ThreadingModel = "Both"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{628ACE20-B77A-456F-A88D-547DB6CEEDD5}\LocalServer32\ServerExecutable = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\123.0.2420.65\\notification_helper.exe"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{DDEA5705-1BB0-4C03-AC1E-8FF9716A0D51}\InprocServer32	setup64.dat
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\Software\Classes\CLSID\{4A749F25-A9E2-4CBE-9859-CF7B15255E14}\LocalServer32	setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\CLSID\{B54934CD-71A6-4698-BDC2-AFEA5B86504C}\InprocServer32	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{DDEA5705-1BB0-4C03-AC1E-8FF9716A0D51}\InprocServer32\ThreadingModel = "Apartment"	setup64.dat
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ThreadingModel = "Both"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\InprocServer32\	setup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ThreadingModel = "Both"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.27\\psmachine_64.dll"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C54F392B-CBA7-4F57-AE2E-DDCE3A1A801F}\InProcServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{C54F392B-CBA7-4F57-AE2E-DDCE3A1A801F}\InProcServer32\ThreadingModel = "Both"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ThreadingModel = "Both"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.27\\psmachine_64.dll"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.27\\psmachine_64.dll"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2F5CB38-265F-4A02-9D1E-F25B664968AB}\InprocServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ThreadingModel = "Both"	MicrosoftEdgeUpdateComRegisterShell64.exe

Adds Run key to start application 2 TTPs 3 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\lpbyrzvsckxo497 = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\Temp1_Ransomware.WannaCry.zip\\tasksche.exe\""	reg.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\kxesc = "\"C:\\Program Files (x86)\\Common Files\\Kingsoft\\kiscommon\\kxetray.exe\" -autorun"	setupwiz.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\!BCILauncher = "\"C:\\Windows\\Temp\\MUBSTemp\\BCILauncher.EXE\" bgaupmi=10FADDED74334DA298B920D38EA70B04"	BGAUpdate.exe

Checks for any installed AV software in registry 1 TTPs 5 IoCs

Security Software Discovery

T1518.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\AntiVir PersonalEdition Classic	kavsetup.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\AntiVir PersonalEdition Premium	kavsetup.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Eset\Nod\CurrentVersion\Info	kavsetup.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\AntiVir Desktop	kavsetup.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Premium Security Suite	kavsetup.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Checks whether UAC is enabled 1 TTPs 2 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	msedge.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	RobloxPlayerInstaller.exe

Drops desktop.ini file(s) 5 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Kingsoft\Kingsoft Internet Security\Desktop.ini	kavsetup.exe
File opened for modification	C:\KRECYCLE\Desktop.ini	kavsetup.exe
File created	C:\Program Files (x86)\Kingsoft\Kingsoft Internet Security\desktop.ini	kavsetup.exe
File created	C:\KRECYCLE\desktop.ini	kavsetup.exe
File opened for modification	C:\KRECYCLE\desktop.ini	kavsetup.exe

Installs/modifies Browser Helper Object 2 TTPs 8 IoCs

BHOs are DLL modules which act as plugins for Internet Explorer.

stealer adware

Modify Registry

T1112

Browser Extensions

T1176

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\NoExplorer = "1"	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ = "IEToEdge BHO"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\ = "IEToEdge BHO"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}\NoExplorer = "1"	setup.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 5 IoCs

Web Service

T1102

flow	ioc
3347	raw.githubusercontent.com
101	raw.githubusercontent.com
103	raw.githubusercontent.com
114	raw.githubusercontent.com
3324	raw.githubusercontent.com

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	kxesapp.exe

Checks system information in the registry 2 TTPs 32 IoCs

System information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe

Drops file in System32 directory 10 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5	kislive.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\update[1].htm	kislive.exe
File opened for modification	C:\Windows\system32\roboot64.exe	rcpg_direct-sysweb.tmp
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Edge.lnk	setup.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5	kislive.exe
File created	C:\Windows\system32\roboot64.exe	rcpg_direct-sysweb.tmp
File opened for modification	C:\Windows\SysWOW64\config\KAVEventLog.EVT	kavlog2.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Kingsoft\KavRep\kavrep_access	kxescore.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE	kislive.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCookies	kislive.exe

Sets desktop wallpaper using registry 2 TTPs 2 IoCs

ransomware

Defacement

T1491

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\@[email protected]"	@[email protected]
Set value (str)	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\@[email protected]"	ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe

Suspicious use of NtCreateThreadExHideFromDebugger 4 IoCs

pid	Process
19660	RobloxPlayerBeta.exe
21020	RobloxPlayerBeta.exe
3556	RobloxPlayerBeta.exe
24628	RobloxPlayerBeta.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 64 IoCs

pid	Process
19660	RobloxPlayerBeta.exe
19660	RobloxPlayerBeta.exe
19660	RobloxPlayerBeta.exe
19660	RobloxPlayerBeta.exe
19660	RobloxPlayerBeta.exe
19660	RobloxPlayerBeta.exe
19660	RobloxPlayerBeta.exe
19660	RobloxPlayerBeta.exe
19660	RobloxPlayerBeta.exe
19660	RobloxPlayerBeta.exe
19660	RobloxPlayerBeta.exe
19660	RobloxPlayerBeta.exe
19660	RobloxPlayerBeta.exe
19660	RobloxPlayerBeta.exe
19660	RobloxPlayerBeta.exe
19660	RobloxPlayerBeta.exe
19660	RobloxPlayerBeta.exe
19660	RobloxPlayerBeta.exe
21020	RobloxPlayerBeta.exe
21020	RobloxPlayerBeta.exe
21020	RobloxPlayerBeta.exe
21020	RobloxPlayerBeta.exe
21020	RobloxPlayerBeta.exe
21020	RobloxPlayerBeta.exe
21020	RobloxPlayerBeta.exe
21020	RobloxPlayerBeta.exe
21020	RobloxPlayerBeta.exe
21020	RobloxPlayerBeta.exe
21020	RobloxPlayerBeta.exe
21020	RobloxPlayerBeta.exe
21020	RobloxPlayerBeta.exe
21020	RobloxPlayerBeta.exe
21020	RobloxPlayerBeta.exe
21020	RobloxPlayerBeta.exe
21020	RobloxPlayerBeta.exe
21020	RobloxPlayerBeta.exe
19660	RobloxPlayerBeta.exe
19660	RobloxPlayerBeta.exe
19660	RobloxPlayerBeta.exe
3556	RobloxPlayerBeta.exe
3556	RobloxPlayerBeta.exe
3556	RobloxPlayerBeta.exe
3556	RobloxPlayerBeta.exe
3556	RobloxPlayerBeta.exe
3556	RobloxPlayerBeta.exe
3556	RobloxPlayerBeta.exe
3556	RobloxPlayerBeta.exe
3556	RobloxPlayerBeta.exe
3556	RobloxPlayerBeta.exe
3556	RobloxPlayerBeta.exe
3556	RobloxPlayerBeta.exe
3556	RobloxPlayerBeta.exe
3556	RobloxPlayerBeta.exe
3556	RobloxPlayerBeta.exe
3556	RobloxPlayerBeta.exe
3556	RobloxPlayerBeta.exe
3556	RobloxPlayerBeta.exe
24628	RobloxPlayerBeta.exe
24628	RobloxPlayerBeta.exe
24628	RobloxPlayerBeta.exe
24628	RobloxPlayerBeta.exe
24628	RobloxPlayerBeta.exe
24628	RobloxPlayerBeta.exe
24628	RobloxPlayerBeta.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Common Files\Kingsoft\kiscommon\lang\enu\theme1\popo\common_pop.html	kavsetup.exe
File created	C:\Program Files (x86)\RegClean Pro\is-5NVT4.tmp	rcpg_direct-sysweb.tmp
File created	C:\Program Files (x86)\RegClean Pro\RCPNotifier_log.txt	rcpnotifier.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\content\textures\AnimationEditor\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\content\textures\StudioToolbox\AssetPreview\ReadyforSale.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\content\textures\ui\InspectMenu\selection_rounded.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\content\avatar\compositing\CompositExtraSlot4.mesh	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\content\textures\AvatarImporter\icon_AvatarImporter.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Common Files\Kingsoft\kiscommon\lang\enu\theme1\popo\images\red_right02.gif	kavsetup.exe
File created	C:\Program Files (x86)\Kingsoft\Kingsoft Internet Security\ressrc\enu\theme1\kavweb\images\main\keyarea_normal.gif	kavsetup.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\content\textures\ui\Controls\backspace.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\content\avatar\defaultShirt.rbxm	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\content\textures\ui\Chat\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\123.0.2420.65\Locales\hi.pak	setup.exe
File created	C:\Program Files (x86)\Common Files\Kingsoft\kiscommon\lang\enu\theme1\app_config\kxeppwiz\scene32_net.xml	kavsetup.exe
File opened for modification	C:\Program Files (x86)\RegClean Pro\api-ms-win-crt-multibyte-l1-1-0.dll	rcpg_direct-sysweb.tmp
File created	C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\content\textures\ui\Controls\DesignSystem\Thumbstick1.png	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\RegClean Pro\api-ms-win-core-handle-l1-1-0.dll	rcpg_direct-sysweb.tmp
File created	C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\content\textures\AnimationEditor\button_curve_editor.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Common Files\Kingsoft\kiscommon\lang\enu\theme1\securitycenter\ppwizard\images\15.jpg	kavsetup.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\content\textures\AvatarEditorImages\Sheet.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\123.0.2420.65\Locales\es-419.pak	setup.exe
File created	C:\Program Files (x86)\Common Files\Kingsoft\kiscommon\ressrc\enu\theme1\app_config\kxeppwiz\scene36_net.xml	kavsetup.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\content\textures\RoactStudioWidgets\slider_bar_background_dark.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\content\textures\ui\Controls\XboxController\ButtonRT.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\content\textures\ui\LegacyRbxGui\CloseButton.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\ExtraContent\textures\ui\LuaChat\icons\ic-group.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Common Files\Kingsoft\kiscommon\lang\enu\theme1\app_config\kxeppwiz\scene19.xml	kavsetup.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\content\fonts\Michroma-Regular.ttf	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\ExtraContent\textures\ui\LuaApp\graphic\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Kingsoft\Kingsoft Internet Security\ressrc\enu\theme1\kavweb\images\scan2\osx_track.gif	kavsetup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\123.0.2420.65\Locales\te.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\123.0.2420.65\Locales\pl.pak	setup.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\content\fonts\RobloxEmoji.ttf	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Common Files\Kingsoft\kiscommon\lang\enu\antivirus.dat	kavsetup.exe
File created	C:\Program Files (x86)\Kingsoft\Kingsoft Internet Security\lang\enu\js\popo\js\input_apply_sn\js_loader.js	kavsetup.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\content\textures\StudioToolbox\AssetConfig\gridview.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\ExtraContent\textures\ui\AvatarExperience\PPEWidgetBackgroundDarkTheme.png	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\123.0.2420.65\Locales\ru.pak	setup.exe
File created	C:\Program Files (x86)\Common Files\Kingsoft\kiscommon\setupmodechange.exe	kavsetup.exe
File created	C:\Program Files (x86)\Common Files\Kingsoft\kiscommon\lang\enu\web\kingsoft_main.htm	kavsetup.exe
File created	C:\Program Files (x86)\Kingsoft\Kingsoft Internet Security\lang\enu\html\filedestroy\images\default\grid\grid-split.gif	kavsetup.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\content\textures\glow.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\content\textures\MaterialGenerator\Materials\Sandstone.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\123.0.2420.65\Installer\setup.exe	setup.exe
File created	C:\Program Files (x86)\Kingsoft\Kingsoft Internet Security\ressrc\enu\theme1\app_config\kismain.xml	kavsetup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\123.0.2420.65\Locales\sq.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\123.0.2420.65\Installer\setup.exe	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\123.0.2420.65\VisualElements\SmallLogoCanary.png	setup.exe
File created	C:\Program Files (x86)\Common Files\Kingsoft\kiscommon\ksg\befc2009.psg	kavsetup.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\content\textures\ui\VoiceChat\SpeakerNew\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\ExtraContent\textures\ui\LuaApp\ExternalSite\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Common Files\Kingsoft\kiscommon\ressrc\enu\theme1\app_config\kxeppwiz\scene14.xml	kavsetup.exe
File created	C:\Program Files (x86)\Kingsoft\Kingsoft Internet Security\ressrc\enu\theme1\kavweb\images\repair\db_tc_button_03_down.png	kavsetup.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\content\textures\ui\Controls\XboxController\DPadRight.png	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\123.0.2420.65\vk_swiftshader_icd.json	setup.exe
File created	C:\Program Files (x86)\Microsoft\EdgeCore\123.0.2420.65\Trust Protection Lists\Sigma\Advertising	setup.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\content\textures\ui\Controls\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Kingsoft\Kingsoft Internet Security\lang\enu\theme1\kavweb\images\main\krecycle_hover.gif	kavsetup.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\PlatformContent\pc\textures\woodplanks\normal.dds	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Common Files\Kingsoft\kiscommon\lang\enu\theme1\popo\style\ads_pop.css	kavsetup.exe
File created	C:\Program Files (x86)\Kingsoft\Kingsoft Internet Security\ressrc\enu\html\filedestroy\images\default\window\left-right.psd	kavsetup.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\content\textures\ui\VoiceChat\MicLight\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\ExtraContent\textures\ui\InGameChat\Caret.png	RobloxPlayerInstaller.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

NSIS installer 3 IoCs

installer

resource	yara_rule
behavioral1/files/0x0008000000023523-4014.dat	nsis_installer_2
behavioral1/files/0x000700000002400f-8248.dat	nsis_installer_1
behavioral1/files/0x000700000002400f-8248.dat	nsis_installer_2

Enumerates system info in registry 2 TTPs 12 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Kills process with taskkill 11 IoCs

evasion

pid	Process
1916	taskkill.exe
10412	taskkill.exe
9352	taskkill.exe
9544	taskkill.exe
9624	taskkill.exe
9716	taskkill.exe
10136	taskkill.exe
10204	taskkill.exe
8388	taskkill.exe
10276	taskkill.exe
10340	taskkill.exe

Modifies Control Panel 1 IoCs

evasion

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Control Panel\Desktop	kxetray.exe

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player	RobloxPlayerInstaller.exe
Key created	\REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\Main	setup.exe
Key created	\REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\ProtocolExecute\microsoft-edge	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio	RobloxPlayerInstaller.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy	setup.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox	RobloxPlayerInstaller.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio\WarnOnOpen = "0"	RobloxPlayerInstaller.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppName = "ie_to_edge_stub.exe"	setup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\Policy = "3"	setup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\EdgeIntegration\AdapterLocations\C:\Program Files (x86)\Microsoft\Edge\Application = "1"	setup.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Internet Explorer\Styles\MaxScriptStatements = "4294967295"	kxeppwiz.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\microsoft-edge	setup.exe
Key created	\REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\EdgeIntegration	setup.exe
Key created	\REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\EdgeIntegration\AdapterLocations	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Software\Microsoft\Internet Explorer\Styles	kxeppwiz.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights	setup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox\WarnOnOpen = "0"	RobloxPlayerInstaller.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}	setup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\Policy = "3"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppPath = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\123.0.2420.65\\BHO"	setup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player\WarnOnOpen = "0"	RobloxPlayerInstaller.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\ = "IEToEdge Handler"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppPath = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\123.0.2420.65\\BHO"	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Software\Microsoft\Internet Explorer\Styles	kismain.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}	setup.exe
Key created	\REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\Main\EnterpriseMode	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\EnterpriseMode\MSEdgePath = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\ = "IEToEdge Handler"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{c9abcf16-8dc2-4a95-bae3-24fd98f2ed29}\AppName = "ie_to_edge_stub.exe"	setup.exe
Key created	\REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\ProtocolExecute	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Software\Microsoft\Internet Explorer\Styles	kismain.exe

Modifies data under HKEY_USERS 64 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "1"	kxesapp.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion	kislive.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\RestartManager\Session0000	setup.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Microsoft\RestartManager\Session0000	setup.exe
Key created	\REGISTRY\USER\	setupshell.dat
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs	MicrosoftEdgeUpdate.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "1"	kislive.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs	MicrosoftEdgeUpdate.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\RestartManager\Session0000\RegFilesHash = b0d00939c7f85809f50a99a8441f8efef6da04fb1c9af0647d6e5a1166e31ea0	setup.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Kingsoft\KISCommon\KXEngine\KXEGUI_CONFIG\autorun	setupwiz.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	kislive.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\	upsvc.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs	MicrosoftEdgeUpdate.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Edge\InstallerPinned = "0"	setup.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	setupwiz.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies\CachePrefix = "Cookie:"	kislive.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8B15189E-5465-4166-933D-1EABAD9648CB}\InProcServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5F9C80B5-9E50-43C9-887C-7C6412E110DF}\ = "IAppCommand"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1B9063E4-3882-485E-8797-F28A0240782F}\ProxyStubClsid32\ = "{C54F392B-CBA7-4F57-AE2E-DDCE3A1A801F}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ie_to_edge_bho.IEToEdgeBHO\ = "IEToEdgeBHO Class"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MSEdgePDF\AppUserModelId = "MSEdge"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MSEdgeHTM\Application\ApplicationDescription = "Browse the web"	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A6B716CB-028B-404D-B72C-50E153DD68DA}\AppID = "{A6B716CB-028B-404D-B72C-50E153DD68DA}"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A6556DFF-AB15-4DC3-A890-AB54120BEAEC}\NumMethods\ = "7"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6DFFE7FE-3153-4AF1-95D8-F8FCCA97E56B}\ = "IGoogleUpdate3Web"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E4518371-7326-4865-87F8-D9D3F3B287A3}\ = "IBrowserHttpRequest2"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B5977F34-9264-4AC3-9B31-1224827FF6E8}\LocalizedString = "@C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.27\\msedgeupdate.dll,-3000"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3E102DC6-1EDB-46A1-8488-61F71B35ED5F}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{99F8E195-1042-4F89-A28C-89CDB74A14AE}\ProxyStubClsid32	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8F09CD6C-5964-4573-82E3-EBFF7702865B}\ = "Microsoft Edge Update Core Class"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{AB4EE1FC-0A81-4F56-B0E2-248FB78051AF}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1B9063E4-3882-485E-8797-F28A0240782F}\ProxyStubClsid32	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C853632E-36CA-4999-B992-EC0D408CF5AB}\NumMethods\ = "10"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C06EE550-7248-488E-971E-B60C0AB3A6E4}	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{450CF5FF-95C4-4679-BECA-22680389ECB9}	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7E29BE61-5809-443F-9B5D-CF22156694EB}\ProxyStubClsid32\ = "{C54F392B-CBA7-4F57-AE2E-DDCE3A1A801F}"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9A6B447A-35E2-4F6B-A87B-5DEEBBFDAD17}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{08D832B9-D2FD-481F-98CF-904D00DF63CC}\VersionIndependentProgID\ = "MicrosoftEdgeUpdate.ProcessLauncher"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E3D94CEB-EC11-46BE-8872-7DDCE37FABFA}\InprocHandler32\ThreadingModel = "Both"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.Update3WebSvc.1.0\ = "Microsoft Edge Update Update3Web"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C06EE550-7248-488E-971E-B60C0AB3A6E4}\ = "IApp2"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/pdf\Extension = ".pdf"	setup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{40381D51-F162-41a9-BE67-0851A3B02091}\state = "3"	kavsetup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D1E8B1A6-32CE-443C-8E2E-EBA90C481353}\LocalizedString = "@C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\msedgeupdate.dll,-3000"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{3E102DC6-1EDB-46A1-8488-61F71B35ED5F}\ProxyStubClsid32\ = "{C54F392B-CBA7-4F57-AE2E-DDCE3A1A801F}"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{DDD4B5D4-FD54-497C-8789-0830F29A60EE}	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Kxmlhttp.KxEFileDialogEx\CurVer	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MSEdgePDF\ = "Microsoft Edge PDF Document"	setup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{492E1C30-A1A2-4695-87C8-7A8CAD6F936F}\PROGID	MicrosoftEdgeUpdate.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{EA92A799-267E-4DF5-A6ED-6A7E0684BB8A}\VERSIONINDEPENDENTPROGID	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E3D94CEB-EC11-46BE-8872-7DDCE37FABFA}	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1B9063E4-3882-485E-8797-F28A0240782F}\ = "IGoogleUpdate3WebSecurity"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E55B90F1-DA33-400B-B09E-3AFF7D46BD83}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3A49F783-1C7D-4D35-8F63-5C1C206B9B6E}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6DFFE7FE-3153-4AF1-95D8-F8FCCA97E56B}	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3805CA06-AC83-4F00-8A02-271DCD89BDEB}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FEA2518F-758F-4B95-A59F-97FCEEF1F5D0}\NumMethods\ = "16"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\DisplayName = "Chrome Sandbox"	msedge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2EC826CB-5478-4533-9015-7580B3B5E03A}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{60355531-5BFD-45AB-942C-7912628752C7}\NumMethods\ = "24"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4EE1FC-0A81-4F56-B0E2-248FB78051AF}\ = "IPolicyStatus2"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CECDDD22-2E72-4832-9606-A9B0E5E344B2}\ProgID\ = "MicrosoftEdgeUpdate.Update3COMClassService.1.0"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E421557C-0628-43FB-BF2B-7C9F8A4D067C}\LocalizedString = "@C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.185.27\\msedgeupdate.dll,-3000"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C}	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C20433B3-0D4B-49F6-9B6C-6EE0FAE07837}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{08D832B9-D2FD-481F-98CF-904D00DF63CC}\ = "Microsoft Edge Update Process Launcher Class"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\*\Shellex\ContextMenuHandlers\duba_32bit	setupshell.dat
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{D1E8B1A6-32CE-443C-8E2E-EBA90C481353}\PROGID	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A6B716CB-028B-404D-B72C-50E153DD68DA}	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\text/html	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9F3F5F5D-721A-4B19-9B5D-69F664C1A591}\ProgID\ = "MicrosoftEdgeUpdate.PolicyStatusSvc.1.0"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{837E40DA-EB1B-440C-8623-0F14DF158DC0}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FEA2518F-758F-4B95-A59F-97FCEEF1F5D0}	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{195A2EB3-21EE-43CA-9F23-93C2C9934E2E}\NumMethods\ = "41"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{FF419FF9-90BE-4D9F-B410-A789F90E5A7C}\ = "Microsoft Edge Update Legacy On Demand"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1B9063E4-3882-485E-8797-F28A0240782F}	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{AB4EE1FC-0A81-4F56-B0E2-248FB78051AF}\NumMethods	MicrosoftEdgeUpdate.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{40381D51-F162-41a9-BE67-0851A3B02091}\State = "2"	kavsetup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C06EE550-7248-488E-971E-B60C0AB3A6E4}\NumMethods\ = "43"	MicrosoftEdgeUpdateComRegisterShell64.exe

Modifies registry key 1 TTPs 1 IoCs

Modify Registry

T1112

pid	Process
5888	reg.exe

NTFS ADS 5 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 685348.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 554488.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\cat-crosseyes (6).jpg:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\cat-small-face (2).jpg:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 549164.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4328	msedge.exe
4328	msedge.exe
1044	msedge.exe
1044	msedge.exe
3232	identity_helper.exe
3232	identity_helper.exe
632	msedge.exe
632	msedge.exe
5664	msedge.exe
5664	msedge.exe
4396	taskhsvc.exe
4396	taskhsvc.exe
4396	taskhsvc.exe
4396	taskhsvc.exe
4396	taskhsvc.exe
4396	taskhsvc.exe
5316	msedge.exe
5316	msedge.exe
5316	msedge.exe
5316	msedge.exe
1596	msedge.exe
1596	msedge.exe
6604	upsvc.exe
6604	upsvc.exe
6856	kxetray.exe
6856	kxetray.exe
2236	msedge.exe
3552	kislive.exe
3552	kislive.exe
2292	7zFM.exe
2292	7zFM.exe
5572	msedge.exe
5572	msedge.exe
5480	msedge.exe
5480	msedge.exe
4920	msedge.exe
4920	msedge.exe
9280	rcpg_direct-sysweb.tmp
9280	rcpg_direct-sysweb.tmp
7812	msedge.exe
7812	msedge.exe
7176	kxesapp.exe
7176	kxesapp.exe
9928	kcookie.exe
9928	kcookie.exe
12308	msedge.exe
12308	msedge.exe
12356	msedge.exe
12356	msedge.exe
12300	msedge.exe
12300	msedge.exe
12672	msedge.exe
12672	msedge.exe
12692	msedge.exe
12692	msedge.exe
12964	msedge.exe
12964	msedge.exe
6772	msedge.exe
6772	msedge.exe
11556	msedge.exe
11556	msedge.exe
6468	msedge.exe
6468	msedge.exe
15200	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 7 IoCs

pid	Process
2292	7zFM.exe
1044	msedge.exe
30816	7zFM.exe
29672	7zFM.exe
30220	7zFM.exe
33620	7zFM.exe
27044	7zFM.exe

Suspicious behavior: LoadsDriver 9 IoCs

pid	Process
648	Process not Found
648	Process not Found
648	Process not Found
648	Process not Found
648	Process not Found
648	Process not Found
648	Process not Found
648	Process not Found
648	Process not Found

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs

pid	Process
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeIncreaseQuotaPrivilege	2140	WMIC.exe
Token: SeSecurityPrivilege	2140	WMIC.exe
Token: SeTakeOwnershipPrivilege	2140	WMIC.exe
Token: SeLoadDriverPrivilege	2140	WMIC.exe
Token: SeSystemProfilePrivilege	2140	WMIC.exe
Token: SeSystemtimePrivilege	2140	WMIC.exe
Token: SeProfSingleProcessPrivilege	2140	WMIC.exe
Token: SeIncBasePriorityPrivilege	2140	WMIC.exe
Token: SeCreatePagefilePrivilege	2140	WMIC.exe
Token: SeBackupPrivilege	2140	WMIC.exe
Token: SeRestorePrivilege	2140	WMIC.exe
Token: SeShutdownPrivilege	2140	WMIC.exe
Token: SeDebugPrivilege	2140	WMIC.exe
Token: SeSystemEnvironmentPrivilege	2140	WMIC.exe
Token: SeRemoteShutdownPrivilege	2140	WMIC.exe
Token: SeUndockPrivilege	2140	WMIC.exe
Token: SeManageVolumePrivilege	2140	WMIC.exe
Token: 33	2140	WMIC.exe
Token: 34	2140	WMIC.exe
Token: 35	2140	WMIC.exe
Token: 36	2140	WMIC.exe
Token: SeIncreaseQuotaPrivilege	2140	WMIC.exe
Token: SeSecurityPrivilege	2140	WMIC.exe
Token: SeTakeOwnershipPrivilege	2140	WMIC.exe
Token: SeLoadDriverPrivilege	2140	WMIC.exe
Token: SeSystemProfilePrivilege	2140	WMIC.exe
Token: SeSystemtimePrivilege	2140	WMIC.exe
Token: SeProfSingleProcessPrivilege	2140	WMIC.exe
Token: SeIncBasePriorityPrivilege	2140	WMIC.exe
Token: SeCreatePagefilePrivilege	2140	WMIC.exe
Token: SeBackupPrivilege	2140	WMIC.exe
Token: SeRestorePrivilege	2140	WMIC.exe
Token: SeShutdownPrivilege	2140	WMIC.exe
Token: SeDebugPrivilege	2140	WMIC.exe
Token: SeSystemEnvironmentPrivilege	2140	WMIC.exe
Token: SeRemoteShutdownPrivilege	2140	WMIC.exe
Token: SeUndockPrivilege	2140	WMIC.exe
Token: SeManageVolumePrivilege	2140	WMIC.exe
Token: 33	2140	WMIC.exe
Token: 34	2140	WMIC.exe
Token: 35	2140	WMIC.exe
Token: 36	2140	WMIC.exe
Token: SeBackupPrivilege	2484	vssvc.exe
Token: SeRestorePrivilege	2484	vssvc.exe
Token: SeAuditPrivilege	2484	vssvc.exe
Token: SeTcbPrivilege	5308	taskse.exe
Token: SeTcbPrivilege	5308	taskse.exe
Token: SeTcbPrivilege	4516	taskse.exe
Token: SeTcbPrivilege	4516	taskse.exe
Token: SeTcbPrivilege	5688	taskse.exe
Token: SeTcbPrivilege	5688	taskse.exe
Token: SeTcbPrivilege	1640	taskse.exe
Token: SeTcbPrivilege	1640	taskse.exe
Token: SeTcbPrivilege	2240	taskse.exe
Token: SeTcbPrivilege	2240	taskse.exe
Token: SeTcbPrivilege	3580	taskse.exe
Token: SeTcbPrivilege	3580	taskse.exe
Token: SeTcbPrivilege	868	taskse.exe
Token: SeTcbPrivilege	868	taskse.exe
Token: SeTcbPrivilege	4812	taskse.exe
Token: SeTcbPrivilege	4812	taskse.exe
Token: 33	3520	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3520	AUDIODG.EXE
Token: SeRestorePrivilege	2292	7zFM.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
2292	7zFM.exe
2292	7zFM.exe
6856	kxetray.exe
6856	kxetray.exe
6856	kxetray.exe
6856	kxetray.exe
6856	kxetray.exe
6856	kxetray.exe
7976	kismain.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
6856	kxetray.exe
6856	kxetray.exe
6856	kxetray.exe
6856	kxetray.exe
6856	kxetray.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
6856	kxetray.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
26324	msedge.exe
26324	msedge.exe
26324	msedge.exe
26324	msedge.exe
26324	msedge.exe
26324	msedge.exe
26324	msedge.exe
26324	msedge.exe
26324	msedge.exe
26324	msedge.exe
26324	msedge.exe
26324	msedge.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
4616	OpenWith.exe
2388	@[email protected]
2388	@[email protected]
5312	@[email protected]
5312	@[email protected]
1792	@[email protected]
1792	@[email protected]
5868	@[email protected]
2548	@[email protected]
4128	@[email protected]
1148	@[email protected]
4604	@[email protected]
4984	@[email protected]
5944	@[email protected]
4956	@[email protected]
1168	KAV100720_ENU_DOWN_331020_10.EXE
1168	KAV100720_ENU_DOWN_331020_10.EXE
7204	@[email protected]
6620	kavlog2.exe
4660	kxeppwiz.exe
3552	kislive.exe
3552	kislive.exe
4660	kxeppwiz.exe
4660	kxeppwiz.exe
4660	kxeppwiz.exe
5536	@[email protected]
7976	kismain.exe
7976	kismain.exe
7976	kismain.exe
7976	kismain.exe
2108	@[email protected]
6848	CredentialUIBroker.exe
8136	CredentialUIBroker.exe
1932	CredentialUIBroker.exe
9092	@[email protected]
9496	@[email protected]
7192	@[email protected]
10360	@[email protected]
9204	@[email protected]
13228	@[email protected]
11184	@[email protected]
11588	@[email protected]
14212	@[email protected]
15040	@[email protected]
10144	@[email protected]
15932	@[email protected]
7736	@[email protected]
16724	@[email protected]
12068	@[email protected]
17944	@[email protected]
19120	@[email protected]
18520	@[email protected]
19712	@[email protected]
3460	@[email protected]
21112	@[email protected]
9048	@[email protected]
21760	@[email protected]
13760	@[email protected]
21720	PAVSetup.exe
21720	PAVSetup.exe
23144	PAVSetup.exe
23144	PAVSetup.exe
22764	@[email protected]
21188	@[email protected]

Suspicious use of UnmapMainImage 4 IoCs

pid	Process
19660	RobloxPlayerBeta.exe
21020	RobloxPlayerBeta.exe
3556	RobloxPlayerBeta.exe
24628	RobloxPlayerBeta.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1044 wrote to memory of 4656	1044	msedge.exe	102
PID 1044 wrote to memory of 4656	1044	msedge.exe	102
PID 1044 wrote to memory of 2784	1044	msedge.exe	103
PID 1044 wrote to memory of 2784	1044	msedge.exe	103
PID 1044 wrote to memory of 2784	1044	msedge.exe	103
PID 1044 wrote to memory of 2784	1044	msedge.exe	103
PID 1044 wrote to memory of 2784	1044	msedge.exe	103
PID 1044 wrote to memory of 2784	1044	msedge.exe	103
PID 1044 wrote to memory of 2784	1044	msedge.exe	103
PID 1044 wrote to memory of 2784	1044	msedge.exe	103
PID 1044 wrote to memory of 2784	1044	msedge.exe	103
PID 1044 wrote to memory of 2784	1044	msedge.exe	103
PID 1044 wrote to memory of 2784	1044	msedge.exe	103
PID 1044 wrote to memory of 2784	1044	msedge.exe	103
PID 1044 wrote to memory of 2784	1044	msedge.exe	103
PID 1044 wrote to memory of 2784	1044	msedge.exe	103
PID 1044 wrote to memory of 2784	1044	msedge.exe	103
PID 1044 wrote to memory of 2784	1044	msedge.exe	103
PID 1044 wrote to memory of 2784	1044	msedge.exe	103
PID 1044 wrote to memory of 2784	1044	msedge.exe	103
PID 1044 wrote to memory of 2784	1044	msedge.exe	103
PID 1044 wrote to memory of 2784	1044	msedge.exe	103
PID 1044 wrote to memory of 2784	1044	msedge.exe	103
PID 1044 wrote to memory of 2784	1044	msedge.exe	103
PID 1044 wrote to memory of 2784	1044	msedge.exe	103
PID 1044 wrote to memory of 2784	1044	msedge.exe	103
PID 1044 wrote to memory of 2784	1044	msedge.exe	103
PID 1044 wrote to memory of 2784	1044	msedge.exe	103
PID 1044 wrote to memory of 2784	1044	msedge.exe	103
PID 1044 wrote to memory of 2784	1044	msedge.exe	103
PID 1044 wrote to memory of 2784	1044	msedge.exe	103
PID 1044 wrote to memory of 2784	1044	msedge.exe	103
PID 1044 wrote to memory of 2784	1044	msedge.exe	103
PID 1044 wrote to memory of 2784	1044	msedge.exe	103
PID 1044 wrote to memory of 2784	1044	msedge.exe	103
PID 1044 wrote to memory of 2784	1044	msedge.exe	103
PID 1044 wrote to memory of 2784	1044	msedge.exe	103
PID 1044 wrote to memory of 2784	1044	msedge.exe	103
PID 1044 wrote to memory of 2784	1044	msedge.exe	103
PID 1044 wrote to memory of 2784	1044	msedge.exe	103
PID 1044 wrote to memory of 2784	1044	msedge.exe	103
PID 1044 wrote to memory of 2784	1044	msedge.exe	103
PID 1044 wrote to memory of 4328	1044	msedge.exe	104
PID 1044 wrote to memory of 4328	1044	msedge.exe	104
PID 1044 wrote to memory of 5020	1044	msedge.exe	105
PID 1044 wrote to memory of 5020	1044	msedge.exe	105
PID 1044 wrote to memory of 5020	1044	msedge.exe	105
PID 1044 wrote to memory of 5020	1044	msedge.exe	105
PID 1044 wrote to memory of 5020	1044	msedge.exe	105
PID 1044 wrote to memory of 5020	1044	msedge.exe	105
PID 1044 wrote to memory of 5020	1044	msedge.exe	105
PID 1044 wrote to memory of 5020	1044	msedge.exe	105
PID 1044 wrote to memory of 5020	1044	msedge.exe	105
PID 1044 wrote to memory of 5020	1044	msedge.exe	105
PID 1044 wrote to memory of 5020	1044	msedge.exe	105
PID 1044 wrote to memory of 5020	1044	msedge.exe	105
PID 1044 wrote to memory of 5020	1044	msedge.exe	105
PID 1044 wrote to memory of 5020	1044	msedge.exe	105
PID 1044 wrote to memory of 5020	1044	msedge.exe	105
PID 1044 wrote to memory of 5020	1044	msedge.exe	105
PID 1044 wrote to memory of 5020	1044	msedge.exe	105
PID 1044 wrote to memory of 5020	1044	msedge.exe	105
PID 1044 wrote to memory of 5020	1044	msedge.exe	105
PID 1044 wrote to memory of 5020	1044	msedge.exe	105

System policy modification 1 TTPs 7 IoCs

evasion

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer	setupwiz.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "255"	setupwiz.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID	setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C} = "1"	setup.exe
Key created	\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\DataCollection	msedge.exe

Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

Views/modifies file attributes 1 TTPs 3 IoCs

evasion

Hidden Files and Directories

T1564.001

pid	Process
628	attrib.exe
1164	attrib.exe
1452	attrib.exe

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:3376
- C:\Windows\system32\cmd.exe
  cmd /c C:\Users\Admin\AppData\Local\Temp\HelpMe.miobject
  2⤵
  PID:1484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
  2⤵
  - Enumerates system info in registry
  - Modifies registry class
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:1044
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9287346f8,0x7ff928734708,0x7ff928734718
    3⤵
    PID:4656
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=fallback-handler --database="C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --exception-pointers=126168962416640 --process=176 /prefetch:7 --thread=27564
      4⤵
      PID:26496
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
    3⤵
    PID:2784
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4328
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2868 /prefetch:8
    3⤵
    PID:5020
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1
    3⤵
    PID:64
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:1
    3⤵
    PID:4400
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5024 /prefetch:1
    3⤵
    PID:5016
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4692 /prefetch:1
    3⤵
    PID:3820
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3580 /prefetch:8
    3⤵
    PID:1428
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3580 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3232
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5336 /prefetch:1
    3⤵
    PID:4796
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3460 /prefetch:1
    3⤵
    PID:5080
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5344 /prefetch:1
    3⤵
    PID:3884
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4720 /prefetch:1
    3⤵
    PID:404
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5400 /prefetch:8
    3⤵
    PID:3964
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5392 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:632
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5256 /prefetch:1
    3⤵
    PID:2812
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5220 /prefetch:1
    3⤵
    PID:2468
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5888 /prefetch:1
    3⤵
    PID:2860
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5780 /prefetch:1
    3⤵
    PID:5164
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5364 /prefetch:1
    3⤵
    PID:5356
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5808 /prefetch:1
    3⤵
    PID:5496
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5980 /prefetch:1
    3⤵
    PID:5576
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6708 /prefetch:8
    3⤵
    PID:2468
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6528 /prefetch:1
    3⤵
    PID:1440
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6704 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:5664
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6000 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:5316
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6748 /prefetch:1
    3⤵
    PID:2964
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5696 /prefetch:1
    3⤵
    PID:5840
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6180 /prefetch:1
    3⤵
    PID:3460
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6996 /prefetch:1
    3⤵
    PID:3124
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5776 /prefetch:1
    3⤵
    PID:5392
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6796 /prefetch:1
    3⤵
    PID:2212
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6232 /prefetch:1
    3⤵
    PID:2340
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5408 /prefetch:1
    3⤵
    PID:4836
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5064 /prefetch:1
    3⤵
    PID:6132
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5804 /prefetch:1
    3⤵
    PID:2932
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3188 /prefetch:1
    3⤵
    PID:3248
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6868 /prefetch:1
    3⤵
    PID:1276
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2220 /prefetch:1
    3⤵
    PID:4348
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2072 /prefetch:1
    3⤵
    PID:1140
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2716 /prefetch:1
    3⤵
    PID:2036
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1292 /prefetch:1
    3⤵
    PID:6120
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6564 /prefetch:1
    3⤵
    PID:6104
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6212 /prefetch:1
    3⤵
    PID:2344
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5016 /prefetch:1
    3⤵
    PID:2176
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6368 /prefetch:1
    3⤵
    PID:3000
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5548 /prefetch:1
    3⤵
    PID:3836
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6228 /prefetch:1
    3⤵
    PID:6108
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7688 /prefetch:1
    3⤵
    PID:3356
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4872 /prefetch:1
    3⤵
    PID:5100
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7536 /prefetch:1
    3⤵
    PID:6004
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7700 /prefetch:1
    3⤵
    PID:3620
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7104 /prefetch:1
    3⤵
    PID:4196
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7688 /prefetch:1
    3⤵
    PID:2992
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7708 /prefetch:1
    3⤵
    PID:5260
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7196 /prefetch:1
    3⤵
    PID:3008
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5816 /prefetch:1
    3⤵
    PID:3552
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5008 /prefetch:1
    3⤵
    PID:660
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7680 /prefetch:1
    3⤵
    PID:3212
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6468 /prefetch:1
    3⤵
    PID:3516
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5012 /prefetch:1
    3⤵
    PID:5944
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6748 /prefetch:1
    3⤵
    PID:2320
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
    3⤵
    PID:3880
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2220 /prefetch:1
    3⤵
    PID:4148
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6836 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1596
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7688 /prefetch:1
    3⤵
    PID:5220
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5884 /prefetch:1
    3⤵
    PID:5356
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7408 /prefetch:1
    3⤵
    PID:1848
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8596 /prefetch:1
    3⤵
    PID:3512
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8748 /prefetch:1
    3⤵
    PID:5632
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8084 /prefetch:1
    3⤵
    PID:5604
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8560 /prefetch:1
    3⤵
    PID:5636
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8692 /prefetch:1
    3⤵
    PID:2256
- - C:\Program Files\7-Zip\7zFM.exe
    "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\KAV100720_ENU_DOWN_331020_10-SP5-2014.7.rar"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: GetForegroundWindowSpam
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    PID:2292
  - - C:\Users\Admin\AppData\Local\Temp\7zO4F8B6C5C\KAV100720_ENU_DOWN_331020_10.EXE
      "C:\Users\Admin\AppData\Local\Temp\7zO4F8B6C5C\KAV100720_ENU_DOWN_331020_10.EXE"
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1168
    - - C:\Windows\system32\pcaui.exe
        
        "C:\Windows\system32\pcaui.exe" -g {11111111-1111-1111-1111-111111111111} -x {8d11bec2-cf04-4ecf-9bd4-b0978e660181} -a "Kingsoft Internet Security" -v "Kingsoft Corporation" -s "This app can't run because it causes security or performance issues on Windows. A new version may be available. Check with your software provider for an updated version that runs on this version of Windows." -n 1 -f 0 -k 0 -e "C:\Users\Admin\AppData\Local\Temp\7zO4F8B6C5C\KAV100720_ENU_DOWN_331020_10.EXE"
        5⤵
        
        PID:4568
    - - \??\c:\programdata\kingsoft\kis\OnlineInstall\kavsetup.exe
        
        "c:\programdata\kingsoft\kis\OnlineInstall\kavsetup.exe" /versiontypes=184745984 /productid=218890250 /iid=186416569 /tid=6E600117BB01336D588734C194352C6D1FF19401B71CFC50F348ED91962506D25AC16B924BF4DADA23AC34E8FDF3596A40C17AF0C0C8B8AF4DBF41087E012FAB /tod=331020.10 /showsilent /Dkav /S /Duuid=20240329200327223263837DD /D=C:\Program Files (x86)\Kingsoft\
        5⤵
        Sets file execution options in registry
        Executes dropped EXE
        Loads dropped DLL
        Checks for any installed AV software in registry
        Drops desktop.ini file(s)
        Drops file in Program Files directory
        Modifies registry class
        
        PID:4840
      - C:\Users\Admin\AppData\Local\Temp\nsg26EA.tmp\kupdata.exe
        
        -send 0
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:7256
      - C:\Program Files (x86)\Common Files\Kingsoft\kiscommon\setupwiz.exe
        
        "C:\Program Files (x86)\Common Files\Kingsoft\kiscommon\setupwiz.exe" /i /suit /kavn /installcall /s
        6⤵
        Executes dropped EXE
        Adds Run key to start application
        Modifies data under HKEY_USERS
        System policy modification
        
        PID:6336
        
        C:\Program Files (x86)\Common Files\Kingsoft\kiscommon\scomregsvrv8.exe
        
        scomregsvrv8.exe /i kxecore\kxecore.dll
        7⤵
        Executes dropped EXE
        
        PID:7076
        
        C:\Program Files (x86)\Common Files\Kingsoft\kiscommon\scomregsvrv8.exe
        
        scomregsvrv8.exe /i kxecore\kxelog.dll
        7⤵
        Executes dropped EXE
        
        PID:7124
        
        C:\Program Files (x86)\Common Files\Kingsoft\kiscommon\scomregsvrv8.exe
        
        scomregsvrv8.exe /i kxecore\kxestat.dll
        7⤵
        Executes dropped EXE
        
        PID:7364
        
        C:\Windows\SysWOW64\regsvr32.exe
        
        regsvr32.exe /s kxmlhttp.dll
        7⤵
        Modifies registry class
        
        PID:7464
        
        C:\Program Files (x86)\Common Files\Kingsoft\kiscommon\kxeserv.exe
        
        kxeserv /install
        7⤵
        Executes dropped EXE
        
        PID:7568
        
        C:\Program Files (x86)\Common Files\Kingsoft\kiscommon\scomregsvrv8.exe
        
        scomregsvrv8.exe /i kpopclient.dll
        7⤵
        Executes dropped EXE
        
        PID:7804
        
        C:\Program Files (x86)\Common Files\Kingsoft\kiscommon\scomregsvrv8.exe
        
        scomregsvrv8.exe /i kisuptray.dll
        7⤵
        Executes dropped EXE
        
        PID:7812
        
        C:\Program Files (x86)\Common Files\Kingsoft\kiscommon\upsvc.exe
        
        upsvc /install
        7⤵
        Executes dropped EXE
        
        PID:7648
        
        C:\Program Files (x86)\Common Files\Kingsoft\kiscommon\kavlog2.exe
        
        kavlog2.exe -install
        7⤵
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious use of SetWindowsHookEx
        
        PID:6620
        
        C:\Program Files (x86)\Common Files\Kingsoft\kiscommon\kxetray.exe
        
        kxetray /install_tray "C:\Program Files (x86)\Common Files\Kingsoft\kiscommon\kisuptray.dll"
        7⤵
        Executes dropped EXE
        
        PID:7928
        
        C:\Program Files (x86)\Common Files\Kingsoft\kiscommon\kxetray.exe
        
        kxetray /reload_tray
        7⤵
        Executes dropped EXE
        
        PID:8040
        
        C:\Program Files (x86)\Common Files\Kingsoft\kiscommon\kxeserv.exe
        
        kxeserv /reinstall_product 0x00100000 /product_path "C:\Program Files (x86)\Common Files\Kingsoft\kiscommon"
        7⤵
        Executes dropped EXE
        
        PID:6384
        
        C:\Program Files (x86)\Common Files\Kingsoft\kiscommon\upsvc.exe
        
        upsvc /start
        7⤵
        Executes dropped EXE
        
        PID:6584
        
        C:\Program Files (x86)\Common Files\Kingsoft\kiscommon\scomregsvrv8.exe
        
        scomregsvrv8.exe /i application\knameinfo\knameinfosp.dll
        7⤵
        Executes dropped EXE
        
        PID:7228
        
        C:\Program Files (x86)\Common Files\Kingsoft\kiscommon\scomregsvrv8.exe
        
        scomregsvrv8.exe /i security\kxescan\ksecore.dll
        7⤵
        Executes dropped EXE
        
        PID:7032
        
        C:\Program Files (x86)\Common Files\Kingsoft\kiscommon\scomregsvrv8.exe
        
        scomregsvrv8.exe /i security\kxescan\kspfeng.dll
        7⤵
        Executes dropped EXE
        
        PID:7144
        
        C:\Program Files (x86)\Common Files\Kingsoft\kiscommon\scomregsvrv8.exe
        
        scomregsvrv8.exe /i security\kxescan\kspkas.dll
        7⤵
        Executes dropped EXE
        
        PID:5800
        
        C:\Program Files (x86)\Common Files\Kingsoft\kiscommon\scomregsvrv8.exe
        
        scomregsvrv8.exe /i security\kxescan\kxesansp.dll
        7⤵
        Executes dropped EXE
        
        PID:2852
        
        C:\Program Files (x86)\Common Files\Kingsoft\kiscommon\scomregsvrv8.exe
        
        scomregsvrv8.exe /i security\kxescan\ksbwdet2.dll
        7⤵
        Executes dropped EXE
        
        PID:7520
        
        C:\Program Files (x86)\Common Files\Kingsoft\kiscommon\scomregsvrv8.exe
        
        scomregsvrv8.exe /i security\kxefilemon\kxefmsys.dll
        7⤵
        Executes dropped EXE
        
        PID:7576
        
        C:\Program Files (x86)\Common Files\Kingsoft\kiscommon\scomregsvrv8.exe
        
        scomregsvrv8.exe /i security\kxefilemon\kxmiscsp.dll
        7⤵
        Executes dropped EXE
        
        PID:7432
        
        C:\Program Files (x86)\Common Files\Kingsoft\kiscommon\scomregsvrv8.exe
        
        scomregsvrv8.exe /i security\kxefilemon\kxefmsp.dll
        7⤵
        Executes dropped EXE
        
        PID:7772
        
        C:\Program Files (x86)\Common Files\Kingsoft\kiscommon\scomregsvrv8.exe
        
        scomregsvrv8.exe /i security\kxewhite\kxewfssp.dll
        7⤵
        Executes dropped EXE
        
        PID:7828
        
        C:\Program Files (x86)\Common Files\Kingsoft\kiscommon\scomregsvrv8.exe
        
        scomregsvrv8.exe /i security\kxewhite\kxewfsys.dll
        7⤵
        Executes dropped EXE
        
        PID:7852
        
        C:\Program Files (x86)\Common Files\Kingsoft\kiscommon\kdevmgr.exe
        
        kdevmgr.exe /install
        7⤵
        Executes dropped EXE
        
        PID:4916
        
        C:\Program Files (x86)\Common Files\Kingsoft\kiscommon\security\kxefilemon\driver64.exe
        
        "C:\Program Files (x86)\Common Files\Kingsoft\kiscommon\security\kxefilemon\driver64.exe" /AI C:\Program Files (x86)\Common Files\Kingsoft\kiscommon\security\kxefilemon\kwatch64.sys
        8⤵
        Drops file in Drivers directory
        Executes dropped EXE
        
        PID:8168
        
        C:\Program Files (x86)\Common Files\Kingsoft\kiscommon\security\bcinstall64.exe
        
        "C:\Program Files (x86)\Common Files\Kingsoft\kiscommon\security\bcinstall64.exe" /install
        8⤵
        Drops file in Drivers directory
        Executes dropped EXE
        
        PID:7992
        
        C:\Program Files (x86)\Common Files\Kingsoft\kiscommon\kxescore.exe
        
        kxescore.exe /install /name kxescore /description "Kingsoft Core Service" /order "ShellSvcGroup"
        7⤵
        Executes dropped EXE
        
        PID:1420
        
        C:\Program Files (x86)\Common Files\Kingsoft\kiscommon\kxescore.exe
        
        kxescore.exe /install_sp /service kxescore /sp "security\kxewhite\kxewfssp.dll"
        7⤵
        
        PID:4568
        
        C:\Program Files (x86)\Common Files\Kingsoft\kiscommon\kxescore.exe
        
        kxescore.exe /install_sp /service kxescore /sp "security\kxescan\kxesansp.dll"
        7⤵
        
        PID:5340
        
        C:\Program Files (x86)\Common Files\Kingsoft\kiscommon\kxescore.exe
        
        kxescore.exe /install_sp /service kxescore /sp "security\kxescan\ksbwdet2.dll"
        7⤵
        
        PID:228
        
        C:\Program Files (x86)\Common Files\Kingsoft\kiscommon\kxescore.exe
        
        kxescore.exe /install_sp /service kxescore /sp "security\kxefilemon\kxmiscsp.dll"
        7⤵
        
        PID:5416
        
        C:\Program Files (x86)\Common Files\Kingsoft\kiscommon\kxescore.exe
        
        kxescore.exe /install_sp /service kxescore /sp "security\kxefilemon\kxefmsp.dll"
        7⤵
        
        PID:6656
        
        C:\Program Files (x86)\Common Files\Kingsoft\kiscommon\kxescore.exe
        
        kxescore.exe /install_sp /service kxescore /sp "application\knameinfo\knameinfosp.dll"
        7⤵
        
        PID:6700
        
        C:\Program Files (x86)\Common Files\Kingsoft\kiscommon\kxescore.exe
        
        kxescore.exe /install_plugin /service kxescore /plugin "security\kxescan\ksesdk.dll"
        7⤵
        
        PID:7044
        
        C:\Program Files (x86)\Common Files\Kingsoft\kiscommon\kxescore.exe
        
        kxescore.exe /install_plugin /service kxescore /plugin "security\kxeexp.dll"
        7⤵
        
        PID:7200
        
        C:\Program Files (x86)\Common Files\Kingsoft\kiscommon\kxescore.exe
        
        kxescore.exe /install_plugin /service kxescore /plugin "security\kxefilemon\kxefm.dll"
        7⤵
        
        PID:7488
        
        C:\Program Files (x86)\Common Files\Kingsoft\kiscommon\kxescore.exe
        
        kxescore.exe /install_plugin /service kxescore /plugin "security\kxewhite\kxewhite.dll"
        7⤵
        
        PID:7504
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        8⤵
        
        PID:7368
        
        C:\Program Files (x86)\Common Files\Kingsoft\kiscommon\kxescore.exe
        
        kxescore.exe /reload_sp
        7⤵
        
        PID:6556
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        8⤵
        
        PID:7520
        
        C:\Program Files (x86)\Common Files\Kingsoft\kiscommon\scomregsvrv8.exe
        
        scomregsvrv8.exe /i security\ksa\ksaengine.dll
        7⤵
        
        PID:7440
        
        C:\Program Files (x86)\Common Files\Kingsoft\kiscommon\scomregsvrv8.exe
        
        scomregsvrv8.exe /i kislivesp.dll
        7⤵
        
        PID:7832
        
        C:\Program Files (x86)\Common Files\Kingsoft\kiscommon\scomregsvrv8.exe
        
        scomregsvrv8.exe /i kxepassportspex.dll
        7⤵
        
        PID:7840
        
        C:\Program Files (x86)\Common Files\Kingsoft\kiscommon\kxesapp.exe
        
        kxesapp.exe /install /name kxesapp /description "Kingsoft Security App Service" /order "SchedulerGroup"
        7⤵
        
        PID:7904
        
        C:\Program Files (x86)\Common Files\Kingsoft\kiscommon\kxesapp.exe
        
        kxesapp.exe /install_sp /service kxesapp /sp "kislivesp.dll"
        7⤵
        
        PID:7988
        
        C:\Program Files (x86)\Common Files\Kingsoft\kiscommon\kxesapp.exe
        
        kxesapp.exe /install_sp /service kxesapp /sp "kxepassportspex.dll"
        7⤵
        
        PID:1408
        
        C:\Program Files (x86)\Common Files\Kingsoft\kiscommon\kxesapp.exe
        
        kxesapp.exe /reload_sp
        7⤵
        
        PID:1996
        
        C:\Program Files (x86)\Common Files\Kingsoft\kiscommon\scomregsvrv8.exe
        
        scomregsvrv8.exe /i security\kxede\krulemgr.dll
        7⤵
        
        PID:2880
        
        C:\Program Files (x86)\Common Files\Kingsoft\kiscommon\scomregsvrv8.exe
        
        scomregsvrv8.exe /i security\kxede\kxecs.dll
        7⤵
        
        PID:6488
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        8⤵
        
        PID:228
        
        C:\Program Files (x86)\Common Files\Kingsoft\kiscommon\scomregsvrv8.exe
        
        scomregsvrv8.exe /i security\kxede\kxedelog.dll
        7⤵
        
        PID:6876
        
        C:\Program Files (x86)\Common Files\Kingsoft\kiscommon\scomregsvrv8.exe
        
        scomregsvrv8.exe /i security\kxede\kxemcs.dll
        7⤵
        
        PID:2216
        
        C:\Program Files (x86)\Common Files\Kingsoft\kiscommon\scomregsvrv8.exe
        
        scomregsvrv8.exe /i security\kxede\kxeuimgr.dll
        7⤵
        
        PID:6536
        
        C:\Program Files (x86)\Common Files\Kingsoft\kiscommon\scomregsvrv8.exe
        
        scomregsvrv8.exe /i security\kxede\protect.dll
        7⤵
        
        PID:6900
        
        C:\Program Files (x86)\Common Files\Kingsoft\kiscommon\scomregsvrv8.exe
        
        scomregsvrv8.exe /i security\kxede\kxedesp.dll
        7⤵
        
        PID:6976
        
        C:\Program Files (x86)\Common Files\Kingsoft\kiscommon\kxedefend.exe
        
        kxedefend.exe /install /name kxedefend /description "Kingsoft Core Defend Service" /order "ShellSvcGroup"
        7⤵
        
        PID:7164
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        8⤵
        
        PID:7204
        
        C:\Program Files (x86)\Common Files\Kingsoft\kiscommon\kxedefend.exe
        
        kxedefend.exe /install_sp /service kxedefend /sp "security\kxede\kxedesp.dll"
        7⤵
        
        PID:2240
        
        C:\Program Files (x86)\Common Files\Kingsoft\kiscommon\kxedefend.exe
        
        kxedefend.exe /reload_sp
        7⤵
        
        PID:3464
        
        C:\Program Files (x86)\Common Files\Kingsoft\kiscommon\deinstall.exe
        
        deinstall.exe /install autostart=true
        7⤵
        
        PID:7388
        
        C:\Program Files (x86)\Common Files\Kingsoft\kiscommon\scomregsvrv8.exe
        
        scomregsvrv8.exe /i "C:\Program Files (x86)\Kingsoft\Kingsoft Internet Security\kavmenu.dll"
        7⤵
        
        PID:7556
        
        C:\Program Files (x86)\Common Files\Kingsoft\kiscommon\scomregsvrv8.exe
        
        scomregsvrv8.exe /i "C:\Program Files (x86)\Kingsoft\Kingsoft Internet Security\kavstart.dll"
        7⤵
        
        PID:7432
        
        C:\Program Files (x86)\Common Files\Kingsoft\kiscommon\kxeserv.exe
        
        kxeserv /reinstall_product 0x00010000 /product_path "C:\Program Files (x86)\Kingsoft\Kingsoft Internet Security" /sc_index "C:\Program Files (x86)\Kingsoft\Kingsoft Internet Security\ressrc\enu\theme1\mini\index.htm" /sc_config "C:\Program Files (x86)\Kingsoft\Kingsoft Internet Security\kavvipcfg.xml"
        7⤵
        
        PID:7784
        
        C:\Program Files (x86)\Common Files\Kingsoft\kiscommon\kxetray.exe
        
        kxetray /install_tray "C:\Program Files (x86)\Kingsoft\Kingsoft Internet Security\kavstart.dll"
        7⤵
        
        PID:6620
        
        C:\Program Files (x86)\Common Files\Kingsoft\kiscommon\kxetray.exe
        
        kxetray /reload_tray
        7⤵
        
        PID:8056
        
        C:\Program Files (x86)\Kingsoft\Kingsoft Internet Security\setupshell.dat
        
        setupshell.dat install
        7⤵
        Modifies data under HKEY_USERS
        Modifies registry class
        
        PID:8068
        
        C:\Program Files (x86)\Kingsoft\Kingsoft Internet Security\setup64.dat
        
        "C:\Program Files (x86)\Kingsoft\Kingsoft Internet Security\setup64.dat" install
        8⤵
        Registers COM server for autorun
        
        PID:1348
        
        C:\Program Files (x86)\Common Files\Kingsoft\kiscommon\kxeserv.exe
        
        kxeserv /start
        7⤵
        
        PID:3988
        
        C:\Program Files (x86)\Common Files\Kingsoft\kiscommon\kxescore.exe
        
        kxescore.exe /start kxescore
        7⤵
        
        PID:1396
        
        C:\Program Files (x86)\Common Files\Kingsoft\kiscommon\kxesapp.exe
        
        kxesapp.exe /start kxesapp
        7⤵
        
        PID:7100
        
        C:\Program Files (x86)\Common Files\Kingsoft\kiscommon\kxetray.exe
        
        kxetray.exe
        7⤵
        Modifies Control Panel
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:6856
        
        C:\Program Files (x86)\Common Files\Kingsoft\kiscommon\kxedefend.exe
        
        kxedefend.exe /start kxedefend
        7⤵
        
        PID:7440
    - - C:\Program Files (x86)\Common Files\Kingsoft\kiscommon\setupwiz.exe
        
        "C:\Program Files (x86)\Common Files\Kingsoft\kiscommon\setupwiz.exe" /i /suit /kavn /installcall /showfinish
        5⤵
        
        PID:8008
      - C:\Program Files (x86)\Common Files\Kingsoft\kiscommon\kislive.exe
        
        "C:\Program Files (x86)\Common Files\Kingsoft\kiscommon\kislive.exe" -autorun -inst -product kiscommon kav
        6⤵
        
        PID:5424
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9896 /prefetch:1
    3⤵
    PID:1608
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9332 /prefetch:1
    3⤵
    PID:8172
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8184 /prefetch:1
    3⤵
    PID:8024
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9128 /prefetch:1
    3⤵
    PID:7872
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9208 /prefetch:1
    3⤵
    PID:7880
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=81 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9432 /prefetch:1
    3⤵
    PID:3360
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=82 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9304 /prefetch:1
    3⤵
    PID:6808
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=83 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9240 /prefetch:1
    3⤵
    PID:6824
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=84 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10428 /prefetch:1
    3⤵
    PID:7008
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=85 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10884 /prefetch:1
    3⤵
    PID:7352
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=86 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7928 /prefetch:1
    3⤵
    PID:1916
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=87 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5756 /prefetch:1
    3⤵
    PID:6580
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=88 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8408 /prefetch:1
    3⤵
    PID:6732
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=89 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10784 /prefetch:1
    3⤵
    PID:4308
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=90 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10724 /prefetch:1
    3⤵
    PID:620
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=91 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8304 /prefetch:1
    3⤵
    PID:4476
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=92 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8648 /prefetch:1
    3⤵
    PID:5848
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=93 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11172 /prefetch:1
    3⤵
    PID:5740
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaFoundationService --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=8136 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2236
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=95 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8100 /prefetch:1
    3⤵
    PID:8096
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=96 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6904 /prefetch:1
    3⤵
    PID:6716
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=97 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11352 /prefetch:1
    3⤵
    PID:4472
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=98 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10396 /prefetch:1
    3⤵
    PID:7380
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=99 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9908 /prefetch:1
    3⤵
    PID:4600
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=100 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5332 /prefetch:1
    3⤵
    PID:6332
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=101 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9076 /prefetch:1
    3⤵
    PID:5284
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=102 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9160 /prefetch:1
    3⤵
    PID:7752
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=103 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6428 /prefetch:1
    3⤵
    PID:6316
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=104 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10224 /prefetch:1
    3⤵
    PID:5276
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=105 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10988 /prefetch:1
    3⤵
    PID:5484
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=106 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7996 /prefetch:1
    3⤵
    PID:2556
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=107 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5596 /prefetch:1
    3⤵
    PID:4224
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=108 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10032 /prefetch:1
    3⤵
    PID:7384
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=109 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9920 /prefetch:1
    3⤵
    PID:7580
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=110 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11048 /prefetch:1
    3⤵
    PID:6316
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=112 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7728 /prefetch:1
    3⤵
    PID:5640
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=10412 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:5480
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6880 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:5572
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=116 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6916 /prefetch:1
    3⤵
    PID:628
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=117 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10956 /prefetch:1
    3⤵
    PID:8624
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=118 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9952 /prefetch:1
    3⤵
    PID:8632
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=119 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9396 /prefetch:1
    3⤵
    PID:8932
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=120 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9468 /prefetch:1
    3⤵
    PID:2364
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=121 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5796 /prefetch:1
    3⤵
    PID:8364
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=122 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11244 /prefetch:1
    3⤵
    PID:9076
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=123 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9564 /prefetch:1
    3⤵
    PID:9152
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=124 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11528 /prefetch:1
    3⤵
    PID:8264
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=125 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11724 /prefetch:1
    3⤵
    PID:7724
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=127 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12000 /prefetch:1
    3⤵
    PID:704
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=11660 /prefetch:8
    3⤵
    PID:8364
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=12260 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4920
- - C:\Users\Admin\Downloads\rcpg_direct-sysweb.exe
    "C:\Users\Admin\Downloads\rcpg_direct-sysweb.exe"
    3⤵
    PID:9232
  - - C:\Users\Admin\AppData\Local\Temp\is-R7D5D.tmp\rcpg_direct-sysweb.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-R7D5D.tmp\rcpg_direct-sysweb.tmp" /SL5="$14006E,10561098,1208320,C:\Users\Admin\Downloads\rcpg_direct-sysweb.exe"
      4⤵
      Checks computer location settings
      Drops file in System32 directory
      Drops file in Program Files directory
      Suspicious behavior: EnumeratesProcesses
      PID:9280
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\System32\taskkill.exe" /f /im "RegCleanPro.exe"
        5⤵
        Kills process with taskkill
        
        PID:9352
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\System32\taskkill.exe" /f /im "RegCleanPro.exe"
        5⤵
        Kills process with taskkill
        
        PID:9544
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\System32\taskkill.exe" /f /im "RegCleanPro.exe"
        5⤵
        Kills process with taskkill
        
        PID:9624
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\System32\taskkill.exe" /f /im "rcpnotifier.exe"
        5⤵
        Kills process with taskkill
        
        PID:9716
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\System32\taskkill.exe" /f /im "RegCleanPro.exe"
        5⤵
        Kills process with taskkill
        
        PID:10136
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\System32\taskkill.exe" /f /im "rcpnotifier.exe"
        5⤵
        Kills process with taskkill
        
        PID:10204
    - - C:\Windows\SysWOW64\taskkill.exe
        
        "C:\Windows\System32\taskkill.exe" /f /im "RegCleanPro.exe"
        5⤵
        Kills process with taskkill
        
        PID:8388
    - - C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe
        
        "C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe" loadvalues
        5⤵
        
        PID:9592
    - - C:\Windows\SysWOW64\schtasks.exe
        
        "C:\Windows\System32\schtasks.exe" /delete /tn "RegClean Pro" /f
        5⤵
        
        PID:9820
    - - C:\Windows\SysWOW64\schtasks.exe
        
        "C:\Windows\System32\schtasks.exe" /delete /tn "RegClean Prosch" /f
        5⤵
        
        PID:9888
    - - C:\Windows\SysWOW64\schtasks.exe
        
        "C:\Windows\System32\schtasks.exe" /delete /tn "RegClean ProRunAtStartup" /f
        5⤵
        
        PID:9928
    - - C:\Windows\SysWOW64\schtasks.exe
        
        "C:\Windows\System32\schtasks.exe" /delete /tn "RegClean Pro_DEFAULT" /f
        5⤵
        
        PID:6348
    - - C:\Windows\SysWOW64\schtasks.exe
        
        "C:\Windows\System32\schtasks.exe" /delete /tn "RegClean Pro_UPDATES" /f
        5⤵
        
        PID:5016
    - - C:\Windows\SysWOW64\schtasks.exe
        
        "C:\Windows\System32\schtasks.exe" /delete /tn "RegClean ProNotifier" /f
        5⤵
        
        PID:7280
    - - C:\Windows\SysWOW64\schtasks.exe
        
        "C:\Windows\System32\schtasks.exe" /delete /tn "RegClean ProNotifier_startup" /f
        5⤵
        
        PID:9272
    - - C:\Windows\SysWOW64\schtasks.exe
        
        "C:\Windows\System32\schtasks.exe" /delete /tn "RegClean ProNotifier_trigger" /f
        5⤵
        
        PID:9384
    - - C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe
        
        "C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe" firstinstall
        5⤵
        
        PID:9572
    - - C:\Program Files (x86)\RegClean Pro\rcpnotifier.exe
        
        "C:\Program Files (x86)\RegClean Pro\rcpnotifier.exe" createschedule
        5⤵
        Drops file in Program Files directory
        
        PID:9412
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=131 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4212 /prefetch:1
    3⤵
    PID:9656
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=133 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11812 /prefetch:1
    3⤵
    PID:3296
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=135 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11724 /prefetch:1
    3⤵
    PID:9724
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=11616 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:7812
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=137 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11744 /prefetch:1
    3⤵
    PID:11012
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=138 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1788 /prefetch:1
    3⤵
    PID:11224
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=139 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5700 /prefetch:1
    3⤵
    PID:11236
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=140 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9348 /prefetch:1
    3⤵
    PID:1876
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=141 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11644 /prefetch:1
    3⤵
    PID:10576
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=142 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8696 /prefetch:1
    3⤵
    PID:9868
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=143 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6836 /prefetch:1
    3⤵
    PID:5124
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=144 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2100 /prefetch:1
    3⤵
    PID:8968
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=145 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5568 /prefetch:1
    3⤵
    PID:5144
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=8696 /prefetch:8
    3⤵
    PID:5376
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=147 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9172 /prefetch:1
    3⤵
    PID:9548
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=148 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6472 /prefetch:1
    3⤵
    PID:10312
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=149 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5144 /prefetch:1
    3⤵
    PID:10096
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=150 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11984 /prefetch:1
    3⤵
    PID:9900
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=151 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8424 /prefetch:1
    3⤵
    PID:9732
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=152 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11688 /prefetch:1
    3⤵
    PID:11272
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=153 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6856 /prefetch:1
    3⤵
    PID:11280
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=154 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1292 /prefetch:1
    3⤵
    PID:11288
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=155 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9384 /prefetch:1
    3⤵
    PID:11628
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=156 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11560 /prefetch:1
    3⤵
    PID:11768
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=157 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9112 /prefetch:1
    3⤵
    PID:11776
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=158 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8672 /prefetch:1
    3⤵
    PID:11784
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=159 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9100 /prefetch:1
    3⤵
    PID:12144
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=160 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11156 /prefetch:1
    3⤵
    PID:12228
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=161 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7448 /prefetch:1
    3⤵
    PID:12236
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=162 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9660 /prefetch:1
    3⤵
    PID:12244
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=164 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8000 /prefetch:1
    3⤵
    PID:11592
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8724 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:12300
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8020 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:12308
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9128 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:12356
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=168 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11184 /prefetch:1
    3⤵
    PID:12372
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=170 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8060 /prefetch:1
    3⤵
    PID:12660
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9676 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:12672
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5272 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:12692
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=12464 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:12964
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=11180 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:6772
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=12788 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:11556
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=12280 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:6468
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=177 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11628 /prefetch:1
    3⤵
    PID:11544
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=178 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11872 /prefetch:1
    3⤵
    PID:11976
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=179 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13176 /prefetch:1
    3⤵
    PID:12064
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=180 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11588 /prefetch:1
    3⤵
    PID:1516
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=181 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11776 /prefetch:1
    3⤵
    PID:12264
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=182 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10920 /prefetch:1
    3⤵
    PID:13264
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=183 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5056 /prefetch:1
    3⤵
    PID:5940
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=184 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9956 /prefetch:1
    3⤵
    PID:3048
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=185 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7208 /prefetch:1
    3⤵
    PID:12356
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=186 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9144 /prefetch:1
    3⤵
    PID:11076
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=printing.mojom.PrintCompositor --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --service-sandbox-type=print_compositor --mojo-platform-channel-handle=11900 /prefetch:8
    3⤵
    PID:11272
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=ppapi --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --device-scale-factor=1 --ppapi-antialiased-text-enabled=1 --ppapi-subpixel-rendering-setting=1 --mojo-platform-channel-handle=11908 /prefetch:6
    3⤵
    PID:7728
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=189 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8108 /prefetch:1
    3⤵
    PID:14108
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=190 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11928 /prefetch:1
    3⤵
    PID:14116
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=191 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9272 /prefetch:1
    3⤵
    PID:14324
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=192 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6612 /prefetch:1
    3⤵
    PID:13800
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=193 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10456 /prefetch:1
    3⤵
    PID:14220
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=194 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7888 /prefetch:1
    3⤵
    PID:14196
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=195 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11412 /prefetch:1
    3⤵
    PID:12976
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=196 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3148 /prefetch:1
    3⤵
    PID:13480
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaFoundationService --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=8868 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:15200
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=198 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13092 /prefetch:1
    3⤵
    PID:17048
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=199 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13180 /prefetch:1
    3⤵
    PID:17196
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=200 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10904 /prefetch:1
    3⤵
    PID:16388
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=202 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5756 /prefetch:1
    3⤵
    PID:17164
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=8024 /prefetch:8
    3⤵
    PID:17372
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7740 /prefetch:8
    3⤵
    PID:8988
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=206 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6228 /prefetch:1
    3⤵
    PID:19260
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=207 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11868 /prefetch:1
    3⤵
    PID:12524
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=208 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8572 /prefetch:1
    3⤵
    PID:19028
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=210 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7084 /prefetch:1
    3⤵
    PID:20156
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=211 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5444 /prefetch:1
    3⤵
    PID:20432
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=212 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7824 /prefetch:1
    3⤵
    PID:5432
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=213 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7464 /prefetch:1
    3⤵
    PID:16488
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=214 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7084 /prefetch:1
    3⤵
    PID:1452
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=215 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11872 /prefetch:1
    3⤵
    PID:18232
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=216 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10464 /prefetch:1
    3⤵
    PID:11272
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=217 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6216 /prefetch:1
    3⤵
    PID:20204
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=7240 /prefetch:8
    3⤵
    PID:1988
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=220 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7364 /prefetch:1
    3⤵
    PID:20616
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=221 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11816 /prefetch:1
    3⤵
    PID:20864
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=222 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5524 /prefetch:1
    3⤵
    PID:20872
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=223 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11512 /prefetch:1
    3⤵
    PID:20888
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=225 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11936 /prefetch:1
    3⤵
    PID:21040
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=11708 /prefetch:8
    3⤵
    PID:20764
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=228 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12788 /prefetch:1
    3⤵
    PID:21128
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=229 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10816 /prefetch:1
    3⤵
    PID:21116
- - C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\RobloxPlayerBeta.exe
    "C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\RobloxPlayerBeta.exe" roblox-player:1+launchmode:play+gameinfo:_q3gVE7jSWYXlHPrfxPxsZLUAFu1c5xJ_2gEt7iA1Csd4G4NLZXHz-h7UVhLwYTv7xqo_uHkqeUPs3xa55od5LXfpezJdgKJ1MLFnE-JAmNnL6VzY3neotd3pNbr1k8JGZVrZqDKeNGixMoapUA1wjqh3kBDQtu9cOyqkOGpuRIynftIVC-t10CuBXi-2MvwkoQBsn3JdY6m33hvLviJwty2or9iJcalAhVtCNDYSjE+launchtime:1711743338656+placelauncherurl:https%3A%2F%2Fassetgame.roblox.com%2Fgame%2FPlaceLauncher.ashx%3Frequest%3DRequestGame%26browserTrackerId%3D222363317412%26placeId%3D8737899170%26isPlayTogetherGame%3Dfalse%26joinAttemptId%3D57bb032e-eafa-4d78-be66-09fc6535f22c%26joinAttemptOrigin%3DPlayButton+browsertrackerid:222363317412+robloxLocale:en_us+gameLocale:en_us+channel:+LaunchExp:InApp
    3⤵
    - Suspicious use of NtCreateThreadExHideFromDebugger
    - Suspicious use of NtSetInformationThreadHideFromDebugger
    - Suspicious use of UnmapMainImage
    PID:21020
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=230 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11904 /prefetch:1
    3⤵
    PID:22412
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=231 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6116 /prefetch:1
    3⤵
    PID:22420
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=232 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3668 /prefetch:1
    3⤵
    PID:17200
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=233 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6480 /prefetch:1
    3⤵
    PID:13396
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=234 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6164 /prefetch:1
    3⤵
    PID:16544
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=236 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1264 /prefetch:1
    3⤵
    PID:21932
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=12032 /prefetch:8
    3⤵
    PID:17292
- - C:\Users\Admin\Downloads\PAVSetup.exe
    "C:\Users\Admin\Downloads\PAVSetup.exe"
    3⤵
    - Suspicious use of SetWindowsHookEx
    PID:21720
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=238 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3152 /prefetch:1
    3⤵
    PID:22368
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=239 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5756 /prefetch:1
    3⤵
    PID:22372
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=printing.mojom.PrintCompositor --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --service-sandbox-type=print_compositor --mojo-platform-channel-handle=5232 /prefetch:8
    3⤵
    PID:9724
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=ppapi --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --device-scale-factor=1 --ppapi-antialiased-text-enabled=1 --ppapi-subpixel-rendering-setting=1 --mojo-platform-channel-handle=12016 /prefetch:6
    3⤵
    PID:18360
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=242 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5060 /prefetch:1
    3⤵
    PID:23568
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=243 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11336 /prefetch:1
    3⤵
    PID:24316
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=244 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10304 /prefetch:1
    3⤵
    PID:21904
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=245 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11020 /prefetch:1
    3⤵
    PID:24412
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=246 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13308 /prefetch:1
    3⤵
    PID:22448
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9296 /prefetch:8
    3⤵
    PID:25060
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=250 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10220 /prefetch:1
    3⤵
    PID:25496
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1796 /prefetch:8
    3⤵
    PID:24680
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5140 /prefetch:8
    3⤵
    PID:24644
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=253 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10572 /prefetch:1
    3⤵
    PID:24144
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5300 /prefetch:8
    3⤵
    PID:25476
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7280 /prefetch:8
    3⤵
    PID:24808
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8628 /prefetch:8
    3⤵
    PID:24812
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9284 /prefetch:8
    3⤵
    PID:25124
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=259 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8216 /prefetch:1
    3⤵
    PID:25948
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=261 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11756 /prefetch:1
    3⤵
    PID:25956
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8080 /prefetch:8
    3⤵
    PID:26152
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5404 /prefetch:8
    3⤵
    PID:26160
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=11640 /prefetch:8
    3⤵
    PID:26168
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7364 /prefetch:8
    3⤵
    PID:26452
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=267 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10912 /prefetch:1
    3⤵
    PID:26592
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=268 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3100 /prefetch:1
    3⤵
    PID:25344
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5592 /prefetch:8
    3⤵
    PID:25804
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5708 /prefetch:8
    3⤵
    PID:25728
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9860 /prefetch:8
    3⤵
    PID:26548
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=12372 /prefetch:8
    3⤵
    PID:26556
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=11092 /prefetch:8
    3⤵
    PID:26396
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8900 /prefetch:8
    3⤵
    PID:26296
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=10964 /prefetch:8
    3⤵
    PID:26384
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=11436 /prefetch:8
    3⤵
    PID:26844
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=12112 /prefetch:8
    3⤵
    PID:26876
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6872 /prefetch:8
    3⤵
    PID:27056
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=12876 /prefetch:8
    3⤵
    PID:27064
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7448 /prefetch:8
    3⤵
    PID:27092
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=11248 /prefetch:8
    3⤵
    PID:27360
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=12780 /prefetch:8
    3⤵
    PID:27416
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8780 /prefetch:8
    3⤵
    PID:27508
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2120,5811003417170644658,7562684816356461140,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=13112 /prefetch:8
    3⤵
    PID:27516
- C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe
  "C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe"
  2⤵
  - Drops startup file
  - Sets desktop wallpaper using registry
  PID:6008
- - C:\Windows\SysWOW64\attrib.exe
    attrib +h .
    3⤵
    - Views/modifies file attributes
    PID:628
- - C:\Windows\SysWOW64\icacls.exe
    icacls . /grant Everyone:F /T /C /Q
    3⤵
    - Modifies file permissions
    PID:3780
- - C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskdl.exe
    taskdl.exe
    3⤵
    - Executes dropped EXE
    PID:892
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c 138781711742349.bat
    3⤵
    PID:3460
  - - C:\Windows\SysWOW64\cscript.exe
      cscript.exe //nologo m.vbs
      4⤵
      PID:5308
- - C:\Windows\SysWOW64\attrib.exe
    attrib +h +s F:\$RECYCLE
    3⤵
    - Views/modifies file attributes
    PID:1164
- - C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
    @[email protected] co
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2388
  - - C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\TaskData\Tor\taskhsvc.exe
      TaskData\Tor\taskhsvc.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious behavior: EnumeratesProcesses
      PID:4396
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe /c start /b @[email protected] vs
    3⤵
    PID:736
  - - C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
      @[email protected] vs
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:5312
    - - C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c vssadmin delete shadows /all /quiet & wmic shadowcopy delete & bcdedit /set {default} bootstatuspolicy ignoreallfailures & bcdedit /set {default} recoveryenabled no & wbadmin delete catalog -quiet
        5⤵
        
        PID:5180
      - C:\Windows\SysWOW64\Wbem\WMIC.exe
        
        wmic shadowcopy delete
        6⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:2140
- - C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskdl.exe
    taskdl.exe
    3⤵
    - Executes dropped EXE
    PID:4608
- - C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskse.exe
    taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
    3⤵
    - Executes dropped EXE
    - Suspicious use of AdjustPrivilegeToken
    PID:5308
- - C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
    @[email protected]
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:5868
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe /c reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "lpbyrzvsckxo497" /t REG_SZ /d "\"C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\tasksche.exe\"" /f
    3⤵
    PID:5268
  - - C:\Windows\SysWOW64\reg.exe
      reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "lpbyrzvsckxo497" /t REG_SZ /d "\"C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\tasksche.exe\"" /f
      4⤵
      Adds Run key to start application
      Modifies registry key
      PID:5888
- - C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskdl.exe
    taskdl.exe
    3⤵
    - Executes dropped EXE
    PID:2992
- - C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskse.exe
    taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
    3⤵
    - Executes dropped EXE
    - Suspicious use of AdjustPrivilegeToken
    PID:4516
- - C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
    @[email protected]
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2548
- - C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskdl.exe
    taskdl.exe
    3⤵
    - Executes dropped EXE
    PID:5288
- - C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskse.exe
    taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
    3⤵
    - Executes dropped EXE
    - Suspicious use of AdjustPrivilegeToken
    PID:5688
- - C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
    @[email protected]
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4128
- - C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskse.exe
    taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
    3⤵
    - Executes dropped EXE
    - Suspicious use of AdjustPrivilegeToken
    PID:1640
- - C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
    @[email protected]
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1148
- - C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskdl.exe
    taskdl.exe
    3⤵
    - Executes dropped EXE
    PID:5096
- - C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskse.exe
    taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
    3⤵
    - Executes dropped EXE
    - Suspicious use of AdjustPrivilegeToken
    PID:2240
- - C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
    @[email protected]
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4604
- - C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskdl.exe
    taskdl.exe
    3⤵
    - Executes dropped EXE
    PID:6016
- - C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskse.exe
    taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
    3⤵
    - Executes dropped EXE
    - Suspicious use of AdjustPrivilegeToken
    PID:3580
- - C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
    @[email protected]
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4984
- - C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskdl.exe
    taskdl.exe
    3⤵
    - Executes dropped EXE
    PID:4784
- - C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskse.exe
    taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
    3⤵
    - Executes dropped EXE
    - Suspicious use of AdjustPrivilegeToken
    PID:868
- - C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
    @[email protected]
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:5944
- - C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskdl.exe
    taskdl.exe
    3⤵
    - Executes dropped EXE
    PID:5756
- - C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskse.exe
    taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
    3⤵
    - Executes dropped EXE
    - Suspicious use of AdjustPrivilegeToken
    PID:4812
- - C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
    @[email protected]
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4956
- - C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskdl.exe
    taskdl.exe
    3⤵
    - Executes dropped EXE
    PID:3836
- - C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskse.exe
    taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
    3⤵
    - Executes dropped EXE
    PID:7176
- - C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
    @[email protected]
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:7204
- - C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskdl.exe
    taskdl.exe
    3⤵
    - Executes dropped EXE
    PID:7368
- - C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskse.exe
    taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
    3⤵
    PID:1600
- - C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
    @[email protected]
    3⤵
    - Suspicious use of SetWindowsHookEx
    PID:5536
- - C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskdl.exe
    taskdl.exe
    3⤵
    PID:1304
- - C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskse.exe
    taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
    3⤵
    PID:5480
- - C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
    @[email protected]
    3⤵
    - Suspicious use of SetWindowsHookEx
    PID:2108
- - C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskdl.exe
    taskdl.exe
    3⤵
    PID:5572
- - C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskse.exe
    taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
    3⤵
    PID:9084
- - C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
    @[email protected]
    3⤵
    - Suspicious use of SetWindowsHookEx
    PID:9092
- - C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskdl.exe
    taskdl.exe
    3⤵
    PID:9140
- - C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskse.exe
    taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
    3⤵
    PID:9488
- - C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
    @[email protected]
    3⤵
    - Suspicious use of SetWindowsHookEx
    PID:9496
- - C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskdl.exe
    taskdl.exe
    3⤵
    PID:9820
- - C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskse.exe
    taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
    3⤵
    PID:1312
- - C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
    @[email protected]
    3⤵
    - Suspicious use of SetWindowsHookEx
    PID:7192
- - C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskdl.exe
    taskdl.exe
    3⤵
    PID:3632
- - C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskse.exe
    taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
    3⤵
    PID:10304
- - C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
    @[email protected]
    3⤵
    - Suspicious use of SetWindowsHookEx
    PID:10360
- - C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskdl.exe
    taskdl.exe
    3⤵
    PID:10532
- - C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskse.exe
    taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
    3⤵
    PID:9164
- - C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
    @[email protected]
    3⤵
    - Suspicious use of SetWindowsHookEx
    PID:9204
- - C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskdl.exe
    taskdl.exe
    3⤵
    PID:10528
- - C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskse.exe
    taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
    3⤵
    PID:13220
- - C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
    @[email protected]
    3⤵
    - Suspicious use of SetWindowsHookEx
    PID:13228
- - C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskdl.exe
    taskdl.exe
    3⤵
    PID:12424
- - C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskse.exe
    taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
    3⤵
    PID:12792
- - C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
    @[email protected]
    3⤵
    - Suspicious use of SetWindowsHookEx
    PID:11184
- - C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskdl.exe
    taskdl.exe
    3⤵
    PID:11964
- - C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskse.exe
    taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
    3⤵
    PID:11976
- - C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
    @[email protected]
    3⤵
    - Suspicious use of SetWindowsHookEx
    PID:11588
- - C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskdl.exe
    taskdl.exe
    3⤵
    PID:11700
- - C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskse.exe
    taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
    3⤵
    PID:14204
- - C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
    @[email protected]
    3⤵
    - Suspicious use of SetWindowsHookEx
    PID:14212
- - C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskdl.exe
    taskdl.exe
    3⤵
    PID:14264
- - C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskse.exe
    taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
    3⤵
    PID:15032
- - C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
    @[email protected]
    3⤵
    - Suspicious use of SetWindowsHookEx
    PID:15040
- - C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskdl.exe
    taskdl.exe
    3⤵
    PID:15212
- - C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskse.exe
    taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
    3⤵
    PID:9712
- - C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
    @[email protected]
    3⤵
    - Suspicious use of SetWindowsHookEx
    PID:10144
- - C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskdl.exe
    taskdl.exe
    3⤵
    PID:13976
- - C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskse.exe
    taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
    3⤵
    PID:15976
- - C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
    @[email protected]
    3⤵
    - Suspicious use of SetWindowsHookEx
    PID:15932
- - C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskdl.exe
    taskdl.exe
    3⤵
    PID:16060
- - C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskse.exe
    taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
    3⤵
    PID:4912
- - C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
    @[email protected]
    3⤵
    - Suspicious use of SetWindowsHookEx
    PID:7736
- - C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskdl.exe
    taskdl.exe
    3⤵
    PID:16300
- - C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskse.exe
    taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
    3⤵
    PID:16716
- - C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
    @[email protected]
    3⤵
    - Suspicious use of SetWindowsHookEx
    PID:16724
- - C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskdl.exe
    taskdl.exe
    3⤵
    PID:17264
- - C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskse.exe
    taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
    3⤵
    PID:16672
- - C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
    @[email protected]
    3⤵
    - Suspicious use of SetWindowsHookEx
    PID:12068
- - C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskdl.exe
    taskdl.exe
    3⤵
    PID:16540
- - C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskse.exe
    taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
    3⤵
    PID:6832
- - C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
    @[email protected]
    3⤵
    - Suspicious use of SetWindowsHookEx
    PID:17944
- - C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskdl.exe
    taskdl.exe
    3⤵
    PID:17952
- - C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskse.exe
    taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
    3⤵
    PID:19112
- - C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
    @[email protected]
    3⤵
    - Suspicious use of SetWindowsHookEx
    PID:19120
- - C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskdl.exe
    taskdl.exe
    3⤵
    PID:19340
- - C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskse.exe
    taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
    3⤵
    PID:3036
- - C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
    @[email protected]
    3⤵
    - Suspicious use of SetWindowsHookEx
    PID:18520
- - C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskdl.exe
    taskdl.exe
    3⤵
    PID:5460
- - C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskse.exe
    taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
    3⤵
    PID:19708
- - C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
    @[email protected]
    3⤵
    - Suspicious use of SetWindowsHookEx
    PID:19712
- - C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskdl.exe
    taskdl.exe
    3⤵
    PID:19836
- - C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskse.exe
    taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
    3⤵
    PID:17524
- - C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
    @[email protected]
    3⤵
    - Suspicious use of SetWindowsHookEx
    PID:3460
- - C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskdl.exe
    taskdl.exe
    3⤵
    PID:16544
- - C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskse.exe
    taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
    3⤵
    PID:21104
- - C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
    @[email protected]
    3⤵
    - Suspicious use of SetWindowsHookEx
    PID:21112
- - C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskdl.exe
    taskdl.exe
    3⤵
    PID:20664
- - C:\Windows\SysWOW64\attrib.exe
    attrib +h +s F:\$RECYCLE
    3⤵
    - Views/modifies file attributes
    PID:1452
- - C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskse.exe
    taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
    3⤵
    PID:1896
- - C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
    @[email protected]
    3⤵
    - Suspicious use of SetWindowsHookEx
    PID:9048
- - C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskdl.exe
    taskdl.exe
    3⤵
    PID:11868
- - C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskse.exe
    taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
    3⤵
    PID:21752
- - C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
    @[email protected]
    3⤵
    - Suspicious use of SetWindowsHookEx
    PID:21760
- - C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskdl.exe
    taskdl.exe
    3⤵
    PID:21940
- - C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskse.exe
    taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
    3⤵
    PID:22384
- - C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
    @[email protected]
    3⤵
    - Suspicious use of SetWindowsHookEx
    PID:13760
- - C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskdl.exe
    taskdl.exe
    3⤵
    PID:17300
- - C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskse.exe
    taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
    3⤵
    PID:22756
- - C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
    @[email protected]
    3⤵
    - Suspicious use of SetWindowsHookEx
    PID:22764
- - C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskdl.exe
    taskdl.exe
    3⤵
    PID:22836
- - C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskse.exe
    taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
    3⤵
    PID:13116
- - C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
    @[email protected]
    3⤵
    - Suspicious use of SetWindowsHookEx
    PID:21188
- - C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskdl.exe
    taskdl.exe
    3⤵
    PID:21188
- - C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskse.exe
    taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
    3⤵
    PID:21828
- - C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
    @[email protected]
    3⤵
    PID:23632
- - C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskdl.exe
    taskdl.exe
    3⤵
    PID:24152
- - C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskse.exe
    taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
    3⤵
    PID:24812
- - C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
    @[email protected]
    3⤵
    PID:24804
- - C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskdl.exe
    taskdl.exe
    3⤵
    PID:26032
- - C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskse.exe
    taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
    3⤵
    PID:27516
- - C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
    @[email protected]
    3⤵
    PID:26808
- - C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskdl.exe
    taskdl.exe
    3⤵
    PID:25172
- - C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskse.exe
    taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
    3⤵
    PID:27572
- - C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
    @[email protected]
    3⤵
    PID:27624
- - C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskdl.exe
    taskdl.exe
    3⤵
    PID:26024
- - C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskse.exe
    taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
    3⤵
    PID:3164
- - C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
    @[email protected]
    3⤵
    PID:5272
- - C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskdl.exe
    taskdl.exe
    3⤵
    PID:23672
- - C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskse.exe
    taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
    3⤵
    PID:21040
- - C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
    @[email protected]
    3⤵
    PID:26812
- - C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskdl.exe
    taskdl.exe
    3⤵
    PID:13760
- - C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskse.exe
    taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
    3⤵
    PID:25144
- - C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
    @[email protected]
    3⤵
    PID:5100
- - C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskdl.exe
    taskdl.exe
    3⤵
    PID:3608
- - C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskse.exe
    taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
    3⤵
    PID:22332
- - C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
    @[email protected]
    3⤵
    PID:27432
- - C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskdl.exe
    taskdl.exe
    3⤵
    PID:23576
- - C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskse.exe
    taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
    3⤵
    PID:29672
- - C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
    @[email protected]
    3⤵
    PID:29680
- - C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskdl.exe
    taskdl.exe
    3⤵
    PID:25256
- - C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskse.exe
    taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
    3⤵
    PID:29676
- - C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
    @[email protected]
    3⤵
    PID:28332
- - C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskdl.exe
    taskdl.exe
    3⤵
    PID:28840
- - C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskse.exe
    taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
    3⤵
    PID:28104
- - C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
    @[email protected]
    3⤵
    PID:28112
- - C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskdl.exe
    taskdl.exe
    3⤵
    PID:376
- - C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskse.exe
    taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
    3⤵
    PID:30292
- - C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
    @[email protected]
    3⤵
    PID:30300
- - C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskdl.exe
    taskdl.exe
    3⤵
    PID:30696
- - C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskse.exe
    taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
    3⤵
    PID:30388
- - C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
    @[email protected]
    3⤵
    PID:27828
- - C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskdl.exe
    taskdl.exe
    3⤵
    PID:27068
- - C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskse.exe
    taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
    3⤵
    PID:28164
- - C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
    @[email protected]
    3⤵
    PID:27760
- - C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskdl.exe
    taskdl.exe
    3⤵
    PID:29420
- - C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskse.exe
    taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
    3⤵
    PID:32544
- - C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
    @[email protected]
    3⤵
    PID:32552
- - C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskdl.exe
    taskdl.exe
    3⤵
    PID:32128
- - C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskse.exe
    taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
    3⤵
    PID:30836
- - C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
    @[email protected]
    3⤵
    PID:29224
- - C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskdl.exe
    taskdl.exe
    3⤵
    PID:14036
- - C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskse.exe
    taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
    3⤵
    PID:33576
- - C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
    @[email protected]
    3⤵
    PID:33584
- - C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskdl.exe
    taskdl.exe
    3⤵
    PID:26788
- - C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskse.exe
    taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
    3⤵
    PID:376
- - C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
    @[email protected]
    3⤵
    PID:28508
- - C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskdl.exe
    taskdl.exe
    3⤵
    PID:33588
- - C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskse.exe
    taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
    3⤵
    PID:30740
- - C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
    @[email protected]
    3⤵
    PID:33448
- - C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskdl.exe
    taskdl.exe
    3⤵
    PID:32328
- - C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskse.exe
    taskse.exe C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
    3⤵
    PID:34524
- - C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]
    @[email protected]
    3⤵
    PID:34532
- - C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskdl.exe
    taskdl.exe
    3⤵
    PID:34740
- C:\Users\Admin\Desktop\@[email protected]
  "C:\Users\Admin\Desktop\@[email protected]"
  2⤵
  - Executes dropped EXE
  - Sets desktop wallpaper using registry
  - Suspicious use of SetWindowsHookEx
  PID:1792
- C:\Program Files (x86)\Kingsoft\Kingsoft Internet Security\kismain.exe
  "C:\Program Files (x86)\Kingsoft\Kingsoft Internet Security\kismain.exe"
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  PID:7976
- - C:\Windows\system32\pcaui.exe
    "C:\Windows\system32\pcaui.exe" -g {11111111-1111-1111-1111-111111111111} -x {1886939e-5487-4fb2-9d6f-9fb7667f4ae3} -a "Kingsoft Internet Security" -v "Kingsoft Corporation" -s "This app can't run because it causes security or performance issues on Windows. A new version may be available. Check with your software provider for an updated version that runs on this version of Windows." -n 1 -f 0 -k 0 -e "C:\Program Files (x86)\Kingsoft\Kingsoft Internet Security\kismain.exe"
    3⤵
    PID:2404
- C:\Windows\system32\NOTEPAD.EXE
  "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\@[email protected]
  2⤵
  PID:9688
- C:\Users\Admin\Downloads\rcpg_direct-sysweb.exe
  "C:\Users\Admin\Downloads\rcpg_direct-sysweb.exe"
  2⤵
  PID:856
- - C:\Users\Admin\AppData\Local\Temp\is-L7QEK.tmp\rcpg_direct-sysweb.tmp
    "C:\Users\Admin\AppData\Local\Temp\is-L7QEK.tmp\rcpg_direct-sysweb.tmp" /SL5="$20358,10561098,1208320,C:\Users\Admin\Downloads\rcpg_direct-sysweb.exe"
    3⤵
    - Checks computer location settings
    PID:1036
  - - C:\Windows\SysWOW64\taskkill.exe
      "C:\Windows\System32\taskkill.exe" /f /im "RegCleanPro.exe"
      4⤵
      Kills process with taskkill
      PID:1916
  - - C:\Windows\SysWOW64\taskkill.exe
      "C:\Windows\System32\taskkill.exe" /f /im "RegCleanPro.exe"
      4⤵
      Kills process with taskkill
      PID:10276
  - - C:\Windows\SysWOW64\taskkill.exe
      "C:\Windows\System32\taskkill.exe" /f /im "RegCleanPro.exe"
      4⤵
      Kills process with taskkill
      PID:10340
  - - C:\Windows\SysWOW64\taskkill.exe
      "C:\Windows\System32\taskkill.exe" /f /im "rcpnotifier.exe"
      4⤵
      Kills process with taskkill
      PID:10412
- C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe
  "C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe"
  2⤵
  - Checks whether UAC is enabled
  - Drops file in Program Files directory
  - Modifies Internet Explorer settings
  PID:16840
- - C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe
    MicrosoftEdgeWebview2Setup.exe /silent /install
    3⤵
    PID:12460
  - - C:\Program Files (x86)\Microsoft\Temp\EU8175.tmp\MicrosoftEdgeUpdate.exe
      "C:\Program Files (x86)\Microsoft\Temp\EU8175.tmp\MicrosoftEdgeUpdate.exe" /silent /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers"
      4⤵
      Sets file execution options in registry
      Checks computer location settings
      Checks system information in the registry
      PID:17524
    - - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc
        5⤵
        Modifies registry class
        
        PID:16392
    - - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver
        5⤵
        Modifies registry class
        
        PID:17968
      - C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
        6⤵
        Registers COM server for autorun
        Modifies registry class
        
        PID:12976
      - C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
        6⤵
        Registers COM server for autorun
        Modifies registry class
        
        PID:18164
      - C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
        6⤵
        Registers COM server for autorun
        Modifies registry class
        
        PID:6852
    - - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NTQxMEEwOTktNkVEMC00MDNBLTgxMEQtQzI2RjUyNzEzMTNBfSIgdXNlcmlkPSJ7MTk1MEI5ODMtRjVBQS00QTNGLTkzOEYtN0E4RkU1MDNGQzM3fSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9Ins2MDAxNzZBRS01NkIyLTRFODUtOUJGRS01REQ4RDZGRUM2Q0J9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iREFEWSIgcHJvZHVjdF9uYW1lPSJTdGFuZGFyZCBQQyAoUTM1ICsgSUNIOSwgMjAwOSkiLz48ZXhwIGV0YWc9IiZxdW90O3I0NTJ0MStrMlRncS9IWHpqdkZOQlJob3BCV1I5c2JqWHhxZVVESDl1WDA9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0ie0YzQzRGRTAwLUVGRDUtNDAzQi05NTY5LTM5OEEyMEYxQkE0QX0iIHZlcnNpb249IjEuMy4xODUuMTciIG5leHR2ZXJzaW9uPSIxLjMuMTcxLjM5IiBsYW5nPSIiIGJyYW5kPSIiIGNsaWVudD0iIj48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMzIzNjM5OTQ2OSIgaW5zdGFsbF90aW1lX21zPSI0MzUiLz48L2FwcD48L3JlcXVlc3Q-
        5⤵
        Checks system information in the registry
        
        PID:16452
    - - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers" /installsource otherinstallcmd /sessionid "{5410A099-6ED0-403A-810D-C26F5271313A}" /silent
        5⤵
        
        PID:18188
- - C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\RobloxPlayerBeta.exe
    "C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\RobloxPlayerBeta.exe" -app -isInstallerLaunch
    3⤵
    - Suspicious use of NtCreateThreadExHideFromDebugger
    - Suspicious use of NtSetInformationThreadHideFromDebugger
    - Suspicious use of UnmapMainImage
    PID:19660
- C:\Users\Admin\Downloads\PAVSetup.exe
  "C:\Users\Admin\Downloads\PAVSetup.exe"
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:23144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
  2⤵
  - Enumerates system info in registry
  - Suspicious use of SendNotifyMessage
  PID:26324
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9287346f8,0x7ff928734708,0x7ff928734718
    3⤵
    PID:26468
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,2111402089139098449,3839504137765067451,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
    3⤵
    PID:23972
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,2111402089139098449,3839504137765067451,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2532 /prefetch:3
    3⤵
    PID:23956
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,2111402089139098449,3839504137765067451,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2992 /prefetch:8
    3⤵
    PID:27148
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,2111402089139098449,3839504137765067451,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:1
    3⤵
    PID:15480
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,2111402089139098449,3839504137765067451,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:1
    3⤵
    PID:21568
- C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\RobloxPlayerBeta.exe
  "C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\RobloxPlayerBeta.exe"
  2⤵
  - Suspicious use of NtCreateThreadExHideFromDebugger
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  - Suspicious use of UnmapMainImage
  PID:3556
- C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\RobloxPlayerBeta.exe
  "C:\Program Files (x86)\Roblox\Versions\version-f573c8cc796e4c97\RobloxPlayerBeta.exe"
  2⤵
  - Suspicious use of NtCreateThreadExHideFromDebugger
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  - Suspicious use of UnmapMainImage
  PID:24628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
  2⤵
  - Enumerates system info in registry
  PID:24720
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9287346f8,0x7ff928734708,0x7ff928734718
    3⤵
    PID:18584
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=fallback-handler --database="C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --exception-pointers=33500748038144 --process=180 /prefetch:7 --thread=4120
      4⤵
      PID:1624
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2260,3558731870099920325,9424465684823023036,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2368 /prefetch:2
    3⤵
    PID:22888
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2260,3558731870099920325,9424465684823023036,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2728 /prefetch:3
    3⤵
    PID:3648
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2260,3558731870099920325,9424465684823023036,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2900 /prefetch:8
    3⤵
    PID:27540
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,3558731870099920325,9424465684823023036,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3684 /prefetch:1
    3⤵
    PID:18348
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,3558731870099920325,9424465684823023036,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3700 /prefetch:1
    3⤵
    PID:25168
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,3558731870099920325,9424465684823023036,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2248 /prefetch:1
    3⤵
    PID:3968
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,3558731870099920325,9424465684823023036,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4016 /prefetch:1
    3⤵
    PID:4844
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2260,3558731870099920325,9424465684823023036,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4920 /prefetch:8
    3⤵
    PID:27608
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2260,3558731870099920325,9424465684823023036,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4920 /prefetch:8
    3⤵
    PID:21108
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,3558731870099920325,9424465684823023036,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3764 /prefetch:1
    3⤵
    PID:21664
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,3558731870099920325,9424465684823023036,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5124 /prefetch:1
    3⤵
    PID:17304
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,3558731870099920325,9424465684823023036,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5420 /prefetch:1
    3⤵
    PID:25760
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,3558731870099920325,9424465684823023036,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5180 /prefetch:1
    3⤵
    PID:26892
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2260,3558731870099920325,9424465684823023036,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3740 /prefetch:8
    3⤵
    PID:23732
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2260,3558731870099920325,9424465684823023036,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5132 /prefetch:8
    3⤵
    PID:23068
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,3558731870099920325,9424465684823023036,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5304 /prefetch:1
    3⤵
    PID:26940
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,3558731870099920325,9424465684823023036,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5748 /prefetch:1
    3⤵
    PID:25268
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,3558731870099920325,9424465684823023036,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1840 /prefetch:1
    3⤵
    PID:26384
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,3558731870099920325,9424465684823023036,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1256 /prefetch:1
    3⤵
    PID:20944
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,3558731870099920325,9424465684823023036,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5764 /prefetch:1
    3⤵
    PID:4760
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,3558731870099920325,9424465684823023036,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1
    3⤵
    PID:27272
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,3558731870099920325,9424465684823023036,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5748 /prefetch:1
    3⤵
    PID:22432
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,3558731870099920325,9424465684823023036,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5276 /prefetch:1
    3⤵
    PID:26928
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,3558731870099920325,9424465684823023036,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6344 /prefetch:1
    3⤵
    PID:6544
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,3558731870099920325,9424465684823023036,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5816 /prefetch:1
    3⤵
    PID:6852
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,3558731870099920325,9424465684823023036,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5460 /prefetch:1
    3⤵
    PID:25084
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,3558731870099920325,9424465684823023036,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6328 /prefetch:1
    3⤵
    PID:26244
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,3558731870099920325,9424465684823023036,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5880 /prefetch:1
    3⤵
    PID:26512
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,3558731870099920325,9424465684823023036,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5132 /prefetch:1
    3⤵
    PID:26976
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,3558731870099920325,9424465684823023036,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6264 /prefetch:1
    3⤵
    PID:24008
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,3558731870099920325,9424465684823023036,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6412 /prefetch:1
    3⤵
    PID:27832
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,3558731870099920325,9424465684823023036,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6548 /prefetch:1
    3⤵
    PID:27932
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,3558731870099920325,9424465684823023036,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6600 /prefetch:1
    3⤵
    PID:28064
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,3558731870099920325,9424465684823023036,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7000 /prefetch:1
    3⤵
    PID:28164
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,3558731870099920325,9424465684823023036,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7124 /prefetch:1
    3⤵
    PID:28312
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,3558731870099920325,9424465684823023036,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7396 /prefetch:1
    3⤵
    PID:28624
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,3558731870099920325,9424465684823023036,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7508 /prefetch:1
    3⤵
    PID:27760
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,3558731870099920325,9424465684823023036,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6772 /prefetch:1
    3⤵
    PID:27916
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,3558731870099920325,9424465684823023036,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7768 /prefetch:1
    3⤵
    PID:28284
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,3558731870099920325,9424465684823023036,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7644 /prefetch:1
    3⤵
    PID:28292
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,3558731870099920325,9424465684823023036,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7936 /prefetch:1
    3⤵
    PID:28296
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,3558731870099920325,9424465684823023036,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8068 /prefetch:1
    3⤵
    PID:28304
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,3558731870099920325,9424465684823023036,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8204 /prefetch:1
    3⤵
    PID:28336
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,3558731870099920325,9424465684823023036,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8336 /prefetch:1
    3⤵
    PID:28332
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2260,3558731870099920325,9424465684823023036,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2652 /prefetch:2
    3⤵
    PID:24172
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,3558731870099920325,9424465684823023036,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7336 /prefetch:1
    3⤵
    PID:3688
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,3558731870099920325,9424465684823023036,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7340 /prefetch:1
    3⤵
    PID:28640
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,3558731870099920325,9424465684823023036,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8808 /prefetch:1
    3⤵
    PID:25412
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,3558731870099920325,9424465684823023036,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8792 /prefetch:1
    3⤵
    PID:29208
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,3558731870099920325,9424465684823023036,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8804 /prefetch:1
    3⤵
    PID:4596
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,3558731870099920325,9424465684823023036,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6592 /prefetch:1
    3⤵
    PID:22544
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2260,3558731870099920325,9424465684823023036,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=8548 /prefetch:2
    3⤵
    PID:29580
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,3558731870099920325,9424465684823023036,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6832 /prefetch:1
    3⤵
    PID:28508
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,3558731870099920325,9424465684823023036,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8288 /prefetch:1
    3⤵
    PID:27736
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,3558731870099920325,9424465684823023036,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2572 /prefetch:1
    3⤵
    PID:27752
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,3558731870099920325,9424465684823023036,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8936 /prefetch:1
    3⤵
    PID:27680
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,3558731870099920325,9424465684823023036,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6596 /prefetch:1
    3⤵
    PID:24756
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,3558731870099920325,9424465684823023036,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8244 /prefetch:1
    3⤵
    PID:27876
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,3558731870099920325,9424465684823023036,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6928 /prefetch:1
    3⤵
    PID:28464
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,3558731870099920325,9424465684823023036,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6292 /prefetch:1
    3⤵
    PID:13880
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,3558731870099920325,9424465684823023036,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6372 /prefetch:1
    3⤵
    PID:27848
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,3558731870099920325,9424465684823023036,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6636 /prefetch:1
    3⤵
    PID:3572
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,3558731870099920325,9424465684823023036,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8108 /prefetch:1
    3⤵
    PID:20896
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,3558731870099920325,9424465684823023036,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7472 /prefetch:1
    3⤵
    PID:30432
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,3558731870099920325,9424465684823023036,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6636 /prefetch:1
    3⤵
    PID:30636
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,3558731870099920325,9424465684823023036,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8160 /prefetch:1
    3⤵
    PID:30644
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,3558731870099920325,9424465684823023036,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7588 /prefetch:1
    3⤵
    PID:30112
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,3558731870099920325,9424465684823023036,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4016 /prefetch:1
    3⤵
    PID:30524
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,3558731870099920325,9424465684823023036,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7424 /prefetch:1
    3⤵
    PID:30540
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,3558731870099920325,9424465684823023036,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6324 /prefetch:1
    3⤵
    PID:30432
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,3558731870099920325,9424465684823023036,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7660 /prefetch:1
    3⤵
    PID:30264
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,3558731870099920325,9424465684823023036,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7268 /prefetch:1
    3⤵
    PID:376
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,3558731870099920325,9424465684823023036,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6836 /prefetch:1
    3⤵
    PID:30196
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,3558731870099920325,9424465684823023036,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4956 /prefetch:1
    3⤵
    PID:28416
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,3558731870099920325,9424465684823023036,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8808 /prefetch:1
    3⤵
    PID:29456
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2260,3558731870099920325,9424465684823023036,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6392 /prefetch:8
    3⤵
    PID:28044
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,3558731870099920325,9424465684823023036,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1828 /prefetch:1
    3⤵
    PID:27952
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2260,3558731870099920325,9424465684823023036,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8316 /prefetch:8
    3⤵
    PID:17972
- - C:\Program Files\7-Zip\7zFM.exe
    "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\Chaos_Ransomware_Builder_v4_Cleaned.rar"
    3⤵
    - Suspicious behavior: GetForegroundWindowSpam
    PID:30816
  - - C:\Users\Admin\AppData\Local\Temp\7zO0688ECAE\Chaos Ransomware Builder v4 Cleaned.exe
      "C:\Users\Admin\AppData\Local\Temp\7zO0688ECAE\Chaos Ransomware Builder v4 Cleaned.exe"
      4⤵
      PID:31036
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.blackhatrussia.com/
      4⤵
      PID:25760
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9287346f8,0x7ff928734708,0x7ff928734718
        5⤵
        
        PID:26776
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,3558731870099920325,9424465684823023036,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=82 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7840 /prefetch:1
    3⤵
    PID:31232
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,3558731870099920325,9424465684823023036,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=84 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5132 /prefetch:1
    3⤵
    PID:27656
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2260,3558731870099920325,9424465684823023036,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6816 /prefetch:8
    3⤵
    PID:27068
- - C:\Program Files\7-Zip\7zFM.exe
    "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\Chaos_Ransomware_Builder_v4_Cleaned (1).rar"
    3⤵
    - Suspicious behavior: GetForegroundWindowSpam
    PID:29672
  - - C:\Users\Admin\AppData\Local\Temp\7zO8E360A7E\Chaos Ransomware Builder v4 Cleaned.exe
      "C:\Users\Admin\AppData\Local\Temp\7zO8E360A7E\Chaos Ransomware Builder v4 Cleaned.exe"
      4⤵
      PID:31848
- C:\Program Files\7-Zip\7zFM.exe
  "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\Chaos_Ransomware_Builder_v4_Cleaned (1).rar"
  2⤵
  - Suspicious behavior: GetForegroundWindowSpam
  PID:30220
- - C:\Users\Admin\AppData\Local\Temp\7zOC06E84F1\Chaos Ransomware Builder v4 Cleaned.exe
    "C:\Users\Admin\AppData\Local\Temp\7zOC06E84F1\Chaos Ransomware Builder v4 Cleaned.exe"
    3⤵
    PID:32332
- - C:\Users\Admin\AppData\Local\Temp\7zOC06D9C61\Chaos Ransomware Builder v4 Cleaned.exe
    "C:\Users\Admin\AppData\Local\Temp\7zOC06D9C61\Chaos Ransomware Builder v4 Cleaned.exe"
    3⤵
    PID:32272
- - C:\Users\Admin\AppData\Local\Temp\7zOC06B0051\Chaos Ransomware Builder v4 Cleaned.exe
    "C:\Users\Admin\AppData\Local\Temp\7zOC06B0051\Chaos Ransomware Builder v4 Cleaned.exe"
    3⤵
    PID:33112
- C:\Program Files\7-Zip\7zFM.exe
  "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Desktop\Chaos Ransomware Builder v4 Cleaned.exe"
  2⤵
  - Suspicious behavior: GetForegroundWindowSpam
  PID:33620
- C:\Program Files\7-Zip\7zFM.exe
  "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\Chaos_Ransomware_Builder_v4_Cleaned.rar"
  2⤵
  - Suspicious behavior: GetForegroundWindowSpam
  PID:27044
- C:\Users\Admin\3D Objects\Chaos Ransomware Builder v4 Cleaned\Chaos Ransomware Builder v4 Cleaned.exe
  "C:\Users\Admin\3D Objects\Chaos Ransomware Builder v4 Cleaned\Chaos Ransomware Builder v4 Cleaned.exe"
  2⤵
  PID:28212
- C:\Users\Admin\3D Objects\Chaos Ransomware Builder v4 Cleaned\Chaos Ransomware Builder v4 Cleaned.exe
  "C:\Users\Admin\3D Objects\Chaos Ransomware Builder v4 Cleaned\Chaos Ransomware Builder v4 Cleaned.exe"
  2⤵
  PID:30372
- C:\Program Files (x86)\Kingsoft\Kingsoft Internet Security\kismain.exe
  "C:\Program Files (x86)\Kingsoft\Kingsoft Internet Security\kismain.exe" /kmpath /rs
  2⤵
  - Modifies Internet Explorer settings
  PID:34072
- - C:\Windows\system32\pcaui.exe
    "C:\Windows\system32\pcaui.exe" -g {11111111-1111-1111-1111-111111111111} -x {1886939e-5487-4fb2-9d6f-9fb7667f4ae3} -a "Kingsoft Internet Security" -v "Kingsoft Corporation" -s "This app can't run because it causes security or performance issues on Windows. A new version may be available. Check with your software provider for an updated version that runs on this version of Windows." -n 1 -f 0 -k 0 -e "C:\Program Files (x86)\Kingsoft\Kingsoft Internet Security\kismain.exe"
    3⤵
    PID:34084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
  2⤵
  - Checks computer location settings
  - Checks whether UAC is enabled
  - Checks system information in the registry
  - Enumerates system info in registry
  - System policy modification
  PID:34468
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=123.0.6312.87 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=123.0.2420.65 --initial-client-data=0x2e0,0x2e4,0x2e8,0x2dc,0x2f0,0x7ff9194d4e48,0x7ff9194d4e54,0x7ff9194d4e60
    3⤵
    PID:34532
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2076,i,1179004029677722041,899462373774253252,262144 --variations-seed-version --mojo-platform-channel-handle=1964 /prefetch:2
    3⤵
    PID:34748
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2080,i,1179004029677722041,899462373774253252,262144 --variations-seed-version --mojo-platform-channel-handle=2344 /prefetch:3
    3⤵
    PID:34284
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2560,i,1179004029677722041,899462373774253252,262144 --variations-seed-version --mojo-platform-channel-handle=2576 /prefetch:8
    3⤵
    PID:34876
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3592,i,1179004029677722041,899462373774253252,262144 --variations-seed-version --mojo-platform-channel-handle=3636 /prefetch:1
    3⤵
    - Checks computer location settings
    PID:35204
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3604,i,1179004029677722041,899462373774253252,262144 --variations-seed-version --mojo-platform-channel-handle=3772 /prefetch:1
    3⤵
    - Checks computer location settings
    PID:35216
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --extension-process --renderer-sub-type=extension --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4840,i,1179004029677722041,899462373774253252,262144 --variations-seed-version --mojo-platform-channel-handle=4860 /prefetch:2
    3⤵
    - Checks computer location settings
    PID:35384
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4200,i,1179004029677722041,899462373774253252,262144 --variations-seed-version --mojo-platform-channel-handle=5244 /prefetch:8
    3⤵
    PID:35820
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5428,i,1179004029677722041,899462373774253252,262144 --variations-seed-version --mojo-platform-channel-handle=5436 /prefetch:8
    3⤵
    PID:35048
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=5660,i,1179004029677722041,899462373774253252,262144 --variations-seed-version --mojo-platform-channel-handle=5696 /prefetch:8
    3⤵
    PID:35176
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --no-appcompat-clear --field-trial-handle=5672,i,1179004029677722041,899462373774253252,262144 --variations-seed-version --mojo-platform-channel-handle=5724 /prefetch:8
    3⤵
    PID:35820

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:4616

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3096

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1516

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5876

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2484

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x41c 0x464
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3520

C:\Program Files (x86)\Common Files\Kingsoft\kiscommon\upsvc.exe
"C:\Program Files (x86)\Common Files\Kingsoft\kiscommon\upsvc.exe"
1⤵
- Executes dropped EXE
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
PID:6604
- C:\Program Files (x86)\Common Files\Kingsoft\kiscommon\kislive.exe
  "C:\Program Files (x86)\Common Files\Kingsoft\kiscommon\kislive.exe" -autorun -inst -product kiscommon kav
  2⤵
  - Drops file in System32 directory
  - Modifies data under HKEY_USERS
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:3552
- - C:\Program Files (x86)\Common Files\Kingsoft\kiscommon\kisaddin.exe
    "C:\Program Files (x86)\Common Files\Kingsoft\kiscommon\kisaddin.exe" -kislive -f c:\programdata\kingsoft\kis\uplive\addin.dat -hotfix -infoc
    3⤵
    PID:2616
- C:\Program Files (x86)\Common Files\Kingsoft\kiscommon\operation\cas\ksinfo.exe
  "C:\Program Files (x86)\Common Files\Kingsoft\kiscommon\operation\cas\ksinfo.exe" -startcollect -srv
  2⤵
  PID:13716

C:\Program Files (x86)\Common Files\Kingsoft\kiscommon\kxeserv.exe
"C:\Program Files (x86)\Common Files\Kingsoft\kiscommon\kxeserv.exe"
1⤵
PID:5340

C:\Program Files (x86)\Common Files\Kingsoft\kiscommon\kxescore.exe
"C:\Program Files (x86)\Common Files\Kingsoft\kiscommon\kxescore.exe" /service kxescore
1⤵
- Drops file in System32 directory
PID:6664

C:\Program Files (x86)\Common Files\Kingsoft\kiscommon\kxesapp.exe
"C:\Program Files (x86)\Common Files\Kingsoft\kiscommon\kxesapp.exe" /service kxesapp
1⤵
- Writes to the Master Boot Record (MBR)
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
PID:7176
- C:\Program Files (x86)\Common Files\Kingsoft\kiscommon\kxeppwiz.exe
  "C:\Program Files (x86)\Common Files\Kingsoft\kiscommon\kxeppwiz.exe" -E 7 -O 1 -P 8192 -S 64 -L 1
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:4660
- C:\Program Files (x86)\Common Files\Kingsoft\kiscommon\kcookie.exe
  "C:\Program Files (x86)\Common Files\Kingsoft\kiscommon\kcookie.exe" -getandsendcookie
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:9928

C:\Program Files (x86)\Common Files\Kingsoft\kiscommon\kxedefend.exe
"C:\Program Files (x86)\Common Files\Kingsoft\kiscommon\kxedefend.exe" /service kxedefend
1⤵
PID:7964

C:\Windows\System32\CredentialUIBroker.exe
"C:\Windows\System32\CredentialUIBroker.exe" NonAppContainer -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:6848

C:\Windows\System32\CredentialUIBroker.exe
"C:\Windows\System32\CredentialUIBroker.exe" NonAppContainer -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:8136

C:\Windows\System32\CredentialUIBroker.exe
"C:\Windows\System32\CredentialUIBroker.exe" NonAppContainer -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:1932

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DeviceAssociationService
1⤵
PID:3824

C:\Program Files (x86)\RegClean Pro\rcpnotifier.exe
"C:\Program Files (x86)\RegClean Pro\rcpnotifier.exe" startup neweventtrigger
1⤵
PID:8224

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k PrintWorkflow -s PrintWorkflowUserSvc
1⤵
PID:11804

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
1⤵
PID:13316

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
1⤵
PID:13428

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:8696

C:\Windows\SysWOW64\werfault.exe
werfault.exe /h /shared Global\0e790a0409b54277a03ab3c1a34aa843 /t 5512 /p 7976
1⤵
PID:16584

C:\Windows\SysWOW64\werfault.exe
werfault.exe /h /shared Global\fed3708a92c7404ebc53b4ce1464a31a /t 5840 /p 4660
1⤵
PID:16464

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
1⤵
- Checks system information in the registry
- Modifies data under HKEY_USERS
PID:17004
- C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NTQxMEEwOTktNkVEMC00MDNBLTgxMEQtQzI2RjUyNzEzMTNBfSIgdXNlcmlkPSJ7MTk1MEI5ODMtRjVBQS00QTNGLTkzOEYtN0E4RkU1MDNGQzM3fSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9IntDNDgyRDk5Ri0xRDFFLTQxRkUtOUE0My1EQTdCMzA1NDEzM0Z9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iREFEWSIgcHJvZHVjdF9uYW1lPSJTdGFuZGFyZCBQQyAoUTM1ICsgSUNIOSwgMjAwOSkiLz48ZXhwIGV0YWc9IiZxdW90O3I0NTJ0MStrMlRncS9IWHpqdkZOQlJob3BCV1I5c2JqWHhxZVVESDl1WDA9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0iezhBNjlEMzQ1LUQ1NjQtNDYzYy1BRkYxLUE2OUQ5RTUzMEY5Nn0iIHZlcnNpb249IjEwNi4wLjUyNDkuMTE5IiBuZXh0dmVyc2lvbj0iMTA2LjAuNTI0OS4xMTkiIGxhbmc9ImVuIiBicmFuZD0iR0dMUyIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjMxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSI1IiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMzI0MDA2OTYzMCIvPjwvYXBwPjwvcmVxdWVzdD4
  2⤵
  - Checks system information in the registry
  PID:6052
- C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2A7D0206-946E-4457-888C-772168C9B5F8}\MicrosoftEdge_X64_123.0.2420.65.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2A7D0206-946E-4457-888C-772168C9B5F8}\MicrosoftEdge_X64_123.0.2420.65.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
  2⤵
  PID:18492
- - C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2A7D0206-946E-4457-888C-772168C9B5F8}\EDGEMITMP_6D4F1.tmp\setup.exe
    "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2A7D0206-946E-4457-888C-772168C9B5F8}\EDGEMITMP_6D4F1.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2A7D0206-946E-4457-888C-772168C9B5F8}\MicrosoftEdge_X64_123.0.2420.65.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
    3⤵
    - Drops file in Program Files directory
    PID:18632
  - - C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2A7D0206-946E-4457-888C-772168C9B5F8}\EDGEMITMP_6D4F1.tmp\setup.exe
      "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2A7D0206-946E-4457-888C-772168C9B5F8}\EDGEMITMP_6D4F1.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=123.0.6312.87 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{2A7D0206-946E-4457-888C-772168C9B5F8}\EDGEMITMP_6D4F1.tmp\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=123.0.2420.65 --initial-client-data=0x22c,0x230,0x234,0x208,0x238,0x7ff798edbaf8,0x7ff798edbb04,0x7ff798edbb10
      4⤵
      PID:18660
- C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NTQxMEEwOTktNkVEMC00MDNBLTgxMEQtQzI2RjUyNzEzMTNBfSIgdXNlcmlkPSJ7MTk1MEI5ODMtRjVBQS00QTNGLTkzOEYtN0E4RkU1MDNGQzM3fSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9IntFMURBOUFERC0xMDc0LTQ2RTctQTEzMS04ODBEQUY1RTMyM0V9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iREFEWSIgcHJvZHVjdF9uYW1lPSJTdGFuZGFyZCBQQyAoUTM1ICsgSUNIOSwgMjAwOSkiLz48ZXhwIGV0YWc9IiZxdW90O1ZQUW9QMUYrZnExNXdSemgxa1BMNFBNcFdoOE9STUI1aXp2ck9DL2NoalE9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0ie0YzMDE3MjI2LUZFMkEtNDI5NS04QkRGLTAwQzNBOUE3RTRDNX0iIHZlcnNpb249IiIgbmV4dHZlcnNpb249IjEyMy4wLjI0MjAuNjUiIGxhbmc9IiIgYnJhbmQ9IiIgY2xpZW50PSIiIGV4cGVyaW1lbnRzPSJjb25zZW50PWZhbHNlIiBpbnN0YWxsYWdlPSItMSIgaW5zdGFsbGRhdGU9Ii0xIj48dXBkYXRlY2hlY2svPjxldmVudCBldmVudHR5cGU9IjkiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjEzMjU0Mjk4OTMyIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTMyNTQzMTg5NzkiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMzQxNDkyNDU0OSIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgZG93bmxvYWRlcj0iYml0cyIgdXJsPSJodHRwOi8vbXNlZGdlLmYudGx1LmRsLmRlbGl2ZXJ5Lm1wLm1pY3Jvc29mdC5jb20vZmlsZXN0cmVhbWluZ3NlcnZpY2UvZmlsZXMvNjZlMGI5M2QtYjQ2OS00ZmI1LTgyMGItMjcwNGE4ZDdhOWU0P1AxPTE3MTIzNDc5NjImYW1wO1AyPTQwNCZhbXA7UDM9MiZhbXA7UDQ9WE81MjRJYURKTGptenNzNFI0d0ZYUUtUeVA2REQ5azFMZThJdDlydHlmbHFySGhPckZEMXBrSkxjZzR3ZEJuMFllcUpMMllNNWtLZ3o0b25XVWFOcEElM2QlM2QiIHNlcnZlcl9pcF9oaW50PSIiIGNkbl9jaWQ9Ii0xIiBjZG5fY2NjPSIiIGNkbl9tc2VkZ2VfcmVmPSIiIGNkbl9henVyZV9yZWZfb3JpZ2luX3NoaWVsZD0iIiBjZG5fY2FjaGU9IiIgY2RuX3AzcD0iIiBkb3dubG9hZGVkPSIxNzIwNTc1NjAiIHRvdGFsPSIxNzIwNTc1NjAiIGRvd25sb2FkX3RpbWVfbXM9IjEzNTA4Ii8-PGV2ZW50IGV2ZW50dHlwZT0iMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTM0MTUwNTQ0ODMiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSI2IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxMzQzMzAwNDYyMiIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjE5Njc1NyIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTQwMjI2MTg5MjEiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIHVwZGF0ZV9jaGVja190aW1lX21zPSI5MTEiIGRvd25sb2FkX3RpbWVfbXM9IjE2MDcxIiBkb3dubG9hZGVkPSIxNzIwNTc1NjAiIHRvdGFsPSIxNzIwNTc1NjAiIHBhY2thZ2VfY2FjaGVfcmVzdWx0PSIwIiBpbnN0YWxsX3RpbWVfbXM9IjU4OTU5Ii8-PC9hcHA-PC9yZXF1ZXN0Pg
  2⤵
  - Checks system information in the registry
  PID:19600

C:\Windows\SysWOW64\werfault.exe
werfault.exe /h /shared Global\71977542268e475e8dd0c83c41d8d94a /t 21716 /p 21720
1⤵
PID:22604

C:\Windows\SysWOW64\werfault.exe
werfault.exe /h /shared Global\9fc640be33e14962b6c9b4b0b6f93371 /t 23148 /p 23144
1⤵
PID:17336

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ua /installsource scheduler
1⤵
- Checks system information in the registry
PID:21040

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:24384

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
1⤵
- Checks system information in the registry
- Modifies data under HKEY_USERS
PID:23928
- C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8E582299-D9D8-4C3D-B29F-1B2879D6673E}\MicrosoftEdgeUpdateSetup_X86_1.3.185.27.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{8E582299-D9D8-4C3D-B29F-1B2879D6673E}\MicrosoftEdgeUpdateSetup_X86_1.3.185.27.exe" /update /sessionid "{390BF658-CC71-438F-8003-56B016B2F1DF}"
  2⤵
  PID:25060
- - C:\Program Files (x86)\Microsoft\Temp\EU305A.tmp\MicrosoftEdgeUpdate.exe
    "C:\Program Files (x86)\Microsoft\Temp\EU305A.tmp\MicrosoftEdgeUpdate.exe" /update /sessionid "{390BF658-CC71-438F-8003-56B016B2F1DF}"
    3⤵
    - Sets file execution options in registry
    - Checks system information in the registry
    PID:25884
  - - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
      "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc
      4⤵
      Modifies registry class
      PID:25100
  - - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
      "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver
      4⤵
      Modifies registry class
      PID:26636
    - - C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.27\MicrosoftEdgeUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.27\MicrosoftEdgeUpdateComRegisterShell64.exe"
        5⤵
        Registers COM server for autorun
        Modifies registry class
        
        PID:26988
    - - C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.27\MicrosoftEdgeUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.27\MicrosoftEdgeUpdateComRegisterShell64.exe"
        5⤵
        Registers COM server for autorun
        Modifies registry class
        
        PID:27340
    - - C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.27\MicrosoftEdgeUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.185.27\MicrosoftEdgeUpdateComRegisterShell64.exe"
        5⤵
        Registers COM server for autorun
        Modifies registry class
        
        PID:27336
  - - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
      "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODUuMjciIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MzkwQkY2NTgtQ0M3MS00MzhGLTgwMDMtNTZCMDE2QjJGMURGfSIgdXNlcmlkPSJ7MTk1MEI5ODMtRjVBQS00QTNGLTkzOEYtN0E4RkU1MDNGQzM3fSIgaW5zdGFsbHNvdXJjZT0ic2VsZnVwZGF0ZSIgcmVxdWVzdGlkPSJ7QUVCMUU3M0YtN0ZBMi00NTU2LThDREQtQzM3MTAxMjMzNkExfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjgiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0MS4xMjg4IiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iNDgiIGlzX3dpcD0iMCIgaXNfaW5fbG9ja2Rvd25fbW9kZT0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IkRBRFkiIHByb2R1Y3RfbmFtZT0iU3RhbmRhcmQgUEMgKFEzNSArIElDSDksIDIwMDkpIi8-PGV4cCBldGFnPSImcXVvdDtyNDUydDErazJUZ3EvSFh6anZGTkJSaG9wQldSOXNialh4cWVVREg5dVgwPSZxdW90OyIvPjxhcHAgYXBwaWQ9IntGM0M0RkUwMC1FRkQ1LTQwM0ItOTU2OS0zOThBMjBGMUJBNEF9IiB2ZXJzaW9uPSIxLjMuMTcxLjM5IiBuZXh0dmVyc2lvbj0iMS4zLjE4NS4yNyIgbGFuZz0iIiBicmFuZD0iSU5CWCIgY2xpZW50PSIiIGluc3RhbGxhZ2U9IjMyIiBpbnN0YWxsZGF0ZXRpbWU9IjE3MDg5NjA0MTUiPjxldmVudCBldmVudHR5cGU9IjMiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjE2OTcwNjM1NjEwIi8-PC9hcHA-PC9yZXF1ZXN0Pg
      4⤵
      Checks system information in the registry
      PID:25156
- C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MzkwQkY2NTgtQ0M3MS00MzhGLTgwMDMtNTZCMDE2QjJGMURGfSIgdXNlcmlkPSJ7MTk1MEI5ODMtRjVBQS00QTNGLTkzOEYtN0E4RkU1MDNGQzM3fSIgaW5zdGFsbHNvdXJjZT0ic2NoZWR1bGVyIiByZXF1ZXN0aWQ9Ins3OThBRkIxQy1DOERBLTRBNDgtOUZCNS00M0IyNkUzNDE5MEF9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iREFEWSIgcHJvZHVjdF9uYW1lPSJTdGFuZGFyZCBQQyAoUTM1ICsgSUNIOSwgMjAwOSkiLz48ZXhwIGV0YWc9IiZxdW90O3I0NTJ0MStrMlRncS9IWHpqdkZOQlJob3BCV1I5c2JqWHhxZVVESDl1WDA9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0ie0YzQzRGRTAwLUVGRDUtNDAzQi05NTY5LTM5OEEyMEYxQkE0QX0iIHZlcnNpb249IjEuMy4xNzEuMzkiIG5leHR2ZXJzaW9uPSIxLjMuMTg1LjI3IiBsYW5nPSIiIGJyYW5kPSJJTkJYIiBjbGllbnQ9IiIgaW5zdGFsbGFnZT0iMzIiPjx1cGRhdGVjaGVjay8-PGV2ZW50IGV2ZW50dHlwZT0iMTIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjE2NDYyNjA0OTQxIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTMiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjE2NDYyODY0OTU2IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTQiIGV2ZW50cmVzdWx0PSIwIiBlcnJvcmNvZGU9Ii0yMTQ3MDIzODM4IiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxNjk0NzQwNTU2NCIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgZG93bmxvYWRlcj0iZG8iIHVybD0iaHR0cDovL21zZWRnZS5iLnRsdS5kbC5kZWxpdmVyeS5tcC5taWNyb3NvZnQuY29tL2ZpbGVzdHJlYW1pbmdzZXJ2aWNlL2ZpbGVzL2FiNzMwZTJhLThkNWUtNGYwMS04ZjhhLTcxZDc3YjliYjc4NT9QMT0xNzEyMzQ4MjgzJmFtcDtQMj00MDQmYW1wO1AzPTImYW1wO1A0PUMyc0E0amZyMEZTNFNPRVVhWWZyNkFHS2ZENnI3ZUZqZHY3Q1ZoOElhR2E1a3dFeDhPbWxBUXVNaWd1cHg4TEN4OFM3dmp2OGxrdnRpNXc5Q2ZkY1lnJTNkJTNkIiBzZXJ2ZXJfaXBfaGludD0iIiBjZG5fY2lkPSItMSIgY2RuX2NjYz0iIiBjZG5fbXNlZGdlX3JlZj0iIiBjZG5fYXp1cmVfcmVmX29yaWdpbl9zaGllbGQ9IiIgY2RuX2NhY2hlPSIiIGNkbl9wM3A9IiIgZG93bmxvYWRlZD0iMCIgdG90YWw9IjAiIGRvd25sb2FkX3RpbWVfbXM9IjExIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTQiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjE2OTQ3NDI1NTg5IiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiBkb3dubG9hZGVyPSJiaXRzIiB1cmw9Imh0dHA6Ly9tc2VkZ2UuYi50bHUuZGwuZGVsaXZlcnkubXAubWljcm9zb2Z0LmNvbS9maWxlc3RyZWFtaW5nc2VydmljZS9maWxlcy9hYjczMGUyYS04ZDVlLTRmMDEtOGY4YS03MWQ3N2I5YmI3ODU_UDE9MTcxMjM0ODI4MyZhbXA7UDI9NDA0JmFtcDtQMz0yJmFtcDtQND1DMnNBNGpmcjBGUzRTT0VVYVlmcjZBR0tmRDZyN2VGamR2N0NWaDhJYUdhNWt3RXg4T21sQVF1TWlndXB4OExDeDhTN3Zqdjhsa3Z0aTV3OUNmZGNZZyUzZCUzZCIgc2VydmVyX2lwX2hpbnQ9IiIgY2RuX2NpZD0iLTEiIGNkbl9jY2M9IiIgY2RuX21zZWRnZV9yZWY9IiIgY2RuX2F6dXJlX3JlZl9vcmlnaW5fc2hpZWxkPSIiIGNkbl9jYWNoZT0iIiBjZG5fcDNwPSIiIGRvd25sb2FkZWQ9IjE2MjE5NzYiIHRvdGFsPSIxNjIxOTc2IiBkb3dubG9hZF90aW1lX21zPSI0ODM2MiIvPjxldmVudCBldmVudHR5cGU9IjE0IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxNjk0NzQ0NTUzMCIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjE1IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxNjk1MjcyNTY4MyIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxwaW5nIHI9IjMyIiByZD0iNjI2NSIgcGluZ19mcmVzaG5lc3M9Ins0RDg5REExQy0wMkJBLTQ3RkEtQkU5MS1DMEFDOTJDMTM1ODh9Ii8-PC9hcHA-PGFwcCBhcHBpZD0iezU2RUIxOEY4LUIwMDgtNENCRC1CNkQyLThDOTdGRTdFOTA2Mn0iIHZlcnNpb249IjkyLjAuOTAyLjY3IiBuZXh0dmVyc2lvbj0iIiBsYW5nPSIiIGJyYW5kPSJJTkJYIiBjbGllbnQ9IiIgZXhwZXJpbWVudHM9ImNvbnNlbnQ9ZmFsc2UiIGluc3RhbGxhZ2U9IjMyIiBsYXN0X2xhdW5jaF90aW1lPSIxMzM1NjIxNTkwNTA3Nzc0MzAiPjx1cGRhdGVjaGVjay8-PHBpbmcgYWN0aXZlPSIxIiBhPSIzMiIgcj0iMzIiIGFkPSI2MjY1IiByZD0iNjI2NSIgcGluZ19mcmVzaG5lc3M9InswOEFCN0JFRS1BRjhBLTQ5MzItQkNFMi0wREU1MzY5NTJGQUF9Ii8-PC9hcHA-PGFwcCBhcHBpZD0ie0YzMDE3MjI2LUZFMkEtNDI5NS04QkRGLTAwQzNBOUE3RTRDNX0iIHZlcnNpb249IjEyMy4wLjI0MjAuNjUiIG5leHR2ZXJzaW9uPSIiIGxhbmc9IiIgYnJhbmQ9IkdHTFMiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSIwIiBpbnN0YWxsZGF0ZT0iNjI5MyI-PHVwZGF0ZWNoZWNrLz48cGluZyByPSItMSIgcmQ9Ii0xIiBwaW5nX2ZyZXNobmVzcz0ie0U4Q0YzMEU0LTE2RDktNDMyNC1BRjczLUQ1NjY4NEQxOENGMX0iLz48L2FwcD48L3JlcXVlc3Q-
  2⤵
  - Checks system information in the registry
  PID:27020

C:\Windows\System32\CredentialUIBroker.exe
"C:\Windows\System32\CredentialUIBroker.exe" NonAppContainer -Embedding
1⤵
PID:24900

C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\ed41f1f2065849318a0331097769e886 /t 4136 /p 1044
1⤵
PID:25808

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:22268

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:27140

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:27068

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:23976

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:29088

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:29172

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ua /installsource scheduler
1⤵
PID:30052

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
1⤵
- Checks system information in the registry
- Modifies data under HKEY_USERS
PID:30088
- C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODUuMjciIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MkI3NUE0OTQtOTMxMi00RDFBLUI4MDYtMDAxMzU5M0JBNTgzfSIgdXNlcmlkPSJ7MTk1MEI5ODMtRjVBQS00QTNGLTkzOEYtN0E4RkU1MDNGQzM3fSIgaW5zdGFsbHNvdXJjZT0ibGltaXRlZCIgcmVxdWVzdGlkPSJ7NTQ4NTNDRDMtOTYzNy00NkZCLTlFMTItNjkyNERCRTNENUVFfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjgiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0MS4xMjg4IiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iNDgiIGlzX3dpcD0iMCIgaXNfaW5fbG9ja2Rvd25fbW9kZT0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IkRBRFkiIHByb2R1Y3RfbmFtZT0iU3RhbmRhcmQgUEMgKFEzNSArIElDSDksIDIwMDkpIi8-PGV4cCBldGFnPSImcXVvdDtEVjBqSS9LRGx4aEh1ZTFMOUtSR0djcU9oZjNIM2gzYWNTckVhblFLZmdRPSZxdW90OyIvPjxhcHAgYXBwaWQ9Ins4QTY5RDM0NS1ENTY0LTQ2M2MtQUZGMS1BNjlEOUU1MzBGOTZ9IiB2ZXJzaW9uPSIxMDYuMC41MjQ5LjExOSIgbmV4dHZlcnNpb249IiIgbGFuZz0iZW4iIGJyYW5kPSJHR0xTIiBjbGllbnQ9IiIgaW5zdGFsbGFnZT0iMzIiIGluc3RhbGxkYXRldGltZT0iMTcwODk2MTMyNSIgb29iZV9pbnN0YWxsX3RpbWU9IjEzMzUzNDM0MDE1MDAwMDAwMCIgZmlyc3RfZnJlX3NlZW5fdGltZT0iMTMzNTYyMTYxNDAwNDQ0NjcyIj48ZXZlbnQgZXZlbnR0eXBlPSIzMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMjMxMTE4OCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTk5NTc3NDgwNjMiLz48L2FwcD48L3JlcXVlc3Q-
  2⤵
  - Checks system information in the registry
  PID:30120
- C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CD4BC863-9210-4B80-9F22-879668DC523A}\BGAUpdate.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{CD4BC863-9210-4B80-9F22-879668DC523A}\BGAUpdate.exe" --edgeupdate-client --system-level
  2⤵
  - Adds Run key to start application
  PID:31152
- C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODUuMjciIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MkI3NUE0OTQtOTMxMi00RDFBLUI4MDYtMDAxMzU5M0JBNTgzfSIgdXNlcmlkPSJ7MTk1MEI5ODMtRjVBQS00QTNGLTkzOEYtN0E4RkU1MDNGQzM3fSIgaW5zdGFsbHNvdXJjZT0ic2NoZWR1bGVyIiByZXF1ZXN0aWQ9IntBNTJEMzExQi03NTZCLTRGODUtQTZDNS1COURBM0MxOTJEQUZ9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iREFEWSIgcHJvZHVjdF9uYW1lPSJTdGFuZGFyZCBQQyAoUTM1ICsgSUNIOSwgMjAwOSkiLz48ZXhwIGV0YWc9IiZxdW90O1ZQUW9QMUYrZnExNXdSemgxa1BMNFBNcFdoOE9STUI1aXp2ck9DL2NoalE9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0iezFGQUI4Q0ZFLTk4NjAtNDE1Qy1BNkNBLUFBN0QxMjAyMTk0MH0iIHZlcnNpb249IiIgbmV4dHZlcnNpb249IjIuMC4wLjMyIiBsYW5nPSIiIGJyYW5kPSJFVUZJIiBjbGllbnQ9IiIgZXhwZXJpbWVudHM9ImNvbnNlbnQ9ZmFsc2UiIGluc3RhbGxhZ2U9Ii0xIiBpbnN0YWxsZGF0ZT0iLTEiPjx1cGRhdGVjaGVjay8-PGV2ZW50IGV2ZW50dHlwZT0iOSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTk5Nzk0NzkyMzgiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSI1IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxOTk3OTYzNTY4MSIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIwIiBlcnJvcmNvZGU9Ii0yMTQ3MDIzODM4IiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIyMDMwODQ1OTEwOSIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgZG93bmxvYWRlcj0iZG8iIHVybD0iaHR0cDovL21zZWRnZS5iLnRsdS5kbC5kZWxpdmVyeS5tcC5taWNyb3NvZnQuY29tL2ZpbGVzdHJlYW1pbmdzZXJ2aWNlL2ZpbGVzL2YwNDJjMGU5LTI2M2QtNGMxYS1iMzNlLWExZmU5MDZhOWJlZj9QMT0xNzEyMzQ4NjM1JmFtcDtQMj00MDQmYW1wO1AzPTImYW1wO1A0PWdMSDNsVmQxZUtLTSUyYmwwaGtWeVhqNyUyZng1Njg0NlV0VDVCT3NTUEdaMXZBNlU5NUI0aWJ4YkpPQjFNeVZuU3FjdnRkZEtZaVNUTkJmQzVpcWg4akhPUSUzZCUzZCIgc2VydmVyX2lwX2hpbnQ9IiIgY2RuX2NpZD0iLTEiIGNkbl9jY2M9IiIgY2RuX21zZWRnZV9yZWY9IiIgY2RuX2F6dXJlX3JlZl9vcmlnaW5fc2hpZWxkPSIiIGNkbl9jYWNoZT0iIiBjZG5fcDNwPSIiIGRvd25sb2FkZWQ9IjAiIHRvdGFsPSIwIiBkb3dubG9hZF90aW1lX21zPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMjAzMDg0NTkxMDkiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIGRvd25sb2FkZXI9ImJpdHMiIHVybD0iaHR0cDovL21zZWRnZS5iLnRsdS5kbC5kZWxpdmVyeS5tcC5taWNyb3NvZnQuY29tL2ZpbGVzdHJlYW1pbmdzZXJ2aWNlL2ZpbGVzL2YwNDJjMGU5LTI2M2QtNGMxYS1iMzNlLWExZmU5MDZhOWJlZj9QMT0xNzEyMzQ4NjM1JmFtcDtQMj00MDQmYW1wO1AzPTImYW1wO1A0PWdMSDNsVmQxZUtLTSUyYmwwaGtWeVhqNyUyZng1Njg0NlV0VDVCT3NTUEdaMXZBNlU5NUI0aWJ4YkpPQjFNeVZuU3FjdnRkZEtZaVNUTkJmQzVpcWg4akhPUSUzZCUzZCIgc2VydmVyX2lwX2hpbnQ9IiIgY2RuX2NpZD0iLTEiIGNkbl9jY2M9IiIgY2RuX21zZWRnZV9yZWY9IiIgY2RuX2F6dXJlX3JlZl9vcmlnaW5fc2hpZWxkPSIiIGNkbl9jYWNoZT0iIiBjZG5fcDNwPSIiIGRvd25sb2FkZWQ9IjE4MDQ4MDMyIiB0b3RhbD0iMTgwNDgwMzIiIGRvd25sb2FkX3RpbWVfbXM9IjI3OTQ1Ii8-PGV2ZW50IGV2ZW50dHlwZT0iMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMjAzMDg0NTkxMDkiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSI2IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIyMDMxNDYyMjgxMSIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjIwMzE3MDkyNjcxIiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiB1cGRhdGVfY2hlY2tfdGltZV9tcz0iMTY3OSIgZG93bmxvYWRfdGltZV9tcz0iMzI4NTAiIGRvd25sb2FkZWQ9IjE4MDQ4MDMyIiB0b3RhbD0iMTgwNDgwMzIiIHBhY2thZ2VfY2FjaGVfcmVzdWx0PSIwIiBpbnN0YWxsX3RpbWVfbXM9IjIzMiIvPjwvYXBwPjwvcmVxdWVzdD4
  2⤵
  - Checks system information in the registry
  PID:31172

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
1⤵
- Checks system information in the registry
- Modifies data under HKEY_USERS
PID:31268
- C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{75CAF18A-DEC4-4AE0-8FDD-09FC1C31DFCC}\MicrosoftEdge_X64_123.0.2420.65.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{75CAF18A-DEC4-4AE0-8FDD-09FC1C31DFCC}\MicrosoftEdge_X64_123.0.2420.65.exe" --msedge --verbose-logging --do-not-launch-msedge --system-level --channel=stable
  2⤵
  PID:31672
- - C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{75CAF18A-DEC4-4AE0-8FDD-09FC1C31DFCC}\EDGEMITMP_D597D.tmp\setup.exe
    "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{75CAF18A-DEC4-4AE0-8FDD-09FC1C31DFCC}\EDGEMITMP_D597D.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{75CAF18A-DEC4-4AE0-8FDD-09FC1C31DFCC}\MicrosoftEdge_X64_123.0.2420.65.exe" --msedge --verbose-logging --do-not-launch-msedge --system-level --channel=stable
    3⤵
    - Modifies Installed Components in the registry
    - Registers COM server for autorun
    - Installs/modifies Browser Helper Object
    - Drops file in Program Files directory
    - Modifies Internet Explorer settings
    - Modifies registry class
    - System policy modification
    PID:30828
  - - C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{75CAF18A-DEC4-4AE0-8FDD-09FC1C31DFCC}\EDGEMITMP_D597D.tmp\setup.exe
      "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{75CAF18A-DEC4-4AE0-8FDD-09FC1C31DFCC}\EDGEMITMP_D597D.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=123.0.6312.87 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{75CAF18A-DEC4-4AE0-8FDD-09FC1C31DFCC}\EDGEMITMP_D597D.tmp\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=123.0.2420.65 --initial-client-data=0x234,0x238,0x23c,0x210,0x240,0x7ff68eb1baf8,0x7ff68eb1bb04,0x7ff68eb1bb10
      4⤵
      PID:30928
  - - C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{75CAF18A-DEC4-4AE0-8FDD-09FC1C31DFCC}\EDGEMITMP_D597D.tmp\setup.exe
      "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{75CAF18A-DEC4-4AE0-8FDD-09FC1C31DFCC}\EDGEMITMP_D597D.tmp\setup.exe" --msedge --channel=stable --system-level --verbose-logging --create-shortcuts=2 --install-level=1
      4⤵
      Drops file in System32 directory
      Modifies data under HKEY_USERS
      PID:31200
    - - C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{75CAF18A-DEC4-4AE0-8FDD-09FC1C31DFCC}\EDGEMITMP_D597D.tmp\setup.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{75CAF18A-DEC4-4AE0-8FDD-09FC1C31DFCC}\EDGEMITMP_D597D.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=123.0.6312.87 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{75CAF18A-DEC4-4AE0-8FDD-09FC1C31DFCC}\EDGEMITMP_D597D.tmp\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=123.0.2420.65 --initial-client-data=0x234,0x238,0x23c,0x210,0x240,0x7ff68eb1baf8,0x7ff68eb1bb04,0x7ff68eb1bb10
        5⤵
        
        PID:31204
- C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xODUuMjciIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7NTQwQTUzRDQtOTE1RC00MkY3LThENjktMTI2RjE4RkY0QUM2fSIgdXNlcmlkPSJ7MTk1MEI5ODMtRjVBQS00QTNGLTkzOEYtN0E4RkU1MDNGQzM3fSIgaW5zdGFsbHNvdXJjZT0ic2NoZWR1bGVyIiByZXF1ZXN0aWQ9IntFRDUzRkQ1OS1BRTZDLTRFRUYtOUYwRC04NkVGQzMzMEFGNDl9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjE5MDQxLjEyODgiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iREFEWSIgcHJvZHVjdF9uYW1lPSJTdGFuZGFyZCBQQyAoUTM1ICsgSUNIOSwgMjAwOSkiLz48ZXhwIGV0YWc9IiZxdW90O0RWMGpJL0tEbHhoSHVlMUw5S1JHR2NxT2hmM0gzaDNhY1NyRWFuUUtmZ1E9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0ie0YzQzRGRTAwLUVGRDUtNDAzQi05NTY5LTM5OEEyMEYxQkE0QX0iIHZlcnNpb249IjEuMy4xODUuMjciIG5leHR2ZXJzaW9uPSIiIGxhbmc9IiIgYnJhbmQ9IklOQlgiIGNsaWVudD0iIiBleHBlcmltZW50cz0iUHJvZHVjdHNUb1JlZ2lzdGVyPSU3QjFGQUI4Q0ZFLTk4NjAtNDE1Qy1BNkNBLUFBN0QxMjAyMTk0MCU3RCIgaW5zdGFsbGFnZT0iMzIiIGNvaG9ydD0icnJmQDAuOTYiPjx1cGRhdGVjaGVjay8-PHBpbmcgcmQ9IjYyOTciIHBpbmdfZnJlc2huZXNzPSJ7RjY0MEFFRDEtMDY5Mi00RDcyLTkyMEEtNUUwNDA5QUE5NjcwfSIvPjwvYXBwPjxhcHAgYXBwaWQ9Ins1NkVCMThGOC1CMDA4LTRDQkQtQjZEMi04Qzk3RkU3RTkwNjJ9IiB2ZXJzaW9uPSI5Mi4wLjkwMi42NyIgbmV4dHZlcnNpb249IjEyMy4wLjI0MjAuNjUiIGxhbmc9IiIgYnJhbmQ9IklOQlgiIGNsaWVudD0iIiBleHBlcmltZW50cz0iY29uc2VudD1mYWxzZSIgaW5zdGFsbGFnZT0iMzIiIGlzX3Bpbm5lZF9zeXN0ZW09InRydWUiIGxhc3RfbGF1bmNoX2NvdW50PSIxIiBsYXN0X2xhdW5jaF90aW1lPSIxMzM1NjIxNzIzNjY4NDU4OTAiPjx1cGRhdGVjaGVjay8-PGV2ZW50IGV2ZW50dHlwZT0iMTIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjIwMzUwMTk2NjA4IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTMiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjIwMzUwMzUyNzE2IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTQiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjIwMzc4NDc4NDQyIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTUiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjIwMzkyNzk4MTU2IiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMyIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMTk2NzU3IiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIyMDc2MDg5MzQ0OCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgdXBkYXRlX2NoZWNrX3RpbWVfbXM9Ijg4NiIgZG93bmxvYWRlZD0iMTcyMDU3NTYwIiB0b3RhbD0iMTcyMDU3NTYwIiBwYWNrYWdlX2NhY2hlX3Jlc3VsdD0iMiIgaW5zdGFsbF90aW1lX21zPSIzNjgwMyIvPjxwaW5nIGFjdGl2ZT0iMSIgYWQ9IjYyOTciIHJkPSI2Mjk3IiBwaW5nX2ZyZXNobmVzcz0ie0QxRTU3RDAwLThEMEUtNDBENS1CMUI0LThGMDlCOUYzQzNDNn0iLz48L2FwcD48YXBwIGFwcGlkPSJ7RjMwMTcyMjYtRkUyQS00Mjk1LThCREYtMDBDM0E5QTdFNEM1fSIgdmVyc2lvbj0iMTIzLjAuMjQyMC42NSIgbmV4dHZlcnNpb249IiIgbGFuZz0iIiBicmFuZD0iR0dMUyIgY2xpZW50PSIiIGluc3RhbGxhZ2U9IjAiIGluc3RhbGxkYXRlPSI2MjkzIiBjb2hvcnQ9InJyZkAwLjEzIj48dXBkYXRlY2hlY2svPjxwaW5nIHJkPSI2Mjk3IiBwaW5nX2ZyZXNobmVzcz0iezZERkVCRjcxLTgwMzEtNDY1RC05MzU4LTMyQTRFRkVCRTEyNX0iLz48L2FwcD48L3JlcXVlc3Q-
  2⤵
  - Checks system information in the registry
  PID:32728

C:\Windows\SysWOW64\werfault.exe
werfault.exe /h /shared Global\1b25ac8cb77b4cd398ed596741441662 /t 31040 /p 31036
1⤵
PID:31460

C:\Windows\SysWOW64\werfault.exe
werfault.exe /h /shared Global\14ce5209cb6748b8964309c01e446a29 /t 31852 /p 31848
1⤵
PID:32188

C:\Windows\SysWOW64\werfault.exe
werfault.exe /h /shared Global\0aece16399304a95851eb3a488eed87b /t 32328 /p 32332
1⤵
PID:28196

C:\Windows\SysWOW64\werfault.exe
werfault.exe /h /shared Global\415d84cfa941432f8939815cc1759df8 /t 32264 /p 32272
1⤵
PID:32788

C:\Program Files (x86)\Microsoft\Edge\Application\123.0.2420.65\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\123.0.2420.65\elevation_service.exe"
1⤵
PID:33788
- C:\Program Files (x86)\Microsoft\Edge\Application\123.0.2420.65\Installer\setup.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\123.0.2420.65\Installer\setup.exe" --rename-msedge-exe --system-level --verbose-logging --msedge --channel=stable
  2⤵
  PID:32852
- - C:\Program Files (x86)\Microsoft\Edge\Application\123.0.2420.65\Installer\setup.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\123.0.2420.65\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=123.0.6312.87 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\123.0.2420.65\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=123.0.2420.65 --initial-client-data=0x234,0x238,0x23c,0x210,0x240,0x7ff6315cbaf8,0x7ff6315cbb04,0x7ff6315cbb10
    3⤵
    PID:32912
- - C:\Program Files (x86)\Microsoft\Edge\Application\123.0.2420.65\Installer\setup.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\123.0.2420.65\Installer\setup.exe" --msedge --channel=stable --delete-old-versions --system-level --verbose-logging
    3⤵
    - Modifies data under HKEY_USERS
    PID:32248
  - - C:\Program Files (x86)\Microsoft\Edge\Application\123.0.2420.65\Installer\setup.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\123.0.2420.65\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=123.0.6312.87 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\123.0.2420.65\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=123.0.2420.65 --initial-client-data=0x234,0x238,0x23c,0x210,0x240,0x7ff6315cbaf8,0x7ff6315cbb04,0x7ff6315cbb10
      4⤵
      PID:32272
- - C:\Program Files (x86)\Microsoft\Edge\Application\123.0.2420.65\Installer\setup.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\123.0.2420.65\Installer\setup.exe" --msedge --channel=stable --register-package-identity --verbose-logging --system-level
    3⤵
    PID:32252
  - - C:\Program Files (x86)\Microsoft\Edge\Application\123.0.2420.65\Installer\setup.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\123.0.2420.65\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\MsEdgeCrashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=123.0.6312.87 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\123.0.2420.65\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=123.0.2420.65 --initial-client-data=0x23c,0x240,0x244,0x218,0x248,0x7ff6315cbaf8,0x7ff6315cbb04,0x7ff6315cbb10
      4⤵
      PID:32812

C:\Windows\SysWOW64\werfault.exe
werfault.exe /h /shared Global\677e5d8046464e2daa84accb0cf2d64d /t 33116 /p 33112
1⤵
PID:30368

C:\Windows\SysWOW64\werfault.exe
werfault.exe /h /shared Global\1c5987c7e3934007b1c8f97fa6f0e031 /t 27784 /p 28212
1⤵
PID:26932

C:\Windows\SysWOW64\werfault.exe
werfault.exe /h /shared Global\fbfbada5224545ba9e2a5f9869256afe /t 31600 /p 30372
1⤵
PID:29064

C:\Program Files (x86)\Microsoft\Edge\Application\123.0.2420.65\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\123.0.2420.65\elevation_service.exe"
1⤵
PID:35500

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Browser Extensions

T1176

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

File and Directory Permissions Modification

T1222

Hide Artifacts

T1564

Hidden Files and Directories

T1564.001

Indicator Removal

T1070

File Deletion

T1070.004

Modify Registry

T1112

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Network Service Discovery

T1046

Query Registry

T1012

Software Discovery

T1518

Security Software Discovery

T1518.001

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Defacement

T1491

Inhibit System Recovery

T1490

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Common Files\Kingsoft\kiscommon\install_kav.log

Filesize
660B

MD5
c0449c0c59fef7c32a1d5f43bc171953

SHA1
bfe0d212365c25af64f3d34e4d38ed8cc30c14a7

SHA256
287827bddf0cba40ed30f658633cf43d418e551d0db07a65917c7b2bb215679e

SHA512
69846e1a71dfd7dd7677133af5bedc4992604fc2935e05efc6a8f85c705cde913c774003c4a511a9a3b91d26fbc42a07ca1e71d0a8ebf46d8c7142e292bb71f5

Download Submit
C:\Program Files (x86)\Common Files\Kingsoft\kiscommon\install_kav.log

Filesize
3KB

MD5
de7f3e70eb43948ec2efd47d6ce28051

SHA1
c36074a594f481618224c8b0b358be8189e60226

SHA256
328200ccc420c1d97fccd6def71d6fff28086c2e77da39d80311756d8a9a882d

SHA512
13241fb736f4b43bba8a5b3551890b0d42edf3fc71ee20aafed858c262bababd26c38ba54871d771894e4e42eaa3937a9f06d697f2e19d342c2091851ac66774

Download Submit
C:\Program Files (x86)\Common Files\Kingsoft\kiscommon\install_kav.log

Filesize
4KB

MD5
f68e26331e88d50b5d2b01a519bad537

SHA1
fe3737b75f1a78fd466902f13eed70cb65970647

SHA256
831a6d8b9f8b5b33d42ddf3bf67f57e717f99225bde1c2568ab316d5a2f3e63f

SHA512
029c8af73d8646732ec2a4b2c682cf1a21fa9af70d2135af55f342881728f4846b2a665bd0feffe7c1ed61cab1e3e7e54497ff3da0f1216c8c0b051f44e23949

Download Submit
C:\Program Files (x86)\Common Files\Kingsoft\kiscommon\kavpassp.dll

Filesize
557KB

MD5
8032a3b5d5adf634cd3545d2d6a98d47

SHA1
8b93b0ced4cc2e380002e8f7c5bdc2eceac284c3

SHA256
d05ad89158a524ecc5f5a30d4761436395b0253ce9381775138398c846c85271

SHA512
4e4b69a057a41efe6ead2a1b71ce5e664af3a6eb97d2714f4414106b7b3f128d0d60ba35e65f748780980834722271a8d953ee6046e5855cea6c3f0d04712af5

Download Submit
C:\Program Files (x86)\Common Files\Kingsoft\kiscommon\log\pp.log

Filesize
1KB

MD5
f348aa5e9c426a2607c2523fc6bc6aa6

SHA1
4e82722d95145d7aa29fb1bd2178a827ec2378ef

SHA256
3fca312cf898825b1b24687b097612936ce387c4d4b9a95046efe70b342b8f37

SHA512
db320d8b05dee68a3cc7a6a26ca662735c0328a882a1fffb031c56a8a45f2a6d73d7b76038558208f105df9c0b1d3d13c8f399d29864356bd1be93f5cc4c93ac

Download Submit
C:\Program Files (x86)\Common Files\Kingsoft\kiscommon\ressrc\enu\theme1\app_config\kxeppwiz\scene17_net.xml

Filesize
653B

MD5
6e49c77165cd454aafd1f72ff22074a6

SHA1
03d499bb53992c50b2eeced23f62fcbfea63f479

SHA256
5196f676d1271da4320b96fecf3a02ddcf1ab26554ff94d2e61eba41509c163f

SHA512
9c1eca21e649800aba17ea56e9e03215816e9c752e7e018c744eef35d1c9a07ae2eccd392398aa0a7ffe74c8baedffd98ff458df9f5e162ae19fd405a8e448ac

Download Submit
C:\Program Files (x86)\Common Files\Kingsoft\kiscommon\ressrc\enu\theme1\app_config\kxeppwiz\scene18_net.xml

Filesize
661B

MD5
6707e3a307fcf26d1258b52b7c63f3c5

SHA1
802fa74db06f6afc3b83c81510ff4703ba1ca2f7

SHA256
f7e32f16f73499e78b96f3d9c30e0b9292f3eb9b5ef65cbe59096bcffd66f570

SHA512
1967cabbdc277bdaabeb13631146e52acb9ac154c0edb11a9540e40cf36401a46218510b3e1a232eb677bde19f507a65597cf4fcdd674c62d0e2c1ed5baa23b2

Download Submit
C:\Program Files (x86)\Common Files\Kingsoft\kiscommon\ressrc\enu\theme1\app_config\kxeppwiz\scene19_net.xml

Filesize
655B

MD5
235e562bea4edd3083a0cae675c11daf

SHA1
29b9d7c51620e6e0e960abf3759a7c6e6e1ab2d4

SHA256
c3835f860c0da653925960c7797393ea60d317208b0e02043e118643224fbe44

SHA512
9640d5e7801500e8366a26fa3281143b506c57d4409a5648e531881853c1201101505329ece2276f75578f037e0740965aee572d3a55d7280c203ccabac67674

Download Submit
C:\Program Files (x86)\Common Files\Kingsoft\kiscommon\ressrc\enu\theme1\app_config\kxeppwiz\scene20_net.xml

Filesize
653B

MD5
5fb6e3acde45d633252f160e6726f852

SHA1
43b0da96765eceaf0458eaa93e652201dc7049eb

SHA256
e0b94748f13c5f9a86d5c479acdd40f3175ed34d357fd154320a83fcee6c7e98

SHA512
716b6a5e57ea4e8580f1db6123d4972985976e230ce3c43de95024f00ccde651e9fe34018bab874ce0f135043af891d3d219eba219ff876a13299896f2b759e8

Download Submit
C:\Program Files (x86)\Common Files\Kingsoft\kiscommon\ressrc\enu\theme1\app_config\kxeppwiz\scene29_net.xml

Filesize
658B

MD5
de51d653912e76d08d540132c6316e76

SHA1
4428db1b1fe0be25ad4175ff50bc6ea0eba805aa

SHA256
619ed37cf89150357c60919b99b7ed9a7ba62799d6b7710522f27a54aa752f03

SHA512
b342e8dbfa67d7ba04a39aa89eb77adce335037287a9f74a8c8c95c2e27a7c2d5e9df3afc4dbcc036d410f3779a3f51a10b6d5e3ed5eec332be4fa995e0ccd56

Download Submit
C:\Program Files (x86)\Common Files\Kingsoft\kiscommon\ressrc\enu\theme1\app_config\kxeppwiz\scene31_net.xml

Filesize
658B

MD5
6a2fe994776ea4d2e70e75ba8813fac4

SHA1
3acb124cdbb1dd30b29eb871f646ec4e3ecc20f7

SHA256
fa63e27eba3f42920c574a4ace2eb46e9a24186b8fd56ed39f0eb59ce5ddf3e4

SHA512
d1712f1cec5510132a29ae82c9b4c5af58725770653517e59d00379737092af3711fe290e2d89e5fb58b9e48f2b571fcbb86aac961f893be7f3f24771827e99f

Download Submit
C:\Program Files (x86)\Common Files\Kingsoft\kiscommon\ressrc\enu\theme1\app_config\kxeppwiz\scene32_net.xml

Filesize
658B

MD5
0691884ed6c6ea97aaa161f203999e17

SHA1
df59380f3d9136bc7f87a3b33c123dc89b3e2296

SHA256
c805915a06e9d213be69333056b9dbf51f2fb242c04ff01fc60ecef21a24520a

SHA512
1e1c693e1e5f931660c9ab2a6049a1fcaf7f81f7b087d8ce72a6365597d55df19214ab98b3dc1b04649b35f56d8787a4ab97976dcf239167247e4b6f2d8e329d

Download Submit
C:\Program Files (x86)\Common Files\Kingsoft\kiscommon\ressrc\enu\theme1\app_config\kxeppwiz\scene3_net.xml

Filesize
657B

MD5
e99f305a32c0aed4a3776d4ceef54c9b

SHA1
7af11524b888eb565544d22fac911b2a17053b97

SHA256
18578a6cf1c7aae113d99041f697bfa2ebb03ae2a7d3804949cd85fb864efd37

SHA512
989932890098e3aa3609061de9ce2632f7ea2a50e9161fc8c4ef2a3283a3a9416fce4d762f7f243cb6b0057e96cb6f432d5a8dbf2eab5443abbfa5e21d2dce2f

Download Submit
C:\Program Files (x86)\Common Files\Kingsoft\kiscommon\security\kxewhite\FvLogic.txt

Filesize
40B

MD5
fd4b38e94292e00251b9f39c47ee5710

SHA1
b80de5d138758541c5f05265ad144ab9fa86d1db

SHA256
2c34ce1df23b838c5abf2a7f6437cca3d3067ed509ff25f11df6b11b582b51eb

SHA512
1080f871e39cc839e5bcc9f852f9a8f3ddc03cf7e72e9fd1d6e4a71d7e74936f58adc646c9a9dc382fde85c5d281c2a44a459caf6afa58272d7fa006152e4cb1

Download Submit
C:\Program Files (x86)\Common Files\Kingsoft\kiscommon\security\kxewhite\fdbpolicy.ini

Filesize
291B

MD5
06c2c24afef43f792ef3a30bae3589af

SHA1
ec74c66ccb15167418cfa6a926610faa377f1ea5

SHA256
9a4913014850ed33081361d58d780050b2b311d5b71ef91657aed4a40e98d9b3

SHA512
80098d65ac0ce1506301b92668b3c4799d3b10f01bf7f57569888d58b1d252653c25e061158f346538cd3f4f363627ce6bcf07d425e6dbb5bc2e1413c542dad1

Download Submit
C:\Program Files (x86)\Common Files\nsklog\kingsoftinst.txt

Filesize
1KB

MD5
a3a01610cb1372e8888d5b4311a6838b

SHA1
03979ac0afafa3cca07667dd83146ff0d4487d85

SHA256
f456d79655a6de0d0bd5575d34cbcafeecbeb4bf41f31a36ad759f745e295bdf

SHA512
7382a1d55fb74e6d6b66849957a730ab64b8c11249a78c71c62ba06a5ea95a6a8af829842d892f5ce8eba77c4b64280b9b1b66f6463bfaecee9364a63dfebddc

Download Submit
C:\Program Files (x86)\Kingsoft\Kingsoft Internet Security\kismain.exe

Filesize
669KB

MD5
c265746a61e4596dd47b538cf31ff2b7

SHA1
35ba2f3ab41fb3cf0fabf3dc98eeb64aa90bd5b6

SHA256
3447d23621567337c945f315300006b959a0dd12b37fd7892333c11301fa4d01

SHA512
1997bed034ef13163121c2df38fceb27c00c13be5fe33253ea8678ad8dc1d8cd91bee7d9e7a9f597573abc5413f216a1d7f5660d95966da76f230401f80ae6f5

Download Submit
C:\Program Files (x86)\Kingsoft\Kingsoft Internet Security\lang\enu\theme1\popo\images\attention.gif

Filesize
3KB

MD5
0993302effe2f4206d89ca34a58bcdd1

SHA1
3866ae93e352cafa394a0d1b0bf82fd4c1eac878

SHA256
5cef1cb589b44206a1e0417e502f8617beea6edebd387b302dee3931a92466e4

SHA512
695927c5a85d7fc2857fe0915e83499648d61894a50d28ebd0044a9f229ce4daad1b91bf605ec2e479c0d4b7799a95aebd976312f90466dc92357bb1235ba8fe

Download Submit
C:\Program Files (x86)\Kingsoft\Kingsoft Internet Security\ressrc\enu\html\filedestroy\images\default\tree\loading.gif

Filesize
771B

MD5
00ef871b291bc03a497d608a5bd8ec99

SHA1
942d8fe092c1c473af19906751c2bee5322a9b55

SHA256
81a161d5793ac2a33f02ddcd64fb0dc2d028616dac084e4f64e77f4898b0c4e4

SHA512
659aa4ac73230a847e7d836d486ee04289d73b3d3e7000a9a3333f6e40804d0ccb57dbacd999c0dbb730d5566520b27a0068a94d6087ea52f6a65e36b308190d

Download Submit
C:\Program Files (x86)\Kingsoft\Kingsoft Internet Security\ressrc\enu\kingsoftLogo.bmp

Filesize
34KB

MD5
b98c88e1a7abbd3b5704cca45f6dc733

SHA1
6b801b7f8d32c7c5d01478322cce34741292b38a

SHA256
65fbe2aff12e479a685b12c111969365e2f8b74d0270ca3f5b65d1911bb6d0be

SHA512
3fc3cf9620eef421482e5e5d33519910b685e5b7b3273c454208010483cef489666ec0437a02a57381c1c5de8cbb093fb2520f8baa99739d1744677a360d0d6f

Download Submit
C:\Program Files (x86)\Kingsoft\Kingsoft Internet Security\ressrc\enu\welcome.bmp

Filesize
145KB

MD5
c38bda4e2da65b7ad33672d91e249c61

SHA1
cb66a8f52a5e53370a2c9e8bac7f7bf848e9ea2f

SHA256
b86e435c5711fa420b8f9142baaf730c384f07d93f9d3da58897d86a8f9a3744

SHA512
00588c977b5e0d0de6564c27913e8b72d20dd8017dc7c06bbe12c389d02a347f70e8ee2d9feb4fc688cca560492eba7268ffab1002f5543a162266206db39b2c

Download Submit
C:\Program Files (x86)\Kingsoft\Kingsoft Internet Security\uninst.exe

Filesize
334KB

MD5
bbc9bb98881dd45de8d4804317329141

SHA1
c87649898945d6b69a33ceabb0529f32bfef2be6

SHA256
74441e4f967a5f16b4016000215bc1e264f5a6b4471260274ffc2f18b382fffe

SHA512
3b83288778891bd041282eab37cbcd139e4df3cc54c9b35b33acc71256d65bb38e79115da88c1093a7be7c80c629747b1f47265a43818d5c6ff1dd485ec73607

Download Submit
C:\Program Files (x86)\Microsoft\EdgeCore\123.0.2420.65\Installer\setup.exe

Filesize
6.8MB

MD5
fba106e91d23b64b0ac0f61426f57c51

SHA1
3f062c1dcaa7bc48fac217a5c3a9b7de254263d2

SHA256
f8d42e7cbc02e6e1969a25d7f75f45d1c676ee3799ef2a2604025bf9e712b0a0

SHA512
c9d4505456b7f2aa5c11cdd784b88f2eb8ec53d1369eab4dbaa691a4e86fa98746997bdd2eb782ac9214873771ac6097bb693009c584584cd89d52ea0e9e1c6d

Download Submit
C:\Program Files (x86)\Microsoft\EdgeUpdate\Download\{1FAB8CFE-9860-415C-A6CA-AA7D12021940}\2.0.0.32\BGAUpdate.exe

Filesize
17.2MB

MD5
13eff92ece4abda4c76236b1668a9d0c

SHA1
1e908ed6cf873c77790c7ee03ce1673bf2850b92

SHA256
7c5c9afa4f6a6ee3a854b915a3486c148d8566411e4362baf049b444bc3e4f5c

SHA512
b875d9768be15ec6f33744339d0ff26e88d0b9a54b4486c5f0957035ff833828a3c509ade063cd18332ff4efc3c936aa38e314d67579d78bf9610b4c21c5a5f6

Download Submit
C:\Program Files (x86)\Microsoft\EdgeUpdate\Download\{F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}\123.0.2420.65\MicrosoftEdge_X64_123.0.2420.65.exe

Filesize
164.1MB

MD5
4b37da5877ccab62032498a24d3863ca

SHA1
29180050a88947eaa76bc28126c2192264d006cd

SHA256
bcbe8e2ea625adaf3f7a55222908b532abd8760c35fb509f9c152a032808d13f

SHA512
8480bfbccc189c4328de8ac4a8fe9b2bac8eed6318b145fa91e5a338342fafe29b97b36c097d018821dbfbb59b5e3bd6da2e1e066fc7c9dad32c625056bf9202

Download Submit
C:\Program Files (x86)\Microsoft\EdgeUpdate\Download\{F3C4FE00-EFD5-403B-9569-398A20F1BA4A}\1.3.185.27\MicrosoftEdgeUpdateSetup_X86_1.3.185.27.exe

Filesize
1.5MB

MD5
2412838b3caca23e45c8e9f914ec67b8

SHA1
c41209bc7f4c71faf2fddf3f022886fc3e78fdfb

SHA256
48c1a3d1f9d843b902ffc8d6b64df566ccb6bfeed84f7d072d19da5d2e9d51ef

SHA512
665bffe02b8f46551abf081c78f388b5582861f6f8d8986a860958a37942e01a80a73ba2b0d3a9b743c60265d7f2106b4d27700634bb41ea2481e6f58a8fcc30

Download Submit
C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{75CAF18A-DEC4-4AE0-8FDD-09FC1C31DFCC}\EDGEMITMP_D597D.tmp\SETUP.EX_

Filesize
2.8MB

MD5
dce34393c95a64cf2733f17626927875

SHA1
89be6eaff01027ed4ac8a555ba8c2ee54183dfd9

SHA256
de36d7a8a656514119a434b006ea8c57b9a9686beeae0cb180821b9397934b0b

SHA512
b942ba0d1dd7e40b973bb4d88d6800497ec2a55fe3b030b7f0ee017e195f25e046f386e7583df357df2f8def63627e7605c2c8255a92db7284c3e61363e82136

Download Submit
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

Filesize
201KB

MD5
4dc57ab56e37cd05e81f0d8aaafc5179

SHA1
494a90728d7680f979b0ad87f09b5b58f16d1cd5

SHA256
87c6f7d9b58f136aeb33c96dbfe3702083ec519aafca39be66778a9c27a68718

SHA512
320eeed88d7facf8c1f45786951ef81708c82cb89c63a3c820ee631c52ea913e64c4e21f0039c1b277cfb710c4d81cd2191878320d00fd006dd777c727d9dc2b

Download Submit
C:\Program Files (x86)\RegClean Pro\RCPNotifier.exe

Filesize
633KB

MD5
bbe9affecb3bc882ffbfb7e50d1bf760

SHA1
353eb807cdd1bf9d1efa556354f997559e7d8b3c

SHA256
65a91da88ca2669fe5e87f5cb6c59d14bafefe93052f1772559ab2e592b1b3b4

SHA512
dfcc2a4f511ac85cb211d134d7bdefef4118d64bfde62b8471ce78785c6ce5e5ec1303779bc65202720f0377486cb6868965515be149e3c2080b4670cb43f18a

Download Submit
C:\Program Files (x86)\RegClean Pro\RCPNotifier_log.txt

Filesize
763B

MD5
e6b15d40ce95ee4eab16dbb596469827

SHA1
f359046b22dc88fcfd305bc7ad57493372bc8180

SHA256
6d0c75eeb05487d0db6f1c8c94c7fcb823bf5d672ae60bf603ae8611abf0514b

SHA512
ebe4f20637697511d97aaa46c804b4a36d39afcdb6313a34c1b7970f5b8d87cebe3596bb22e3a97cc584c17d480e68612cc9dcfa9bef68081d912ad9d97b5780

Download Submit
C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe

Filesize
4.9MB

MD5
6152e899de4c89ef59b0b7f1a76f8b86

SHA1
372f0adc1f7a92ba5a91be89f258f678e0bb4702

SHA256
d08066e4d0da115f8ae7e73336564e7378a3e93a828908c9c94ce1137418be54

SHA512
9a6eaa92f907c87435395cc170320bd337e349c48c536e2901f3d91dd0cffc288d3d4886292358c1afce18b37df35b3a589cb4ef8e7bba50776f1dd475cf6227

Download Submit
C:\Program Files (x86)\RegClean Pro\unins000.exe

Filesize
2.9MB

MD5
a3c660ccd6c1ec5b6f35aa5679893561

SHA1
518a7c22dbaf02672a8f01084f67e12be4979e85

SHA256
975f8c7e9bd5dcb5ec33bec68ba380cb64e5dc9c731beecdef33527fb5c7cb3c

SHA512
34e9b21cfeb415be67515aae2e63df3b6d7ed85c15cac269ab216093da5b1fd9c296ffb4e0eae0d3c00f022dfae96c0bcb380e95ac347b53b72099d75cdaadf7

Download Submit
C:\Program Files (x86)\Roblox\Versions\RobloxStudioInstaller.exe

Filesize
4.6MB

MD5
a6b477fd2a8f8a2f773524399dbcfefe

SHA1
7d80eb58dfd74d2d6b808663044e4ad35085f99b

SHA256
7de163bfcdac41638190fc00a32f1937c38c35a18aae4e0945adc28ebd223ac3

SHA512
f8c96581475df161bf53261492abe09504d3e4c7206874c7d8d90bc76305f02f06005fec35cffaec517de0bb36b62e62a85e22607fe669c2c3bdf008c56bb957

Download Submit
C:\Program Files\MsEdgeCrashpad\settings.dat

Filesize
280B

MD5
84c086a7fb39707fdb493391dc29b29f

SHA1
9ee3c06ff6b4e2a4950ab1b05194130e96e4abf6

SHA256
a3484814a9091199105e1ed5abcc6f1231dfebbe95dda9513d2bbf43e3d92764

SHA512
5df3227dc9c9d442b09de866de5c0123512863b32ce1b1ee2bc2d9d7abc911559fb48f42b72db69735f122123ba1cedfee1cc475f4b713cf5a4f77e67fc91912

Download Submit
C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log

Filesize
100KB

MD5
306679f9010a3da1a5299a4fa3dd6a9c

SHA1
aa6f15af41521ffafec6612a9799ab3603ead2fb

SHA256
a6b60f664ee122c6d1aba5ce2c2fb7f3f8816632f9ebaf6e1b4f449fc5bcc5e8

SHA512
d6f19363a6694d7f70a69cd5ed5322e093b6fb86395386aa1e91a067a3e2f2380d765b2ec22e52d883e2a69f2890fcee257b14b470c3dee462b3087cf18b2985

Download Submit
C:\ProgramData\kingsoft\KavRep\kavrep_db.da1

Filesize
3KB

MD5
4db4a6115de3ea202110311f888f8c43

SHA1
a99ebd4fd4ea55adb4ad9979aec47d0f20193c72

SHA256
e2c0f8234d95af0a107b53ea5cc9b3e42e0f7cf2968b71e4343d66aba7f19a5a

SHA512
6ee1b5dbe498ae8697b41cdfca501b17970a498af34b84844fb14720a4d498c239a15c8d80be9cfebde9437c660367f8c8e840d15d9748189ea52e2d809c239a

Download Submit
C:\ProgramData\kingsoft\kis\User.DAT

Filesize
926B

MD5
09dd4a45df85bf5f18ca650adfe73c25

SHA1
3ffab641811051cbb47ef1b85bba45da19481341

SHA256
6223cc9e28a48a9dcaa7ebe5901d1105fe1cb9ad3ec95602a08aea7d20db1bcd

SHA512
c3b21b67dde6323b0c7eba44d12e9ea307be005005a8dfab5737f48b77d003e640f859175b24f33aad801cdff9bbb3e4594dece1775efcee9c7de3bc3da5e505

Download Submit
C:\ProgramData\kingsoft\kis\User.DAT

Filesize
808B

MD5
34b360d2e9bd84001bda3c590368ce31

SHA1
e5ca0f8cf51c2aa1773b976fbd7deb571de7b7dc

SHA256
309d1a2b87002248f62c31d7cfb9213503267d5252ff29775ec39b5435804c26

SHA512
ba00feee98ad90f1bb0e8530f81c9b261f3d3ee3a933ca8462d5e2a4a45e85405c9d074a4160c808ba458134854f00e030ea06296bc855a2d1f1136df70b5cc7

Download Submit
C:\ProgramData\kingsoft\kis\uplive\addin.dat

Filesize
880B

MD5
d362395978a68292bb2810bd1dc28aa7

SHA1
4f5ac1cfa3bb12a602786c81ed7e519f00f2775a

SHA256
0e7871c5606414eaa70c421c8a3c6925dd6e6fa6b0d9a7d53d2b180c3b38e239

SHA512
f8e5e473bce653df0f34ef87245e0e0385275fdd5a1413868a3226baa1c3b5479ec1ca0850349b533078c062b470acb722f4170bd63cd680c04608ca6daea467

Download Submit
C:\ProgramData\kingsoft\kis\uplive\kislive.dat

Filesize
5KB

MD5
c3e520c21ea44c0514c962170edad98d

SHA1
dd24b9afc5a859624991e3fd8bef8f215675cc06

SHA256
5ec3e6e099b852c310cdc3cd294c7a4e614a82097fe4d48b2bc13dc96c364f82

SHA512
1197ad2c30fb1e49e6f3930e3faf050928f5677ce314aef076b26aff66f31912ce3b04bac5e5c6c3a141104cbc13b3aa79e4d4fe1c3b5e8e3eda435e0d5950af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\789c809c-b0ef-40c8-9d26-464ae84ec360.tmp

Filesize
12KB

MD5
705b5116924349c75820f830c73cac21

SHA1
4f1e1044bbd51733bec7bda5457475e8f2d3f6c5

SHA256
d91d3adfe07b72f0d1a03fb40e7c975500c46930e1b138421931b3d2064d9e33

SHA512
d3fe00a2dfb23b5e0f9118d70fb194dae985471284084ceb9d57a8773c4fbb08271c221bce3d3663afe6d7a783e439c259f606b036208c5933ba7b887a0d928b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\93f7e1fd-4df8-47ba-b33f-db8b3391a34f.tmp

Filesize
11KB

MD5
0fcf7e93d908710f8c755fa0a814cd4c

SHA1
49c122f5a316e244336e777cca2362cd09fb6cab

SHA256
6ce0a3a55d54b65d854a69e51116d81c618ac0cf1d1d765c93e330f6873ade1c

SHA512
3a37d6b9eb2c12c4bee76514261a0c0ec07b57f244268ac0320d2ca2c6640621c19c767b0764dc0cd145bf5a74f5dba238ae2a15e0206958f1f67fbbd9df593a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f35bb0615bb9816f562b83304e456294

SHA1
1049e2bd3e1bbb4cea572467d7c4a96648659cb4

SHA256
05e80abd624454e5b860a08f40ddf33d672c3fed319aac180b7de5754bc07b71

SHA512
db9100f3e324e74a9c58c7d9f50c25eaa4c6c4553c93bab9b80c6f7bef777db04111ebcd679f94015203b240fe9f4f371cae0d4290ec891a4173c746ff4b11c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6f0158b17b8d4b5db2705d8a8687fb32

SHA1
32443181cac9187a62b25c2c90b8c42679d015c9

SHA256
c9b67e636507cd84066ede4df195829ef5774e2ed77899f98d79ee0588234b01

SHA512
50b39247bd15f6f02c993025f7297d329e2e5a549a9f0fc9927c44c3e122ca6712a126bf673522f73b6663c3a54269e0ccbd04a7c2f183c30e7cc9f3198f784d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e3333b49ce5d262097febc9a64161283

SHA1
9c87e6bb2980328e002489c5982f2b12dcecbd13

SHA256
7ec9670e026d149b4e593d70cab3e02298dd96b395542e414601303cb35d4afd

SHA512
ebface20535fe235819259af012b9c9fca1144a61a762d01b1f6924e46f39a8e58e248a4aec812b9161c1efba59299de6ecad972d184c5676cc42f0f4c9da6e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
01393ee2529b90ce5c78b9d5579e283a

SHA1
bd505556bf23ae90ac87426383e031a0793b247c

SHA256
3a1d909d42cbe208b9d6eb8f3e4df6be9db28ababb95ace85549c1f540e51f23

SHA512
1543df6ba1e7eab0ba4371929a1295b6d27133c30f5dc7083368fd637085454569a136b69f6486a20f70c892a69a5b23f17e8bf4ca9b47042fc077577bf6fad0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
6e21f4ff72a52957dac52dfe490a0969

SHA1
2cc74cb7fd72e5662d3d6c838fcb032a1814a7ab

SHA256
d387bd8381cc727589f25e280c1614d38f10ef1680d9c69e89953831795c0611

SHA512
81fbdc66e3573d11d2af4c30e44af5afbe08eeb7a899636b4046591fe359f618aed8baa3e53c2940d3083949400c016f90129a25e60d7f1050c072ba5ad1ffdc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
3b8f57e227c6f4bdb492a82731c7cc74

SHA1
b404de453ff58f511ecf6815ca5df47a89e30029

SHA256
8c0848c91a0b18adeb015f6f35cbc892f263135c590bc9dd7dde1583e20a57ef

SHA512
72b33732a844b31f4cbe106b452e4f4b4656aa75c017577ed98740d3f1814be7509ee2aca6e09286295ad2fe543ec7b2a8d60ab6928828678193e64426879340

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1eb86108cb8f5a956fdf48efbd5d06fe

SHA1
7b2b299f753798e4891df2d9cbf30f94b39ef924

SHA256
1b53367e0041d54af89e7dd59733231f5da1393c551ed2b943c89166c0baca40

SHA512
e2a661437688a4a01a6eb3b2bd7979ecf96b806f5a487d39354a7f0d44cb693a3b1c2cf6b1247b04e4106cc816105e982569572042bdddb3cd5bec23b4fce29d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\009f4c19-a77c-4601-8d27-a622ebe477c3.tmp

Filesize
40KB

MD5
4c8b0cd9949a07d593748636871b5806

SHA1
a5cb913f46e1245686ce4df4af9d0822a5d042fc

SHA256
3e5f41074c23f61bb2fd809a24049448f1b0a737d3b65710ea2052241435b173

SHA512
820563cdf5d1e608714580ed2e81bee62a7e43761707a38ed11a1c23f5145b6f61cb59acc04287dfcca890d372ffe72ff20c3240b6b883bae0424b81009f0594

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\93864f42-62dc-4d28-baf5-36b198b0154e.tmp

Filesize
19KB

MD5
05e2fee353ea996d0baa89cf91ae30b7

SHA1
8c8d9f1a439fae3512255410ab01a87e1411b470

SHA256
aa0c546af210bdd6bb94678fa38685b1c19ca06df30fc450e84c4c5e92081be4

SHA512
5656ec9d24ee870ead06bcb71df403e13548df5394bc2f6d2d918a0139b563a3239982d4cde49c6e431e5d0bcefa71af375bf6ec492f6911785c310fdab9ebcb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
69KB

MD5
a127a49f49671771565e01d883a5e4fa

SHA1
09ec098e238b34c09406628c6bee1b81472fc003

SHA256
3f208f049ffaf4a7ed808bf0ff759ce7986c177f476b380d0076fd1f5482fca6

SHA512
61b54222e54e7ab8743a2d6ca3c36768a7b2cf22d5689a3309dee9974b1f804533720ea9de2d3beab44853d565a94f1bc0e60b9382997abcf03945219f98d734

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
34KB

MD5
78f6deae01acd53503f7a24dd5e8687e

SHA1
42a22741284265b7c650854f96e87a329fdf4658

SHA256
44925db90095fea99c8c53907a211fd41a3030820b8715f17555c2f14e45b6c3

SHA512
901918cfafa64190843380a226ece2e47015cbf55831de8be92f70a8eab212cd0b0289379bc4f2ce1d048d0485bdace690ba9bbe0b570ce64f615c8b7f518564

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
88KB

MD5
b38fbbd0b5c8e8b4452b33d6f85df7dc

SHA1
386ba241790252df01a6a028b3238de2f995a559

SHA256
b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd

SHA512
546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
1.2MB

MD5
8f4b4d5d848b49f72ec9d45000e45fb0

SHA1
6517ec20d81ce901746076948417cfafdbcc2d20

SHA256
dd35fa6ced81d040a5aaa4726885204f44abc7ff1f7a83874b76f34bcc4d1598

SHA512
9704356124a9f7df23cc91ff93b13fbcfbc0d09d92fa0a5d4c1dec65f7ab78ad2786ffd9ddc304bc24df4a0cfe43afa24cc0c6cc3c721088320feb5c6f7e7baa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
75KB

MD5
cf989be758e8dab43e0a5bc0798c71e0

SHA1
97537516ffd3621ffdd0219ede2a0771a9d1e01d

SHA256
beeca69af7bea038faf8f688bf2f10fda22dee6d9d9429306d379a7a4be0c615

SHA512
f8a88edb6bcd029ad02cba25cae57fdf9bbc7fa17c26e7d03f09040eb0559bc27bd4db11025706190ae548363a1d3b3f95519b9740e562bb9531c4d51e3ca2b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
33KB

MD5
3cd0f2f60ab620c7be0c2c3dbf2cda97

SHA1
47fad82bfa9a32d578c0c84aed2840c55bd27bfb

SHA256
29a3b99e23b07099e1d2a3c0b4cff458a2eba2519f4654c26cf22d03f149e36b

SHA512
ef6e3bbd7e03be8e514936bcb0b5a59b4cf4e677ad24d6d2dfca8c1ec95f134ae37f2042d8bf9a0e343b68bff98a0fd748503f35d5e9d42cdaa1dc283dec89fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
50KB

MD5
668cf7bf05c427bc3507555b39cec7c4

SHA1
0804a7fc31987231e51c609dd9fe00d9d5be67a1

SHA256
a7662a02fa4d6ab7007dc0ffd09176cd777160911d8a2cc6fb318a37f4970996

SHA512
f5005c86ffea02e6c4987e79b43e9d9369e9897a3435681541e6b276fd63f10ca70c6ae465df6f5cd44cada61efe5ff29b700fb59ec2b3fb91e2d6d001f786e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
40KB

MD5
3051c1e179d84292d3f84a1a0a112c80

SHA1
c11a63236373abfe574f2935a0e7024688b71ccb

SHA256
992cbdc768319cbd64c1ec740134deccbb990d29d7dccd5ecd5c49672fa98ea3

SHA512
df64e0f8c59b50bcffb523b6eab8fabf5f0c5c3d1abbfc6aa4831b4f6ce008320c66121dcedd124533867a9d5de83c424c5e9390bf0a95c8e641af6de74dabff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
53KB

MD5
68f0a51fa86985999964ee43de12cdd5

SHA1
bbfc7666be00c560b7394fa0b82b864237a99d8c

SHA256
f230c691e1525fac0191e2f4a1db36046306eb7d19808b7bf8227b7ed75e5a0f

SHA512
3049b9bd4160bfa702f2e2b6c1714c960d2c422e3481d3b6dd7006e65aa5075eed1dc9b8a2337e0501e9a7780a38718d298b2415cf30ec9e115a9360df5fa2a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002b

Filesize
184KB

MD5
e3a8bb3b2d1c55902a0766f40921de91

SHA1
2f2d2c7556da2abb9ad6cec1bf9f4d3725a78428

SHA256
f0b080cb1eb06d780546aaca755cdd4600f639658d3882c054581db52acffd26

SHA512
78ecd94998d8146ccb1921d6e3eadc2e7a22dfe2eb37bdd667b7a45d90ea35372fe6f3bbced54257e13fd01cbcb7b4c2bc39d4f69a8b5a96085f7dec54e1695a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002c

Filesize
16KB

MD5
a69622c8366064078e063f116597796a

SHA1
5c1fe1815c54a46d33c319c20f5007f4e3bb2354

SHA256
60b2badef53b3f77c8d971a930658f541e981d5304720ad69ec432cc0516805c

SHA512
6e332a1aa57f305d26969cac964db1a46a81a7182a4f2b0b422bfd4426ae77cf50c7cba84c3f51de75750696a09eb6334361c768ad59d358ed90255b48aee390

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000045

Filesize
198KB

MD5
cda68ffa26095220a82ae0a7eaea5f57

SHA1
e892d887688790ddd8f0594607b539fc6baa9e40

SHA256
f9db7dd5930be2a5c8b4f545a361d51ed9c38e56bd3957650a3f8dbdf9c547fb

SHA512
84c8b0a4f78d8f3797dedf13e833280e6b968b7aeb2c5479211f1ff0b0ba8d3c12e8ab71a89ed128387818e05e335e8b9280a49f1dc775bd090a6114644aaf62

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005c

Filesize
77KB

MD5
5564a7dfbadcec6009c974286815649b

SHA1
a130e295022c233605622abfc62bea153791fee1

SHA256
1c339e2aa43a4142ea511faf8ce00323344eae0421ece0831652b46be6db1352

SHA512
33cb6ad377452a965a96d0aa51f6e261247710868428738371f9f5e208b560587c942029dcad3d86eca3fb64407cd1cd40d3154d80e39c01e0603f13de84a584

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005d

Filesize
149KB

MD5
376b622beaeee4229dd1df89adb50bda

SHA1
74b4822562efe19ca8217ae591a2e0631779c2b9

SHA256
843d81d726d4b23da8e7c8b0b7f5a9374e0f6d5d5f1d6d939212720071f1bd2f

SHA512
73585960e05a9d48e45313fae2e9d81072b9387e5d490500de3bdd5e681cf71873936fc78007006e3e1c0a629a3a6dcf86828629ee952980389c656c34a434f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005f

Filesize
49KB

MD5
a207ff38442c2ac495666c4298324767

SHA1
0d55c75fb8d434e1b462d323f1048a279d293d89

SHA256
9e669f9e2f483f22bd32b3c5704275df3500171699221796fe38c6c39d5c2ca7

SHA512
11900ee73bc344e8065fb275c4abb517e05537a7d62be77bf18fe198c20ed5c98c0ff80a13738657b39803c1dd6c02acd1d42ba958d170a41501802e4c5ebb4b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000062

Filesize
21KB

MD5
0eee2e7bf41a97db89d6bfeb556bccbd

SHA1
78746f8f31782474d03e4c3c5d23f4c9cfb14820

SHA256
7e30a5ee24bb953c4b919ee408c0f8e08c9aff7d79907971d5e8eb1bc10782a7

SHA512
66bc55ac282b48c7788a40b2ba1351fe998e062298605eaba135a9162b226aecd91b8a69e2e0a2fe19e59a81f2301d8af6d11ad2da568af5bf1101cb6e8706f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000064

Filesize
28KB

MD5
4f561727feffff22e8b61fe8b7ffbf44

SHA1
891a30e2637b796009ef3872072404813484fcb7

SHA256
7a3cdb9cc2ffaa3aa1c1030937c605ff83725d1204306b596af665ed39e62cdd

SHA512
e299c729e33a8329566cdc9960f84bc8a535864f4882f0f6e4a6fce9526030a51d199f535ba1d32cd53a1437a265a600a30d63288e4e88ef9c0c4c96858799c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000065

Filesize
89KB

MD5
e78e5f85005cf194dafde72e6c5b4c2a

SHA1
623a66695fde218feeac0b77ab4b228d7ebe6571

SHA256
8da3ae1962902886d161fb5dc3bca8f51366243188793c4e37631a3ffe4a67d6

SHA512
ccdf5fb95412e89352d196524603f018bced0c221028f39b542b60b8cd83861e12f931e396dec20d14dc54ef17298bd5aefea1729a0b54e587ea6ad80dd111ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000066

Filesize
17KB

MD5
dd65ba75c589bd3869b86b1b70f45e6c

SHA1
9ff38d42a0575b44fbe4c89ca45cfd4a4d33895d

SHA256
68d830b7c8f415771197f2ffc2ac76d1397cdc33cd3fb2fe6dce7d5ded34e5d0

SHA512
ae39cb3f5af7626da378cab438f2fa3b451d3c6ef7143d4417d2a58216f6788808947b1cf4354a6d527890140a4458bfc189351a1567e9ce944926eb4ece939a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000067

Filesize
88KB

MD5
8b8f527221a9936361e7b6a40d453082

SHA1
96f5903e6855d02146c5a6ff4d6e7b42b167a6a5

SHA256
89453e8b9bb2319c0fc4e796881753b432ab5c4685545c86f9908b45f35b2f8a

SHA512
e7e241711f3ffb18661910529d481c1b89279ec9eddf8d252a809b9406d19876451a7404536bc11d1f290e8f10d0d078a710b7f57d90205a659859fc939bb454

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000068

Filesize
137KB

MD5
62dc8b81e6d3051a99e78122294a0dac

SHA1
a5f27bbe1ae51f60288fb355c81d98e0e0901cb7

SHA256
fada633f74fe45975a87134e09cd1db2d83f897755f941c17f5b9698858d6c2e

SHA512
3775d3f5fc8ed3111d6ee1980aab554e70bda45e1ac2d1d32d127c1aa9652665b6c38ef16a7f3d36d16229246c2bba182c8c69df4efb57051f64b7274ec4c485

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000069

Filesize
58KB

MD5
f0f5470ad238b7949c4dcd1a2a85553a

SHA1
346e4d6cf79a461cfd44254b1727da550d4dc88c

SHA256
c6a9df2677d3cb4764d560a67efa5fba1079f20e610d0b89343f9d2aa3e9f057

SHA512
ff32541a660b40da5273e4b9b6b1a62860bf3f77444d5d42490bbb68862445c19537aca4bf2796afa54397325dd96d4a34d72ebed557ff0e59ec5385c16ff91b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00006a

Filesize
171KB

MD5
1da2c8cd35aa3321a9f622a753be2ae9

SHA1
0718f3efa2feea37b46736fd03b03c4bb2082541

SHA256
72f3b2fb2571eae33c25f04c6af228014ceb8e065dd26de45cd731eeb3374b67

SHA512
2ee6fe11c50caf9096ea6246c4e185902c01ced2c66eba1e9a4eafb798afb3243dd29715b62d7b1b09490e52c14b3d0d8ed3fe4b3a8d1da146f986df3e082e48

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00006b

Filesize
16KB

MD5
562190267140231ccb89e289034a38b8

SHA1
1e8cf2e189209a7554886ebe1690089f8480b965

SHA256
7d24e722ca9029f66efb0c37b8e50789d55b72b6bca78768089ebfeff2bd3767

SHA512
9cfc4ba182ac0c3f1143b55a0ab17bdd7f77f3e46b6a30566d0c190a9caa337d15fd63ce36f96f5f9fda5403b5d384844e09a1c6e83bf5ea3eaf2fca93c6345f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00006d

Filesize
16KB

MD5
1141cda92456a2d136580579b099b780

SHA1
4efb0bd02d583b2e59bd1789ee40894683886372

SHA256
6811da65d4cfe53bed6054144fcadd4053f5092392ddf86e40768583e4ac1ea8

SHA512
04ac614c16d34c3496bf23569cdf2a114e015ec02322edaa6901b8e55f3cca9daf1b0fe5de13d6584b9bb4ced22ec8f984ca85aa3c357eec6ee492a29d1572e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00006e

Filesize
24KB

MD5
b82ca47ee5d42100e589bdd94e57936e

SHA1
0dad0cd7d0472248b9b409b02122d13bab513b4c

SHA256
d3c59060e591b3839ec59cad150c0a38a2a2a6ba4cc4dc5530f68be54f14ef1d

SHA512
58840a773a3a6cb0913e6a542934daecaef9c0eeab626446a29a70cd6d063fdb012229ff2ccfa283e3c05bc2a91a7cac331293965264715bdb9020f162dc7383

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000077

Filesize
73KB

MD5
2b4b41049017b25a77a613057c19aa38

SHA1
2c71070f358dd7adc9e04af6c1a0ee939f8debf4

SHA256
8c2c973dec242fe31d728d63d2165f8efc961254215c06f0cf0e4dedde1b07b2

SHA512
94f1c4a3b05e37df9b55e69e626c9e14fd4670cb96e41f26ed21c3312acd27e0f8254758af1d2a12204756eae1c22fd1d0ac274a3556832fa271d015ba34b4b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000079

Filesize
26KB

MD5
968d5820e7217263e87c7c25dd857524

SHA1
c3bd07dbde83fb68dabcf99d830d91d5cc56039e

SHA256
8223e36063316d3d39c1369e8580403f36046b9da644ae1b720df95c12c9a12e

SHA512
849e7fdd08b8b2fc2b5214bfb64d2773a20ff01ee864462288de1615d10ebbc54b9d4baa82e06a4327f102f0f411b7d350da8f6132290f72ed0b811a2894ddad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00007b

Filesize
23KB

MD5
36cef9b921a5e7269efe992096d8daee

SHA1
a0bed6e494b1758ebad93a919a199c7ad03bf4e7

SHA256
c7a8e332f0ab4329e453e9bf8f703782480239192af59666ffb7ac02f047f0c7

SHA512
6d8a39a928a97ab828fd6dc9ed1852e2cee8c98d3b4c716cec586f351a6835713685b432b81773ff5abf60c2a1800125941ab373b2fbf17a2a00e56dae7bc04e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00007e

Filesize
90KB

MD5
34c4d826740620a0081d04f5feba9a20

SHA1
67b7caa6c54fdd1977cc351e3ad2e6793f1a3356

SHA256
5c2ea60b13001b412f019f2f4a65c987d4f273dff94ae892e1d1f3727d64fb49

SHA512
eb7fe6818b666c465f6da534ce5f58e028a27a9776e5f65d18ee25b8579c5bb2fd35f7c20686a6073fbb0304377d9f1f6aab990484a00b26e94d745eaf5beae9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000085

Filesize
64KB

MD5
b3cecdb68c56273a9a559a2d966d7e67

SHA1
9ae2157fde228d8571bb5ec3a4d3e2ac3ae3218b

SHA256
69cbf6f57cae1af820ffa152a0ef459f25647175c7567f662205cbbc80e4aa85

SHA512
ab09ffdb889facaa1dc09e811cdc1ac1d1e875037572774e4df80b7d6118150f0a9baedf06b283d1c4fa9772ca9826a80e3f5cd8b2dec5e25463a77431b67f57

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00008c

Filesize
19KB

MD5
e6ca145a2dd3c5d876f3fe8c36e2ecfe

SHA1
2894eae02c2fe88396b01fe9553fbdccd845f456

SHA256
948964f2e77928b6d7f3989c12e94bf10196a676d9700977ce4611a1f3445ad4

SHA512
de632b605e0b8a3f839dc07c891a0470b94ebb2cd45c3a065cb06ca840b875f4e854c963c84696faa645de5f06048f34b70bfc6075a00cc6628a2e14b61a44f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000095

Filesize
30KB

MD5
6fb26b39d8dcf2f09ef8aebb8a5ffe23

SHA1
578cac24c947a6d24bc05a6aa305756dd70e9ac3

SHA256
774379647c0a6db04a0c2662be757a730c20f13b4c03fe0b12d43c0f09e7a059

SHA512
c40f4771c10add1b20efb81ee3b61fc5ede4701587f29a1c2cdde8b6faabd1c76d769bf8b99aa19082012f95d99ba448a472463fb9056acd2e43542e14e605cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00009e

Filesize
22KB

MD5
36021359052ecfc630cfbc1c3e86b7b3

SHA1
98dbeaa0d9eea76a74ba53920d23a0b00dfd6bba

SHA256
ffb8e9b0c01fc55f1a3a62c942826cecd75e826f58d6c784969286f3b4023984

SHA512
f4cef55209317d8fbddd518e971cb92a5ee996f7c1046fd60cc43b5c61656d6b1ee652da18d9a2801a1a7ec6444935c1d5bc056e0cef521ec1e51293c87e39ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000a9

Filesize
133KB

MD5
f2bcdf9060988910c023048a01c65cda

SHA1
1ee8b33e4aa1e1898fa82e5ef74323a2b6e3b1a8

SHA256
2b92cdcc37266bf366a8a7f61daf5e06ac46ad675dd3fbc5b726ee091d63e30f

SHA512
7802dde7667637280758edc9749b257c0a7eb8244b0fa119106587964ea2cc950f8a1026f8ffa957e8491f6575cd4a07475cf9238f7aefdc1318043e1742fba3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000c5

Filesize
576KB

MD5
58bc7675584de6e2e03dd2f3a624bc85

SHA1
c5cb59819902fb89df75029255baed52f6d49b67

SHA256
0e210de252d584464298a91504eda3008ce4e9d2b52666db2315094e5e8e594f

SHA512
92e09e5706719ee8255793633f70069fbc96b5748f107b4c801bcee38c8b2133f0480d18b8fd139ef8b5e24a246c438aeecb6a21963764b7419350eca1525e6e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000c8

Filesize
73KB

MD5
426003ce0eaab39b39bc359bf5e5af3c

SHA1
c408b0761126764b22627a272ae710d7be68e647

SHA256
16ecb4e6204172a9a4ff80157d3903e43fa7b0b5848d3ab91d8c9005431ed7b7

SHA512
11d4209215c8694c8733d174594941b0725171662c8feb73b828719a9ce9dff77a8c916a433f76fe2ba4168dc59f0a69f541c6ee142d58eb4e4f6843a5399c38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000c9

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000ca

Filesize
86KB

MD5
cf0a8109301a8d7f4fed6e36cb15bd47

SHA1
631c88ffa0b405152910e535a75f24fff3949331

SHA256
644532967a095fac02d80685e9102a0c257169a8d3a45bf878aedc36cfb4bf60

SHA512
b526a5c46a40dee49498e5d4d2c57647eaad3906e2083a4e3e1c66c97cfe089cb9a5ac4c1243cd234a0a0f084e4ab7b71a851c7976938bb61cbfa225b0eb96ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000cb

Filesize
87KB

MD5
b95f972b9b33ef69ca3b9fb1b0adef5a

SHA1
d8ad42fab3f36712b6205d6205ac0947615caec3

SHA256
b1d1005b14deca1ed1e078758d7fc0dd9917748b46f71b0be16b44c57bd0088c

SHA512
5448bcbca0acbc02b2cf12e81fadb1a0a1b5b27128a530a3620576b58a26926b8b07f814f2dbc60716321f883e75d08a3f606b14b8cae56e459065c7456b4def

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000cc

Filesize
1024KB

MD5
8a1eee5e0d7a9b9af323a96c9edf26e0

SHA1
b42cbf325c781ee148cdf73f348e5247edcb90cb

SHA256
e21779687cc413c3bf4b061d09e02782c95ebc510656be5f236dadd3e3e06de7

SHA512
6921316354aec68b001bb7a5205552dfca2f369dca6d1ac21d5ea6ba548edc75960668b386c3587896647da728e30ee0a1bcb950cefc2f09e424307c2eb52fb6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000cd

Filesize
310KB

MD5
984132826a68648c33ce70815e13ef03

SHA1
32712b4ea81e3e56ad1d6a329444439852dcf3d0

SHA256
59e90312680dae4fa3656dd1dbe05580289940fd02d11441752c95ef98f0d99c

SHA512
de4b2a5bfcbba4ce156935596cb22045a5558e35cae5aeafd367fab82bdfd36ee45e1d08e9dc3c130e57c08c91895fc13ce5b953b75823ebfdd0594f5082ff6a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000ce

Filesize
1024KB

MD5
457e51aeaed0b8bad8b81f00300d2bbd

SHA1
c2e86671082458550a42b7b7c975f7c3eca820b0

SHA256
7e080d6e99c2281dbb6cf48976001e3e7409342d142987b9f369a8b5e88c4238

SHA512
425ae5a85fd78903d37a923b7ad5394d0e2ee59138bf5b7bfdefbcc1cd773ea86a3733f7fff795061899e686b2308e03a16991fa3dcdda2247170591affe03c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000cf

Filesize
25KB

MD5
a3ab23ac9761466e3efa8dd2777f1f51

SHA1
e17df69b4bbfb0e986bccb94aa178c9254bcd9a5

SHA256
c2b3920b9e868dd39aa741b9bace8db29fa2c1e795fe191de6e74bb6669b3249

SHA512
e1ee1eb2a39388642f748e63878dbe9727ec3ea2752beb935f5cf57b9cd0d51be2e4d87278489335a213fabcc59ec94eef04ae0adcbbc35c49d46f90f43dbfc8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000d3

Filesize
1024KB

MD5
cd5024609c2db21d98e76456451e6068

SHA1
a68b634a96aa7eb01f7b472acad40e1de3f4df12

SHA256
0012a9b36bfe557f6554099acb824e1ede555a17c7e707813a9b6b7fa8f20d91

SHA512
0c329aa0e9ea6e29135215cbc14a4bfb3cf309ea466774f8549f6ec4985580679409c284018ba35ab30c627a969920cfa7836ce3812c68ad9308f5bc30c068b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000d5

Filesize
1024KB

MD5
3895f27b35ea49a45f103027826b0e33

SHA1
e271f782530ddb2f8b1282b1279c2ad45b827f4a

SHA256
482b7b9d70688ee48ff5d2cc4178e051d5c15f3101aa299c34abf8ee16c8261f

SHA512
9404bc22324c0ca55ca6eebee02246b1fed86ca926b49179840140f84082b0335c28718ecac5cd56905d2f6e814af626ec1178db6a91028e1c399617059cc478

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000e6

Filesize
68KB

MD5
623abae71f0f551e7360a1ae4e9319fe

SHA1
fa334730f60d8eabf32a9497dd4553e449aa8e97

SHA256
3c4f57559b497f18d76a1bdda2e82eaf2964bd2a368236ade8fb4ca1237d1d73

SHA512
a1d30315db062dd15a61922363ad9b031d2d91026746645e609a42115094918e76f1e535622ac1b1b6c5fec29b4a6e8c9d188ccaab3c4196305537263e2fc89e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000ec

Filesize
92KB

MD5
ed4809fbc904bcca32d26ac566fc3189

SHA1
2809a8988986c2641ace41a0984a89b9123fa671

SHA256
318ee419958d7a0aec2af65ce29d372f1cf862cf7333ec746c981cc2b4d730a6

SHA512
5636db20dcc30ba941076ef8d176bcd2e5b51b3b4ccf1d28479e099f5f18f259041dda42c6fc9fa8326bcedab1b29b4dbdaadd64183c6bcf663e48999dd81be6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000ed

Filesize
95KB

MD5
f12c8e6c2d29080224814946fbd95296

SHA1
9f27bbca387869f2be596c7bbf7a14d8cdc7238c

SHA256
b253e111a461bbca3262702e226e2544f09720005c641f4c31fdd60fb2f9cbd6

SHA512
808657babf7cb7e03450d5e84ee9a701c01aeb9bea87cf817d5a6d813a3f83411fef291672199494e6fcaeb3a3929b7b09945f4bec7e1e3cfd8c47e9a3f7b9f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000f9

Filesize
1024KB

MD5
2fe924eb16f814a9008dc97a104856c8

SHA1
f9d78de81408385bfa4f1184385e332135e1215b

SHA256
2eb791e0e334f9cab3d281b689785a0002b4f41ff76ad0f4c400179250d941d3

SHA512
58c24eeb11382ebd40211ce62de89c1cf0c7cd52e7d72734f13ccd0592c49ee7af2eaef5e376cfd59e72f00f86f819f1e248f1d69d34dc0654c5153398ac11ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000fd

Filesize
1024KB

MD5
370342ce51445e68ee677b56ac8992c2

SHA1
ae86b56902e668c27de4c1b2a1a197da17f89163

SHA256
61a2bba2783a9c376c47354fa148974aa36295fc60029c41d6252775e6e84310

SHA512
b47e765be3d54f94e67d75e1f0ced3404946cf193dfc5ad1e4db0c932df90bcfe9bdde7a3c9888a134d2601e38162eb38282dd401344a34c5dcde9ff893dec1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000109

Filesize
224KB

MD5
afd320a93dad254cdefeab97593580d6

SHA1
93aba07c64e3953134497ca986d7b299a5665a17

SHA256
f3031d5826605d5762282d7bb9852c3fbab9f8d629556ddf9902e39167ba5ed7

SHA512
64268d79aa13d7d2de5ced3af5a4c305a46c54230a0b68f61596a09b4876dc9cd44c91a762ecc5af5f15642f38164c3a4b8dc5bf84f2e8770b381d24fb22517f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000122

Filesize
97KB

MD5
9026c1a039bfb1796b34eeb74a8a716a

SHA1
0fff9a37ca34aa4811e4e48f4022f1e3bb5f95d0

SHA256
4a3b444e966106bf9551108f259d543858a36d28acd8d2dd2f38e522ec922cca

SHA512
51704c92f1a4fdb55604faabae333157526fb93f3b669aeccdd04a9f728122cf81bc2c8ee0df2efa23661666a697e8f4daa491b25a64282aaf68a4420d341da8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000136

Filesize
48KB

MD5
21af9bc981d404957c6344aaff4b3e28

SHA1
e5569bc0876884ded0d9594432cc261effc66d47

SHA256
e9515acb1b0c8f7c1008358ed424d6563cae681f0e87c53547d0cb7b9f51b051

SHA512
fb42427a114a3cb5739c30f6235c4fe3102876b2063772665c82ecce483955d357dead930e6da185f2b27fb0e72b9837ee272c3271efa5b7e80f98edf4cfaae8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000158

Filesize
51KB

MD5
588ee33c26fe83cb97ca65e3c66b2e87

SHA1
842429b803132c3e7827af42fe4dc7a66e736b37

SHA256
bbc4044fe46acd7ab69d8a4e3db46e7e3ca713b05fa8ecb096ebe9e133bba760

SHA512
6f7500b12fc7a9f57c00711af2bc8a7c62973f9a8e37012b88a0726d06063add02077420bc280e7163302d5f3a005ac8796aee97042c40954144d84c26adbd04

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00015a

Filesize
41KB

MD5
ae113ae7c07fd20a36cae247037363a7

SHA1
35c9f4f6dd82928d03dc96a4bb7b5620c6b36d7a

SHA256
9452faf666c3fbeeeee4a8fbd5c45729b06a8dbebdd8689cb146798fc87f6a7f

SHA512
cd259ecb5476b5675d636a4650f4793429aed633d2f5b270679628db138c07134d6c609eb4931ff4681c5a3903ca2b07b98c58522ec3c5d54a1e5e17c664babe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000161

Filesize
32KB

MD5
2adb49644ca07a800b7190aed2201c54

SHA1
b780d3772a83b977a3973a8752a4532ef008ce56

SHA256
d118364509b330b4f253e131de7a8359e5bb267df3572b2f0a4ccb6bfe9080d4

SHA512
4413fb86b54d93ff81571808a0847cdde850838751943c3f4817ca7b93f50a5f9b0b297b417d93e60c70a64418e81e5ef4f1c4b9cc1eb510928c5c006aa6aa8c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000163

Filesize
39KB

MD5
d5f61395a3df065383d626c90aeb461b

SHA1
9f32cf09abb8066253a018169df1338da7e94b06

SHA256
fa4eaee6d61c455c036cde57100e570f2a26534a8f25ef76df573cbb9d9cc80a

SHA512
72092d3689244c53a6b896eeadd45dbefac4bdbffbfc2ef9fa5fcff917d1a1995dcda1e2934aa5fbeceaf2576b6d6620e22fb85af5112bcb1beea7403732e8a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000164

Filesize
33KB

MD5
ae41ba1f36d1729ed42c6d59175e2d33

SHA1
9b6f72d935715712e25ed9ea1f1af079f7cbd2aa

SHA256
e2675c2072c990a200dabd33f3b1d1b3393f5080df8c12c351388b8d921cd61e

SHA512
08aed4acebae5340c8bd6603be03d2e87628866315bf30d28a8417757d94fbd658cbd99393cb385c1acfa913f6138d1fc4b064943f044f8f24235134f7579c32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00016a

Filesize
24KB

MD5
f4fc7c79207bd0a1a93db40bfd3635b4

SHA1
4d5e4be0962f924832aff1a0f02f2d69cf949262

SHA256
83284219dcd33b8cdbfef6b5f89794ef6de74f2abdede032b5dd954ec304a728

SHA512
e82bc936e0fc8f2657770b202c510b98ef71283fe2e54720c632ed2b2048d2c68274c7eea98cb400abd713e3113ca31ffafa89400f29aed6d13353a966c704e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000171

Filesize
44KB

MD5
71278356df7c78755e38ce690968938b

SHA1
6ac3830add141f9e5f3703d4678df0c2b7da2da3

SHA256
ed978af2767fa7feb4d1d773697efa78870be3f282374f529512dda0027cc39c

SHA512
2da16f1d8cf6e2c6efbffde18fa823e49d1bce941716cd7b491a6889739f7edb52f29bb341b8c739ae27879647d0dfcce59ccea73f03b304296e55df1ad0cd0b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000180

Filesize
36KB

MD5
2b0cf71e159f74c164a63332a1db2d0b

SHA1
a64584d0014a2ad05804caab78da7a82db8df447

SHA256
205f8a1753ab784fc1282f2fd758db25a3c1d0a6019324e41c75114cae7c60d7

SHA512
951776f513d160f43166b4bbc3227ae0f58edcde698ca307314981b4b70c9f020ac44d3ae09bbb1993f7457122dc614d979c9800de4a3afc1d11b7b83e1a2b56

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000182

Filesize
26KB

MD5
4213df50da3e6081bbb89bafb284204a

SHA1
e3d6f4c480b7e2b83280c8a3e4bbc81298207ca8

SHA256
e5ecb409dba3ff77a5bb2eb54358cfb3252fc2e7f9b01660f9b221eb62d15aed

SHA512
15170210c408477d9fdf50cdbf80dcab3702078bc442b82a61df30f2645d5271ed9420a007ff6e9353f3d298f73a13b1d4296fcc98777c6298bae1634ba4bed5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00018c

Filesize
32KB

MD5
1077a11b4e5744e12aee2635fd602679

SHA1
2e02e7fd4589aa43fbb12cd6a247fa9f0cba8518

SHA256
d723865142bd8a14a91e9e9dc4d97b1ddec55a0a9c8446b9de5301317745c5b2

SHA512
fa9a020ceeffab8af3548173da495fef7f7aa3c97c8e82fe5a523719ffbf60d8c104ee40b303bbb53a35e00123d7ef4a4eb6d12c8d9428787e6829725689cdae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000193

Filesize
34KB

MD5
6c21d016e7b1c19ca4e1b6296f8deb54

SHA1
2668b66ebf0a166a4bba43f57485cc3817cb8cb1

SHA256
7219a7f3143ca55b414f13ecb6bdc9d1125cd5315d1a1806e0129b7baa73b5b8

SHA512
bd7ac5b086a8856518b23366dec9f08e1e9aa0b2c39735e415207365340b0a76d39bd8a1879a837dd23e8dd4ca088d5434fc7c642021359d991eb6f2b5fcdf71

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0001d2

Filesize
37KB

MD5
2bbdf0d9095ab5d7360ab184764edb14

SHA1
db42987caa7a7de3d49e04b8efc7ab052dec7045

SHA256
1864e1f4ba6aa19496f24800591ef27c6bbc8ae60a13194ca8694fdf86136b33

SHA512
c8ebc24c24b8b9b134ba8f0f61f5bb5060f3cbfd034bdfb8c0fb5e44025fb7dab0062172a3f1214d5668cc1c6f3b6b930c2cff799463469f36550cc57cf1faff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0001d9

Filesize
38KB

MD5
a22cd44f24ccb1e2b27b2847f83e8da9

SHA1
8ff3a4729773f6d51e815c8b0759a43ada0afbee

SHA256
10ed0e78fcdb5acce66694cab380de9c01d89a930be6a5041fecffbadbc9a0c9

SHA512
4110d510644ca0f4d240daa8b66f89f898e7edf511396d9027229560f210d2241d89fa1349b7c1614505d4b0b8841b1d0e620b2ea147d957ccc96e5737345c00

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0001eb

Filesize
43KB

MD5
3a8792281b7c8a66f3dc3342654bd19d

SHA1
ec7166f5fd79cb5ccba1fb2691b8eb4448e7b108

SHA256
ece026595d5f56fe86340708a58e67f355268edc9e46ed2ccd6debfc5d8451c9

SHA512
cec777520958ddab241c6cd4a69390e1913e0590c50cab3041a21e1280338e51088082c132687f5e3bac4582dc7c94a469a9dd147756f0e228af9aaeb9c7a3b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0001f7

Filesize
37KB

MD5
903d261212861d01e233910a15331745

SHA1
5768dc090b10f5b769bc784f4e9bde2b32e62ae8

SHA256
81b76905d4cc658d0bc39879a60502a509ddeb8471af7db751cba24acae04317

SHA512
87cb355d20b6d32147efc3d1e5597d75da279918b0e4451b70816a45c3b73302dd56c649010056d03c814ab8f72916197ba24512c61a42999c9515edfe6010f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000217

Filesize
29KB

MD5
3e9e56d00677dd67b0db4dc1c5d5256c

SHA1
119b5ec868094b04c637d06ad09fc19872552d44

SHA256
42d3e947388a9c834c6294e39d7bbd85d970cba394c3930f860f83932f4ae964

SHA512
a700ac7299014050839214f0a018df36db3293316ab00acd526208df124fdd4ad731c1ce5e1372d9ff07179e1da2cf5eb85fcc70ba4516a70afa140857f1df38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00021e

Filesize
16KB

MD5
84684a29bcf95dc074a7583ae77100b9

SHA1
445cdecb91c25890208fccc1eaec7311bc87da32

SHA256
3baab34bab317629bd04badabcafa88044a6228e4db4f613287f505c5fd9e84d

SHA512
39169a4b991b6ebf2c110350a97040d02854fbf5808a8dffbbef08ca0fd35e8744ed89e3fbd336fa0917027f249557e13eff0ea584b0133b0c1e03a1dad477e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00026e

Filesize
86KB

MD5
95b0736838a4de72bfe9ba7262611486

SHA1
6fe29f61e64fd2896ebe23ba0f9d3939e9802166

SHA256
debea28e0559ff0aa9810484ef71fb2a1ff69ceb371a9484777f1f72d5c0509c

SHA512
d8f0a7aea346e3a2420485c6ce0ffae71a9e871952087e81ad48f35907c8bcd9240470b7a52480711336cfee73a1dc285ab693d9e08fd8374343ad4a274ce681

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00026f

Filesize
20KB

MD5
177cc412ef27ced8e3d904255a4b4bde

SHA1
30a489a1f279022dc940a3dcce53c78d2e2b145b

SHA256
1226a46173a3394fd229fee8b0a5406dbeb49ba4532950152010af362c96b57e

SHA512
8689988e6950f65f9cf214f1fb5631ff7919c950d46a2405bc7cbab638cd95df1a232a000421fda75f7be119442c148728a2a29b145520d9d60c899b27cfad4a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000270

Filesize
87KB

MD5
5cbdc8e8af55eec62d323d6b77f2f7c7

SHA1
dcd1c8ed39dffc229db0be3efcfffb2d5156b38b

SHA256
ebfbd09673c31a3aa9c4eb2af1a97de0c664cae8d322f819a601c775bf168912

SHA512
72d225f125ea6fc35427611ad6f321e4bd25449c06197fa0f44a65a498279992a56e288b2ac6690961af67fa4157fab53560c6c9e03751414cdef949214b4fdb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000271

Filesize
114KB

MD5
0765f64b46b837216591e51e27963855

SHA1
738b61a909c0c1a5de6a53ff68e76d8d60d64239

SHA256
4f645f1912591ffb2076024fca279e63e5696cf1fb6cdabbdffbe5a9e32a4453

SHA512
f6ba6300934526f2aca286c1b020af2572b680de69b3dfe0288839f84022aa98e8c572e4dbcaa35f03fd1dcdfa0a27c5ea0c4aaab6cfd1a77b51764a1fa7e290

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000272

Filesize
21KB

MD5
5e8e962676b066448bc7fd05c2be7d2c

SHA1
174ccd0be4e30874a0eed51b0a89ce211eb3bfc7

SHA256
dff0187f094e82f7270b178cdcbc24d2252d1a8f8d596177bfd47264f953d6ad

SHA512
258fbebc3f03d4784ed4f632ba7edd708d2a35ba8d002df3f7b207c0da3d9f20c5d90d046f11ce2f1f7b5fa39fbedda75c53e431b6a72416fc0476865a9ca5b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000273

Filesize
36KB

MD5
1d283e8511d7707cde4c4318a2c8db1f

SHA1
780678bf844b5ced390b4cf483e68a80022e3703

SHA256
35f72478dd3a623d84c7a0e27d26702fcd08e4380cc1b1448157ecf57d702856

SHA512
4e8a6de21c359bc50f0f8bea65430dfaba69ad483681b1fda522c0642458f2bf3c3ff23a884e844a54a689af76834fc82b638ed0fdc69b00fa7ede6d9a1b22b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000274

Filesize
105KB

MD5
a300be15024e3c7410369cf8770d6c53

SHA1
c341ca2b8fe1c3bb149a5e313c47e96c79a0ee14

SHA256
bee8256569c2a58e1b4cbfd9dbeec5ad32a57c60e573dd5f349c1e07b5e53e01

SHA512
a6b4307a52bca7c2cd1f6e4c494b3d3a6179c76d3c399abfc583b77f6ca8ad8f4436f5535ccb426c296fc564a5f67bb907200ebc7ce684c480cf1d6c2a997cc6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00028f

Filesize
31KB

MD5
03f3a6d81645d42a6bc7741649ae5f9c

SHA1
8ba1fbcbf4834bd37c2423559e23dc71add362de

SHA256
5ce3c8528f7cc6d07130749a78d93f9f25158a78767e5883bf8547a712710829

SHA512
d8706d5d78879a70f277782a028831c7e29bd0eed5a96b1ad913ad796b37416299652a9950a82af080da82e5e3eb7b4649b5a592e932ef1398df9df4d7d65581

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000290

Filesize
50KB

MD5
ef7b6a80d1f0c32375a4131417fc6f1b

SHA1
9ad11434a050c7ceac9a215fd89200a778049056

SHA256
cd155a995e6d4b5cd96c6e19b001872a6c8833b7acdc2b89ed5e99c89809ce1c

SHA512
7e61c38bcfb23c48f13bdc6ce9414b3f66ddf422d0d0a9394333dad41cc8f802d52499ef853c6ca4cc58e423a8540511d80aeb4766b1c56d6ea1b00a3870d9f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000291

Filesize
111KB

MD5
7379afe95a8e21bff08c1867e7243ed9

SHA1
62f8cfbace27474e08fd89505a886a1b2303f543

SHA256
1baea74f2cbf39901943b726d013098ecfc9df26577975dfaac8b06d6927951f

SHA512
2c8ca6ea42ffeeabf0f4c81228f0f73d1554fb9b7c2a1042ab390cdd50a855ba981b05ff1239be9db69fe8487cbe683138d60e848283d96abdeacfba5e7d2325

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000292

Filesize
78KB

MD5
4da8ed163012334b6f87bec3494a0601

SHA1
1ce429bf4676c3a413daf2746027191bc889d055

SHA256
e714402c20f116c2b95ec41e1efcf2de0b9c5b11f1fa2b5b8c2351d4a36f4845

SHA512
b3978be5b14942637c952fa0bf1b8b8e077a1a68c894f3f77499cc37af49364cd18f4d4f9c4729898482243972d88ba81f2821d7e33bb9740ba6c6de4712538f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000295

Filesize
132KB

MD5
aa73a3e4a65ff1513076de47a2b3e8ea

SHA1
f8dc5136067eaf20449d9652809f0796dd82d26f

SHA256
30a8a1dfac805758fc3c6c8e31f230689398af9b9a06fce96663e746742d81b4

SHA512
2af5c748f164afe64c43591473cadf271cfde3584b3dbfdc0af0beed52cbc27418044a53f10f4e86e3164d13bbdba07ef39b81c3b32758c6d64980b4da4734ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000298

Filesize
34KB

MD5
66c6563675027eea832566b44889fcbf

SHA1
405f3c40836b97656705ac8fb2de52371e80f3cb

SHA256
2ae7a12a4a33c009543ab615cf788aefc489007c370673a49a5bb3e8803f7b5d

SHA512
3e53e4e2805637faf08b9cab7411663c7372d2845094b3ab9d90efb3e2cbafbe0ea56b4ef32b3a5d3473096ba754b3e10629c9a78881dd5a25adb0a2b43554a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00030a

Filesize
16KB

MD5
89a574ff00e6b0ec61d995d059ce6e65

SHA1
aea09e96808ab77165ffa712eaa58b8f056d0bb6

SHA256
e5c29c139842fd487473d0824f2c01b374680fb35d22fa929686d17896602a44

SHA512
30d0d40bd680e61968273155b740901cdfa66670fc2af6f23e44c6b998b67cc1fcd0b51bd5f9470f209f188e75d071355e592b2a7c97f4bfd15d07d455e0909d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00032d

Filesize
1024KB

MD5
4cce74331dc740e12ee552aaf769390a

SHA1
8fd0b0e7e65524abc97b2bf7aa05587faa70cd4c

SHA256
49a04f529cb538b91200aca21585dd1bbf03bb6582c52a7c481251d123890e9a

SHA512
fbc7cf4cd5254fa937a24474a45c6eb8b17766a0b137a213dd26ad79a2071f2eb9c80505847abdcf0925de3bcb192917e02aadaec0b84cedc91f414e5bea4dc0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000356

Filesize
62KB

MD5
cfa020ca66c38d717fe9da70815165d8

SHA1
127b15a0d8d5dc35996f9892bdd34b9c118b146b

SHA256
d840f4248e17d6c34e790cfe150d81bf6d6db3fc0fa8d82c36029e63db0df303

SHA512
d77a02f6e92ae56f7c17426d507bd61493b4ad11b3d664aac5fd08b9d91b3b06813aca72ced00030731ca39d602e670501713657f3d6cda21dcd7fc9721726de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000357

Filesize
31KB

MD5
c58b2cdc4b2aca6d0b2c5b3cab3f8bbd

SHA1
3d22bb3caa7a2f4e4c58f496671c87f038641dd7

SHA256
453190c377780c54c85af5ed4ead80ac2d1dc805c7e5bd5e0c2a836f938e214d

SHA512
09277e9da5da3c0230c037977762d6a60668279cacf98cc28d40b1376b4c26209dc03ebe8a402f5242351e23c4d054098ce25b3f97f8d78853a0c02ebd848418

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000361

Filesize
180KB

MD5
e157bb048a5756c9700f61183ad35234

SHA1
6514bbe7bf0568ce314524d780fb1bdad6e36819

SHA256
4e8f3dbb92c03125f57517c07e7104781cc4e1d164b247540ed9ea339d8be8f3

SHA512
a463208b04ca63351a897ecc06685eaf76532da5fd9d0a6e524173b2effdaeba8f0f4c608ff30743ca35eb55bbb62249330fc78598a6fade65925df7eb6ed8e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000367

Filesize
40KB

MD5
dcd96bde04d4d19087a97ebe3d033bcb

SHA1
c4b4ef1e97533d1a1d5d03b0ca7df90187c74011

SHA256
c368c236b1b82c351a164b0cbe949b9c3ed2c52a04785cc69d4ac647d0183ae2

SHA512
aaf26f5f5dc81d87e4c4637bb31f43ce6e07b3af29b08f2804046514764a19aac17ea4cb1d1411d5be92a1e150770f94d4acae0bdb4bd532d7fb283ef40a5bbe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000371

Filesize
47KB

MD5
015c126a3520c9a8f6a27979d0266e96

SHA1
2acf956561d44434a6d84204670cf849d3215d5f

SHA256
3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa

SHA512
02a20f2788bb1c3b2c7d3142c664cdec306b6ba5366e57e33c008edb3eb78638b98dc03cdf932a9dc440ded7827956f99117e7a3a4d55acadd29b006032d9c5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00039d

Filesize
24KB

MD5
9bec4cf8669750b9e3fee886dd0c20b4

SHA1
cab0a9aba574d29b7f4e111f3638986db118b6da

SHA256
7673a1b6a83b97aae51dced46fe5a9ecc7307298fc997ecab74183db17da6d2d

SHA512
bf80701e524bdfe10fced94218940087d931eff0d6c3ed0835da96abcd5475a84c7250087f118e849466fad3660d16b240bb22ae2f3b3382f7c8d5e9ebfb894d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\02735674612cbc52_0

Filesize
1KB

MD5
6e0af233030fb88e85762b45ac4ad605

SHA1
f241698526b50d4a08b5a2089fc0775007e1609d

SHA256
909fecfe862b881931b0f80bd1aa60b8913165bf96461b6d3c88a995e9361534

SHA512
526ebb701acfcc59f38a6156428aeeab9044c992c15c6c6fa0e012fc095486db4b2ee1fa5b7729e6a06b0b60a5fffcd69a513fe17b6ffad39bc3d311447ac5e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0417ed6c15077401_0

Filesize
1KB

MD5
7079011ea16b60d1afa368aaabc8bef2

SHA1
95c5eb5f9f1c567f1d5b57db57e658f2e0671413

SHA256
41cf4e95946aa8596c7d50862e7ad50ccc69cf98c7f6f2c86819448e341faa47

SHA512
a566b3f071fd4caa0c7243d816e39531dbb8f50d8cd9a24536a51c7e79c7c2544135afd582c173a2ed04ece655686a89e73547dceef60536ad52360c4808310a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0580a8e1646d7bcd_0

Filesize
14KB

MD5
71b5de94685bd7246e710021f1fcdd6f

SHA1
bd1b68365649a477245aad73ef7ae64fe4e4ea9c

SHA256
9c381a05ee354d5401e9bbd276eabe83d263844feb66832238771071f2d82848

SHA512
37dc0208ee5a12f3fa129a2ab04378bce69bbc67473a603739f6a3a269dfeda4949a1dda212f308c09a55dab3ededa16819fa661bf5023dc7ac8b6c43c38e05e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\06450eb6a7b09545_0

Filesize
2KB

MD5
4b4b40cb06e8591c18e8e8cadb4f87b2

SHA1
974688ec0063bcfe103d8b911d09fa623bef9ac6

SHA256
13793890e3a8fffc216c567e9c738b7e132c568500c2d854e1f2563e78a760c8

SHA512
11b83b1497ff3224825f25c692b294c732808ee042dafb2e5420856818eeed592881de191b5f1b3b7e7d34be157223d5cd7d61faaee805123f467483de363781

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\096fae0c49b6663b_0

Filesize
4KB

MD5
53f010c27803d4e8090dec7f7c85f2cf

SHA1
f9132f58486a8de18b62565c4fe203feca3dd8b2

SHA256
59273b5c12c02bb20b56e856a6cec5dac96f024a61b15705492b66bd83b1fb75

SHA512
9c71331aa7f5945aa2235208ab1a9a069fa685e757bb5a77d306f7735eacf1a01cc9e00001ed4b4208f863efa3f0e45a34fc9e86a3a03b946eabe1414f8bf5d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0ce6240506261827_0

Filesize
2KB

MD5
7ab51d4d8f9283d239fb3515290a54c6

SHA1
cf5bd8934ffa0faee402d19bff6ddcf6ce9a123b

SHA256
ac2f558fef897fd74c6b0d3c5b8103077f887ab99845a9744138ef8458fda684

SHA512
ff1b03e8c348375585468faa5703395d3f58ca90172b8e548c92f672389dcb6a6a6b533b30d46f431c1ffd4a790d8e0e676735545f3271807b3955462e679123

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\13ac8f33aed10829_0

Filesize
78KB

MD5
30b299f28b44d10ab93fd47fc14f01ad

SHA1
da6787d29f0bb9d4e8d35eba7c25499f3cac48a5

SHA256
9cbc0cbc3086faf4e733056a17e40a3ff02c41a77d6473102dfe2e040c1c12e8

SHA512
e13e18d5b75884115cbdead6563d2ca4afad9f35f3c1596291ab5bdd17d2e3276a3d4dfea2d1f2b00163d17d86d22c895cd41630c2dc83cf01cf937db202b81e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\14ff8116b518ca2d_0

Filesize
2KB

MD5
f89b3eeb55371abdf588fe51b9231467

SHA1
b0ebddbf767a20aa80a2d2f5e910ad6b50e9f57c

SHA256
8b54d1a513e676830b3f2b828fe4f7e09e735027ac87956525b42a490a840bc1

SHA512
001adc711f35deb3f29015b58b8e743001c8cfce1cdea57235ccae2920283b77d68173dbacb41735cba7380b0c85d0529c8141d651c4e759507207fcb369ab2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\18bb234edc519a78_0

Filesize
122KB

MD5
8e6b412051c528ab70cb6083b16e9728

SHA1
08d38e1fcdaed96781a96eeb369b0fa050be6525

SHA256
5ab5581b00667faca83400d01ae14b32e6d49e0f75b06818467fda74d45a7a53

SHA512
470ccdc72e7bdbc6dcfaade92eaf6e71b93e27215dc8328c7282a821397ab569d41dbd2ddb36dcc5c7d96a17d29ffa313e64cb0250aa9f1eba1e5f08880f5965

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\19b7f9d0e5ac3e1c_0

Filesize
110KB

MD5
9c2feed4b0c4ac6f2f6920e9647e81d7

SHA1
ecff42d479e9c29eab5ed1a68b412b87da2886fe

SHA256
d7709ae3515214929d72f2377b77626ad4834c89f5084be7af61d46242d9b708

SHA512
01b2f7d4813951b3328bcf9eb1298b71d34af17d01df1ef7c504c21e3f7a969cb76a2dcfafcb2457adf951a3e9f68cb11531696739e7a082e512558eab37fdc6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\1ac673f66e12ce14_0

Filesize
2KB

MD5
f0131119c71a880d278419702b7e5cd7

SHA1
830127e4f6964227a289a816af19e78445e3f145

SHA256
ff2ee1f23fca7f3522beac40de161e6bbe6f43fcc81f8226006b8cf61891d634

SHA512
2e9b37eae74972fe29ea7bd16e1e6d874b0d1e29c022bb61d812f428955cebe35360d8793ff24a349a6710d266d51852f399e92609312482d94632d922923f74

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\252c5afb57e673b7_0

Filesize
1KB

MD5
74851b0894abbe9ce195e5404f20dcf3

SHA1
6c2fffb23b7f125bb119136d0fc92c65178b77f2

SHA256
b64e5bf5720a6d019921995e393498f2414e26bde275c50745f534221bfa04e6

SHA512
5a11c65d4090a75d4d1905f6d0e004255ccb79b958ec528a991aa7562d88bf38fafaf2d26c60542267d41ebf5a29dca216549ab7236cc9bc543b8cbe7ffdcafc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\25c90b4fb1c6ef85_0

Filesize
1KB

MD5
fa765b8c6fe953001fc0c44de2b7a4e5

SHA1
f3ca5334cfba1a7235297d9ffa21359152161a92

SHA256
406c0c395a6fb658fea81c3c4eca396b96081353f3d5a87acba6e9260afbc7d5

SHA512
087ede468d1d0b1721c019b11f5d50525a17aadeb01a5f663928cfb7103a0604b63dc963b91b520fa288a3c761c44d24b75ab6aa08323b7b9170840f3f9b0c6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\28324e9db7b11193_0

Filesize
27KB

MD5
0c9998b23847ac24c60cd4f48605f944

SHA1
a8dafaca59a41ca212b3d956e63abd6fa12f9f6d

SHA256
f6f7d79e79a23e048c9778b9d5877132ec41e91c08adce82afe38df7b0ee2e3f

SHA512
cc03a347e28eb95318bdbaf49e39602a481afd3dfbc2fb4d96284b57eab0fa258f1ae4c527c4143d965dea818b9af429483035d875db3e3a540875c2e5a2b85d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\2ce29dfb4fbfd6fd_0

Filesize
5KB

MD5
4985106532c285238f90eb5233ef0407

SHA1
e0cd45d625adc82cd45ebeaff8a5d99840e2f00b

SHA256
4c784a918e096d2087d71f08f80788f19dcccae2f926dea596f2fed3b88526c5

SHA512
3b764df791e4b7c6dc0b46ed666fe3885edaa4481aa6c9263b0a5e46a38435ab14eccf2408fe7fb809d0709392f9fad76bdcd1e50a0f5b8642a5d06d93dbdd58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\33f0991b0c05bbe0_0

Filesize
2KB

MD5
3e064be7a929e0b4cd9b75ee73f9ea30

SHA1
2ca280f147605cfacff40c3f3593515416f01e0a

SHA256
b4eb06eff6d30f85196331c5bbfd849a9af2ff8a00dabc309757f4fa852d17c0

SHA512
fb429b4ab190828536fae1ee44ac0d5c6f8f1bf195785523cbef4673ca5ca03eed8383ce2761a3117fafc21fc427053580c25e62efaa3d1dadf6f8dd295bd73d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\35fb661c62eb428f_0

Filesize
7KB

MD5
1c6d2e12e5b712a950bb12a85933a60c

SHA1
af440770b1e8d2a6bd3af2ba114e59936d2a0f82

SHA256
380b60639da68d1f44562a59b277aefb81e330cdc85ecd87ceff09d6c38608c3

SHA512
0734e3d0e4a8a3dde520e7f99652eabfa55572457df2f6cf741f979f682899982282924a76149f4530eb717812a9f0774466f78502238df7817dc441a4a8f788

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3fd2be14abb3904c_0

Filesize
1KB

MD5
4ec1b655405083b9d338a3a0c3721fe8

SHA1
8c1489ce91ce2578be72fe30a340625136cfc232

SHA256
fbd333723d8e217a72f211d2c49d2bbc9eb3e3c473eecb4c46f46d066fa28f13

SHA512
75ebff08c54f59272b15efd521b5cad4e13f70e9d9c00e2102696f2a80707e623bb13699d7d579edb89da55476a7cbf0738d35155bfee77c315f0ddaa1c8dea2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\4137afb70e0054d3_0

Filesize
277KB

MD5
fb2f70bbe8864e8e140246acb01c449e

SHA1
1c7b1bfb7346c4419548aca928e0ab0ef130fb13

SHA256
8b5645e2efc9f6ea5fb909db5f3b0e2bedaacf4274d500eb3d62a3070c6da473

SHA512
e1143b489e6839c4cc4a697f366abd2093c7f1fe9ec019dc349aa55e1aad30e92c67999e7197e9654684d3002023a24badcd01db23995fc9403fe87e2c0c83a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\45a16ff6d0d9ab5f_0

Filesize
1KB

MD5
f57fafc4d910116c3991a80917a7e304

SHA1
462c819418b62e021c8800d23919f7ed87ce1005

SHA256
15cc431bb7ca5fd2f615de9968cc8a916f46550ad8a43e55e56ec575d29add76

SHA512
b0d1a03f9c80406c2ebad72301714c84e13035f153582b731b758e118c58df3c2b9c4143a160a7c6b9e1576c372b35232ac892d45052e7f79dacbac5333ac84d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\47d4e623e47f5bdd_0

Filesize
262B

MD5
a14367ac697240702f5fa6691245a41c

SHA1
1988f33bcec46d19b616e1639a0a13e2ac94b934

SHA256
7c2d80f2b700aed8b7dd3833e79331f5fff3b5aa4b0e9776caa06939db76d8e5

SHA512
9f39a3365df67519b27eea406e8d150ee23eac6957941213a6446b87d8d4cee28833cc87a57a0d990fb08c3209f590324d9487824df88f03de3e48b8f0eabd61

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\48b1105b4c2874b5_0

Filesize
1KB

MD5
ed68413c12e1fac9bb794447fdb14422

SHA1
4fa7324aa40b51b897b57f1cdff581335896cda4

SHA256
8330ef930d4518bde0854ba9a28ddde6e13b294f8afa38f2d9e438d3613b4839

SHA512
60af214c41080c9ae78ee9e9e109d873cf41f746f0bc4a43f329ab1666439ceab04bccedf492e4f6bf54d49b33ffd53467676d2c27095477a5630995ebec18f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\4c693273baa0190b_0

Filesize
5KB

MD5
dab455f5753f71be4030b1b50d23ee4e

SHA1
2b46c0c7ff1992b7517bebba1db9fb0466794040

SHA256
1f255e62c72b9ca998eb0cb7649e4a04266e3c526d89effe2f93ce87c3c9a1ae

SHA512
02d718bf8cc26867d060d10f901487e353ebbd3161fc70dbba466de3b11bf1482e2cffa7e0315e202daf416188116e8e85139cfa2e217968f4e815a28d5c4177

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\4e6742505c79459c_0

Filesize
2KB

MD5
1be3dc7c0e4b5eb208e4f66a11b11771

SHA1
423899e36afdebdd606a7f83a3d1c726deb5b1a1

SHA256
2b4f0dcdaa215a123111e1a45064bf0d8a1c543f3118f51a747595f1a39ee9a8

SHA512
93f3885acd9843ef2591205b75a986585a5d97a98c81e774426cc176308664999f5f0a489ff128348b054ca363ce13b7fe98e13e4a856e23883adbefe564eeba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\53ac5abc87e80789_0

Filesize
2KB

MD5
3dfc0d153e8c9c9b74c5ffc076198075

SHA1
c3adc92e408bc5518a1f72ef39e2d0d2ccb48a58

SHA256
18627ae5b2071a62b7bfb70dafdc8b36727daca626543c6ac0d96c234767f5f0

SHA512
07845bb583ae0122f15c2bc29a4d8328b2e94aa702f062af077f0d73db91ef71a652f60609db2aa1b738ce06b30210d7f3e6e116a8378a15858739b4becee229

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5801d3329fb36c59_0

Filesize
2KB

MD5
f1f2d9415bd7d5c3257c8410dcd76104

SHA1
5141c6490466d5719a33847f06c79f57c661e878

SHA256
3a0374f8b71042eb652343dcbf0ea867b246631e24ac6ebf2ee6972a53909c9c

SHA512
4042e51d9db266e3be580e503c73471227f274eb6926f156dc51cb975c350149312f728e9f02168f50b84fdb4ef4d1d8f05830989ca01836365d0c84db220c25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5901cd6815f5b8c7_0

Filesize
10KB

MD5
297a0efd98e4148c4abd3ff384b05793

SHA1
72f2b57be810d35ace5fc81840183c5aae30c986

SHA256
e8a55f328ffa585ba6154982e3ad05f2643ee861b2b170569a5ec411b0ca7c47

SHA512
701f6a531773bd4d702aaa7d124bf99dd409f6f479cf7d7b8358c0cae8d39a9cccf6b5197994e871bf3bb01437c2c23e03b2c85d7a778f7fcae27a1db6a96cd0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5ebae3eea1f01edc_0

Filesize
2KB

MD5
dc28bc52c12ef7ffb7087a6b06ee5b23

SHA1
5b41d82e3eea149ff582f8f50974a3c81bf83f0f

SHA256
2a2beb1876e4d89beeee787780fe9ce16009670ea9b52fcbe03363ed52367e9f

SHA512
db7c1e25598261713dfdf404d153e12ee54500e924b5898302de33c8ea0b9120f865a53fce29cb684a5a9a5318606803e6390d007a6effab73f01ab7b42ad5d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\62f20db8aae8f96d_0

Filesize
3KB

MD5
098017e126ee7c89ad3e7834d2740a04

SHA1
a88f75531455136ae4793e421a8d8fbcecd3e802

SHA256
4b99c4d79ac435a37b9d8401f741ddf31e7e3e4e0660af25737c6cb3fb52ab2f

SHA512
cb2c37fb9b3370909e3db549fb9d8d4980b5db954d877f6b41e233edfcb1199ed8f9ac0d53b4d74649d0916f688a8ba3d2c4aab92bcbaaa8334dfa38c19a7b28

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\632e260441be7404_0

Filesize
4KB

MD5
855ca6d866e7388ee553d9ab16ddca31

SHA1
405c19c407c65565504a141c9ad1759b14eacf9d

SHA256
c334f54460a63cde8c013983a9811caa952bce1385af441c2cc70a513b14186c

SHA512
759197a0bc6675b51d0bb089d1134e8c68be026c364d5393bdbd870cdef294b3d34e2eb526306ec9d18471f4236d71352a5edf6f351cabe32079a3ce12c854a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\635e64b37935c888_0

Filesize
1KB

MD5
6732d8640cfd3eceeeac05dbd910e80a

SHA1
8138947c2c34841dc1a6a2a3765c541fed2c4c2e

SHA256
6552276b9d36191f7e6fc008fa550bdaa29186ffe12bb70910f569246fb5d939

SHA512
635cd65af777a1d91ce7942cc9e1f652c2eff65e7a33b3cb3de9fbea3157bce35372dd88971240d56ef133792758c3740be9ff768605e7f46086babb567a80be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\63c6995fb9eb98a2_0

Filesize
1KB

MD5
14297a86e07a49e2b820e51e4a0c34cb

SHA1
9b9f300e782228148e6c034555820bfb0b7ffb64

SHA256
f86dd1da22f65e7b223bc9c78514f5b7ebfe1f13c18f640e53b84a33c5c510bb

SHA512
5cd98d075a14c5ce3cd71f1f56ae308a791d5d3be538a64ebe12aa34d775cea06a08a6596f9b2162e2e09c1c396869e07bd67fa64106af3db3c938f87e168a36

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\64fa70d4ab69732e_0

Filesize
6KB

MD5
cf33bb72c84020f1e0e6ab9ca45b1f98

SHA1
ab125e557bc6c726b04af9b81575cd5c46c4986f

SHA256
891e3edc8411a0e52968a480f7c14ac3fb6e74bc650cf971180accc6040514a4

SHA512
e93c9e02264ca0adf572669a3edcd6d22ec6bcff9dec953228c4f91dd8542f7bb44101162bc8e4b0760e169ff01b662a9913b129824d1e23cbbc4f4bedf49400

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\65a17db215bfc27c_0

Filesize
5KB

MD5
5272c3a92e5e589a2a5178251a18b551

SHA1
05a73b357204ca343932c5d04dbb5f241bf7496e

SHA256
63c10b35adf84e9c13f7156118c0989731a51363e583da6f3ca18c1b0e9eba58

SHA512
190f95c82dc309206c607b3f8e7fe1bb08e87c3faf893a15630cf839cb0f7e58e2575a0fa03441f8124aaaf60eaa1529519ea60eec58dfa44ba2b4b3328c7f52

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\695c42f61090a800_0

Filesize
5KB

MD5
2d8abcc06616d32f85c006558c362039

SHA1
9d9f8f891e17dc7b669e61ec006cdce9913ba90b

SHA256
ecedb2cb036012550d2293f7ca4c4a89d887f8ee2e1f147719765a89637bf825

SHA512
c21f05a21c506603c4a280e8b7947bf8f75669485921b24945bb3f5b22e7764b3d4c923e469d64975bf12e747fb436d71c609781f3dc937433a9b27817415631

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6d3b0ad57bdf7db9_0

Filesize
1KB

MD5
073829c4982f3248a23275c9f5fd8db3

SHA1
9713e9d35c83cc8f558373cdb813d8def11d9ec2

SHA256
5d5952ae9df9096fa1042c6f8b7d053c7acb680691674f510a95d3bc11b045ad

SHA512
3cd1d665a33568f6e9043a14baadc04df828971c1b887c76e288c81554acaf14f691dd133d93ecfcff2b4903dc0e93701f1a8249c78fc9f1bf41bd8e654479e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6ef92dec2ce64284_0

Filesize
26KB

MD5
d962a8c3f26aa1f7f7cf333f86f56529

SHA1
dd454f1eab145ae3f3305d0b713af80421d90c78

SHA256
bc7f6eff56bc62341c4c8b6f41a68929336ebe48eb9f2f0cdf04e174bc086740

SHA512
220c1ded8b08fb74f145aeb68b13413d731ed2f56ba9087783b54b67af2b8416c90f5f4c145aac44c56f9e74374a9e0887fc3dfebffbf061942fb2807bd4fb44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\718aba49c9504085_0

Filesize
2KB

MD5
48b4ee40bbb79ae443482e6257ce57b6

SHA1
b25766c024fa466694a9b5aa70820eef1da6c9fb

SHA256
bddd281570e163af72166cdbf2632f170984b159554e927c2e62c50fa09d772b

SHA512
a3c871300b0de1158b3f75894f293413341d429a77c57e10142526809c89872e1068e302643f43ae7f74d8d74c44bc2303c945a22ec84bd437d6f43df6b224e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\718f51ee897417d5_0

Filesize
175KB

MD5
aa66bda039ff28364d6b633202272d49

SHA1
6853d1cfa6264132d8b26ebe9b07905aa2f70789

SHA256
2113ecf761dce9dec9598682f3bc2586717c718975a92374b4d2bff8c6b9a071

SHA512
ef7408be7d49bf7477b6e6fbbedcebe797fbe45949e2a3e07c124440ecf7ad00fd0ce5a8c490c8d34b4995f3d043b0778de5838cb68822becad35ecd5546c9fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\733a2ebc15407e86_0

Filesize
3KB

MD5
1fea95f938343763b7345a2e3bd02190

SHA1
7985a746a85f4526240ca17dbc4f9455343f280e

SHA256
f5735ad371f148f1abd8714655378512277c7d2b6ef5d4abb519708dafd5d461

SHA512
7d7756d90ac182db26d601d8326858f7cff622cdacd1be6862252b360cf7d62cfa6b7ce79ab17f15abcea963ea30e4f8a207a84d99896426ac8ed6deb4bc42ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\74b88724f60b0383_0

Filesize
1KB

MD5
0148eaa1ee38ecdbbff2833d50624207

SHA1
b722e94472b926a9960aeb87e9b0a519c94418bc

SHA256
1a7e127c30dfcf8b43dd37170f16891f4196e55ce5bfa8c88e15d83a2b0aeba7

SHA512
763b82dfd8043fc377f9f819460424b15527c9f2dbf6ecb9b68ceb6b65c1de9a3b403d308a6ae156fb190c99adbff5713d40966a89b98ca32c8ca3ccf00c6de4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\75ffcd5862ddad45_0

Filesize
2KB

MD5
793304ca882c24fa0e44151566317767

SHA1
b377569dc2ea9c20c811ee2f161f1577b0d14add

SHA256
910bf85f002f1ee6c7edfef5cbbd3c7badeb601955ba3793935ec5813f8a7996

SHA512
854d07438487f10f9813906d2aed674df574ea6286db27c8a3857274b484bbd987e4d472c32c44bdfef190365a18b2fa5a80eef4109e9986178cfd17c0ba1a30

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7a66a1246c4f29f4_0

Filesize
9KB

MD5
65f03ad11be58e61fca0af04907cc379

SHA1
a5dae5a4cfedae9e927dec084b233b5074178b6c

SHA256
eeb986f97b342da5910e9b7ae62e0e173c019e44f3b113a673ad0272b99f91b2

SHA512
9e1edb8c358e48d663cafdf4f1698477ffde682eb1cd91fe65fb9bc295b3e7d7dff148f54906952a2c5368d7c5e222fbe15ccbac25b409bafaa249a3454b8c93

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7cf9843337c39c04_0

Filesize
1KB

MD5
d7a58f310106560dc7d7b21062924b4d

SHA1
9767ae632823c3ac999cb8038ead248ec57c232f

SHA256
6946648de7b2d92deb7ed8b261f9e3c81f3b02167260528a1d066d93189e0cee

SHA512
c9dbdbb326c5a75aeb541b3cc769ce7c3619a1cb6f27cead0e2bffed8ff7fcef3ec26b46a6695b71fe604496c2201482d487ec450c4adb413e56dbaf2e1f2433

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\814184927ce65ec8_0

Filesize
271B

MD5
bcb2157169cc03535e1f1f011b56833e

SHA1
044e04833fe5f3f80d64c621c2defdccb607a612

SHA256
e5661439b81db0b6940f85019e9cd826e2cb9cb09961d8037f75eb345a72d5f9

SHA512
4011b9a76d9a064efaf570502d4a806430410c7284f6d83faf4d6e1cefc4e8e4c7b39dece85a3742630bf0b7b40776af092c007c30743e8397bc81444638cc40

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\82365cd2a8fffbd3_0

Filesize
3KB

MD5
48de6e2d84f66d7d12881a6f32c91ec1

SHA1
69e3cc057fe4e5aeffedbd1c893d9582a889a3c4

SHA256
5578777fcb620bee07c381f73b20f473074542390186c14e9457b05161438243

SHA512
ba343e45b6ee3ac9aba1197ebc6a116091ddc5650488eb9318550116f7f61c88d9640aa3b7c48974cd51bd7b6ba5052c2b5c137e9b5433ec1edf0462075dbe5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\87e1ffb07d850b0f_0

Filesize
7KB

MD5
30a9bfef5c31b61f51526da30d9743da

SHA1
1171c817769dfe6ce1ac3fb296218e0834a426f2

SHA256
69b6ba55522955dfcc0f8d1d66cd2bc6a0cda2fd02ab48f455a63d3ee70b8910

SHA512
61992660ae6bca28aee066c366c563dc0cc5bcef3d6ba0a9484e913e5f487b1048a3e31b89a62511e5b582a7c0e3016ecb4b9a937311b47b96c0ab9c077f3964

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\88b955edb6eae2e7_0

Filesize
262B

MD5
16529023ded85924db43c6adb21a36f7

SHA1
9f62ec2316dc95beeda2a11f53c6d7442b68ac26

SHA256
bc46b651ca3b18715a973fc339a0eefce18158a10f6e33001b5f33a16553038c

SHA512
7ff7a857ce4de3a099112c34f98c6cc84de85408a1f6d6be5fce6eec41b6937b21625a8caf2a63289b92a9c06ee11b98f986e2c343d81ed1e224f50d4ca07a10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8e5987d08f7b6e11_0

Filesize
1KB

MD5
236924f5ada2997c1ea71d0ad035cfe4

SHA1
214d56d343ba47ae847574cc19d55a009d16b87b

SHA256
47e90fa10e9b8a0a9adce84daa64e7bfc5fd193fb5c7d4725ffcc53c9bc469b2

SHA512
f6bec4c88e49dc2c264922a885679905378e4a6d425c28758456cc0f91144c6bdcc33ea684408598bff29339a5563691f8e1fcbd10d93fab1ce4c94af6c32f79

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\914d5a1f922de9dd_0

Filesize
19KB

MD5
c4bd1173fea4f9ff0a3c1e0e14125391

SHA1
b3a72ae3948c417ac61e1f74f34ae29c5278ba5d

SHA256
82671e4fb2f43522e53f2a8af0215c7a715fea5d902630feab4f9065e8b9a22b

SHA512
81752ff591f2b45f1c5cc2dc81f5cea9a6fb5810dbc7017416ccd01843e918b775cd40df885d4c973446c109e09b04c58ddee742233047a8afad5097b37357e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9263930a0d848427_0

Filesize
307B

MD5
b346e9b44a478d365afbd41b18d5bee7

SHA1
8dc1523611b24bb9df5e8c0a56e1936dc7597468

SHA256
3a06a2e4c9df55152685682fcfbb4e3805366fec703fd6a8a609dc34625a2447

SHA512
056990ec46dc58106292d96ad9a54e191ec4c028adb59ade660e7f3aeb1e19240153f72ce70bef652d27794f27ed673abc2887ed666b95c28e2e4994469efa3a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9412c8b664751f90_0

Filesize
1KB

MD5
32052da44f26a1745cc62b77dd35983b

SHA1
aef42598d35274338954e37bfbea876a881a57fb

SHA256
e2dc4b3a818f3b592425d432e1669e6a303021e039615f9faeffbe2a15e92299

SHA512
ffd4d9095b56fef3129841b04fe40e8448f4933eef9f9fadda2f7e200077ed09bb325ec4ee78aa807426be56d4cc7f77b30ac5af1724091525744f3f354c9bdb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\94ebe1630900d094_0

Filesize
7KB

MD5
7ab9a625fa17c14b76bd4f2d6da381ca

SHA1
60065a9dd07c0e67a5b7a75a890f5581a24d2b73

SHA256
009b0bcdd60c5ac1267d83176b0d9fc90451dec47c4c3626339c307797fa5f6e

SHA512
8e48ff5a96f28dabeb6b421f8cbb3cc8d6863f98f4cba8f01b0927c5fb934791b3ba28fcf7d7944259508c61e547d02ac8f4bdbcc124439be482eac350d4c0e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\95051a44cd19b791_0

Filesize
1KB

MD5
5379d989f3bbf8a4822d4e0782fa1706

SHA1
af458f8fb12322ec8ffbfdbdf8fbe911bc618118

SHA256
3cf43b56371d670b21d2a95056aabd3c5c7904958f44915a3f6223e391e186fd

SHA512
08d8699bd0b2097371976ccfcb4e14ccad3b3eb3129514b2a5f7bdf22d1cddf484fb97621dcdcf0d436107a46af2224a3771a4a62d92551bd109d53b5415e848

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\960f838b42b585c9_0

Filesize
3KB

MD5
1910605a4bbcb5679d63552140cab2e5

SHA1
2434a90ad78387c61eb02e94937b71ed18a1a8e3

SHA256
d5c060bdf5ea1cbd6e279410e39a5c62c0b468ebaedd67b4f81db49ebaa7f1b0

SHA512
eee1b94550cd4d17472d4f3df81f15fc157c8b2dc5056be79fef9c5522fed28e2526f8ba3fd64e4a33ced9ffdf64794c820e39d2192d5eed67473381cfd843f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9679e87363469509_0

Filesize
307KB

MD5
9a9669dd2164a180b684eb37c8bd7c1e

SHA1
639c81eadb1de1a856ef76d845d16862a81a5998

SHA256
b9da484e40c24ea8842a5f3dc8d86258bd276f19fc7b867f481bd06281f98bc9

SHA512
684a44cf674c8f82a284ea4c76ea1583bb255603d5ee8ced5de54b5e0eacc551cb303ebbe4f8a07f38f2021fc759bedea11a490fa16d6eb919deda3e2c05450e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\99110e9a19c3c06d_0

Filesize
4KB

MD5
10aff5238cbc900e4804a6869edbe8ec

SHA1
5792911f2b59dcbeb9a60b601f0e9dd4aa123a94

SHA256
a674405b34b3f5729c47d1767993b3f52d6a02faddd9f88b91015c46a798cfc1

SHA512
a2887ef1878c51ede043242f870bcccf52f72cbed74a7e27b64c9997a1792de9edcd70bcfe2848537c32702a78fb64b7fa8e78dde80aed1aeed7a26252f85eae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9a619d4f982f5d42_0

Filesize
6KB

MD5
1f43fd817bd9c16f378d5a0a7137307b

SHA1
807b8cea77b171dccae9c62cc21325945e8e7646

SHA256
a1d932168d2b434f80313c19f3863feb95c4276dd14168b81473e867290d2c63

SHA512
b875d5381758c5cefe2a4b5b84562f73a0aa6a3166f481557f020098ca55f49878e92c22bfc16454af8e529e4e6102edeb5fd44f5a0e7b14a582ccb164b0b2f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9a93a5af80c0c9ac_0

Filesize
2KB

MD5
f28768e0143cc1b84f58cda1d32ca138

SHA1
11c8f0ed92cc90415712f257c8fecf51347b872c

SHA256
150d000bbb24f1c7fedfd006642c4037a097789a37757de8a39f45e0ea7357a9

SHA512
05cb26ed31e015da10727b4979ef7b6711c56b1e43d61eb70a7c07b6e1731e34fc5e94cdb39d65f791ad992ed1b83e2a5a97a24822de60a18b3f97bc9fc88e23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9aee5cd509922cea_0

Filesize
1KB

MD5
130123f3af78b648100cf56fab1b2bac

SHA1
24c19b51ebe36c38cdc9dc1ddc94c0c00fdd057b

SHA256
9231ce3ba0a3698de0720a4fceb676339db6eeed1d3fa2d7bb81844f0623e4fa

SHA512
b682975cc178868ede07d0ca679b6ee3df31177b826587492d9044597c77b072147010a431e2803d1977a304b609bd4d2c603229bc8de6966a8b72010cafbb5f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9eb49b832d016644_0

Filesize
262B

MD5
766499a3a6a9822d14760b5efddb0397

SHA1
7af7c53cd95dfc41d37f2154176a1d077c14a06e

SHA256
bd24212a98346b0b19b021f68842aca574096dfbfa51ede2c93f2072fa0111dd

SHA512
bc9e170caba7f2df38017f1c9f1c19bfb4d87ff1b272032600e2858b292f60341ea71ce9169f245a6d09c7bb5f837517306380f35b5bd73e78e3ca03785c7ace

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a00988fda9c9e3f4_0

Filesize
259B

MD5
bb9c47ab5516b452ccf2747b0f5d326d

SHA1
444fe69434d966a0fee3085d1e7c669c03664673

SHA256
38660f20115ec7360d738932e39e52ea3797771cf31bce11b30ed7f711af907d

SHA512
7b51bddbb2f8c20f18ff772ccc69d0e3e02750f8cdaa98280649dff40595402d002c2aa0770a3ae73f3b96687be11c288f752f75bb5302178b46aa98a49992d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a09f6271ad0c4092_0

Filesize
47KB

MD5
b831ed1fb04f785bd8396ba671771fed

SHA1
ad26470661b9aa832a61a170c4b2181ccedc9245

SHA256
6ccfc39f62cdaf8c9cabe47e920ee9de52a25abcfb8a18ec7a148c3427ce0f22

SHA512
1f50a8cddf312b656c1e6d2fa8833d368338daff482b43f6033bf125a784d2e50261283de8fb00e7646373b0071cfbf641ec84a559d5aec681fe83784680f6c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a37ad9a49149528a_0

Filesize
6KB

MD5
90e613507eeaac2f6fc5156add74ca41

SHA1
e6d20b5c9ade07f55013b76a5c56ad7b9d5111da

SHA256
ff384cc967ad66c55cce3ca59c64538b82dedc2a683cde6ce1d97228481c30a4

SHA512
f0eb3f51b706edc8a5dd8820673a8dc461dd4e4221eb3d67dc7dcf3661366766bb523a42d55994050b4ff15067ca8c6f8f70534981a96812255b44297a542b59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a4fc0dca16d72bc9_0

Filesize
433KB

MD5
fb2b615eed0c9543fdb7324ae5a13f71

SHA1
486cd6b181457498d8b1c6b3ffc4bad8282cd33c

SHA256
9b0b48cb56227855bfb9f05fbf3773b199a71595029d4e21d9a714e6f14d4381

SHA512
1fcde52a3c8cd25535e60d3290c6eacafdf6dccdcf5cceb4cce8d2c1ca8617638e7b72a5ec1e88539200c474482019e7c88ba716352aa48c08465dad1c4fb789

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a6fec195ad861966_0

Filesize
287B

MD5
fbcb4f107750d85fadf7eae7bd8d5535

SHA1
b790843d13f02f2d04666bc7f22cafd8a7370133

SHA256
78fb7c1e1b7ad5fcc0fa55f13de70d3c5d97e0e1ac7e60239f8505bc28062e29

SHA512
cc66d4d908f18f49f1639d7cedaae0c72871874baf41ceaab578c2d5f16f8c8ffdcd7b300cf1005f3541a48824016767268774921f215eba2483af72fa9e5763

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\aa8fab3718995a18_0

Filesize
4.5MB

MD5
38737a0ea848a79b2212111b284070b2

SHA1
12a45a10ea65f41f3e7cf5a4053436c31e5b2133

SHA256
2f8b2156263f377c36c705859c9eed1a475d4a2b0abfb2a676a0b90cc57e7243

SHA512
c69022d32ad8865871deab2d4195a72bf4325a1bccecd002d09a18b4186548c9251bb128b583ff30c5bd33eac2d07a2ee5b5b80e353baea06d35450a40d21adf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ac9b40a0411376f7_0

Filesize
1KB

MD5
ac82d5a39f257ac56c22039fe4c40c23

SHA1
968c75e6437cac2f70a9655604c127c77e591c87

SHA256
cf26bd64d014c133fde9179205cbfaf69fc8df32f40bffcd5333b3f1b8bc2442

SHA512
bc02f2bc9153b68bb238543d4d696794a5ccddbee10a274fbc92474d73fc4efac5590cf761fc06a06f81528ec3fa430ade381e8f306f3549f2ee07210c837b29

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\af48edbd3578ee3b_0

Filesize
2KB

MD5
92aa4fa0ebe592767a03ab2357d502f7

SHA1
728ab471aea97dd054914b5bb93451d01a4bd562

SHA256
e44418dee94825f9c75d1cda36f0f297ea49631d1f0ef7cafb78aa17183fd16a

SHA512
ebda12165453ce7a62298de590511cb4ec3b71df092d3e17ac03ce8875d375ab038098d740f101796e7f42aaf481d5bdb62737fc645010b32c9c2b443e5e5bad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b1dd0e10e1300cb3_0

Filesize
1KB

MD5
f3396d305d754f0bba9eab965c690f12

SHA1
e717cf0c11d36cbb22ba9e185cc6ada804ba14b4

SHA256
436611cf59e16840d4f4ddabe00fc04c3322aa473f58e66b2ff343d1cfc93d4c

SHA512
901d15702b9dc2f11397e3f7a896a7f63dc4f5895c0eb6ccda0134861f93c4ad99ce69ed2dfbfba2fde4a9fb4b14d655dd8720f58a2bdb2c04b015eef3631fe6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b31d132250e09b6b_0

Filesize
5KB

MD5
ab8b8fe38bea385626ef5b2afd3cb9d7

SHA1
7b9c134de85f83b0bb352796d11b47497c07f6e9

SHA256
633b3063df5822aee76b1d09a61c698781327b80f943a6bf72557a7a1491113d

SHA512
39a3bda4ee7c6e12e6fb44df47646db381629cc0763dbfe29a197e524638126ba2b3e5b5afb10e03f92113e0c91c0229b916066576daaca0cafe6c0f0770d778

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c10ea77dff8a635d_0

Filesize
3KB

MD5
480e0d332175f472a7bad3823f9beef1

SHA1
706f2764151632a048947aeccaecfefafbb501b0

SHA256
e34b29e6d57703c0963b2158171b825ba39999eafb3acfb2ce46160cbb55b0ae

SHA512
989a9ab02716c5a0a075dff35badba7cb306e0c1787cac0ed76d31d7d7d3a4e2cead64f63f0cdac47e0b2f4f97b8d2e3abee4ee603eb6ba257dafbe142b84ec3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c6ad28a084c2cd20_0

Filesize
13KB

MD5
1f721f17fba5f948078bb0a52e4ad472

SHA1
5f00df4172c52656b1f7aad3e34662ea71bfe2db

SHA256
0e43e56041a2f5b7b1d1cd15953a082fe77a1903437b865c685c09ff1eca7965

SHA512
6eb51670cbfe650b086ab958fcbe929914e9d54b0ebb8b3054d83deb3e2a1861b642baa69ec7498583354d075556c35a565a01fb5e37cab284a3d3b82e88e96f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c6e860d208c8f654_0

Filesize
7KB

MD5
04f14e438135cff235f3ae33d57ebc80

SHA1
34d419ad0d5ec804d8e57e971841fd7ae634d733

SHA256
a18f44421cbea15356a224574726a295c92f5a3d899d4358e2194dde19b06413

SHA512
523dae1778032f7ee7a982335b1d2b256205fee5af1953f657a4a49dd5f85e43a29c37e927edd6f476f704d9d067391276eca8966466ca40ed8c79173049e644

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c807b8e9088e4030_0

Filesize
26KB

MD5
092935b12f0afcabde2afdbbe2aafbef

SHA1
42c4b7780c74eeb1caf3847942d69bdc68fa7a4d

SHA256
902bf967f7c7fb1c4fc65e927b78b494288d3e4cdd42e4c095cb4dcb456b5e8c

SHA512
b2163670e66a8020765fca8c447d9ae298be3f9f9bc08e6ec94192b6edbe1e7a4eb22176dde032958da4979efd1592e8a44ace763b4dbd23c18f998c81b5a9b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\cc2f0fedd3e9608a_0

Filesize
1KB

MD5
e580cba92ae3ef2858c36f06a3d721d3

SHA1
50c3f2e476d0dd6adbc2b0b69e538d1f68cad162

SHA256
0c6d07c3d6b1471ba83b6009251c772c420cc414430319e0fd5661a91fddc133

SHA512
0bceb090614ae7cc1227e361c8e071ee57f03ba86db9fe6546f62ceda56a1c1fe3a2b3e605d6e0a3c68f91e563d7a3c6179d9d4b32aec67041301dd913f4da63

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\cca6dff0f171f457_0

Filesize
26KB

MD5
83ef77eb2ba432c4403aa493a552997f

SHA1
5dfe3087d0b35d57b2860bfc885d01bf7fb95129

SHA256
d27b6905ec92153dd6f1b5381fb379cbd78c5f7cd1e77ee4a658b7ce4869056f

SHA512
8b0a68742559c76843290a935b3d582686477460cb9557cc509871142f5095718388f9908dcec164f38097229cc423b16c79a31625a6d99ea5c321a5d1b92c21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d00019f29c31fea5_0

Filesize
2KB

MD5
07f853b51e3571530a0c66a596c64f26

SHA1
0baba6c362a9b6cc2f3ad844c083827805dd0a11

SHA256
6b449dc3b1f19bb2e551ea42d0f59795fdf03464d69b3fc909c9ae30b8f8b595

SHA512
80ce314ce9d4f603e99f9af8b75bf9df809bdb622ba12d92f05df9c3d5f0930fa28ce312f430641735e124fcbe416421005b6e876ef8cf427b20176d1031dc25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d145f69efc16229a_0

Filesize
2KB

MD5
16801b643832f2001f202b97dafe439b

SHA1
038f5d8c99febc38172fec330281b4eb15e2b1cc

SHA256
f8b86cce32c55db16e3b75af3521f6d0c64742bd64d2932706957d59dba79559

SHA512
ed9c94dc5bfb26103b7f25881fcb4db76bf56cec22f99c1ccf97c315a8eed6cff6f02a901bcd491bc1d7f665181099b9088da1272262eaeeba3a4c01ef01c1c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d3dbb3008455b523_0

Filesize
262B

MD5
4ab9381deb79a1957702022c0e3441ec

SHA1
218794fa0987ee799f4ea6e911d1784c5bd8f422

SHA256
29926ddd09d07a332db309521447a19f2f30babe5ed32b0e7c14a05f576eec82

SHA512
c01b6998b9f5712546212e91db1b8a208df4d6dbc9b68902d2e4855c80a1e1ddfcc02f70735f776c2a8ff8454b4b8e37eaa7d19447357df2e071594b109026a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d700e0dae9d4f8c9_0

Filesize
3KB

MD5
5a09b73cfe3860f025bc5005f09d1264

SHA1
fc8b5026b963d5f77d863f8821454cc21585aded

SHA256
20ca63dbf4124672c79ca6f1c6c33b3321f540bab39a23aac6c2ed9570395722

SHA512
65eacaf55fed40318e202a3e426bbd1878731c505c482c7bbdd130e0f8425c0967de5ffee4a28f8302e1aee9b09b1431f0fc2466ad2f33d6e40e1ec36b4dc653

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d7a29efad91a1117_0

Filesize
262B

MD5
877983d2f44c520e8717c7c24b51c8ae

SHA1
a25c34171c0a171f0cb241a1c03b966fff303215

SHA256
37c29ca79d2ff9acb61d9cd39aca26fc66cc038de4b4e136f2cc7fad553a3d34

SHA512
2c29cabaed739cde5a112beba54ab08913f2de093aea036c8a822c204cfba3d1bf4e81ca60b94e0d89937930501c05e622523cae57d0baf9aaf820f4089aa864

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d86829ee97a8a592_0

Filesize
6KB

MD5
c3874eeeab4211e1f044b14b54341a98

SHA1
76d13450f882f3759ffcecd6077705a35d2778e0

SHA256
6ddc0a129b10706553c3beca36e7be1515b296344e28f8f32542fbea056d5aee

SHA512
afa5bef06cc25c5f88124acb3215ca61c7108bcf231937d79291e6323a0c709b27e1e6a73a9e771ad4f8b12a98bc28d5eeff4f4de7a901248d37d914803c7215

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\da1be081e56403ce_0

Filesize
2KB

MD5
0c9d5080756be3830e0cf76fe7d6a233

SHA1
c4410cf02df7fe567706734ea888b154d297d313

SHA256
864848892460328a7564686918c6ea73cd25c362efacd098e7d100a846e9edd9

SHA512
06abf343d11ea4a40293369bf53e6d3a10e93e7a1f99da52759f25958d703cb4b0f8bdbc2e597fe679d16f38873279065919d30b890e4ffe065d01632432e0e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\daea348421cbc209_0

Filesize
2KB

MD5
9e58bd0aca668e85eccd259434622839

SHA1
b2017c783b9d284801e663ea35e6698b11213f8c

SHA256
edd0b9ad3e48a922bf36fbb3ea4aa43e163619c39471a2dcfd3b3252bbc7d14b

SHA512
47f1cd5d8f5cf20fe0f25e4cdf2c4480e5d21c0790a0362c831b56f5d18c7113c14f459f68e9ebd4172a92a7a9cb3f4b073a89ef2be90a495680e848b73063da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\db70d675c8a8462f_0

Filesize
6KB

MD5
36e720cc642a4cb8845d46972ca2710a

SHA1
e9a3bef2191a86dd66ac6e8255ab69fe5692cecb

SHA256
29546c65f9a994a0ea1bcfa1d81e880d0dff254f93a617a67a9c5ef7964a5eda

SHA512
524b123b64d2311dbfdb2423bd991125d4ceaa66e26227cd3e5ad1ba7abfe7119c8b605e63810200e4565b28ea08bc00d98c26307664bb11b818221674be4964

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\dfecdb17649723b4_0

Filesize
14KB

MD5
040025f7e2f5e6204ddb6a5f47f29737

SHA1
b3a8e2327a30d16ef644e46ff22b3c8ef78da79f

SHA256
87e0ee3d122d0b03af965cafd7322a4ec76c9ff9acb4975725860f06cde26853

SHA512
3f067a9178e5709db40b8c987e530f3c6e41a4550222a0883262bba3df08d04910de6f4ceef3de12a78b45c18cd92d77bd6278d6c6bc6efaa008037a3f8c11c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e3d18be5d494e38e_0

Filesize
2KB

MD5
322983ccbb62f23d50b829b0b3151057

SHA1
6c17e0d44c4e2b8c426c716ecf2162a6b770cb09

SHA256
3077510ea2f2a211d8cd6a63d71bf091c574bcbdd814123312ef72b277dd119e

SHA512
1e5381021d10e86c295b4bdb6a2eab5538f25b13997e9888a0456979d0b0bb73071e95de260f71ba48e4513636b84509feaf3a44add1d1fc8bf6e83a401a7a23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e52ae3fb759a78f0_0

Filesize
262B

MD5
b083d5dc0d790e5f35ef0bc18d620624

SHA1
61cec2e1c69ed08183d8fbc7090908b6a3604196

SHA256
17c85d8706dec0b2899c64f0cded31f466ccd92d82694e5ec4464eda315df750

SHA512
cc6cc2f5d522762de461aafdd1277b0fa913fc560648b7897a1d7445a46a64dce4df1a297fa2d81b1155c83d108a72b75888118cb21a60121a79cf11190085e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e55f0a6d1b533c66_0

Filesize
2KB

MD5
f39249366dc47d77d8a557dffe02d051

SHA1
a16a2c0613d8eccbc47b4d0833206ae74100a6be

SHA256
1d9cd1fed4f2862f57ad0241dbf0512d2a661fc2b3d37103c5db323188c071bc

SHA512
828f6eb22a793c38fcf4f226e98fad3443401aaf9656a13b540edc7568b31c0c1c4ee7bd8c1fb8c36fd822966325a6ad490dee07455e484939beeba944031cbc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e992a7da41b7b313_0

Filesize
346KB

MD5
5718243bdbee0505f944ececaa50202b

SHA1
018a588456c9e691ae6306d8bf3135c20fe6b12f

SHA256
1cbb34539b770e610dc0cc6191c4338b2b70102c2991041ab067006194e9cfef

SHA512
543f40e3f1d019086116a23fe397f7aa31f84479e0422d66feb640b599813e9944a3944d0f8ec26fef258b946c574095c98941228dce58c370df3162f4646270

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\edf801781e463cb1_0

Filesize
10KB

MD5
93031e954d9012be73763bcd351c4069

SHA1
254682b2b617561ede71a53b5ad7899e1c635f05

SHA256
560e114570cd86eafe0c52011e5dff4abd126d1212fbad3e8409d50b8284f6f6

SHA512
51f4854708b4cc813aedeb545808ed1ac6caa3a78e3aec9bea06031d1f65010094f5d92551eceabbc4f832ba98487c7f21ef7812be5f0674a687accf45597023

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f078f5fb70fd150f_0

Filesize
2KB

MD5
10f97ddae77629e3a5f4fe54d4e49064

SHA1
55cf7b8ddef5d6ef6618edfbe3a3cc164028b001

SHA256
6b561a0f480091d2b379e6ed03905759d91560f711f0534633ff11a9fcc06e76

SHA512
67dab3e686b731af6ed785d20bc80ceaaceb1b01838607a2394dfcf37b6ba157b4cf13cac33997f1b397a1f9dac4ea772f37d5bb141c2665a8fb7c3f9d26c33f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f2e4bbad99a372cc_0

Filesize
2KB

MD5
0a28d5acbccbcb6fe9260c0131a4f237

SHA1
0e347537a990d094b545f42f18ace411475b964e

SHA256
a4d537a3b7704085e6d49128d63c4b6944a10e897f7919b50ba46e74033f7553

SHA512
26a719bcbbf667e36d9556d7e7ef5b1c8cd14cf2885f2ce253f9a1ec7a111fa72b4559f85110676341278f04bbdbc2d38de9a942d23d1917b239b8ee07ce42d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f89251fac2b69325_0

Filesize
3KB

MD5
ff5e98e2294bea529b1cd95c2ea4f085

SHA1
2a6124720b9ca77840bc276859123f51ed1858c6

SHA256
458c9c6b612e96b9015fcd5bf17940d6508af9eb266cd40f475402f08a501323

SHA512
e4d381a136f6117cf1c45260bef00cb1e0ee02e9ef7a8b83107f2085ab6522865950287cbe83d68388ec3c92174638c825484fe05fb4117a6f9df107e0e18bbe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f98029ff8a002ce3_0

Filesize
289KB

MD5
54a897004d89cd6ee5cfb76a4c6677f5

SHA1
29c38b8fc335d85c8cae28c6bf9a543f334d9b4d

SHA256
5d2970b2a280ac83f2186a29aab1237dc129f640a675cc7feed0269f15fc115f

SHA512
6239c875826d506bfc043b36f371f754b7c98a6b1bc8fc03eb287953cdbde60ce1fcd4c93a7908d572167270fb88489a6a237e653db1f27dfe7649a7cc40a3ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
b4aed399e81545bac4affab45d3aea5d

SHA1
3ba67cb9bd769372f4c7cfc482b2afef66ac2b0a

SHA256
6a72daa47a1ae298c7ac62e1aa7c69b6a2674fb5d578efc817110e4d48545b0d

SHA512
4d1d6afc81aad4a078035accc8a2940b2a06ed98d94b8701e3c3c56c93080ff6df14786fd3ac30dea001b5112c4dbfc60e7ed577abd638b294e04e18847b7356

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
b79a78104c7d589b17ab4a9ddda4d80d

SHA1
3bbd9e44a883b49e425e83c8e199cd5ec685f4e2

SHA256
4f7dacf8680cee0d7998d72cb731d22cfab7eca22f0e1d8501b9e56cb42f9199

SHA512
b917adc87114bec0eb701f711b7673b94464975376ff7ca7cff5665a01641c343ccc8d9fd2040ec7398db63b04f01779a579850bafdfed1c1d0863ccaf40c6ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
10KB

MD5
1ed28e4e7a6181706ff5a2817b648af8

SHA1
5109a53815da020620eef1526c129ddcccb54b96

SHA256
8be466fbae285e124678d6a9f70bc568d8d6f130a3a4ab7072eebb17e70101bb

SHA512
afafeac47f1f502b345ee951356aac4d1b3978bd91e7dbdfc6f5550f335a3d0d931813d00eca0d15416b496f93220d937f2443dceabc72ffc570ed4c0905e332

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
18KB

MD5
22ce98511bb708a379f6e3977234ac31

SHA1
bbcdb45b97213836c7ecbac75aa96651de934669

SHA256
7a6b0c8ae26de004dcfd06589bd3cb1a66f5cc3a42383cf27d55031e70aa0113

SHA512
c3165097c6e95f683ed0c4d92f4af4e3f8ba5baec535e636796066f9330394d739ffd5f4041ea8bb1eaef73578af481a2376f810094180f43f062cffdee7b25d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
9KB

MD5
5bc3fd2af4e2bbd142ca966cf564ff90

SHA1
741a138702d9c3fab35f26935b28c189903b91d8

SHA256
f5e2131fea7db9479974f228f989ebf90e669e56fb19eb06aee7117a220d5dfd

SHA512
a63e1ccafd30f79a1d022de46de86dec87c30ca03f136fab7665c0c07aed462051769c6ecf2adf1245b6efa77cb49e9ccb73a57cbda5f0d5b2ec1f67dd05beac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
24KB

MD5
fe03c95f434a499ce26ad21b534b7497

SHA1
281992a47a40bc79be1d21d8b10e77e105c63fa6

SHA256
14f23eaae761088fd1d47a1a880ba11421f1684d272fb35a39300e896d0d5336

SHA512
6a113940b92db2d362c7247ef8e5dec62f1e2f1349d3460e7183bd5346f608ae545835c30b375903f03dd35900cd425380bc2b9cff0a6e9d11e41b9e4df48e73

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
8KB

MD5
3a7f1b232d1e32e356152cc9788e6c3a

SHA1
72ebd70df44f39e23c95756edd8a204902232fd3

SHA256
428831e1a8a12ff7982b1a7ecc88453b92c3795efdb20fa63e2c2d376e55bf00

SHA512
896c8aa9fdb990527a7863ddded7a0c5ec34bf287b14e6e4462bde5829aa7c45d514e2198130fc6799a5fff96116a2a1a69b99dd28dba0fdb1983c5b649a9582

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
10KB

MD5
63a25e02ff3824360bb862e3e8f2c0ae

SHA1
e32cb21adbbcec4e355be30671333ef90d731afb

SHA256
9cef009e4b9f3f6bf8441c17071b78ec167b4010fafa106ec53ade894ad3d2fe

SHA512
98c1ed0340391731f32ee82f9c0638ccc5d0adf94d4c1bfae2f4a377d4739dd0082a33d635e182bed66c1600a6be1eaf34d4c02afd49c637882de0b742a15792

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
15KB

MD5
9dc7104cba5416f31b16899a7293a8ea

SHA1
f85f256f658a0539d2d7c9d737709ebfe2908a8a

SHA256
362ec3fcb6c991c53cb5f4fd051e14f8c4616457dc4b4acea5af02fe1fb0c994

SHA512
c5a9d9c4c56eeb98f03a6ae7d0bc7f4a837ff0831de4057f68f38e469dd79a058c7254b18ddfcb6e5c1ebf0dbd3194622bcefea9f0a80485d483d94876181bed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
23KB

MD5
3efde291ea3a94457b296fb28f533657

SHA1
8aa38393a02ac6018e40edc45f8d780b85997c2c

SHA256
de1105bfafaff098d0df40e64484768fc3c21f97229cefb72c4cf4460c297d89

SHA512
78d615d675a69794bf4e50045d69d99613b15d9d562244c6afb8266a4a2006ca78ca7dc2a8fe717b1cb9b44da1916bc17339364f1deccac0ecd9db812f7f193c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
10KB

MD5
52f358c6764bf5b2c489535e68ec9f6b

SHA1
e639f2592c42492f54e7fca4a6a0660732face16

SHA256
3163b422785cbf4c0812a21de7c249450534e32a9e9705bfe3cd1830f8c59314

SHA512
ca518df744dca37c79ec68e335359bbc2dfecf1afdfe82c3d5deb24915bdce5d9c39a692a1684d979bfe55c3fc44971bc6d4bbc107e11388f9e9c3583fd5ffa2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
9KB

MD5
91e7d5bafc049e9391ca2541397d21d8

SHA1
88e55a76299127368c9bb943b38f932a396925a9

SHA256
0a137edc3429ca3732712fb75e843901186979be9c6daff579eacfe70c36fffa

SHA512
9f02af8f986147ff100e59891459bdec8f12abc8d83e483a4f6462b564905df3d6fdffdad5fd74bb1b1f8d2e19381a22b1498eefa5f62a979da566bebe14be99

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
13KB

MD5
d375d32b20933d71237f03e848df23bf

SHA1
11901d2c81d4ad384575e77782dca95d57c97580

SHA256
4912336f580724329a82d1d35123f73967bb470f27f8c66635f48803393861ea

SHA512
a2b0b3a47f3f2fbd5099ee756129e9d3d52cd35b10fe05eec78f198a634edc0ee195499eb9aeb0a91ed12cf3e1ce0be918fa35115e5d31b1388a8a43cefca300

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
10KB

MD5
1660de820a0baa89a2103763264ca552

SHA1
b33a0ca8bce0c00b3406fe53a09bb337e603d4e5

SHA256
c6a692e4be1290f3fec90a667aee8aba082cced8ce1986132622f6dab49dda61

SHA512
143ebaf0a9e31b2393db9db1b3dc135b55b7363f197c8147402ae2ada977b32bb33362f6325ac4d3ffdd5ef501ace3f9b1752862cacb5e396ed6acca16b78d21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
14KB

MD5
6081ed43333bf51ed4d681293ad563bc

SHA1
4876b0570256f99f8747861aa6573c7f5229f886

SHA256
586256c3db73d855346d03d09d56fa4fe08c65ec92ee2ef16fe6cc7a38632da4

SHA512
b3e9969cf1ab82cf43eac5954483001b690ed9a1dcfd31683b41048dd984ec1edc7130a062cf6c6fcc6e105b9a390d99ddce44e27bba201ea52beee895873727

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
14KB

MD5
33c34945e028d17e186503004fb90161

SHA1
6e5351d4954f1280d88ab7f47311ebeb190c8879

SHA256
622c3f703ee0864eef9c99ddb4fa219f7dbbaaf9ecd0fe6b276afe97f3b4ea57

SHA512
019444b4099ec4ca0021d69de84c0e0785849a7611699ae2ebb2e2c34a9a8cb77f345e53265622d4297d25d4526ef6582fc5bcb17fcb3afa0a1db8fd93eaa491

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
17KB

MD5
5778814e0ad3edb470e6fc64a327ccaf

SHA1
748ced4bbb031c47b3b7096f7dad1daa708eff8c

SHA256
7a49c477b522d24da12b10ce490797c1002cd6577319149a08f0fc44ca27e85f

SHA512
7670e9b8b3848865f1a095360ae933cce312eaf676e695a237752fc72007fb0fbb61eaaefd4bce1ee1575fa73d3af950ac04b83eced53300c74666274a4b2784

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
17KB

MD5
ee4530b13a55ba032751d883fdba3c64

SHA1
a86a47074c6b70fd24b1e187228d46f29fd4a044

SHA256
8f67876dc879d7f94cb49ecc15c9b505491c5d33aa787e0aaa3fb81dbdbf27b5

SHA512
b8060356ccc8c9e989db975a11de40cca406424a4128395a2db405adb340b9810bd4f005dc5e98606530a81db24c6322d50a6ff98a2bc51d1918c3a1146f35fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
18KB

MD5
9ecf9f67d985199ed6e2bf74133039e6

SHA1
63aebea86bfd6f1f1faddd4dc8582da8992ea570

SHA256
679c0652b6cb84bd8c840e79e30d1cce7313bc9a36301569438a2b32885c8724

SHA512
546d369a46a5959e89dfdffbcd5c32475b3e30d9fb3ea91494c0c7714099c3874fffb5156475c7c3a84346686f076cd1cc83c059108228a5d5d3182f2d85e74f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
17KB

MD5
fd8ff879187ef9acd3fd6fd5b43bdd29

SHA1
f82e96680b0d965fddb4f43196199e6cd6131d2b

SHA256
df3ace00164234bb674155ef6d7aee120620ec6bbfe2a2c5f77432213021b022

SHA512
7e56844a7390b450198c73ed95b405096604264a244dc3060ced1403fa927322db05315535247ac2f2951d4897d46a2f83a53fd60a480cc6b601cf93423470da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
21KB

MD5
ea7dd29f10179c54270a3a2ff4c2256f

SHA1
9dac541fa02c246aefa03896235692ef721da835

SHA256
39afa660365744d1fe38a4da003a687a7466af31f280ac14d78dfcf117c85937

SHA512
4b3b4dec1208c7da97aa24395e9ccfb2573b0adbdeed326184d3019085c633bdd09d8fd4dcbf10dd913e34f73389cf17a550e06df8c00d28507e40578425c1a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
17KB

MD5
1c3952f5cc1447946c676e934637f791

SHA1
7f0adce549045627ea6ca3b8dddded7767bee788

SHA256
a060820d344f10b01174a87097c207115896bd32c944891125d1f82e79061432

SHA512
85eeb3f3f28c204e25add5c8227e90882301bb690a1d1a34c5bd2cf44e7e7c9f90ca7ef3e9462e6405021dbdafffbe4416b6a0d834eab0796bee5bad8759e896

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
20KB

MD5
3aca90114d12b5980c9c70891297aa0f

SHA1
4ff46b46dcee4ae9c54f86bee69c9206e85b272d

SHA256
151c72627241c398090d73ba0e1ee9ad00c2c4ce05c65dd9f81fe7b919b911d4

SHA512
01e67d57ad627d441300bc76ba9a1e50b6e64e1e98e599b7f6e44e461d1b412524c80642d5f2463a442a950c931f4f3fda00745e3c51ef0c0ebf10886666f75d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\LOG.old

Filesize
392B

MD5
31a25848af49a70fb1f031024500d9f7

SHA1
88deae0c109702a9173660c1eb5e9ddce5483df5

SHA256
629b71a09225bfa9a233469b5542ba10fb073b3e6b8dc254c855cfe13573678c

SHA512
1418166279eb9ff25468713d2f5778dd43102de8153e48654d863c80bbe4209694a8fd78ed206c57ea9295998423bfd109d7e31c8e6050fc579143a73b20a8ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\LOG.old

Filesize
392B

MD5
87961e0aef6864368ed7e07e6810fa74

SHA1
5a8fbe794b5c22d8225e50b8fcff7af72ad5d6e8

SHA256
54f60585a733192c4f8650ecf73d61403a20c1ce9a81b7d360c90e1e1e658f45

SHA512
414383d199cab09b25574dabb2f342f9731084f7a452b968193e3c77099406dd710cf5051cf63a82aa25a72e8b588e62354554703893ae91d4317d7d9720d353

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\LOG.old

Filesize
392B

MD5
999178194c66c99ec29e519dc58ccc84

SHA1
3682f9a4416a7a93d2119968e805c7864d2528b6

SHA256
03397b6a7a168184d33e4d3409eb91a4933853abb4815e335f1c7e771b1d95be

SHA512
346364eb4115bbb7b06d21076f06993b6bfccfdd75fcd5178e757ffe1089e38310e172d0e221194b3b3ddcb03fd9310e14f3ab1ff03dcb432c83c42b8eba0345

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\LOG.old

Filesize
392B

MD5
cfec3a9eb7b98c40f23561134543dbcc

SHA1
9a7a749469156c9e4ba0269950277b18b7fbe546

SHA256
66ac3424541e4a064d82e81af0a3602f00a6c0186a3edff8be553e061db301d7

SHA512
13893c55fac18b35d432b9e8419121b248b6b4e9605dd066c224a0712071b2de37b52e3b8c35ac1fda1c3512e8379b8f0052e866c2aaf342f2397628779e160e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\LOG.old

Filesize
392B

MD5
a5d94bdb08a0d0acd596ad42f23f92e8

SHA1
a585721429e864931e02e62a79a8d3d94454d330

SHA256
f1f267cb63a9b75c4c08e575fd6e6017c3dd30c6be1fd3278ed8d85dc970d324

SHA512
221681cb285c6727ef58e894886d7003170a29314ee931a54e0024aa2146e8156cc3714991b2b84d385b33a055032f40c4362e9938de301e154e0c7c941becfb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\LOG.old~RFe638ef7.TMP

Filesize
351B

MD5
1bf49536dcd17d738cffe88f554c7cb9

SHA1
8cd034f897c8c3462f7967541a1eb1a309aaa68f

SHA256
3a9d8fce8bb72d303cbe1cc970d1a44b8237212d7724e3dd408587906a75a2d2

SHA512
3f6fdfff454d5747d203fe071583d08c76e19ef60faa68125425ce415daed84e6a7e1a0c2d71e6bfd82cc98b73d5cf95b6c550bcaaa3a6428838d61595e10ddc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\JumpListIconsRecentClosed\789a0300-8a45-4062-b01f-2f6e8a74e4b3.tmp

Filesize
25KB

MD5
a36e9e4606a1a5ee16ea8104cf1a5c7b

SHA1
e9fdbd0d5e058441e42da0a9443c10b08b4501a1

SHA256
226522107a0e534d988a5cdff6b410f66d4f26b03ce28ea915041920f7f4047b

SHA512
12ed66f9f12dcbac9bdfa98c5ec58ee6d6abe8327cde11fdde47e838ad0dfc21ae37f48d0bea85d6aa126553e560e2de0433151f6a5d2dd3223850423f931ce7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
492fdac219e54229225d159162134050

SHA1
fe3b3cf4da04e37b4af45207fb3c58c1138fde8e

SHA256
b3c1b99b836f531c5eb61366bc144e51ec056e663104f214cae78e521252737f

SHA512
19eb9c735412adcb56f3d32a37bc0a6355164efa72ef07ddb2262d9b021f5f063924b745c36e3fc288f239b629aee6a2a31a1f2556f528eda330760b43ec00b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
9KB

MD5
dbfc136d243db71efc32082622b5a5c2

SHA1
4cb32e7e19bd22d6f88d53fcb3eba175aae9c1cc

SHA256
90dcd8c91254b550cd93a8da824943b56a856702724801cd79a6fea15bde5cee

SHA512
0b3dab700d030fa35f3b3d97a3241893f99421da9783f725b32cb12fc11ac54adc761ba0f962f9e5cacbb1a08381719de58edfe77591f0c6ca878e789678aeb8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
33KB

MD5
03a2b8096137a97416b3e5aa678a12bd

SHA1
0bc48cb8ce86bee93dbee1ceb3105a4d273e5887

SHA256
0f9c9be521a387381ec16edd060d04ddfae319c5c08e5565b1d6f407139d11a1

SHA512
8f8c734cb7c2d8b6be858616d88dfa82c586402cad28b98aaab69b711123e99e8c47df690f14442c2e9791bfd577efaf4f9e02b4c25224afe2c06b271a82f077

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
79f28ebe11286b7ca8208904b6539feb

SHA1
92b082dacf26f234b44f15435a073f29d0049682

SHA256
4c0c0561cf0c83586f0a2cd48f77d53ec5354fc10cc516ac0896fd202bd6eb8c

SHA512
6ebf731c9b3c09029abb1246e0bab4912713c7f7030be8bd6d0cd5ca66ec07f4a476b6c4494d66c0d97764ba86aba52cdcc9d176b33f21459ec3bf42ea98ebef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
23KB

MD5
5e0b0959a28ee3b11a31c16e994444d0

SHA1
9665f03c1b22644e940498d01bc091c8c92c7162

SHA256
91858ba9d18cfd0a209e2f8ce2bd1a71f0b89b31b801d9ba4c7dbad49fc75a2c

SHA512
4b5aa533f2972abd1ad53ef7cf7829025a6d81b95d5c9ad1bec57e8e78e798fd3b3ec2ffdb3ebed0d936dfcdafd7425b6692dc0295d3a5f9e5f2ff708f49d23c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
45KB

MD5
2279babfd744c394a1149086790ea547

SHA1
fc47b02c0e61b35dc7282029e53b77990e2ced21

SHA256
c2774af7c518e4e132a7c7e8409e7b06d12dbe8311762bd83b0090d9cfbbe079

SHA512
4dff917d4c00bc2bfb792ee15f2a99a6b3bb5108358fa5319cf3def2181d1cc02f265c195ff2b9c2a7e23b5eadf8f25dda8766bd2a673cbcc6b383b0e770fdf6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
37KB

MD5
67e3a02c35c882c6eef6654f3b8bd31a

SHA1
cd735cf9b95ff69747fabcf4bd77a1cb86472e3f

SHA256
1a4f11604e88b4d0541269bb61c1dc15f81275d407971536aa6332c932622f66

SHA512
3e3b5c2859d9c9ecc2b47e7096210d6491fd8b78558597d567c9fec3cc822d9a4211fd153637911f030ac61df61415aff08f370c340e728d857099bae6735291

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
23KB

MD5
7f4f24e0043447ede647fdad85d95ec4

SHA1
0289300c1793808bf5717c7bb11d28b5e7e62e7c

SHA256
e3a1f83973c7c3f742197bc84972a66177e9bf50143bc9f54a1253b9153bcb24

SHA512
d4023265e34db6057291c91ce1d9ee6b3bf5d89c822a18ab4fa762323fec3694398eec1488177e86f86d51029995e827ce649508afa69500a4b918e430fe7421

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
36KB

MD5
5de4dd922c5731bbd8033f4cc6a70e54

SHA1
5e0e91ef53657e034d1655e3ac3ca02b81757fa4

SHA256
7b82a6d87e92a23f174702e349ee4dfdb7dff46129a973862e898dbdbf638337

SHA512
c4bc14942f602277593b628f005a8eef753d42b9cbba7f96a1605f2b1faf267146c040cbc60235f5362ffa243c754b16b759574a5e5a4efc4f44998ce3e87568

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
56KB

MD5
8a8d8797bc5980fcdca563db383bd601

SHA1
89242a4918648e8c771be7bfd9631da9b55b03a4

SHA256
1344846b1d79965db2b7a913f9fe950ab44e48384af5ccd1c050e61f42d9ea20

SHA512
68fffcc3b5748625339d49caf0ff7e49a7c274d0da598c5ddefbd2abb118af08a4f81071bd3e33433f0d65285bc30262d6f7fe4dd5645530e4222eb2fea210f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
55KB

MD5
4305a445fafff9cfbe2a3c39a34e05c4

SHA1
036e0a0e33aaad2e16a6cab1e2ec9a55a77905f3

SHA256
e560b9bcbad2237764759f34d332441da94f2c3fd6e226d638706c74906433f0

SHA512
3c017ba623f3c653086e33c25b3b123864f3b59fbbb95571a2005e53fe05376afbe0e0d028cc1ed225e2bcc117766b514a81d035351421d6ded2be751e71dfa4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
34KB

MD5
505ce6878d29605df0832d630a1e6f94

SHA1
1684344f003c2932bde12cb70e0665ee837c330b

SHA256
d9fb05fb5b1baa2f4d1a76d918ede7e1fb71be75a2e7687c7dbdfb6a02b76274

SHA512
838056440d875d1f8953e5b5ef8e59513d7de46c6adb0d3bfd3653836bcec0d74369052e973346cc1eab718abc09189cd1e01708090727a862de39728e7aed0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
19KB

MD5
687d9e0f14c74026c3805b620695c5e2

SHA1
c9c7ec008a218671c490c0c78edca2da82e3152d

SHA256
d81744df23be47caf41c3d603a089ec8aab9091769aadc0b29cce5ffc88d35b7

SHA512
f9c0be5dd855e896422068296a406f6c91aaf18e88ecf26d4fc9ba41660c079941ada67e8b11603562442cdf6d1b7d50b9c90eae6fa2d42e338cc3bbbf09310e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
55KB

MD5
2e6fbb1ac0464195f7b15999edeab968

SHA1
22d584d76ff1ad5f90f7ba05afcdb8295f68cd78

SHA256
154037bc50219dfd8f5e122ed6e5623f28861032bf144cbf79160a247eedf6ae

SHA512
ac6a5339b6eea6b23f0c36f7ebb1ad347d48d686d4fdc660121ee01a75a249e96aa579c6a94e25e1947f5fe6dca324e5682a7551fe93e7aab8fc8a5ac6e75a74

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
30KB

MD5
c2e63a68b26f15d5355d38c78208ccf4

SHA1
b7bd97fc12045aae1bf3bfca9d8c8a8cf9e25ca3

SHA256
954fb37339f1c3eb3ff7122b1304626703c3d131e6d24853274edaf0e1d91bc8

SHA512
63e71c671ee64c21fec12375f0a20d1473c21053231bc2acefc352fc8b5de55d9f33a6fd9f152cda1f94de4bfbf05bb27dd46916227ad00359b730d235b2c765

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
25KB

MD5
775f3cf4efe89f09b0e3ef46769065f4

SHA1
bd6b95bff6f6358b61e0d70eeac3474391fe351b

SHA256
9ebdd498754c5a7df342dd6e9bf105ffe0c201d40798e45ea8e45d2bfddc1799

SHA512
48921465e85904fb996efa052f5ffe31077ca029ab83a110734fe5cba4ae97f25d7b6fdb393e4993eae409a52b974340cbb0970c0a37f269e0d976c61afe79d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
34KB

MD5
a67140f487e542f50331e4a514582d9c

SHA1
c40cb7b3c11f96849a4b54bd1a1f8e5b80dcc99e

SHA256
ec5915a1c34a6930f84ce144ca8dd869f9f016e21149fe87e146409ae36ca8b3

SHA512
e00a2f9d6d63bcd21b35b8ca881766848c2936a4c0b14fa9c542180c59a94b333e9c4ddb19d0b7383bcd32acbec9a9d79e626853071e8e0f6de87559bdadb8fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
32KB

MD5
2ca3b4ee3a132e5d25b4348f7ae696a1

SHA1
e2c5203cc1f881e25f23eea0ea1c1dc4b90f5913

SHA256
d8b89fd6770a1874f4b50d25c6408ec4c257893bdf088617c4dc7584cbb75eff

SHA512
9433d596ef759e07bacff03cbb2c15892e40013409f5cdcc546df7bcb7b55de669da4b6f11b238ce66fdfa4b2cb119020b2367021ee0fc5f30ce5997f2e2de0f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
53KB

MD5
68165b1a14c4c2522f1d700eca0ae5df

SHA1
174f155f2c13ccc5ee33ce1c98536f22794257eb

SHA256
d56bb4271387fcd7adc8e3e3940d36d404a5b0783a9587ff530bb09930e1729f

SHA512
7616ba060979e4d5cd54c734c46c1c5da5409179db3e9e94c341bad35b9f28d3049780a637e86d2757f214164d44256e05ec5e8c3c68497c86ef6bc5ef705cbb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
39160a000240f222aed231bec13ddaee

SHA1
e62a252b9c87bcab1a7a13c92b17f38b2a208b52

SHA256
c657cfd5ce59080a166794332dd645a8527f9e3145a272d61359cb5c9ae1da86

SHA512
14a468a3f4c5b110d1271e062f8090e33f2c3a264962f915aec6531bb13f450315d7da5f2b168ec87b478171e00ea58729e659358d5398f46240bf203b202e64

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
31KB

MD5
5124536987042dd50823330bd87577b7

SHA1
d877f5a0a3fee071c4e7f159904dbc4caf8fb435

SHA256
aab9cd47bde016cdc780ee37ae16a2d6bf81ecdbe073568f03ee56933e2456c0

SHA512
ec8c774b2f197eeebc7361cbaddeb9ed0d961dc27319843a6cf5c1c93b8b9b9b901aaa0c583cbdc9861f3b2ee78ef449fc0d46ce8cd32cf44411193dddd37665

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
31KB

MD5
b6e41f336d3c65653f34caa09456ad18

SHA1
d121d7173ef6d545c5fee55d7b0d0d8ba514d59a

SHA256
92adc41c35e24c6a2d81ae2ea8ccb4546bad680b64f0dfb0d26ac804f476cae0

SHA512
4751f467e8b2488468a6a5a611b2d57949a5af5239cb0f9041dc59e902679ec958e6dfbed187dc5ae9699077cad7b983aadeb17d64f1b14fa87b86524be94c5d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
30KB

MD5
f178f62889f2ae7b818acb0348f2b368

SHA1
64d89447b43980df67530e9228d8d674644fefd0

SHA256
0d82378de025f74a99c70d0e7ac7a3cbb5d041fc39e550d223097469800518c0

SHA512
79669f6690765869afa6ba6ad5fa6fc0d5eb460ef0323693d7b0e47fb6156f665fd4e81602f3eb741e544a8f7d0bb79c06ca2fc8bcb14d0d55314d852246be39

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
131c4410d84be86727904bdd478c5461

SHA1
e85e2e86d0bd38e797afd03f374afdc6205a788d

SHA256
c16868739895237be0f61f21e004bf4257c06e2de7d0028bfcf5430ef7b7f54f

SHA512
2aa36f476db699c482e837f3b824fc28fc5977ede52770e4bb8000294c8981d8a32a8d8a5e273bbc8393a715a726cf4e959a64d7da575f24c3cc5517ae843b1e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
c158f2f1e853720be427dc5c3704b61d

SHA1
64d735b366445a1f20eff5111782cc0bf060b277

SHA256
8491368ed52c71a8a49851e81dcef8a4af9b98f13d95e1bc281cdc815cb5ef0a

SHA512
f3f7147e207ae907b8ee250a276d06b23cfc951338a4ee7d7c8d4ec1dd546ffea2e7089b5c90435e8b15b5100ea90dba3eb7cfd87566794681c8aa49de10d57a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
823ca4a47b5842c30d9b1c74544a2bc3

SHA1
b09767c0b7f114a3f372803dd2cbc83b7c86cc18

SHA256
69c7eab907b6306c8696295273f865478a7ac9026cd3aab8203f8ded097a6c83

SHA512
b37dfa658bdb6c202808ba5a4e1003c65e0e81d2c88dfee0f4e4a49a3810ab1070632b50c33882c02967d4a898c8f25ac03624937c29be0436bf8a68075c5bc6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
bf867320d014528cc68b62b885e2fc04

SHA1
7bbca96ca108a846f0f9e8d33267f285fd486647

SHA256
39633b602e9c0f9658fa5a2ffeca4e1f2a2cbdebd710557ae574501111f97b8e

SHA512
b7067f3a72195159797f4981299d424a4f463679b06e4680658124e1b5caf13c743e53f4bcffd5f06b9f1e0310c8ca78e51de7b41e537183930328ac3f171f51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
7f99f4e67686b18d358fab90610c23be

SHA1
0457de5dcd70cc3d6bfd547b138d54ce529191ba

SHA256
ca7b75ae006bea64ef45651577c5afcf07cc8afa559800db96b258b4ce72ef86

SHA512
d391a71e5302aa1b2a25e3f89fb14eb31df09d93d7712cd46be3fd1649a293953fac11e3be909e6d463dabce83fe499998f85673e349bb5c6498fec68314d439

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
27KB

MD5
387773c9d820015075a2a885a5119adc

SHA1
d59d00a86e54492f1e1e96449a679c288e404d21

SHA256
7322ac55ed54e3940394391ec9276761d0957adfd6170d2c87e772ecc48d071c

SHA512
d6246882ac8df600954ecebc99709df2dd759e1a51820467c32fff154ec57c826b470ed2018cb9e13d309b292832d2f60453d62737b12ca26ddbe415d972576f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
29KB

MD5
e194d8dd1ac79bc04ca10fb14f3157ec

SHA1
f33ab228d4858edb8cfdc1685469e6f2ef325d51

SHA256
5572d57097582aa82a60c77cf76a9f6f44b8e7a0789b4e202510285a0b435f57

SHA512
1b1b724d931e09af4b3db32f7ae4623d8377644f95b54fb05d4321fcf39d4cefe2dd4daf8dcac9436a653f830d933b828b6297565f3ef62c7362b59dd2c9f244

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
6e6140aa0f2d3e4e63e2d43f0d4680b5

SHA1
5347ade38ba7a0fcdb357abb713090bd34baee9b

SHA256
288eb6e2b1b7c43684ca640ac06878030ad57e2146c20ce871e92dedd618ebeb

SHA512
5242623cec619264d3025f6d41ad5e3b5bdf942fce7d496cf5cd9db9e352aefc7a70ac1cdadc5c79181fb39e9eeab6b17dd8a8eba1e17ed40e0ea17f196b5aa7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
232e10729f5257c259c9afad8a0a6d99

SHA1
acd2bfcaabb8258c8de8dcfae6ff5de3a4e77cdc

SHA256
379ebc6a8e0625b1260140f2cf094ea45d6882722ac8dbe9dc8134c4343640ff

SHA512
36da39b413baa53f49a1207986d0ebfab73b6338ee7def4ca39c6d3eaec0d8093b940a1df2e9d815f5b72be1e838f6d9afdb50a38373db735377b50dcf2364dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
bd27fd15b48eee245c62c5f0f8cbebb5

SHA1
e99e8f190f92583bd4d9a553fbe8fe05065e8fff

SHA256
5ec38db696f3144f5b72c986db3ccb1f4d1680b83f4438040854ebac7b4663a1

SHA512
3f6d2673dab97e63d730a8d26fd3e3ee92c2103a7477905fbf5d70ec2c7543404f504a0682226263e8ac9b73eef537d6dbbb08820e566a912ca8142cf917d4da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6aca4ad299d610fe4e37c33ce6247148

SHA1
eb8d1e260cf0d97a919c1952224f4d6374b3e212

SHA256
1e4e3ab35edf7e932c58277ac2c628fdac9a7642c2f33ee2aa1e6f30967225bf

SHA512
6db57da0b44899fcf0afb810ce1d46d4ce9b0de9a63d1601994e7e378370da66d6a3e0648dfb412ed966bf2f9fcc975e3e5f6270c9d4d6487b8ac7bd74f6f755

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
652cdb6b379996cf12993cb3115161f1

SHA1
4178cbaad49d318c06eb1d71df6439a4223ed377

SHA256
a8e969e411e78b962ec812f25bea55196610ee4d2c4faa1efb178ba252396f13

SHA512
9ef24c7278590fe2d1ef4a4c2ef729ac2e8010ca9538a32338bc55dfcbb066b1aab34f1475df8ae1a223c5de1132243e0b5b64efabac2fe513ac3ba0b069e9a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
dcb575db8c5736965b13ad8ecbb359e1

SHA1
37d5585121678ccaf06aae3d314f5c5c5f129147

SHA256
ae7072bcaf4cbb7ba820f11d519e83f89bdfa7298ee00745c3d48bca045fc270

SHA512
cab779be0682118b9b80b3d09dc412b38347d25fff23ef49ab9ec28690230fdd06b8e6b5c049309fe2156001daa2d1f36a3995a07b125de9d549efdb33bf6881

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b5d5ca81bfacaf1eb719eca79eb81dfd

SHA1
11403a7fcb4c813e89fe6ccb13e36ce65ff18b76

SHA256
69c5d0290f308f008a7016a17919bf2c9b98f366e4cd3535200cdc7f648d6983

SHA512
75e5cd039c889e6611dc1cc5dcddbc074fe8e706a9abc30308daa0ae83b2eb9a2c34140ef6d8a76f618cc440dbeec0477d9471c2e817973f39e561a7ad586212

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
27KB

MD5
fbf8f57e6cd2d690e0745dc8a710ad44

SHA1
aa0e343e409ebd4f9c44e30eddef0ae48cb0a16c

SHA256
3b7fd8eddba7d45ab614788882bbac572c3c6c8002a81e2158a5ace2fe5336f2

SHA512
ebc37ea2b9907f8b66bab644993d1d8147e68a26a677db959db73826bd5c463f0518ff3235206b8523408d0d6c942454979274875c301d8c515c1197545c1534

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
29KB

MD5
8fad39dd7f17771d7c617439fc302b69

SHA1
b974b6d2b46fcbce21b8d591de4eabbc3e5c80bb

SHA256
f79bd6ec9b68d3e1f5c7850daed6d5d40ec18707820db3c0ec3024d72110052b

SHA512
c262aabdbe1fbbea56e664441b1f6fa727918e5ab89f56a8fbf5e3e0788b538533a27fd1beedcc4d88be7c16ac13740a7d876f735cf137bd6bd8286d4846c0e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
29KB

MD5
5d80a3bef265d518021e3482b20c559b

SHA1
0e05e6d38d2e3c81f653525b6e03b1a33c555e32

SHA256
8eabc812fc5282e15a1908911e258fd7b1cbcfda3c4122cfdcc81feb0e5b832a

SHA512
30e227e391735164b5f9595e9427c53b6c02d675e5a534a3203ecffa8900e8049e4c16a39ea2d90829d5859ae984c890f7e166d44657cbd2c4a429a6e1cffc88

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
30KB

MD5
84c1b521834e23253d9ed3109dbc4d5c

SHA1
e0513fa572ca9cf04ab60e9fa2f597d3aff0c585

SHA256
30045dd4c79324ecacd316775b3e5fd5e84c572f576a1b1a312c304c9857611b

SHA512
a64696dee8fd2d665c0291a33e3eccedfbaa68f351b9478cbc737c7747b0577c6e600b38f06074dc42ed5b725f202d0b4b0321758ddaa909388daf1916e6fa6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
30KB

MD5
70512c5e81df9dd5655d3368f8457034

SHA1
ffed500e794db5228aa88d1f04fe6271a1d8063a

SHA256
be2af9061c9db2f0e53923ec5d7ac07c820fe4993e00ff4677f4f6b7ad54c370

SHA512
dd0abbe94f1d4d97803bc382c4f075ac21d4a90f30897c586264c8e444e2c7c81b4add69c55b3a5896b52e78791447c230ec057254b686248f648431af95e34b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
31KB

MD5
1b21c6747dd3adf77750e37683e0dc0b

SHA1
70679bd7ed5f1fc08be2b027c285c6c791366001

SHA256
233cbb3a72d1ab398016bc8d0b59d9a45e97536c1fb9721223cc980057434f7a

SHA512
31c98c03d128fcaa5e339fbc81d9962fd85ab50ee57bb3d2473a9db19bcee931c896a9cb5c915b62e5eba059c699a1bcce0ed26ec200ba947f1b960cbf6191b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
31KB

MD5
2c40718756225ca926dc824a64c8eef8

SHA1
837c39866ed7901d24069021020f24ce01603975

SHA256
4746c38717f40b2252928ef3fb7c9197ea1159f11794a7e3e921d3a5a9c54d5e

SHA512
d52b4cd42561d3836603c92ae27478a4bb400f3e1c793880895a3bef7efd544ca1776d576c196412429040078898dac790714fb2149a99edce966c1b73daf31a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
31KB

MD5
897020f972a29ea4b130ae4b0ba086d1

SHA1
bc16a2a58f2f705285e6bfb642476d41bce8adc1

SHA256
7bd8f711d7aa23d6b709a7bac6e75916639624576363fa98cac7ca6057a22ba5

SHA512
244d68bb4631498da2e58d9faf17881aeca920893ba7ed1f813abb9d9a9a17c9ca267f87c719d8e67e19f38b1bad2d061114f1121bb94f76d5b2f44ab8b0c752

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
31KB

MD5
982ba818e5867f62b7d2b12cf6eeeb00

SHA1
3ddb9fde57506a756fb0534a71febd0ee33a5d9f

SHA256
4bafa59ddb0c1b2933288d6a128f43fc84af6ff6dbc24a87f2897eb38fd9c2d2

SHA512
d96c25792b59a9f4cbf9b31c31d2ba260852c7968ad13287f281025f944f174d5d27075834ee573f7bad0fc6802b787b825cf1bd1105183a5d63def32a84d5f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
31KB

MD5
275bc4fe17491623c2ea93099e1849ea

SHA1
9c0564153eb6e5b0304f0be7318384fec953b1b1

SHA256
c41e91e97cc4ef5eb6ebf227b7b77a64178e90cce23a8b6ecab8d03db9511bc8

SHA512
814c846bd4d3159fd4016d71e650a7b9f74410e1a1fd3d878f346a7f4df417fb8297f480304a87b89bcc618d2812f9fd2be363d1e30a66d4f1a6af9d7565e3b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
33KB

MD5
f3a7ca5066ba6141ee20d4ad1876aefd

SHA1
d5b620535c25b7611ac1d93fc503ebb2ae030b98

SHA256
641fffbe166284b40dc9f1f00e1513912f57b21fbf14a665a378973aca1c1d1e

SHA512
1339aea1479fc23645b66c79500b240c6e05262e1e29c8e2fdf0af8905b02c1f8c8660641d98d0c3b196e216c4fbba43669b31590dea9bd0952e00cf098ab07b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
33KB

MD5
cdf29a70bd502a252e1b622cb0be750e

SHA1
0437065bd7689c92d41c97e01b54607101b2b360

SHA256
544a816a5b3216b43a1195af058d88cf192828cff4c8f5bc07a5c6fbc588a547

SHA512
5ffd6df4178a1daa782255effd14e20e7eedd1e76e166c178c8457e08aa493e8293a9c3205e9077e78d69cbd1bc5c15453bd74a3782aa79e8f85194cb0c6ff77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
33KB

MD5
3631aee5b92029520aa9071ea903ff2a

SHA1
d26a6b70c925c040e838511a834457d5afb17d13

SHA256
627ebdd61109a7b7871d5ab970d978d432a41e23ed4567a4882909ac62ddd1a8

SHA512
a4e29344ab065c1b19001e125b7c141c10b837abdaf42d64e5245af2d6820ef58c7a94d8dd30468ac43048d830d17125a301dfdd7a60225baafa112cbf93d7d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
34KB

MD5
68d943fba86f5605e95b30659ee5ac93

SHA1
49274b8b13d334e86b470c23ae4728ac760481ed

SHA256
bb844b1a81228420ba3be66826ce4cf1cdd9ce944eb41bec9c9b43893d38bbb5

SHA512
73d312e5248b3644ee3a59189c7970b7977288f3a82e422ede0b17e0b05a9a176fa717d13fcb68bbc26209c576b4e05ded4a6b184f9d6d43c239450f6eb8bf30

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
35KB

MD5
979ae2a48508c8a5863a98ab83afe541

SHA1
92591dedcc58d7e648ba19ba29122b624282ede3

SHA256
90ef5174446c6c037027f33cd69443e14829a8c31e7e085716864373a4e928f2

SHA512
2f96e51922d48a2070bbffab45523279043aeb47b8baf66e997c3b237865af32ebe95b277ab67dd4751b60f7bb6035f0d0f333e8750ab1bce1464e4226be0f8e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
38KB

MD5
f0443489bfba3a8ba666e42fe4f36296

SHA1
26f19bff4fd23770643c5831bc011fb149a9bd2a

SHA256
df98589d71c6ee9a662fa78f959c65176238d134b96b45f69c9eecad5e043add

SHA512
b4bd08d8c0f05e9643a9b1ec615f16c171ced713f9a9330e87aa2399538585c2aa7ed3ba353b7983401ee64e1b61d667d0d20f4355b5aa5620c4b392e3d50cf2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
41KB

MD5
e435a139703af52f977026c48d631dbd

SHA1
a1630448dcb00a6f3aaaab8d9e4f924b63aefd8c

SHA256
26ae0818ba37dfc57afc6d6beb887fcb1de90021ed749c43fbeab8a5228d7de4

SHA512
4ec98b4918b33b9589c51ee75dc60e99c321c4998c05d1c7e32495c56b8d604afe143674fbb9c7606d141c77b93f35b7d5c9b9df12a44366467cf47d29fd69bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
41KB

MD5
b3662aa9899860daee871217ce9eadf2

SHA1
8b8eee15e3fbbe5382300c564d3f9caaf6947114

SHA256
0f4b08c496a0836833a41e2d77fee2b4f4864146d3ee49bd3ddd9db458b29b5a

SHA512
b617127f661f56404beecff0e590d211c67e4dd32eefed8f6761c6ad234ea6a6bbcc36e42a39c229a3700fe935d38750a8d4a450782b3e4ef14d16aa614deeca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
41KB

MD5
8d87802c029ee53c017510b6f3d495de

SHA1
bd045cf66fad3703adf1469a4f6319ea063ccc0e

SHA256
f6acb82cecca7221f0e9680c16ecdd97c64671e007f8fd32c3b10326cf73fb00

SHA512
82b325f2417454b369d5ab07e974810b65a8c86087c2d24262cf8e55eb4a037970056bffb889eb95773e541084eb776c553e1594c02add2269cb8c200b9b22e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
22KB

MD5
c26baa5f2f295d85242c9dcfb1c7477d

SHA1
369897d98cdf9bea66f6d204bd77dd9f2c44682b

SHA256
4cdb03a23bed9bb6d01e3909c5dfbed5473753cbf2293a11c91d7f152c3ab2c2

SHA512
486c77ecc891355e081cce9295b82581aacfd0458ebd5617001616c8b35b73260de8a4749713da0853aa0c7f18a935657bd1aab542d3765955f246e656db28cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
27KB

MD5
5bf70fde48f85273efdf4d9b102cf8e2

SHA1
21e491ca4225b1bd83694568f2e7020d07367c5c

SHA256
83af564fb14840507aa201d1d1a49976122bb605af72e534bb3f3801c2c3c3ac

SHA512
f6653f85f096aafcc137e6be7809e840fae725c51a68cf3489c885142bda7f5446dd0ef287f1e5d18fa08128f766e94798595b872d097da2de5fe7a1dc20044d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
29KB

MD5
6e8385acac5a32570e7bdffb41cfd0cc

SHA1
0ef6e92f21fabc9feb0fc6b729c156e20c9848e2

SHA256
779b5fdbebeeedb585eafd00a5be6c879d2f14e55ee3663cdde162c40dceb1dd

SHA512
706dad2388d3668bd2d815e2f23af980c1f728cb2c81e3d8a341a35194693b4292113903172fc49fb6bb8263262e359e97d092b3e5872a95f901d1570ee03c11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
30KB

MD5
1a0e4eca633715e8ac16cecf0a79b096

SHA1
b1dfd917c225f3f0237ac52cfacdd4ef5bcb79b9

SHA256
7a14af0fdc2af7b1f8d11d7731f0435cc9ad3abbef6ea2e97f8f057d8b50dd59

SHA512
8c262d7b4f79cc8acb97a00dcd6b6cd6ac06982ffa8de46e2cb7ed7c2d220635d8bc1c394c289eb0088d8542cf61de454dfffd5c8f551bc6e2aacd4097d742c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
31KB

MD5
7156089331434033f0b0b4b949b385e0

SHA1
9ae01f0db216e677bff01241f786aeccfb747864

SHA256
52d557a85f35b5255994cf2bb99314097f1d493fb83b9d0730fd7e183317099c

SHA512
d17aa929a21abfbae16d9993fe429b7986786220b0227004bbac69bb746fca95db3409a77fb8e50112580d080faeb58226aaf7ecaae5a2d8b371edbbb680d2ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
32KB

MD5
0540e712ce4faabe201354aad34adfd9

SHA1
2aec5b5b089219acee0432bf6fe5af1e8a29ea46

SHA256
1893ea71298e56c539e5420005dd380ea1b0e3b1c455617cda1c89298babb741

SHA512
2c36e93e2d99263d3e70e901eb20c95fa22eace7722f9442d134d9fe8b0fc5dc99a21fd3759c4efc4cafda468ebd24bcf94acc6641e17c52f21ecb8742d6ecb1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
34KB

MD5
9d04e069c48492086b46e41600bf8c31

SHA1
763d2d6bbc1826dc36874a9cd19db7303341c6a4

SHA256
9b69157049284d06c3d42ce83a2488c22a74457e72db41b92a4e52cb08170389

SHA512
d63fe55be17d8a6423d8d59e770c25d5469b1a633530c76ad91891e2a5b06167fb927981dccf7cae42aa164f6764a2347c05bb69c96a6c9aaa4bf4ecffd36cb6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
40KB

MD5
68a75247cd0bdb9cd95790c265714661

SHA1
3d4a3d9fd6c1606b1c8fb7190e6989e7dd4e5bbc

SHA256
80c97a28fa604e3ef442e0f47fec2572d67b3e276f6bc9955bb3a4066f955255

SHA512
9782339d1ae4730df3ce49ad23d32896471ed2ce5f51fd6479c9980affdd5e5d3a7813390606fc6e0b04befec6a5e53400b64d88193a2336c650371f888fd1f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
30KB

MD5
6e66848b0e7aa056c902810992919677

SHA1
5f2f83171bce9bcc6b675ac9f0e25709fb478d5a

SHA256
17184a7af2cf567f711ab340510121b4ca31b1e7f488a4fee565a18540d1bccf

SHA512
9634f55ea139af3cdcf395ed7aa5f99606b2bee4d91e1336495495d1b9904934cb8803244a4732b88d7063c79f28a3fc4c49eed5cdf91175b14da2db4b0ded6e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
30KB

MD5
b2d19f55eb14591f9bf25eef8eca2c7c

SHA1
1c77b0faae9fca7bf20abc61e13e207e1cef7895

SHA256
7298c926a46b6e690bbdf1f3fded0ffede894e50b7f0369d41b70b701022102e

SHA512
43daf3b38d26b60f4182761fd956bfee604660d4327467c16b5c66741343d5b69f9c5f17f303da5baf19732590df0e706ae0f481553ff58631eb72ad87a7a367

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
33KB

MD5
8d759ffeb8b5dbeba44cc96070ec91fe

SHA1
afdd20aadc86f230abf14bd2822bb4fb1f65baea

SHA256
634b1282e2d534fcb1b0b40c2ac5bf33c8e7189a50043890f3e4c48c0c9c323c

SHA512
ac313ee331725ed4aa4f0ea575e394ca72198a100bd47fd1aa3991f3bb8f4d0d9b6b5808eb739e0dbcd761d4c1c684f8d53c21c7000865c47b006b6401fc9f9d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
33KB

MD5
c9cf61fe6d758ee0252f8d6b6c21d90c

SHA1
9b878e7ce2679221e7044edbc65d631cb310bbd2

SHA256
8ad35dfc7e7da7b5e88998f4dfba8f2a890741db37cd98e85914454e323713d3

SHA512
db835ff84af77ef6812b4bfbb64443ea23314ea49c6576b2b222bcd67dcfe0604284950ecc0a703a914a1fe8e0e12af9e062e1fcbe606305c4ac8d5eedf09132

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
33KB

MD5
54f552e33e1b797b93feff66b65d8507

SHA1
50188946ff327607584a47f7bfac72e111d7dd74

SHA256
62cbf10a2ccf3b651090023a201cd53947c06e8ce31703c0618ebe0209c0690b

SHA512
cc36895aa982a9975e04aefaf6265a5a554e610f03b2a2b57c815a2b9b027e7b48f012e3870ab5496cff3ef5e3acff1347d508bf0a2279c92ec30870d4200198

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
41KB

MD5
f863e54ac0f75c24b6c63e7e85b7fa1f

SHA1
cc020ed6b37d2ba47097e9a08473d9fd53dd0f97

SHA256
a222f7b1d1e0b9afb2e9d07848788806b16e803bbff6b64273934a51c26a8fdd

SHA512
24f2fc6c2e8f357ea08c918960030b4cb8077105041ff62a341567e5d2489db52b7bd24e775f5d0dffad92ffb8803e3c9bfc120b7ae4901d4ed587ceaa988717

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
9fc2f95482ddc21e40560e7e9921d02b

SHA1
9c4452d5d02fd4b5e845655a17f5f1d12c1434f1

SHA256
8af82767130abc3862f01f140bf0e41a81fe52d13c7a2d7aa118b82ed3be491f

SHA512
10deac230d670c44dd692847f080ce00aebcad6beeb8af9eb20704f8121fd5270524d41e62e86bf437cf0124f66a562fe2e7b96fecaf9c86f08a127de5ed6340

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
29KB

MD5
2303c0e1db8440f96e9c6344f8b16523

SHA1
44d085eb404b07e9d05c300578657c850b18cfb7

SHA256
5c5c9b42e423b4740c92edd0e9d7116dfce5c6ed33234ac516d7e6751cc792e5

SHA512
0dc480ab294727c3317c482e9ae6500128a056a54874eb8784e8bfd911038c4d839d503d273adedb387760199c6b8d3aa116331709a8aea7b1c78781432533d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
30KB

MD5
37792396531e1d9a56c9a52d62eebb31

SHA1
aa9f31cad5a462890c561f6d7b69788be7aea2b4

SHA256
2d344138835e8b16e3e02b47458380cfc77265fde253aed1a3980f6a6b631e8b

SHA512
b409b0e9994cd4929a3d20ad34a1e7275d6f838bac0cfc9d5babfd4e7be5de77e3b66a679b14287577c3161cce346024911a352ecd2b5a9ccd99ce831138b44c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
33KB

MD5
f181fff24f879d490893e5d31df77979

SHA1
3bb491475442aafa225f634d9312b6fb9e93ec86

SHA256
3cfd92d02ef74cf8d04f6657ba65481e96041acee1b487ef8034def78f5ea081

SHA512
ebb3f0c121138b5dfef098494e40c2440f3c162b83e55d6d6f7d1aac8b66dc73048eabc37bdb9b2858ed4b70bf263807b6104c5cca7eb300a7a653abdcc15cea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
26KB

MD5
11bec28a6ee694fe30596e1b74dd134d

SHA1
071fcb8574966c9565ebbe1c675cd37405d7c68f

SHA256
be40923eec66bae9f43b7eac5eabe538a4f129d681d4a050bc1871fabf1f7de1

SHA512
de62002e019755f74ab180578d0e81b747d8e1f8a6eda161588723e53aa198c67ffdc3cfde212618eb2c45a396a1784a474d701f25bdfb834faeff01e74004c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
30KB

MD5
290d69e06942fde61d6a429cb146f14d

SHA1
7e77d3f2d5d0bd655249ecfadcd019e389d24121

SHA256
cca1ac375d0484fb1b2b3d3397046403f38e7d5a32a97c45033cda5d901b9594

SHA512
5b799085444dc9299cad3b3b81a9575ece4e85c3356e758b4cd6e1de282e9af3fe34fe181e95872b379564c63e485afc05c1cb3c7176c520018154fc85925d11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
32KB

MD5
264382c9ccd2fe53698464bb1ec98fa1

SHA1
321484d5eb1d78dd943a8b41c1cc5f8512afab8c

SHA256
9cb41ce6e45d1578cbc570225b11003c49b89b06d43cff2e3863301d88e157c1

SHA512
100dbecfeb41e58bf1cca3d7a2196eae2f03804818267f66121fdc8e78dd3d37c024bc9254662a5d56c5f8cad1bae16795b49c195c7f271cf6c66c2c921f0a4a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
32KB

MD5
87e608b8fde62cc1c79bc172ec060fc4

SHA1
20d9ca605814bed025d8bf3e09b9450005fc214b

SHA256
c681eaf76aa4c7fb0bd8b1de5d78c2e9f7662068e386d70e4a186f44849c75b4

SHA512
eb6262c98c988fadcb0293524e60181a36f852cc70f43f518566a8481243dbaa29775894c857100863d10a1141fd4b72ecd25ac764252ab5a772143fb8a14635

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
39KB

MD5
064b7ddbbedbc09250607193a7546d95

SHA1
20fe698157a0426f8e61bea0e0b412446426d8a3

SHA256
4371012013c20e1ede0c9a5d859bb5bd58eadbb4caf304f753caed12f7dd66af

SHA512
ab80b5a8ee31bb2f06b5b5648072516de8a6131a04bd01e3da09d8f201fbaf9676ec60a8923d95de8f47220ba0182a646c7a545a4d6ccb2821bba51a110969c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
32KB

MD5
fe151a1764f655ca69a6ff31644e52fe

SHA1
a861919130d4bd3bb235564bfaa6ce342f3f9206

SHA256
d5487e5ff90d0790ecd4f4ed3e750a50d97aacc81275402236b0379a164bfd9d

SHA512
227b1d8c48b243209ecf7e91045c3a213df4b1f04df4a78d688cbb8d48dbc4923e8f4c088969d1e96782778e0e8d74270843c76ca1be554872de16ba10437464

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
38KB

MD5
f508901372e9eea8110e20e98eb20cdb

SHA1
6cdecfa5354eb91eb4964f1028392eb717e4609c

SHA256
580f1f6c7b9537449ef3217c4edb6e5e8f793d79c93d7fb342bd63b92c003134

SHA512
a3337c1c5ab0d02ee567645dd05746b4df485cffe5bb86db10965b4f65a56e49503bb68eac7b39bc521696e26009e485bb97b2ad2cbec3cecfd36aeabea6c330

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
33KB

MD5
74f86e3e9e54bf03093d62f03b19951e

SHA1
32571691aa735e8f10573f0821f62d9fbfb8515b

SHA256
0907e370b8e62e167485a9d99711aeea5040f655ec184ac3c4610d4a79fcdba6

SHA512
5608db0a5e5afbd655483cb34aa196b19fecdcf25dc38ad790dff3e6d308ce56c8cbe1a1467a3801df26e0955b48bb9785a8572ba48615e21d88926ab50b229e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
34KB

MD5
a3e4cd773050c6b330801f3b856c0876

SHA1
f2d8572632f5490717b663da9b4f326dadfa19d0

SHA256
24024cda5429cc03109b082bb0d5ba4415ba5be034beb9586de702339b4cdf70

SHA512
620e1e95bbe0aab9799755cce8db8b4ea7a7da8d65db230c6ae23ae19460d16c7a37204e78028d5b210db15ea55df87cdb26b32f0418a1766ea762ba6f23dc78

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
32KB

MD5
27ac3644e133baa77e082a83f9be27ef

SHA1
9f3b873ab20fba313b1d561253fce934bb0f5301

SHA256
735600a790fb7774596ad665141d827d321b3921aba6ba362e55323921aeeef0

SHA512
4bed993cd02819b75b33b3dc0d229513ae038a6ea4eccf3486e539e673ea0bdbaa90de5ccc9e24fe75ac098e8911326b5a961120cfbc3bd98c7ec09a8d496b78

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
33KB

MD5
58d869bad8d841ad8b8fb86d2f66c9f2

SHA1
1dbb4edd3b47862994c1e3d03ae04fe05a63d5f5

SHA256
7caaeb3bea10b7019f7457722e9cebc6cf67e260783c8a6b13d02a41f8571112

SHA512
23210a6ce9b2f407df0b34f352c59df4b1b09efc98bf46b341f43bf4cc6f8c219f0d0e21d90cbb667a63be520bf7473ff3108c44c0e60728b07339f37c31fc20

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
31KB

MD5
74294d211d086e6b2649f7782ebfdd61

SHA1
c6d5499e96665f0e132f89ef2d90bf80af0b767b

SHA256
a43479f6acac632df6bb3dd2bf110a5f214251ac492525967c80e040fbe3b8dc

SHA512
eae6c6dadec74a5f8ed8810a07a81949328cd80e9388d5db8bdf57ec20d3f0799fbe4acf8e444d1d4a94e277f9792f9467238ac828a11d633b37807ebd3cb8cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
32KB

MD5
53fd29b6d3c1629cc3f45d5fc3b73550

SHA1
c73b3154c355c3bef97b7d802306671daa74fff7

SHA256
43b36005839410a25b7a4edd58ebf8f0bfd5f8f54fc76cbe97fcb06d118ad93d

SHA512
898a5295cb89b8fd371711feb9ec11e57a269cd0731350d89842f7d1cbb9dc83c639e66a2e6cdf568249c95482f3df05f7a8d3949a86f24c30eaf2058e1fea81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
33KB

MD5
541d38b1e6f4f3b0f06cf4ddee1b37d9

SHA1
b2ddec2b2ff8aa69b21fa9cc164e2c7990bc9a07

SHA256
30f8352a6c8ff00c2dedb8f066d91cb8c9c5282609c5badf8a9a3c8c996161a5

SHA512
69c54c9a75bd5545ba969c985f693a704601456e35b7e3fcab242a8dea171e8d5d423e3531bd6c94066238ee650dfae7784ffe6440271b77818ba36db669a8d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
39KB

MD5
efb99f2f49b86dfd6e480edc89550111

SHA1
9d4b422a17302a542ebb291ab9ee10a845e47260

SHA256
c341ec12cd61ad2c6aef579bb4627c680fb83d9c2c78349c00898531390e8f64

SHA512
b559feca5552eb6690ea7b9fcf648a12b2562df087b080d096c914eebcfc1200e7e5eed90ab83d5d5422ef65c3082f03988c6e3e34e3823648d8e894ed3011b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\32cadb2b6d359d069dd3f3d132c212a43d223701\index.txt

Filesize
74B

MD5
f20e3754e2b27866706242f815e40aa0

SHA1
d49237dda106593ee821f60fc9a60b7e22bb74a7

SHA256
8b59141f0f77ff8b31bc5560782211faaa19feeea20c9529da1188cc79bf0d3c

SHA512
0120cb1eb5d95fe7574c994b163d788c511d49f4dcbad15cb55681de0aec17e898b3295b7e88c8f616d73fc5053ac703e0e3e2ea0cf3bc22a62a8ed1ff8e8fde

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\32cadb2b6d359d069dd3f3d132c212a43d223701\index.txt

Filesize
35B

MD5
343859b4ad03856a60d076c8cd8f22c3

SHA1
7954a27de3329b4c5eefd4bdcb8450823881aad6

SHA256
8c79b653c087618aa7395d5e75198da7d3b04c08654c39e56b1027f9ef269c2f

SHA512
58014a4e7f2b4b0d446fae3570196b8fb95d0d1b70bdab0dd34a74d6c62cd8d7ca494a486f19c1a829988a3af83a08d401f18d1769ce1799a02ee09807234254

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\32cadb2b6d359d069dd3f3d132c212a43d223701\index.txt~RFe695404.TMP

Filesize
99B

MD5
359b66ec36676904f32cab90ee1c640e

SHA1
eef8541953dbdc7d6733e61550221548d8ed6a06

SHA256
faca8adbe759c47d2a6d10e40f9f91caaad3809e1052240dd28b1b89ec2286e1

SHA512
cc98bb620fe3bbedd44e5955d370bb2b37771da2a922aa3f4d4b47739c2fac0a536191f0b78ce42b526a8db78b3b4591b0a23be085f3f250f960d9a7ced85896

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
779e3d2d74776cb8b32af4f535052b0f

SHA1
1a3cea711eade2f6d1f6e357613f37a391ca4152

SHA256
1556026dd32050316b835e14f9750de1c7181f5124f2f80ea749f76f49a8fd97

SHA512
eae4bf0a89f6099cbf5d8d7112dc0eacba6f03bb211e407615244882c504c00d3f52a1e66cad09b7eabe18f4c6b1821ec2b831e74cf33cda086ce11772b4672d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
f82a86b6f7acbf10ac24663f874552ac

SHA1
e180edbad59a95921bb69fda58d854efdca4c53c

SHA256
16ba03f89af0f987eac5b0c1782e01f227562fb4b0e9a7bb784d83d84b5fd33b

SHA512
c6da07e75d42596d1c5dae0c74b73c50d808dfb698445c7b1ba998fdaf8df7bf8946b16f09ea3f66b313ddd4695e877e455323f585247ef9e6b433a8618d2014

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
c2a5eec218af2d5221c64719b36beb3e

SHA1
bf12a11a2f1cf8022080773a341d293d8877c3c4

SHA256
895814efccca6783503e5abb0712a751da3192fad704fbffe32c0663a62345a5

SHA512
741f4046056bdac0aa8e109a7ccf84474188b8c1cc22f9d47eb963d361738afbc59f4c72b8ecae06bea6abbfb41aebebe63552b37c7e8bd8e6d0db1d3f0afc5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
b6ab5f3b3de34289c177dd50a8f3b1b7

SHA1
c74660cdb7f9b2912f430940baf58172832034e6

SHA256
659ca87109deb813c6c522add358008fdb4f8a21d133ea381085d7f047ba1d1e

SHA512
9818631a019d09b281bd288b6fb8e34ed1d0a4fca6a008ca14bb65f69a43e0fafa5775c052663dde8ce133b72ba842ecb6fbae8fac7820ad0b125918e65d4b9e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5e2ece.TMP

Filesize
48B

MD5
1fc778d34b6f6ec2d0944a2e0078d3a7

SHA1
6f69168a9b6434e2ab920df0682acb7df28f642a

SHA256
0d4cca8612ea6b1e02c6c7268da87a42b73eb4450efc51ed9a159456dc73c83e

SHA512
a50def324e97b01e1c5fc1e81df814f462204c7a791fb4df12b057515e2be5d9e83c9894c2c2dc5ebf7d0a0676063e050423126b8cd1c328b0d5e0458e12a9b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13356216296523581

Filesize
64KB

MD5
bf82da295e615377a615c78b14a40f5d

SHA1
1732d8f4ed361c40c787cf1fe849f913c33229c8

SHA256
bd170999214c37d2c5e5676033e77925b4f0f4909ccb12e564116cf0400e7cd5

SHA512
ae645d943e65b06fb9f8b6e092574051b54460a974fbac4cff14979c99bc2ee2b321937f5da21cbb93f27beb2cdd0d2f659905230d743110f98aa5073a1c23b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13356216316794581

Filesize
65KB

MD5
d78f7aacc20cc95bbebb02b3847c9952

SHA1
6e9f95b65bdcc5f212b09430fba94431fa839bbb

SHA256
fecc23c6119a835a02d9b1dfdffee9317d78a57178622476ae3feca035db979b

SHA512
f21924303a9119437687985df2c37c4f9f7eed193af5f002515f902fe7129e63e1823acf3d1887b70be33532e71471f1860f708705ffea2d6e0eb683f1c0a155

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13356216329493358

Filesize
81KB

MD5
10df1b1ebdd91af7487d62789a6a4981

SHA1
8bd913e0d3658af326c13d1b5166d7e2e12bcccd

SHA256
f2b989ef80cc72f690536582d488800b99ffdae19e4d076af7b03164c8e70ff2

SHA512
0d29d88a3a7244618b42c83724f367f55e06ad8bfe7d7eb181d23e80f123d192bc63b81fe97ef07f90bada32ce14edd831d978d9760ecd45d89cb1ccdeb803e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13356216405667412

Filesize
74KB

MD5
2160d7d124045a6c5af8ba3eeba9d090

SHA1
ee6bb0f7195d6c56831f7a587ce0ddd64a5b7108

SHA256
f34128ac010b32d06473512689111e367c04353a93e674270fa1d8a9f1b86d7b

SHA512
8e06b73d390b782ed1cf1727c4895a81cfd36983de106ac07c223b451519288f5866dbc737f5d56610ec3e1ccda88dc4c913d68ad5ce4794123073d587321987

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13356216567279032

Filesize
117KB

MD5
1e53c65cc91f26dc8a80ccf8f1eb64d7

SHA1
55d0ad6a58c67193e801aae3b4ef84f7ad0cbd8f

SHA256
46941539def11fab157b528a43fbcc77745046763fdbbfcfe1d1b19ff3f7b778

SHA512
963336ec54a242efa0957f4d2994249cf146b7e8928aecaa50b9469fbb79c99523ec33e73a04f1a4bcb1adfe8129f121150352cd7a710f08b659074731f35492

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13356216809476190

Filesize
141KB

MD5
b57aa144799be4b9aff1c43fd083536c

SHA1
fbb7c3d13853a934632f85e71ebd7dbae3b7166d

SHA256
1e1b0c52212184bad1b5725a0dea99a987059f2454c84d90dd036d222e529d78

SHA512
9d3f7ed1e49f23d52ebed801b98ce6e5d5b6fae74001b208aa69aad300fd67b4360cac8330df0e0dca898da0b5e16dc58d2b0025191592d9e8fb8b51657cdd82

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13356216882666925

Filesize
151KB

MD5
3e84daf8a152fa8c2b6acb53f9207ff2

SHA1
7eb400eea4ce3058508a598c90e25cdd5abb6055

SHA256
b2cccf56241d08861db950f4553e3c7af4ed7a84dd8a2c165131a6ed04eeb99a

SHA512
c19a811113aa34f674fc1415c51f65b6db00e638724e39714346b7890b453d7f690abcab097a1a74da204ec2be2a1e209992c4403a343224e45226de6635f45a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13356216905283498

Filesize
148KB

MD5
488a8935e60439508017ec0183fda6a5

SHA1
00443730eda118a09beb0b7728d6bb424e49359e

SHA256
840e535deb02c9dcb60621d1f743fef39091022629a9a8e86661b995c22571f9

SHA512
adaa530e792a3eb738f655a06c89192dc1d165d3cb4f04a37c55eb69cf04d8ce35da4fc90b0104c6ed6ad757c5f718469a993d2cd8554110260e85acfc289c07

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13356216935985039

Filesize
162KB

MD5
0f686eabf11a7d7890b41f0bb298feae

SHA1
f8e4681d82abbf8f45d1a4c63aac4ab782f849a4

SHA256
b5ca39a4ed4b543c0c7a23d78c378dc179bef7b2defe6da9ba24fe061c3ea85d

SHA512
db381acff3966082df4d10d646e4ef4aee4d4a5750b3efc67b7cdd694e273f13a5af40bb1ce8c5454a56b7ef68a533fba233e909148eaa59e576577c3400808f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13356216948576039

Filesize
150KB

MD5
52b44c3ed40c50c204d2772ca66c9f3c

SHA1
af47858e9acd5f460ddf31184834673b321c4b8f

SHA256
14952db3184319a3991055690ebeae9812c2b783f56f7f3e6e99c08a3568a155

SHA512
0b991674b3da6620e396c5d0886c6f4198efe3a84f71d061a79703df156008343aa1d75ce3b23eef8235afce30f8d92f1c775539aed50c79922570181e1972b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13356216991495866

Filesize
138KB

MD5
67c738cc9fd421f6034203cc7ea7ad50

SHA1
b38eb01495297ad5b8d891ab7d7c78e96e637374

SHA256
8dde13324cff6e88a71d7938129a97a36bb9ed735c44b462173cc74932dce4a4

SHA512
780a731d18119c1c10c7208546d873553b467817a9eaa448060d0be5b76acba1b01347ef5866e37cce56e1e4b0bded4f84d2e78cd81063de816c7cc1d09f1c98

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13356217072108105

Filesize
120KB

MD5
9f4b0c9784b745e1ba5f7257198f3d0d

SHA1
f9409c333acf6f9f47fa4546bea3ae0999a63bb9

SHA256
aaad3ad8a514f81e029f1867549ba86981feb2083dad8015c96eb111b5ec8dbe

SHA512
3977d55ecdf0e6f50d78cc87dcc68b01a0fc97602c83b286082b4373d2867f9458057fdbe532920f41fa8cc4d5d9c9edf8e5fa2f690bf016e981e73e4a12d7ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
e60121fe9599b36a20eba711517c2570

SHA1
6c78d614b064307a147f79686ad195532c1a2bda

SHA256
d5cc357a0d210fd6802042cfd327675f62f970f20d83c582ab2b848f5b781b5d

SHA512
2b6ae3db3a72265fd0095dc0ca1b25ea8119d34ef3e3a2408313f354f2a776369fd213dfa367a3aa28081524edece3cc721c48daf69f1164b08136b50c38aa9d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
2dc4294f8c870d3f7126405766bc750d

SHA1
32c52a1c87fb8f70a22d1f7973ba324f988e5efd

SHA256
fdef3d1e4c36f468a01e075c0bed85545793c6173f00fc7dfe1a657cc437652c

SHA512
55c674e6d5f39a32084d9f3038862a0fe69d61f05d6f3de561c4438be3f712b8c6406554060d29ddfbe1e205800c3c53d7cb34393ca0da6487cdd3f44f362e1e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
ae78862d98ed3d5a6257f8e2ce9df54c

SHA1
9b61f3d58681b677a88c484bcf79258b5843a674

SHA256
efe3b37f5b2e6be342232b87dbca56d27d64d7828de1b2618ad1ea3bae4315c7

SHA512
a1bcdac57e1141033645244199e8b0cab77fdb20485055113211e56c77421748bf582a3ee3f4ce738e6c8411a01b0a670af181a91425530d4e1b8791ae53bf95

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
41937b56ef3192de8d4dd8840c7ff178

SHA1
ca9a99f094c4437b15117c9d95f023d2a12d4bca

SHA256
3c9f8458d069d8dba50c84c31685679ae47956f3e94ca7174741221989b706f1

SHA512
e86db717f76f7f9559c55567c3f70d3ab453125903d066a41dbb08d9f38ada4cb842310f80b4c606153088c825b8bf27205afb2fdc9e8ff1bd06a367917a95de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
68bd920cff5a35185f89c781c750b965

SHA1
612e639e7e79c327f89f91533e4c81884bbe567e

SHA256
24ccae7441c8ec2c998636e172297da27561bf761e1cb6a775aba439cfa8447e

SHA512
5cba8a0f216501184d50398e39d8a2d7715e81829c35b0689052b4fb373c6ecce17c86e7f2cd122fd54993fd85ecb434a57a5eda73bbddd8340fac9b6ba6b7e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
15KB

MD5
d061fd89364395d1658f6a0471477572

SHA1
379c413ca60c8f3e4da41fdc628c7f0d6baf8c3a

SHA256
8d2541b6fbb4b6ebbea88a5cae815e9276e5261d3bc301810be50f0f1e3a430e

SHA512
acb3a95e946616e6f1a3355962255e2ae7d3cdc1884869d8c98afeee80bb6ee61737d93a27c3881a7230786eb942288fd39ea6d340e941c3e451735c706dd405

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c8475e243b4f67eef292492f9e2d1e36

SHA1
fda778dc7f6ab82e052101bba2f7411ba7d92dd8

SHA256
a0d384236196aa5d2a25a4c64f759b4d149efa0c5890f1b30c42c142fe1c4952

SHA512
1be10d70709d03813a92a16aaa6873a852d1185b6acb37184ac702fa1a63ee29b99802d59d6cce8c26cdb6d313f4144fecf6c2436d8f26c680ba6925861d37d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c0fc512f9f6a68cdde14df1bdaa8c127

SHA1
2875060577954f16a1ce01364683a582ad54a6c0

SHA256
b5a55ec2a478294aa4ca0b078ba9f1a169d4b8d0188d29bf5ea989632c1aa724

SHA512
21848b0865ea8a10cfa909ba92a2a7b14300f3cfdd16d77c1c78eeab803d6bde8f0534a5ed0abaa712e711d1f7fd109996cf7462307218796ed59912861af340

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
c8f27a9beed6f55e86a1ba3bd9f4463c

SHA1
d18f190bf5670fefdd23382816ac2b993c0a5bb0

SHA256
f55270b38cf508b45e5b267d6043d302364e818c16d764c33484093343ce3ac6

SHA512
4d54c3bc02c56cda9c0f45036bf7c4963e98db981b5f4249064c16b58a700f45510ba53428215d87661f4eadd38d148a5c9c1f17ff4450a5c8a53713ed848233

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
8KB

MD5
09ececc6e097b27ee7d0ef297b126da1

SHA1
83edef859d2a5050d310a00488723b3abce1a27a

SHA256
ff6f3501eb9dbd970f18eea7f437c13b3f725c20eef69295ef509c0891dedf36

SHA512
8b18690d4051dddcc0a9ae6a01830789c7f8dbda95adf5f413a29d124617715487c794842c4f5e0890cd46a8f06b807e3ce08ca3c9253a102a0a4cb4e662f7b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
13KB

MD5
01d595d73c124d30fcd76f78de3f2696

SHA1
32f2c7f9a7ab085bb946025e7692315943a23223

SHA256
06b5f2b5f19d19b1bcb8db86da7eb441eb3405e6773eeb82008e56f687c171e2

SHA512
d0bcb851bd4f25fa1b47d6ebcc608e9b95575932f9d7ffbe67fea0e17e2a3f218ecb591a13f992f95ea73732a9051bea6b2ca58099685096943a3a948a11d8a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
18KB

MD5
741e1e76d2eacc05941fab19a35fe526

SHA1
bd7fcd8baeb9f4ee228da908062147a0b66a4a1d

SHA256
e2762940ab476126195a51a68741a20e2839b5b99852bf164eef4e6d94ec9a25

SHA512
6f8a4d81fd81595204d6951bd8a23a98dd81540f83009512e5b6fed3f8f0c86f20c62221d6f085b2ebf94522e0dea51a688d6528087832e21e3059cbce207c49

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
19KB

MD5
329990e28780a06802a473525612639b

SHA1
5cdd1edf5ae7150892c50800a9505a376f6de277

SHA256
d880fce1872275e58a520e4ed17614d3f7090aaa77f2e0e2a029066d4d0a2f8f

SHA512
fb83c62a9b0b702c116297c1daa3655e1cff1405654cd7186d46e80134afa1d7082f261f52396b9b26fa9e9dce2a6a034d1e71e76c05cb56a58b57b1eba8bfab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
22KB

MD5
44ced81586aaceae01dc5a3224bd9c75

SHA1
396e6ad55c3dd4838098903f04cca986c12a6fc6

SHA256
de44d04d33bbb021cfb06780fd47c1757910d0a5822db2d35e538bc9298f8850

SHA512
847e6534cb4e19c7b11fd198f80d6b249ae33586e133e9bd3ebdedd061d47dca5f0a48b17dbcf627eabb903b0543a85931402bc9e8b11f6993ce036d16171a9c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
23KB

MD5
2fb0c1eb47490b498041d23691c05d39

SHA1
f429f9aa7011f0b550e0ee266ea065fbe35b29c4

SHA256
2677102707192daef1ad4cea167fd7b78fec1b67d337a03a5fffd3c2ab8df7cd

SHA512
4e95e020694bf223c5eee9f5bc9fc4a6250e36b9c93f31e69bcaacfcbf9b487ba8dadfa9b4c07d0c4ff51ddf7f575bb025f30d77c30c2a3e138e5d671cbbf1ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
24KB

MD5
fdb63762abe981c33dc0c511905f4f14

SHA1
64643bcacef291b6525a0268242856080a1758ef

SHA256
2f2e2c418465d4c692fc721d851d631198bed5379ebd6f15580be9cdedc43142

SHA512
05b620aacbc7dfc391145de99ef20c006da9021fadebc84814b3b2cc3be40fafed42adcac5e24f89112cc2d406db1b74450262f0694182369627b20910c99e88

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
15KB

MD5
edfdd2ea005f8aec9be82afd7b1b7c09

SHA1
49b5ec6c6b1cdf2338fdffc1e8192ebaead7451a

SHA256
d00a41bfbc7d6b4fd251d559cc4b143c321ff0a65d0585a218b8b4788a09dec6

SHA512
04bd2fcb02576e00364aee08a3cabd340fd00956756ee410a546b0e20c3da7730e8d3022e73e12fe7b4a8f86eee903c7a4d5fc12267eab2bb90d3b005387c295

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
13KB

MD5
2049bdaceb716cffe44122ddbca44738

SHA1
9ed17598c5b68ca39add7484261bd04e3330af19

SHA256
83e4f4aba10a0a0e66ed74a6f2127af87a064f4a8220a120f9f1ef10c7b79369

SHA512
ce4ca0d989ea6836ea9cf02c43291d7962d4f39ae80694214606985553b9b72a7346dac46abafe5ecc3fbb769004e4c7982b7538adba17063ab4e27a9a5d2a16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
13KB

MD5
ed9f25aa45227939fe451f4019d5a014

SHA1
9e556e1e84d65bf4dd797b28b56a53714c872dbe

SHA256
92fbb8463a2249f588ce1791880024889388cc847b25c9a22bca30ed93d80647

SHA512
56e0f6f99985fcdcd5953ac16ef0c8199cdd6663f98a2591c39f05e8c700940174efbd1962a3d538be6713fc8137a92d3a0e69fdcfc47e29f52be242b6f2bfc7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
13KB

MD5
f0fdaa9fc81eb0127246076c0f6cc010

SHA1
421c247a3cca4eefc57a06b549b2dbedd2ba8107

SHA256
a3e1ac8facab725fb0da7d268fe160f2d42a0a8b5a417cf08d2201679a01e0e2

SHA512
bb8f5d830190ae5fc70f5f2761611907f553f654e52ad8414439e829e130b982df94d2cd4c25f76a80cfd41dbb547864b6fa114e9742d0416c6a25a70b1da6b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
13KB

MD5
422eb712b2a4d4528f06d38f31b622d9

SHA1
d9303d22a66dab909287743b8371f504c5e865f6

SHA256
4b637eadf0175efaa87da9f074834f0d8e99b469a8be98fa1119f0ae49ddd23b

SHA512
c10765cab26f3dd0a7425d0decf1c23153089be12c377093664f9d720224d29219c6059b8b9511054745da09cb37c3e66846f5d2347267a783e15bdf27f1f07f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
15KB

MD5
2287960753b6b48f6ba51d6dbc090bc6

SHA1
95a4325b90659fca3aebaa96a154920137b72939

SHA256
7754e44f79c5cb6a1062edd66814b595b75c2ad1d29a952383fb28115c2a4d26

SHA512
5ba085cba7a1dbc01f9769d6b17605a65098d1a37232fafdf14997c0b62141cbdd75ab4580615bc9e71835f155f77b62b8c04a6058c4a50d6d78c016f880dcbd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
17KB

MD5
8a727ed647d6bc2398b45ad0444f421c

SHA1
6dc38e86f9047c0beef5b8bcc47c4de9d100ceee

SHA256
07e139dbc7b478e59eaec27d1bdab10c5ee2665c70e5ec9a5f25c5ae24d9d225

SHA512
f543f52448f58153249b106b944e622ccb44775a78c9c34c1041b91ae06335d38c0a4286a5d81323cf31f247f314ad97200b0f2fdc117955ad850b5f8f05d0e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
18KB

MD5
f9486d5165193eb98700effef531a5e3

SHA1
e7dcc73b9a82590bca3c037afe69ac0ed6689695

SHA256
f041b4e53053a816a9ca36bfa48db3f791f5c68f942c2b392be63845a714912a

SHA512
2d98809536e956b56c99d0ec7e4e02c7cd11556677c9b2c9b92da9de0dbdcd0d59cca4977be09ffe968b3c006e4e4b46dd5117faf326d2b08999e3584b6a8c7f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
18KB

MD5
7159a828bf0ae3b3cc68cde7d7d4e137

SHA1
ccabee991df9fdd9597ad5fc4fe2387c1a3be15b

SHA256
6262f41b7e126879388912357aad443bdc87f38729debc4e8e2c94d1bc8fbde6

SHA512
c7d7844ef8d836fa9588847a643c7e4c99eaef2a3fbce9a21e4d3447875532670747bc0efbc701cc788be79e90c73e6f343370524c0e4dde6ac688675f93ac1a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
20KB

MD5
241470bc12789b2620642879e28a2dba

SHA1
32721ac914dbc578a8c26a2f2f3802eb4c12845b

SHA256
e064d79f302177cfa0ee1080d8c7f898ec39902e94fa3cbb9f890f942be1d541

SHA512
3f4904334728d7b7dd83c6120e09ceb93a4da05a919f585b57879624959e0d332cd4ffdcf8f2bd8e9caab7555581b21cef5b7d3077ab3b2ad59d28c32f5fef41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
19KB

MD5
7a2fafdbfdf2fa3756b20adb5207bad7

SHA1
9231f35fde7b803969f8e0492d81b304be5f089c

SHA256
a7ac860e593b208cac2c5329aa6373a552f70ebac8a89e99a17f39d9f4aa2f19

SHA512
82253dedec34cebaee6bfc42f77c4fadee2d0e80c2c6ff8945681c058153849aacb6ebfb9fc43b8d955a27e330b89dc9021616a4f0b2aef5fd268ce3b092a7c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
18KB

MD5
edb1a27fcaa3ad4891122ba7dd20b5db

SHA1
0fffa6139e901dbfdef00a2483162c7ec3c22f5e

SHA256
a14f3efab82e0a604e79e9d1f9ec1dbe52cf68a733a1b7f0c1777065ac01e022

SHA512
906c8ab932df31623dd8068763265868c547e36b75c7a7051963e0c289a408f281afc76729d785ae366836e16f0e8ca68b3fee3e4686371bd764c9a7ec4643e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
18KB

MD5
5287a1bd4b6a2b26fabc0be68d1cf989

SHA1
cdab3beebd1b5f7358c2564b6677009e8e631529

SHA256
469597e34252edb141af64baef384bc934d0ffe63350f253fbb78e6bd2006905

SHA512
b0bdf66aaa28adfdf7e4f096637a3f8dddb771e466d72f6c0458fe2b313275fdca55daa40401817c9fd915f75145ba50d94fbab296e47eef367cce24f9076f1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
18KB

MD5
c1cf03e156ed838dea41af5e11aadf55

SHA1
08820125107152e12679a0701ddd2b04e562d167

SHA256
3497ab01beda690f079a9f7fe89dddd0d2583518b31b664460bd6230b4f10e0f

SHA512
8007136d53410dbefe8a9c499cb1e9451c5342f102343f534287bc85dee3025a1d56a61f056bb1074c645c33882190e31aa2ca2dd3580ec517113b319ae7777b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
24KB

MD5
af9e83b9aa7c6d649fdde254cf1a0dac

SHA1
8c2e84448fcaa47d88bbbaa44f174e1866cc262a

SHA256
a4eb5b3b9ff0b1b1f5eec72b7a3446eeb125c72db64aab032f52e3f35513f297

SHA512
43a4d3133093820bc1e72334e5faee3c84e02e42f121de44917507207765f8cb67171ebbbaab8fd3b5cac4bedff6ba14b5a0ec26b915542ee67c9fe111026a26

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
125a98630e891ca4aefb930b07247538

SHA1
992e5feff706b1e92542d741cdb3907e7a9ea6e3

SHA256
c327a8eff87da0ff72242a853aff03aae76ff856a0f7799d5a3022d15c5e457f

SHA512
8a6d7bf88c5544f22bb8158f1bcf1624db7033e5b795b4382258beb7b61e9d7ed9e20a98a93cba567cfa9a80d2b58e3046d26683c9fc9d337427cddfbe26471a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
15KB

MD5
114f4bf652f2ad88db2e5f0c13cf35d1

SHA1
413a294179e0da92468ab56ae798d6c2e5dc91ef

SHA256
61fd2b19844d399d217930f468aca80f558eda10c46935a0b166e26a3dd6c3c8

SHA512
6a1a665e686c40676dd38f79a51143e11466ad44fc21ee712d99d029b7126d555f6f9d6c0c8bc527fb256934ed34155d3307789f31f62d02f2980df351a3ed48

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
19KB

MD5
daaeaeb1ff11e77fc473edbdfb87950c

SHA1
d70e96c052daf7d490b3bf89ba779b692c9bfb0c

SHA256
2d81b08d0d5348e250ac50bd8a2e21f39e0df6c29b94f29f7aedb618cd11af00

SHA512
5fd30ac5e3a7cd06f983754d3c7724a2ecfdbb1348df27d3cfe7567da8c9b7a1b7b158159cebbc6d545638ebd4c1e6e2f068ff75d171bd06ed3c856316b6ecd0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
8KB

MD5
685a52dacb88079ab911ba3858337712

SHA1
492162fb3793aa2d84a059d5d8c20431cfb50473

SHA256
c0593388821d7c628b532cd427d558ef2dfb3bac8a28434ddf9c9cb1190515d5

SHA512
95865f55eb75af5dabce7b7df3a48be1e7c4ab0c1c340d16c3b0a5f3042e9841ef27c14918b4daca932257db5e5569bdc412cb671cde40146018b2da3e866012

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
17KB

MD5
33449f15455addf66158746872f60a6b

SHA1
12fbcdbc9f204cb1328a69341606354f7c89e277

SHA256
cd36f7fd93ce2480334d25df1016d82b257c7384def68d864bb72377635f11d7

SHA512
85960c0c41599fae2a646ff41ff1d7edc2de2198393ad73f2ab7e937981e9d01fbdf2db07452f4d5ed2d62e0b7df4b46ccf9597578d745e746ac0ff281d80681

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
17KB

MD5
5d39d2fe3fa3878238468391f3382532

SHA1
491118698429ea6c03175d711cc550d47ecf3306

SHA256
e378a63f5cb80ae365e757b9dd0f3cc8ea23b424b9dd7e92cc4226d913513ea2

SHA512
c39e9ad885f65db59866ebd372a940b3bac3837b2ade9ea191e77588f2d46cb776cc09ff7bb56fbe85989d60c0988fee4c35e8836c7815d3d23972941173d896

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
18KB

MD5
20dea82edff63dba57c4f34eacd09370

SHA1
527cf96dfe9d288bdc6bdb889e638371b8bc1720

SHA256
47c0c9f1e280d2d27d7c3900d0b67701696d7645936db48b4e580a60d6e1bb42

SHA512
8b1aee300ac1f53bee98aea6e14e442d1b5549e089896f715432322a12df00d32dc4909f2f49137e08b18325586a8f5b4dd9f2e743ede885179e214b28e24d66

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
18KB

MD5
673a340e51d6db1ebab8e9758fbbce0a

SHA1
87b769ea99d814e3c4116247f9fd310ea1c34ca0

SHA256
1ea3b6c2ab59959e7fd44ec5e443baa527ad76cce6cdfb06421369c26598a0a8

SHA512
74bc0c3bbcd8765f010e948dfb87731cbcbf722961fe329ea0dc45fca50d008dab2d7870d014b4b15b030c1c22d67729bbcf4cd7374b2984c1d2e3e8ee136c43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
13KB

MD5
9b435aefa859d2472cde68012eb5e40a

SHA1
eaaba46d7ae05a5f8a584b052ebf7cc9f7ead091

SHA256
145e68461d6ff1641b01b07a957bb00ca3b1d6db846886d70b5a99129239a43f

SHA512
cbf3992a472be4230e2db27838fc4c9f6476943b458f1b825610e0404d2cc59b910b35e4cfa60665553fd1c8926b79a78f46e425a817afbe7c2c7919964f864a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
17KB

MD5
3c1ac73bc8866a318dfb2e4d6c7b69c7

SHA1
a17bfe29e1c45499ea4cab23a76887c49d66a49f

SHA256
94c84735f69e72a163252454ad329daca01b84361478fb05639dc3440af4f104

SHA512
cedaa07c70154810378a903b327e8f401d1434ff0a1bdc032fee167b670b5228277d6e8980a5d54b8a3f82bbaa42c6f3db2b06e3b116dc6d8f618f8f170c7a2b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
18KB

MD5
ded19b9bd7e8cdb54557395e474ebbe4

SHA1
62b28a680b157ea122dc02c928451f2341044204

SHA256
e7eddabdbd779ec91c2dd2cc84998df0ca979b2d105d43b41d5511354f740361

SHA512
26e33a508280467b0d1a36deefe349dd7b029dc6892a75cb581f6845f6075a40aeb5a9beed5a490953b295bc57746cb7d3b6e751b13b9442f5348e66bcc7cdae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
18KB

MD5
2522800c52236849583fc522a3760b3f

SHA1
9e8d18057d171d31e5dd256b69b947aec989c6f3

SHA256
0ef6568a35add18c9c31aa60faaa45a52e9ce3a3cb7999c1d85fb22a7301ad8a

SHA512
c2e1ecfe2789da26830b84b0cdebbe4850d09374a2fc25fd9b0da810fbedcc438aadf33a931e04b3231732ae63a1a6eb4253266d90267d1555ab39c355339612

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
7KB

MD5
0f016922c2185a7f89fef46dc1050433

SHA1
51368f3f7415adbcd718d46d7b2276a3263c127a

SHA256
12ccef5509488838314a30719d11fa5ba9ce5a1e1e7d4fce9ec28f63e69b5615

SHA512
700d4601b07bf72e3c0d01cdea9b9664a7bcf3e0187cb9924d3dfe83c45e5d338be8b55ad28628fb5daed5abfe3d726ab1f5fecc0d40e5a5525eac22d41014c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
19KB

MD5
0261768b51c9e56b881b83155907eb52

SHA1
e5fde58b679001cfbdc664da15534cad8e3523ed

SHA256
b7c6197a96b20ee0ee3538a8c6866a0ae2ed97e765593ecf5f453d1df0c25ead

SHA512
13811544e8d35551bd0f3c40eaebf44e167fe7ac141d0b11370b624efc3610a7a2278a34db1bc97a88cf0ce3bb256f2c5bfa624ba8e2b804ef0f6fe9a294e6e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
18KB

MD5
dec886d974a6a18ea8356365d29d9ce7

SHA1
5a5fadb0228411b5887109351f1a6232a1122f80

SHA256
1f2deb7d5e3c7c42ca0dfb48890d9b25271a24599a7acdbd8c9de2d5da5dc56f

SHA512
ec8810ca3b84654093d4d7fa57f39ac2ccbcca545c4ff7ddd938b0728d6c802615b81f0661e3117402c23ffacc032549e909128238cbc23372376f2d38e413d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
15KB

MD5
87d4686db8866c2330d384223d67d8ea

SHA1
ba9ab60b3ab25d0f22018a623fcc352950c26a3a

SHA256
cdc680d2c1ce4d45e11ad3a4d874e3fbb9dd86fc76a57c634f2b0a3ff952fad0

SHA512
95fae45a0043fed52c6052b899620bd450d639bfb67276aba1af4b14f31ea9a48ed1194861d681ae6af877c70c93812ec26d73e2fed5144aca240c7b8eb1d104

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
7KB

MD5
78c0b034e500566db25a70e661e2acd7

SHA1
cad82ad6bae86c31e4392392102b097540da6bf6

SHA256
fef50dc3ad36779757192ec5b2256acad79c058032c781176b8ec71b961ee3c0

SHA512
628cabc95e2e4f0d3aa12d7160c635030ee70f50f39b6ea5b242de927f905f4da13e5d77d5882fd467ab03d316ce393012fbcdde765487045a25032687127d00

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
22KB

MD5
6a7c3d854fde8cb682d4e12af46e6c26

SHA1
e6358ffa3a570c9cf1dec62540cbda0d04b095d2

SHA256
285d7df3acc0b474dff23fae2e94990232b73de2999ec8623196024651eaec9b

SHA512
2df7b2f4e1786e558a098e027a07d1d85d995d305e5a87aa9bf0fa6a304a62e2a858108468103ae4501d4d56a0848b002dc6857819f18d40a7028d42174a46da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
19KB

MD5
d710b9691862ecda4400fd0ed0364f59

SHA1
c4cbf083418b9a9c0c32d7be00a93025d8209f2e

SHA256
f4cbc312a113fa0ef1fdb11fbd972c082b1587b2d427d243a7b0cdb23d81922c

SHA512
3d4be29f04909ccdc5a4047258dca7db9034f4da24e20f22e9df87897134095d685390aa73e57d60545ee6e79dd991a4f385bb72f82d65a83a4e94ff60635873

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
17KB

MD5
c87b08e7fa6899316f1a7bd82962fac4

SHA1
4be9ae1cca9cd09d4d7d5fc6a0e5f59fe187644d

SHA256
d2cdafb58e99843e4e170d6872a340e05a0797cf7b18b2e19f0440abdc7a8eb6

SHA512
457f59197b10252ab02e9390650e6b01a001cd0748002217a69aca90e2c92b86b2075195078d65eccb067a7f8092403721b0c9928ce2b3743f731ed43222ee7b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
20KB

MD5
26d7b7f61e4e414d0424b8baf0e47c59

SHA1
ac6e4101b8060a2f4334c199ed6cf8b380862e92

SHA256
c00dba65384c509bab44ea1a1c7d5e869e1cf5c7a5e1594ff168a5f2757b4f14

SHA512
39e12d1dd04d05049710bf8a7546dcefd9b0905d080193759adc502928425cca99d17c5fd3ae285a318cf52901252fdf7e305a9f1e357a5eca7f19b8254171c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
19KB

MD5
b00d2d8b5c5536c88a8f00b2fd28264f

SHA1
dff9c93348f35dd242c9ce841d285a9ce23349ed

SHA256
3c6f550f735f236a14790e27dc4929da8f03cf6ecac403cf7c200bff9eb65c04

SHA512
153eaf02779aa4b46fdf6544bf6c4c31c13660680ca9756ae0aad29c8bcfc2cacd86804004e8773cfa980d3daf404ca8b4ef0e7715dbf7adebb2772f43bbcbda

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
19KB

MD5
c3c78fb5c2fc8b0c6579ac46e4bf0f2d

SHA1
2f9a4686097d2c0bd7973ae05157a749fb3e60e0

SHA256
f6de172f1883fecb1aa507efadba2fffb1d0fb6b89a3d36d2bdd351b160401ac

SHA512
87290e2143bf8aa32dde6a5f216a057d74121149c9e64f4c0995848ef1cdfa2333e07bca15609846540ca776780d3594cb8f9f8c0e3b1605014963213a09152f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
15KB

MD5
4e30de87980db557f7d0e329e8a6c771

SHA1
60e8add003feef50ebc6f891be34aed65d4b0bf6

SHA256
f3d70dd6f624134711edd0ac351d1397fb312460ab1c10d678f477a1e527ff3c

SHA512
12bc3cb4128685afd40d475259ff789b3553d689db225ecc5c20ffdca346620f8c2a764d3f59cc7c9a422e45ed2cf175c14331e20b726e78efe3fda364d3ee7e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
19KB

MD5
9bf0a7d49a888d4d00e5e9f08896f427

SHA1
dd247d13cac45921ce047dfb201137c9ca8685da

SHA256
e196e707d570b0880f48d3fa2325f0b2a2dd059cd105f6d6f23205e57d387b52

SHA512
d02e2c6d8e6427b3b0d6425cb139109e918e90233207efb8c16ff3be166221a5293a3d084916ff44f8462f46df669fe9d42868ef8a9945e7066e37ed1406c62e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57f983.TMP

Filesize
1KB

MD5
16ed0b81a25e4660a7bc5b563454b279

SHA1
a120377cd1ce2c806be2c725bb968984fd4ef704

SHA256
93d9b035d37e2fee1bcf9a3190845f38580df267694449828b0f20a35d148c5b

SHA512
6aa750d82b30f8303a7a31b5762f19b97ba189a513bd418f157407dea74a93bbca9388c75d7518cd3fcb56518f1d825c31930a5fd6628d03e28f95c89e57ad6a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\f5568c6c-1d05-4807-aa1c-257ce7958d95.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000056

Filesize
20KB

MD5
987a0a45f7968d9478e1f2471c722699

SHA1
9b0bb232cf19d4598ae27cdecd57280ccc98c913

SHA256
152ab0c235a6740a3b0e5c8a6dad9198d37b51625f82e2131811155326a503d5

SHA512
4c5ac85b9bc8b62415368da2025c3b77420e85ef49d61f70e697a7e53ed66dd1758cde859273e229514185ed832fa98bcf96e6ac82238d52178012075f1dad44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
5944af6b8ac6b61d1fe33c16ff526a46

SHA1
549ec1d61e392a434b2d788743f5f141a87d3f41

SHA256
b1026ead473cb5ae642808b3c82009b322f8af9f77bf010d81cf0e34fec1f10f

SHA512
c5f1b314daf5dc420be6410a8abdfded2eebe8e80e0158ac3b46a53de8fc437e5f1c12d6ab72304f1942a4c2d9624499430d2978e22cf07c3ca980869d2936f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
78e8024cd13678e0f9d1f9a21ced6f9c

SHA1
750d93bf91fae1ba13e887cdf5d334c5500d48f4

SHA256
5106942bf83228d10c419d66cf812f2d833dca7780a309bcbdbf6f0802583db8

SHA512
455bce6e53e86ddafff5f3f4330ee81bc7f8360b2b4e030ea6f6548db24e6f1bacf3a04a38deacf709317045fef3146669328a0f834a9fe3cd4764e72dd1b251

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
dd189628a02add9c119799255435c1ac

SHA1
d5df4be0d52f676b01eadebf5f6b2e5b90eb3ebf

SHA256
6c65b03356dd5f97be2c498dab813a07e88a64e3a50ec0a8c7ad15e65bff2772

SHA512
93e011d8f67c67a298b1ae545294da49d17315f1b3d096143f5f56bfef8dd75e48e7bd020ecd9c855e2cb56d3a435f38b91604932e80ff2fd7e9eca8d2cff72d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
9545fd67bf4163a201e322eed5695e21

SHA1
09fcec71acefa20bdf681b30bd5cbbbb2317b366

SHA256
0d13f343fc9b0a484e68f0ecc7560e7450c761193604f474dae96edbc5ae0c19

SHA512
15c4ef5647a6e45ae16a921a1a4230dbc2eae5bc132005a516389f91b82dd6e3f06176b46d638b36b99f4df7a44bb411dc6cc9d5fa2492253f0eeb078581fd53

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
3742e1035a8b3e921e6c9749d9ab60db

SHA1
76fc534120e77e67c72cc9e355ef11c32a000812

SHA256
3bdd44f40f5817a20a22732783f6c9c3bfc3a780da39c1eab202d56029feba43

SHA512
b2fd8174bac1fd8ef6602ccfa8f183a12dac6182f949f56ee7aa3acd990ee989ec35914a9a2451b05ee16203acf2f3ac91a21817bdf2ef4b0636136b2ad66063

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
b6b397b345f0a91345b123ebbb0b900d

SHA1
cea0bac28f645e9420b4f1f5f601ad3c1bf0025d

SHA256
d34998b44cc64f7768e77bcd3579bcb320e37080748441ae8edaa6445e2c9a58

SHA512
746979fc1a4d055ef7d3813022cb8d8a1e6d768e9683480822efde14592b13b7c9b344ad31841e45006d197a52ee303e65523c22be8cae3bf5d23b9445198f59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
07ea3986ce7894b560cc6a3132e5f31b

SHA1
1c372c29dbcd0b7c279799f463db7bb9893d0803

SHA256
ed2ca1903e82727f76ebb9ba78699dce96a57c33ff150eef189218554f2625c6

SHA512
3cc6f1a5a5616adb81b2622bf01bad3b28f5db0ab2239e7be6c22141c133a596f6c67e7cf4ac16889f0af406f7dc015319d8afe6a89e429a20ef61dc5f90567e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
9589f1fa6bb903b1a675a6ea345e7afa

SHA1
7898febc5bb4155f89342d7412970b87ae53bcc2

SHA256
25364ef9086eabf94f58c3d92e75aae31a9f6bf38ac1ac957d1521a1c32fd819

SHA512
ee03d0779dbaef51858e790fda505cd64a7500d9d044bd6ffef2af20f070d93a9c3738c023b680a6b25212a1d26feb535009f9838693d55fed3851e9ea4dd638

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
d2d6e0ea76b22b429020b25a83629052

SHA1
bf77b39270d712f2a16fb8fde8fdeb5e6c86bad9

SHA256
455b2c3bc1be038c7e08b1d38f1032e5b912c595c5de39213779abe518fe4e66

SHA512
ec6eaed3cc5f53d2e4603362191d83a21cc9369f30491437ae36559684db2af1249f01f44de7190c431a13eb7d3127a903caa0e7dc10ed4432b0287256bdd083

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
cfba77e8fdecfa5ba22f40c1fb50de67

SHA1
14f11cc939ae25366acdc9c06ceb09a270a8ce0c

SHA256
e072b7c63992ac583b14a066c8a79f713ea02e48baa0199195d5aa21ce821e31

SHA512
51c687f8b7e49eb2e902833d1eb44be1ae89562fb9b691374e5dcfbe67d67126ce3068673468778b605ab06331829df19b11d2081a14ea4817c755bb9816d4e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
98f1c4143e5a376f34dd52177f6653f5

SHA1
60230db2e2f78c44289cb9864123d675ee2cf6d6

SHA256
4548f6ebfb2cf12835a7fa7fd90140a92fc4df85f4736c2b24e2a09a7cc1f9d8

SHA512
af4176e8205acd795c76c6adf61955f86b34ebbf0132bc2b04ee2cbb4dfc1093c79edd59495d4dbeabad7f72961412e6c52dcc586f8ff88befa08aff67011420

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\uriCache_

Filesize
29B

MD5
47d41a980668e9bfae197488d6d56feb

SHA1
8acd8919b112d637a18e4c2f79f61fd62d2a1e6d

SHA256
87c1ba0f3a75480bef554b38abd51d7858bbe2cff07d4fd29162b4468d2b6c43

SHA512
165cf9913129bab36c22399c3636960cff235313256262439bea6a1ed78cf80d65690254cc63148e7e13bb515b513037ab6be7d20efdfb12b07985339ada36fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

Filesize
2KB

MD5
f7524a17f753f0e27a57e97416cda5d4

SHA1
247d3e4d8072341f2310afa27036bc46a6b35fa5

SHA256
db549845b939c9b8c4454c38ac970e7b7930780b36246d0c3e510e3237f868fe

SHA512
4af757c8dc1b960f3225ee61bb1ffda2c659a4fea510c95eec0104ace222d6bc16d2932bc1262d4a275b7954a3f6478e1e1a6ea062a23b648ba416f3e874c6f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db

Filesize
14KB

MD5
458fb8d71f5411813a1353c2756698dc

SHA1
ace42d9564350e89ea3e4b9add8c117099e81371

SHA256
77cb9f614b9e9de423a56906e7c1c161bfe793aa03426bce3e448669e4ec2880

SHA512
b9e538a0dbf384f6394840e4fa755315d864070fd63544e97b70c685e82688540f2b60f85cce0d1490e88c81a85a3d9d79a83d82ab2d17ee2b760e5fbd57c9ea

Download Submit
C:\Users\Admin\AppData\Local\Roblox\Downloads\roblox-player\1b57a241eed58ce47249a846f2391652

Filesize
4.6MB

MD5
1b57a241eed58ce47249a846f2391652

SHA1
345999af03a6c515191d212a200fad24039100c1

SHA256
25913bcf70e0a8447e3ae39294cb3c3be44f15dcbccc4a0cd2aa4538e5ecc0f1

SHA512
870cc586696961c4de63643f264514140357cad1c9a4eaf9f1e631507c680359cdc760728afd46f6511155dc5c37b7c61dcd6825b185635aa0353fb18313a8c0

Download Submit
C:\Users\Admin\AppData\Local\Roblox\Downloads\roblox-player\2071a20b3379c50b5481716951e9a32b

Filesize
5.0MB

MD5
2071a20b3379c50b5481716951e9a32b

SHA1
727ee72cf45db1f163e2740072d8c55d52fb2741

SHA256
26764f24835796bc0837862a162a31c7a5e047490f1231e21a037dc6c5a46a97

SHA512
c96e3fbb9ab584743bd85a52ad7c0abd70ae808bb107e7717e5e1fa19faa5882869e630aa4833bfe282d23f16cc1fe48e81732ec9c607455c08d17748e437496

Download Submit
C:\Users\Admin\AppData\Local\Temp\4434.tmp

Filesize
12KB

MD5
6959ad27368d4c7c51721f1e3f9ef0fb

SHA1
bbaf5f1ff4b015f0a2a5453801830efb25080081

SHA256
c0eb4f576f8464723f2b8aac6a30d3cff6250daac7a26493418d190789e287e1

SHA512
3417a4179c16ab148b02c2367142826182d1f6696a0dad3e5c44449e638aa13819b2cecd00239475fe86dc023b253605f1d001ca3161350ad87cf1a712af07f7

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zO0684876E\Chaos Ransomware Builderv4.exe

Filesize
548KB

MD5
9a44537dfcf8ceac515c4aa92f30f4af

SHA1
9a26c3ff3251f69950ce09e3692ce14b5dd536b1

SHA256
3246be7f25f8f4cd9ade8f0a8faf12847df126eecf65d7e8012f35ab45e73a40

SHA512
94da6f1aaae6c25e47e31ac246a8703ec8f7b2893a44ae10f7600cc79ba673bca60d7fb41b2ebac8a4b5497ab98a0a195a32d93f4fc140ba7c9cd25811943500

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zO0688ECAE\Chaos Ransomware Builder v4 Cleaned.exe

Filesize
345KB

MD5
30caa962e1ee863f2fcbed2b8e38f207

SHA1
3ea3d0fdbdf6339756983152df6e3a28d5873a11

SHA256
c5004c691b576c3f3899d628176ade9d8c87b7bf6d44d96945b4d1df1254a132

SHA512
61ce53a94d0a4695368d33f9e3a1435800b9fd828e7e0c14144a0e45ac3ae7c4b4c04ecf9c5a5b794c2049759dc34df6e23ac39741c98bbd8cf18bda9d1c2a21

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zO4F8B6C5C\KAV100720_ENU_DOWN_331020_10.EXE

Filesize
16.8MB

MD5
8a8ddb1e199b4bcf58c678875d02dc1c

SHA1
786fba082a6144b3470f69d57e0d501572688224

SHA256
ebc50da2059c40c77d2c326bf4364aed077982c0297f66908a85f5fce975482b

SHA512
2d238bf3301c5573f83b28f499582325fd57607ef373fc7f119a34a0fd572ea5d5170e3b8155bfc4bfab671df9bf9de3da0a7f05017cd91a6bae7dbe57fab6c3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\138781711742349.bat

Filesize
400B

MD5
ab68d3aceaca7f8bb94cdeabdcf54419

SHA1
5a2523f89e9e6dde58082d4f9cf3da4ccc4aae26

SHA256
3161fdccd23f68410f6d8b260d6c6b65e9dfb59ef44aef39ebb9d21e24f7c832

SHA512
a5de5e903e492a6c9bcf9fbc90b5f88a031a14fca8ee210d98507560290d399f138b521d96e411385279f47e8de6a959234a094e084c2e7e6c92c0ea57778f64

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]

Filesize
933B

MD5
7e6b6da7c61fcb66f3f30166871def5b

SHA1
00f699cf9bbc0308f6e101283eca15a7c566d4f9

SHA256
4a25d98c121bb3bd5b54e0b6a5348f7b09966bffeec30776e5a731813f05d49e

SHA512
e5a56137f325904e0c7de1d0df38745f733652214f0cdb6ef173fa0743a334f95bed274df79469e270c9208e6bdc2e6251ef0cdd81af20fa1897929663e2c7d3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\@[email protected]

Filesize
1KB

MD5
b3c12a84a327c85377b9df751fa8ae9a

SHA1
7832b805b3b01b120aaf11ac3d309210630d446b

SHA256
3c355efed6e8ad64437406c20fa190e3d203fccd6d86a059644d90e231a204bd

SHA512
dfc816f5d84e988f8cc7d0d34298a78dc41a7bf45c0fb2b8fd439a92d2ccbab030c629ff35f67861bdbfa9de7b176307c2c4773f2d1bef75c387c8f95a7e4c98

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\TaskData\Tor\tor.exe

Filesize
3.0MB

MD5
fe7eb54691ad6e6af77f8a9a0b6de26d

SHA1
53912d33bec3375153b7e4e68b78d66dab62671a

SHA256
e48673680746fbe027e8982f62a83c298d6fb46ad9243de8e79b7e5a24dcd4eb

SHA512
8ac6dc5bb016afc869fcbb713f6a14d3692e866b94f4f1ee83b09a7506a8cb58768bd47e081cf6e97b2dacf9f9a6a8ca240d7d20d0b67dbd33238cc861deae8f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\b.wnry

Filesize
1.4MB

MD5
c17170262312f3be7027bc2ca825bf0c

SHA1
f19eceda82973239a1fdc5826bce7691e5dcb4fb

SHA256
d5e0e8694ddc0548d8e6b87c83d50f4ab85c1debadb106d6a6a794c3e746f4fa

SHA512
c6160fd03ad659c8dd9cf2a83f9fdcd34f2db4f8f27f33c5afd52aced49dfa9ce4909211c221a0479dbbb6e6c985385557c495fc04d3400ff21a0fbbae42ee7c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\c.wnry

Filesize
780B

MD5
93f33b83f1f263e2419006d6026e7bc1

SHA1
1a4b36c56430a56af2e0ecabd754bf00067ce488

SHA256
ef0ed0b717d1b956eb6c42ba1f4fd2283cf7c8416bed0afd1e8805ee0502f2b4

SHA512
45bdd1a9a3118ee4d3469ee65a7a8fdb0f9315ca417821db058028ffb0ed145209f975232a9e64aba1c02b9664c854232221eb041d09231c330ae510f638afac

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\m.vbs

Filesize
279B

MD5
e9c14ec69b88c31071e0d1f0ae3bf2ba

SHA1
b0eaefa9ca72652aa177c1efdf1d22777e37ea84

SHA256
99af07e8064d0a04d6b706c870f2a02c42f167ffe98fce549aabc450b305a1e6

SHA512
fdd336b2c3217829a2eeffa6e2b116391b961542c53eb995d09ad346950b8c87507ad9891decd48f8f9286d36b2971417a636b86631a579e6591c843193c1981

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_bulgarian.wnry

Filesize
46KB

MD5
95673b0f968c0f55b32204361940d184

SHA1
81e427d15a1a826b93e91c3d2fa65221c8ca9cff

SHA256
40b37e7b80cf678d7dd302aaf41b88135ade6ddf44d89bdba19cf171564444bd

SHA512
7601f1883edbb4150a9dc17084012323b3bfa66f6d19d3d0355cf82b6a1c9dce475d758da18b6d17a8b321bf6fca20915224dbaedcb3f4d16abfaf7a5fc21b92

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_chinese (simplified).wnry

Filesize
53KB

MD5
0252d45ca21c8e43c9742285c48e91ad

SHA1
5c14551d2736eef3a1c1970cc492206e531703c1

SHA256
845d0e178aeebd6c7e2a2e9697b2bf6cf02028c50c288b3ba88fe2918ea2834a

SHA512
1bfcf6c0e7c977d777f12bd20ac347630999c4d99bd706b40de7ff8f2f52e02560d68093142cc93722095657807a1480ce3fb6a2e000c488550548c497998755

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_chinese (traditional).wnry

Filesize
77KB

MD5
2efc3690d67cd073a9406a25005f7cea

SHA1
52c07f98870eabace6ec370b7eb562751e8067e9

SHA256
5c7f6ad1ec4bc2c8e2c9c126633215daba7de731ac8b12be10ca157417c97f3a

SHA512
0766c58e64d9cda5328e00b86f8482316e944aa2c26523a3c37289e22c34be4b70937033bebdb217f675e40db9fecdce0a0d516f9065a170e28286c2d218487c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_croatian.wnry

Filesize
38KB

MD5
17194003fa70ce477326ce2f6deeb270

SHA1
e325988f68d327743926ea317abb9882f347fa73

SHA256
3f33734b2d34cce83936ce99c3494cd845f1d2c02d7f6da31d42dfc1ca15a171

SHA512
dcf4ccf0b352a8b271827b3b8e181f7d6502ca0f8c9dda3dc6e53441bb4ae6e77b49c9c947cc3ede0bf323f09140a0c068a907f3c23ea2a8495d1ad96820051c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_czech.wnry

Filesize
39KB

MD5
537efeecdfa94cc421e58fd82a58ba9e

SHA1
3609456e16bc16ba447979f3aa69221290ec17d0

SHA256
5afa4753afa048c6d6c39327ce674f27f5f6e5d3f2a060b7a8aed61725481150

SHA512
e007786ffa09ccd5a24e5c6504c8de444929a2faaafad3712367c05615b7e1b0fbf7fbfff7028ed3f832ce226957390d8bf54308870e9ed597948a838da1137b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_danish.wnry

Filesize
36KB

MD5
2c5a3b81d5c4715b7bea01033367fcb5

SHA1
b548b45da8463e17199daafd34c23591f94e82cd

SHA256
a75bb44284b9db8d702692f84909a7e23f21141866adf3db888042e9109a1cb6

SHA512
490c5a892fac801b853c348477b1140755d4c53ca05726ac19d3649af4285c93523393a3667e209c71c80ac06ffd809f62dd69ae65012dcb00445d032f1277b3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_dutch.wnry

Filesize
36KB

MD5
7a8d499407c6a647c03c4471a67eaad7

SHA1
d573b6ac8e7e04a05cbbd6b7f6a9842f371d343b

SHA256
2c95bef914da6c50d7bdedec601e589fbb4fda24c4863a7260f4f72bd025799c

SHA512
608ef3ff0a517fe1e70ff41aeb277821565c5a9bee5103aa5e45c68d4763fce507c2a34d810f4cd242d163181f8341d9a69e93fe32aded6fbc7f544c55743f12

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_english.wnry

Filesize
36KB

MD5
fe68c2dc0d2419b38f44d83f2fcf232e

SHA1
6c6e49949957215aa2f3dfb72207d249adf36283

SHA256
26fd072fda6e12f8c2d3292086ef0390785efa2c556e2a88bd4673102af703e5

SHA512
941fa0a1f6a5756ed54260994db6158a7ebeb9e18b5c8ca2f6530c579bc4455918df0b38c609f501ca466b3cc067b40e4b861ad6513373b483b36338ae20a810

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_filipino.wnry

Filesize
36KB

MD5
08b9e69b57e4c9b966664f8e1c27ab09

SHA1
2da1025bbbfb3cd308070765fc0893a48e5a85fa

SHA256
d8489f8c16318e524b45de8b35d7e2c3cd8ed4821c136f12f5ef3c9fc3321324

SHA512
966b5ed68be6b5ccd46e0de1fa868cfe5432d9bf82e1e2f6eb99b2aef3c92f88d96f4f4eec5e16381b9c6db80a68071e7124ca1474d664bdd77e1817ec600cb4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_finnish.wnry

Filesize
37KB

MD5
35c2f97eea8819b1caebd23fee732d8f

SHA1
e354d1cc43d6a39d9732adea5d3b0f57284255d2

SHA256
1adfee058b98206cb4fbe1a46d3ed62a11e1dee2c7ff521c1eef7c706e6a700e

SHA512
908149a6f5238fcccd86f7c374986d486590a0991ef5243f0cd9e63cc8e208158a9a812665233b09c3a478233d30f21e3d355b94f36b83644795556f147345bf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_french.wnry

Filesize
37KB

MD5
4e57113a6bf6b88fdd32782a4a381274

SHA1
0fccbc91f0f94453d91670c6794f71348711061d

SHA256
9bd38110e6523547aed50617ddc77d0920d408faeed2b7a21ab163fda22177bc

SHA512
4f1918a12269c654d44e9d394bc209ef0bc32242be8833a2fba437b879125177e149f56f2fb0c302330dec328139b34982c04b3fefb045612b6cc9f83ec85aa9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_german.wnry

Filesize
36KB

MD5
3d59bbb5553fe03a89f817819540f469

SHA1
26781d4b06ff704800b463d0f1fca3afd923a9fe

SHA256
2adc900fafa9938d85ce53cb793271f37af40cf499bcc454f44975db533f0b61

SHA512
95719ae80589f71209bb3cb953276538040e7111b994d757b0a24283aefe27aadbbe9eef3f1f823ce4cabc1090946d4a2a558607ac6cac6faca5971529b34dac

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_greek.wnry

Filesize
47KB

MD5
fb4e8718fea95bb7479727fde80cb424

SHA1
1088c7653cba385fe994e9ae34a6595898f20aeb

SHA256
e13cc9b13aa5074dc45d50379eceb17ee39a0c2531ab617d93800fe236758ca9

SHA512
24db377af1569e4e2b2ebccec42564cea95a30f1ff43bcaf25a692f99567e027bcef4aacef008ec5f64ea2eef0c04be88d2b30bcadabb3919b5f45a6633940cb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_indonesian.wnry

Filesize
36KB

MD5
3788f91c694dfc48e12417ce93356b0f

SHA1
eb3b87f7f654b604daf3484da9e02ca6c4ea98b7

SHA256
23e5e738aad10fb8ef89aa0285269aff728070080158fd3e7792fe9ed47c51f4

SHA512
b7dd9e6dc7c2d023ff958caf132f0544c76fae3b2d8e49753257676cc541735807b4befdf483bcae94c2dcde3c878c783b4a89dca0fecbc78f5bbf7c356f35cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_italian.wnry

Filesize
36KB

MD5
30a200f78498990095b36f574b6e8690

SHA1
c4b1b3c087bd12b063e98bca464cd05f3f7b7882

SHA256
49f2c739e7d9745c0834dc817a71bf6676ccc24a4c28dcddf8844093aab3df07

SHA512
c0da2aae82c397f6943a0a7b838f60eeef8f57192c5f498f2ecf05db824cfeb6d6ca830bf3715da7ee400aa8362bd64dc835298f3f0085ae7a744e6e6c690511

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_japanese.wnry

Filesize
79KB

MD5
b77e1221f7ecd0b5d696cb66cda1609e

SHA1
51eb7a254a33d05edf188ded653005dc82de8a46

SHA256
7e491e7b48d6e34f916624c1cda9f024e86fcbec56acda35e27fa99d530d017e

SHA512
f435fd67954787e6b87460db026759410fbd25b2f6ea758118749c113a50192446861a114358443a129be817020b50f21d27b1ebd3d22c7be62082e8b45223fc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_korean.wnry

Filesize
89KB

MD5
6735cb43fe44832b061eeb3f5956b099

SHA1
d636daf64d524f81367ea92fdafa3726c909bee1

SHA256
552aa0f82f37c9601114974228d4fc54f7434fe3ae7a276ef1ae98a0f608f1d0

SHA512
60272801909dbba21578b22c49f6b0ba8cd0070f116476ff35b3ac8347b987790e4cc0334724244c4b13415a246e77a577230029e4561ae6f04a598c3f536c7e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_latvian.wnry

Filesize
40KB

MD5
c33afb4ecc04ee1bcc6975bea49abe40

SHA1
fbea4f170507cde02b839527ef50b7ec74b4821f

SHA256
a0356696877f2d94d645ae2df6ce6b370bd5c0d6db3d36def44e714525de0536

SHA512
0d435f0836f61a5ff55b78c02fa47b191e5807a79d8a6e991f3115743df2141b3db42ba8bdad9ad259e12f5800828e9e72d7c94a6a5259312a447d669b03ec44

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_norwegian.wnry

Filesize
36KB

MD5
ff70cc7c00951084175d12128ce02399

SHA1
75ad3b1ad4fb14813882d88e952208c648f1fd18

SHA256
cb5da96b3dfcf4394713623dbf3831b2a0b8be63987f563e1c32edeb74cb6c3a

SHA512
f01df3256d49325e5ec49fd265aa3f176020c8ffec60eb1d828c75a3fa18ff8634e1de824d77dfdd833768acff1f547303104620c70066a2708654a07ef22e19

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_polish.wnry

Filesize
38KB

MD5
e79d7f2833a9c2e2553c7fe04a1b63f4

SHA1
3d9f56d2381b8fe16042aa7c4feb1b33f2baebff

SHA256
519ad66009a6c127400c6c09e079903223bd82ecc18ad71b8e5cd79f5f9c053e

SHA512
e0159c753491cac7606a7250f332e87bc6b14876bc7a1cf5625fa56ab4f09c485f7b231dd52e4ff0f5f3c29862afb1124c0efd0741613eb97a83cbe2668af5de

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_portuguese.wnry

Filesize
37KB

MD5
fa948f7d8dfb21ceddd6794f2d56b44f

SHA1
ca915fbe020caa88dd776d89632d7866f660fc7a

SHA256
bd9f4b3aedf4f81f37ec0a028aabcb0e9a900e6b4de04e9271c8db81432e2a66

SHA512
0d211bfb0ae953081dca00cd07f8c908c174fd6c47a8001fadc614203f0e55d9fbb7fa9b87c735d57101341ab36af443918ee00737ed4c19ace0a2b85497f41a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_romanian.wnry

Filesize
50KB

MD5
313e0ececd24f4fa1504118a11bc7986

SHA1
e1b9ae804c7fb1d27f39db18dc0647bb04e75e9d

SHA256
70c0f32ed379ae899e5ac975e20bbbacd295cf7cd50c36174d2602420c770ac1

SHA512
c7500363c61baf8b77fce796d750f8f5e6886ff0a10f81c3240ea3ad4e5f101b597490dea8ab6bd9193457d35d8fd579fce1b88a1c8d85ebe96c66d909630730

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_russian.wnry

Filesize
46KB

MD5
452615db2336d60af7e2057481e4cab5

SHA1
442e31f6556b3d7de6eb85fbac3d2957b7f5eac6

SHA256
02932052fafe97e6acaaf9f391738a3a826f5434b1a013abbfa7a6c1ade1e078

SHA512
7613dc329abe7a3f32164c9a6b660f209a84b774ab9c008bf6503c76255b30ea9a743a6dc49a8de8df0bcb9aea5a33f7408ba27848d9562583ff51991910911f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_slovak.wnry

Filesize
40KB

MD5
c911aba4ab1da6c28cf86338ab2ab6cc

SHA1
fee0fd58b8efe76077620d8abc7500dbfef7c5b0

SHA256
e64178e339c8e10eac17a236a67b892d0447eb67b1dcd149763dad6fd9f72729

SHA512
3491ed285a091a123a1a6d61aafbb8d5621ccc9e045a237a2f9c2cf6049e7420eb96ef30fdcea856b50454436e2ec468770f8d585752d73fafd676c4ef5e800a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_spanish.wnry

Filesize
36KB

MD5
8d61648d34cba8ae9d1e2a219019add1

SHA1
2091e42fc17a0cc2f235650f7aad87abf8ba22c2

SHA256
72f20024b2f69b45a1391f0a6474e9f6349625ce329f5444aec7401fe31f8de1

SHA512
68489c33ba89edfe2e3aebaacf8ef848d2ea88dcbef9609c258662605e02d12cfa4ffdc1d266fc5878488e296d2848b2cb0bbd45f1e86ef959bab6162d284079

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_swedish.wnry

Filesize
37KB

MD5
c7a19984eb9f37198652eaf2fd1ee25c

SHA1
06eafed025cf8c4d76966bf382ab0c5e1bd6a0ae

SHA256
146f61db72297c9c0facffd560487f8d6a2846ecec92ecc7db19c8d618dbc3a4

SHA512
43dd159f9c2eac147cbff1dda83f6a83dd0c59d2d7acac35ba8b407a04ec9a1110a6a8737535d060d100ede1cb75078cf742c383948c9d4037ef459d150f6020

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_turkish.wnry

Filesize
41KB

MD5
531ba6b1a5460fc9446946f91cc8c94b

SHA1
cc56978681bd546fd82d87926b5d9905c92a5803

SHA256
6db650836d64350bbde2ab324407b8e474fc041098c41ecac6fd77d632a36415

SHA512
ef25c3cf4343df85954114f59933c7cc8107266c8bcac3b5ea7718eb74dbee8ca8a02da39057e6ef26b64f1dfccd720dd3bf473f5ae340ba56941e87d6b796c9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\msg\m_vietnamese.wnry

Filesize
91KB

MD5
8419be28a0dcec3f55823620922b00fa

SHA1
2e4791f9cdfca8abf345d606f313d22b36c46b92

SHA256
1f21838b244c80f8bed6f6977aa8a557b419cf22ba35b1fd4bf0f98989c5bdf8

SHA512
8fca77e54480aea3c0c7a705263ed8fb83c58974f5f0f62f12cc97c8e0506ba2cdb59b70e59e9a6c44dd7cde6adeeec35b494d31a6a146ff5ba7006136ab9386

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\r.wnry

Filesize
864B

MD5
3e0020fc529b1c2a061016dd2469ba96

SHA1
c3a91c22b63f6fe709e7c29cafb29a2ee83e6ade

SHA256
402751fa49e0cb68fe052cb3db87b05e71c1d950984d339940cf6b29409f2a7c

SHA512
5ca3c134201ed39d96d72911c0498bae6f98701513fd7f1dc8512819b673f0ea580510fa94ed9413ccc73da18b39903772a7cbfa3478176181cee68c896e14cf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\s.wnry

Filesize
2.9MB

MD5
ad4c9de7c8c40813f200ba1c2fa33083

SHA1
d1af27518d455d432b62d73c6a1497d032f6120e

SHA256
e18fdd912dfe5b45776e68d578c3af3547886cf1353d7086c8bee037436dff4b

SHA512
115733d08e5f1a514808a20b070db7ff453fd149865f49c04365a8c6502fa1e5c3a31da3e21f688ab040f583cf1224a544aea9708ffab21405dde1c57f98e617

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\t.wnry

Filesize
64KB

MD5
5dcaac857e695a65f5c3ef1441a73a8f

SHA1
7b10aaeee05e7a1efb43d9f837e9356ad55c07dd

SHA256
97ebce49b14c46bebc9ec2448d00e1e397123b256e2be9eba5140688e7bc0ae6

SHA512
06eb5e49d19b71a99770d1b11a5bb64a54bf3352f36e39a153469e54205075c203b08128dc2317259db206ab5323bdd93aaa252a066f57fb5c52ff28deedb5e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskdl.exe

Filesize
20KB

MD5
4fef5e34143e646dbf9907c4374276f5

SHA1
47a9ad4125b6bd7c55e4e7da251e23f089407b8f

SHA256
4a468603fdcb7a2eb5770705898cf9ef37aade532a7964642ecd705a74794b79

SHA512
4550dd1787deb353ebd28363dd2cdccca861f6a5d9358120fa6aa23baa478b2a9eb43cef5e3f6426f708a0753491710ac05483fac4a046c26bec4234122434d5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\taskse.exe

Filesize
20KB

MD5
8495400f199ac77853c53b5a3f278f3e

SHA1
be5d6279874da315e3080b06083757aad9b32c23

SHA256
2ca2d550e603d74dedda03156023135b38da3630cb014e3d00b1263358c5f00d

SHA512
0669c524a295a049fa4629b26f89788b2a74e1840bcdc50e093a0bd40830dd1279c9597937301c0072db6ece70adee4ace67c3c8a4fb2db6deafd8f1e887abe4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.WannaCry.zip\u.wnry

Filesize
240KB

MD5
7bf2b57f2a205768755c07f238fb32cc

SHA1
45356a9dd616ed7161a3b9192e2f318d0ab5ad10

SHA256
b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25

SHA512
91a39e919296cb5c6eccba710b780519d90035175aa460ec6dbe631324e5e5753bd8d87f395b5481bcd7e1ad623b31a34382d81faae06bef60ec28b49c3122a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-CAF2O.tmp\roboot64.exe

Filesize
38KB

MD5
6581dd21dca96912137ce9823a36421a

SHA1
117a726fd9ef7f506f4c42e37b4e69565bb4ceeb

SHA256
7f3499dfbdd6343fe538d644f02af248ff2d937953a0c8a10eb1454aa951bedc

SHA512
a82822cee7c13324ad349bda1795d26a2b0c7e148b6453c037bb9d3eda3d7cb15853cac01a3215b911b9e8779e6a47b3e7702a651be952b155057f690d6cac6b

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-DO0G0.tmp\isxdl.dll

Filesize
152KB

MD5
82201cd8f401f00000b7575b24b3ad0b

SHA1
fa3659e48990f2ab24f8e1bf9bb650f11641ffe0

SHA256
9d64a934a4a12c61a33342151e674100e1ec0074d106612b1e81244234d93d67

SHA512
a491696e66c64e751712c028f42cb4067339c7d2b231e7a889f006291c10bc74d6597f1a52270b979b9a63351d1e42cdf302f05cc6840c54551657bd0737ffc4

Download Submit
C:\Users\Admin\AppData\Local\Temp\ksappfrm.xml

Filesize
2KB

MD5
bc71ac281a613c15f33e9eb67adb465d

SHA1
8212b4c63d6fba7ddca30b7687f008e151c13ed2

SHA256
420b58d74d06d94196ebf45a90c317031b0913db9d2cc970db73d7ffa694d8c5

SHA512
697c97b07d15c3b051914ee55eaea696e3de0edbbd887830f3e1fafcd3648752771345444389818b076b056f0569f5232814b556c4be7c4f4a771aefb40b5ca2

Download Submit
C:\Users\Admin\AppData\Local\Temp\kxetray.xml

Filesize
1KB

MD5
dc0e3b4338631e1873aea949641972db

SHA1
1dcc65f9746a25f2d90bdd13c5185965b40a95ac

SHA256
a48ecd42d21bbac68b18db5549f3ccfb473f7c60d11be770d66ad046f36736ed

SHA512
8cee90057d1d556a55bc5ee21a435476bd928e031b75bb46516190039fd9a4a4d82df83b73ff95a43dac3ac4937aae005b319f40e255045f13cc073b0665e836

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsg26EA.tmp\DumpLog.dll

Filesize
3KB

MD5
e9d269b0c3d13cffc70e9ffd472b89b7

SHA1
73d9bd6004b097916e1f579ad3f70e2342890667

SHA256
e61e0a458a0f1a57082697d8694511deb1b33cf3e7287fb4487593246b8e108d

SHA512
de90798eab2c8052a3bfa38e61e479fc26b09bdcdc5d5ded0fa7ad5061251300f832ed5d8c958366376c44ebb42717bb7ffb12739169b60892cdc99b88c66ece

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsg26EA.tmp\System.dll

Filesize
10KB

MD5
4125926391466fdbe8a4730f2374b033

SHA1
fdd23034ada72d2537939ac6755d7f7c0e9b3f0e

SHA256
6692bd93bcd04146831652780c1170da79aa3784c3c070d95fb1580e339de6c5

SHA512
32a1cf96842454b3c3641316ee39051ae024bdce9e88ac236eadad531f2c0a08d46b77d525f7d994c9a5af4cc9a391d30ee92b9ec782b7fb9a42c76f0f52a008

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsg26EA.tmp\UserInfo.dll

Filesize
4KB

MD5
e24e45e1bc891bb8825e6b0b0ec6d301

SHA1
1380610230807f3c5ec390b426a3eb3acbd1cfcb

SHA256
980db656b2439cb78427163d2e323671d6ef47622b50abdbe6c83e05f4cf2958

SHA512
7bf692129c675ed92515ee94ab6bc05afdc0f072873da142ffac11d6ac4fd94972e1ef5007fd6f5130b50d2fbcf24ea144ceec9bc5780145884515635e98e717

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsg26EA.tmp\antivirus.dat

Filesize
105KB

MD5
d2071a1bbc9b82402b1a6f1d4be3401c

SHA1
54d69d4082faec9ccbadddd6bfdf2f0c8f5e8328

SHA256
37f47a59b3a1489dfe22743acda42dafb1d184c21fcfaaa744e8438466948ad5

SHA512
f52686e48eb35836da881b1a815bca0b067919ede89456d433394038a5d13c8d1dfd68fe37f1eb660c60ace5af1973291755c994aace6af75ad7aad0eb6c8773

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsg26EA.tmp\kasearch.dll

Filesize
241KB

MD5
2ef873df63e4946f4a136487738f3009

SHA1
41f4ae1ea27c9f2b35012dbf56f396262dd1b4cf

SHA256
f0334c49376f70650d358e5f2bb67d549cf6acb61a4a59d746412531e7961657

SHA512
88f379704e46f907e4f13c65b4f4c47a8c8a94bbe2e333acacbd26d49a8f02745955f6fdabf5a7ce89ce4ddc194e46ec875129a604c456bf3aeab9dad4d152d5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsg26EA.tmp\kinfoc.dat

Filesize
276B

MD5
13a40e880b64fbac7c0be6ca58b836c4

SHA1
00738bfccf10a80c0add43702348a89662dd122b

SHA256
c43969885e85b087e6833e9912e9276a0bae399b34ddaa1e7b34c8bb8b274387

SHA512
56067b78b2eeed20529625dc22260dffefca86b14864e7a28968652c2aaa9a1d5c875d17895c86768f2361e7cb52fe90b261710b90c0ff1b3dcb8977962f10d1

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsg26EA.tmp\kinfoc.dll

Filesize
317KB

MD5
c9ed45578e50621abc08fe608457a2a1

SHA1
c7a2471b112d5ce4fa484a30db255533166aba79

SHA256
b8273705cc9c4035552c289ad1603bbda369d18538b9dc28e90fa6f358617d0e

SHA512
53cf40f78efe585536f4be8721384039cbd5d47e50a43bff0c9d189932ba23ae34ca86f6725a1683dbb25b465360b0d7624052e42664b2d99b375ad133da3065

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsg26EA.tmp\ksiext.dll

Filesize
1009KB

MD5
335327c9d1e299ade4b7362ef60749d8

SHA1
83d4c646292e4194f0264f8427f61a7a7dfc3d9c

SHA256
7e6d2edb22bd9e7e4e826e3a6cbf7379285cdcc46045c8e4375b469b8f677a47

SHA512
f4e8dc14f39fd32420b389a1dddb7344507d16b82d5e15ffc85edff6ccac088a68a05ac60858a5f7b6aa7b32b1c33b211523d0936dc133228a7833ced921e83e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsg26EA.tmp\setuphelper.dll

Filesize
317KB

MD5
5fcd496377d8ae9c5b2b299c8262b875

SHA1
47c32fb1474ebe4546b10b507c0b3a40c9c6c579

SHA256
a79cf5f015ffeb8bfff7cd5f64cfd2c11d254e579792e44fbb0433944f4ba6ef

SHA512
8566142e75d0c85d60512a9bf1644487023ec480c97de43ce2269550c3b24145d62dadb7d6b0e03a3d2d87af41c84782256454b6f6a147c779c7ef2da8736237

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp293D.tmp

Filesize
87KB

MD5
74756b28be76d79bcaa646aa52c3cb7f

SHA1
a2c062d1e3424d73581cd4664d09c0debb2439d7

SHA256
6d144ef152f0f78722b4786a65d3d63ad77eeec23e1c6e69173b72cc878674ed

SHA512
54df82b052a5bfdb735444c795aed9d7717c9506b6afd2c560b4dcede6cb661ed166c9258a77263eef7d08bf25cf6ff62bcbbad8c3a0a52a73e6628adbd3c142

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
11KB

MD5
868b2af2d29d68519265685d6387f596

SHA1
26b0e6eac5f8ff798e469bb8c38c708b47ad3cd5

SHA256
4ff8b873f36ec35f0484231cc6733afa6af6b470bd9351e8d09393ceabc904b3

SHA512
009cb894ed3936c28c8a63b0bea3952ce83452c384a29609ace6c19019aeeb96cfa435593ee6d910ee6c5d9f786aca5350b104e5beed8a8559597b661714c15d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
d63afcc54e70343264a7a66000ba7958

SHA1
d0e7d81dbfeca79e11bb48ff52b03c80d78e5f89

SHA256
6cd7805ffdad3f7b65db3525738969ddaaee87e19afd3546472577ba3b3dde67

SHA512
d1e0f0c3a9c658969ca7933ef7c018ff3746d09ceedce0bea2a0cd2f41e726a2d3ef3e1ee63e48511c8eaffb6109a135398776e3e4122e6330785c76ffccd05b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
15KB

MD5
944c92a1db1d690202aca02de2cba102

SHA1
1352b32c9059f2892b4c2b48c78b4a42b88ca9c8

SHA256
5a3262ede1c63127457c7c9da1d99c03607b52e59958d239070049a827e771fc

SHA512
c9d5dc58668023e6538e84d4fe638b57655c8340c3c01693e865c7d2f13392aa3bca4c7b8770c25ab20b4f4fb2f507fbaa967528f50a81331e9d988fb495ea06

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
19KB

MD5
04713371dde4ae1e95ce1146378c1668

SHA1
b7ee61291dbc6ed42950552b02fe34f3f0820275

SHA256
8e388c2fa13103810078f2f41a7044ccd1473e4703ddfc1049fa57fc616699a9

SHA512
e155d8b3b9763204559fa1b5e44014dc382c7a9e57c40d0b5b14891dc5fa371127d3ed8c9e2829c894dd48b9335a2ba659a7494b54e68682c9cb7e2976150427

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
14KB

MD5
04704e62598db6ba3b27327b467a84a9

SHA1
dfd66a05e2fd8ffeeafb05a49ad8c746904f979a

SHA256
f9a8c24994a56b53243dcb755228c2462204a14f95890bf7fa329edcf56d6924

SHA512
b3530c61cb5fb5536686a60778bd96ac046e36061f7737eb42b158d27adbf080b196476e5f7dabd1c9a7f9735bfdbad2ebb3cbfc57f9a74345b19dbf4478ac23

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
14KB

MD5
ee7b75ae5684c2694e7fac731f9f2579

SHA1
fe27bc1fa4187d7a69d21e7f1c6b83270fce22f3

SHA256
54fd945e4694332f889a552d23284bb9e905380fb567603dd40e47ee859ed864

SHA512
08e1728da305664ca9ae8a6d11511a09bbaad799423055d5265e91e6a3efe642f810315724917e0b05569d9325e8672588c2fe5368cb541e9cf17f52a95c26b0

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
23KB

MD5
dbd8900e8d55cef76956f6c51e60428b

SHA1
296d54304e9eec85783863c9dbcad13bef205333

SHA256
66509cfc6ce0d8964b69d734bccc3e86b47c7590e203941bccf20dcbc0b4be20

SHA512
2472c75c57a626bcd318fc5eac2182e5ceccf8db9fa9443a80aeb4eb87a133cfeb674d8631a7d5354c69fcc6a0892080d460c79a26962a03a81874d5560278c4

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
23KB

MD5
5a0181af77fff74ed87f5332c678c0dc

SHA1
b1ea1734ab50dd427a99e90ddbe4c4b1df0f9295

SHA256
92db79b898b245b34b96e3b29f041b054ef8e6cbe025f00db5964a16b4cb3603

SHA512
dc02b2d259ccc195b99f275d5e418ca24048cfdf0ac30c4dba0dd731a043c5ee6ea00bb03d0db7dabf08ffd7010caff0628ada6654c6fa045bc546916599657d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
14KB

MD5
7bdf38c5b2ad04467e81e10923515aae

SHA1
adf10343731b3450be31e76ce3bf8183f83a6cd6

SHA256
d54b3f7fa89053c78c9280c75421ba3d863c59283b689ff9a2d783479398fd93

SHA512
4fe4261567a8732ad13e609b9c9b8366a8061afbcd5dd665351e1b7f39ec4958a2985c3bf08fa529dcd8f8559a730e6991d6837fd48cee589d9b382c8e6ca6de

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
15KB

MD5
733423026daa52ec3a02e78fcf87c42d

SHA1
4666e4c7b7b7dcadfb9e2c2cb756b0eb3a478baa

SHA256
cd97139067b29c62e16f94fd9048f9a62f72867b6424e31e158bc72d7f3ac20d

SHA512
ccaa0609da55f3dbde585902128909d892f5d4154a4488642720c658dcf604c1e6874aac6a3beaa3e474fb9d9b74c1199d24f88115f24cd2587588b146b888a0

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
20KB

MD5
e16cb47cf46072cdc808392c51be62c3

SHA1
7a90dc6db832c4d6dcabd0481a2bd956cbaf4e48

SHA256
c327bbe833a7424a811725e0adcaac5938ea748cc34d9b4a088604bfb5786389

SHA512
cad496b54fcb96003aedec3aa4f6c0d0cddc6573aedfb5ed436293f0368e327797a8ed76f27bd0404c4f7d55db4ada14f7c6aed00a7ff346ee41bb864e239ba9

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
20KB

MD5
c5ccb7827b6427eec96945f690330b74

SHA1
a4940404ce635bf77d9c9a4c34beff63a3846122

SHA256
1b321d6db2093de9bedd28c3fe756386c5f1eae8d2a8b6c34eb7d9ad64c34c69

SHA512
984f626e862b0159ec400fc32dc9d2e94729556e5960a51a1a9f35dca1764e1d998f9e4b3dd0e641017c1119dd4e4369c0db4d7bcbd7b2f5690b5b2197efb84c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
19KB

MD5
9bfa30f7f78ed08519f28cc0b31adaed

SHA1
8824695f3cf567033a178e13950eb8261423e3ef

SHA256
3f58867f29efeaf89ba78eaca2c1306853e89fb2a84d62a67257e0a1adf746d7

SHA512
9f84564675d4d545d259130b28c74a7ed5dca7da3e86431a7db67a46828ee0938afbc92f36b8315e8e94246f193b4830ffaff5db5b0f6bb635e6872dee8b9048

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
20KB

MD5
562e79544063f2cdd7a0c9019e5375d5

SHA1
e86bf6d5f1b97795861e5a9f9f28d6ec5bcb7966

SHA256
0479d8f4d3ed634d31f0ed7e06f0b0efb9f57e29eb40681e15929a01dda4c4eb

SHA512
61beb30f60c0a1887d161118b6d72084802f6ecc4d1c5fd3f20a7a66a5d48ebd72cb2159db249a46fd50aaefeeb711bbed51d5c3c33998a4417ad9129fe8e715

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
14KB

MD5
5f545b7fd08f7dee388a50a260313156

SHA1
0153988c6bc7c9098551547b9df1bbf2821f9171

SHA256
8ee2120b2baa9759e68daff5f12d478824dd9a1a5c9dfec31edc14b17273df0b

SHA512
ae2b824642321b4fa72d95b4a7f394e0f52d476f91c5b9db7301ac4d73a3f2146f82a0fc2898b8fbbc31faace4e103ea534f51cf84de4e7660c225e8cba154ca

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
20KB

MD5
1578d8c296f1ea59933cb5d1cbcf0fe8

SHA1
abe2aac34508098362b39ec24c3a7e2e8823d48f

SHA256
93af2b25670505828123f0f152cfa66a3caad2249c1a91c916f1d413b987ba33

SHA512
aee6fa098a70987d9a86846c9be16fde386747deb51f3f08c383fc771ca22e30bca10f6c7e9f49c15d556322a372158c189637a5d28b2371f1b3cd51aa82efb8

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
16KB

MD5
062d50be6f1e036476f05e6979ade002

SHA1
65fca00b1df410f027e4539a6703b54c6d1ee701

SHA256
4125869bacdd9ae982c8e2857f2eef2a535d351f79f68e4185ff93eaab437e79

SHA512
a690d1f8c7036d0bbb2603989f0a2dc0daed57c31eb26931e848ae9214dd026df8c7b6bf92ce26bbcba42beed299983edf2cf653aa329dd314978d3e73d68d77

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
14KB

MD5
03b52a2225143e61c4f4997a594cf1da

SHA1
27125e1834eb4506e64800b2d066925102f63a12

SHA256
7f43af370bd3b479ecd28898e47cd15bc72cc639c3e11c9462b5199405f6a27c

SHA512
ee44f3a1b3c21130b7254f778aa7a8d677a0549ea2d9ad85414b0d8610e417f623ce1626aa91c134f27cd0b88f23d0e6fe457a9f875472386adced5212db6257

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
20KB

MD5
374da8e8cba78264765ee74446f960a8

SHA1
3bf82755d3c41732f6091e2c59904e4cdd2bf283

SHA256
5332df7e5a2835c7504f63c05f2a6e25a94025d1cd5b60ce16a2d30c0c0f6914

SHA512
77131ccbb110456daef03e2cc307a070891fd155585563c29bcbf37a012dc011189b3e15c6832465db0c7e8df19567cb2c028c111eb12af0fcb443129556dd44

Download Submit
C:\Users\Admin\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\Logs\RegCleanPro.txt

Filesize
4KB

MD5
ffb24d3b41497d4d41ebf3ff612d2956

SHA1
7bddce1659add58453e552aa5dee04f428e88216

SHA256
26baf7e86952db592b7fd5096413fc87768ffe4ad71bf1e9343d10a8a4d20b2f

SHA512
b6e3d436702dea9c3b97e42ec3c0dfb6787b2669bc28a491516a47d10e280481db9b52211f44fca77e4493639eb32c43d1b7286e5b8be9132ba972c60135860e

Download Submit
C:\Users\Admin\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\ntfrUpdate.ini

Filesize
20B

MD5
c851af19e48ded6883977ba76dd3c090

SHA1
7c4cf7fd96d7c28ecc37fcef67318ad479a22e6b

SHA256
172c9357fb803e1b42fcd288d936b68b12b9640746134366949b98dbed4e2a8d

SHA512
d0201333fc1141f93f4777a78184c3c596b195c29eda89d846a3eacc2a449796da7bf5684d75cb76f273665381ca812d5eb8df0e94913152e5bf3fd6011b0bf5

Download Submit
C:\Users\Admin\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\rcpupdate.ini

Filesize
321B

MD5
0a354c342a27e7156835c6a595694d44

SHA1
2e3200e90e42248fd425a390a17a3771df997429

SHA256
120870f0033ac21f607bc86d0cdf2fe3844d1f4fe4d3d65ca9842b8e25c86d66

SHA512
fa9371aa3b5a564c7297cd3e2cb7756ad3ade5bafa1607e4ef226e9c0cd786e921d66caae247fa62e7c07696847522cb2140d53fb880b81dd9e19302817d3bff

Download Submit
C:\Users\Admin\AppData\Roaming\tor\cached-microdescs.new

Filesize
5.7MB

MD5
3c9d11794d085d0cb41e16f56dccefa7

SHA1
074c07261ec5574698782b52f529f02ca1666d2a

SHA256
cc1ecf33e89ee2e966c810f0ad7b7b9a0479f15dab7f532fe6ac5b8802328a4f

SHA512
4838c41130d288625ea4cee221547a88d8c896755eaa985676de6df3c357cb3f3b0fb901c33bb9611308a70e079aa04f5e652ef04272dc0487d3e7f4a0cb4c7f

Download Submit
C:\Users\Admin\Downloads\407ef7da-3ea3-4def-bb64-7323b1df8f2d.tmp

Filesize
92KB

MD5
7556d4000001faf4691fb2231c3759b4

SHA1
d2cb1c4a0b5a01521a8b19c8939a2694d7e3f105

SHA256
e53f7e60753ed99baaf3f08dd2f07d1d96fe43476059a1745f9b2f7ab81978b3

SHA512
40d5569fd6466a3b2396b4a3932ec6f31e01b21b5d8bf78b0a598439bf2e5579e60296702d0a98c251b443ab188d6b8cc62da358eab12309cb21051d27c3b653

Download Submit
C:\Users\Admin\Downloads\Chaos_Ransomware_Builder_v4_Cleaned.rar

Filesize
226KB

MD5
6a160e5713b7c4a269ef35eac73e1412

SHA1
36b833c40d83652d450888ff2b602321b9de877c

SHA256
0909910f70a8bad23ba9232fc2d5110fc5841fd2c6600c5a38b1c72aada42b51

SHA512
97eb791552ef0262d903b1f40ebf61731603cb00f57829214c71d4df8c01a1d2f1352f877f9ad0dec08c21afcb7cd3740b9cbc3eb1f1474ca70c3ab6bb30fcf2

Download Submit
C:\Users\Admin\Downloads\KAV100720_ENU_DOWN_331020_10-SP5-2014.7.rar

Filesize
16.3MB

MD5
305eecc032f68efd5f0450383c3700dc

SHA1
14d948d3ccae19fbc89677f8a2a6402d7a063dc1

SHA256
01e190664643d026381ab97e71744e142cacb1869f2bf69287cb4a8cb951aa5b

SHA512
aabcd1d081fef10db56bcc36e8ecb9a8dde962d9ee811ad02469b070895b79d5f823a44fc3b78a60c3c7a17e7c4ce7443bb98d210770d81a16926752615274d3

Download Submit
C:\Users\Admin\Downloads\PAVSetup.exe

Filesize
99.7MB

MD5
65e285a92376a87dda298b51eb0e5116

SHA1
edbf7be5ff65ce0a95a4ed741c8d50ab5a0dd4c8

SHA256
01e47ccd507d4a3ee485c3ad623fd14a4e9e7015bb0b4b160dbe7fa1cff83c87

SHA512
819cd2c0ff5020e7a36afc3be117a9223debfeeb4aa91b9d7c4c62da8a71df54af10b78ed798d6336b1fbf16198174b458ae7f4b613c78a71f844fc067cab5df

Download Submit
C:\Users\Admin\Downloads\Ransomware.WannaCry.zip

Filesize
3.3MB

MD5
efe76bf09daba2c594d2bc173d9b5cf0

SHA1
ba5de52939cb809eae10fdbb7fac47095a9599a7

SHA256
707a9f323556179571bc832e34fa592066b1d5f2cac4a7426fe163597e3e618a

SHA512
4a1df71925cf2eb49c38f07c6a95bea17752b025f0114c6fd81bc0841c1d1f2965b5dda1469e454b9e8207c2e0dfd3df0959e57166620ccff86eeeb5cf855029

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 549164.crdownload

Filesize
11.1MB

MD5
7c6f46240579ab8a8ca25ba0a5b2a64d

SHA1
eea4a0bcd6afb8075b4db984f36a60c847b80d39

SHA256
34a4f512d7c7e37fc580abdc8ca4cce21280e4c33e14c0ca48a0d7aee9fc7db9

SHA512
488957f27dd83bb3090d748b23ab55fcb15773faca5e1af284c9a0feb0bae4cef6eb72e6179516bb70da61db6b5d504f12a2b57588fb4c05d65fb984de827c30

Download Submit
C:\Users\Admin\Downloads\cat-blue-eyes (1).jpg.crdownload

Filesize
50KB

MD5
f67b92fd8e324343e1ac281c71cd211a

SHA1
8be7f9cee879c485ccbaeab70dfa57a9604db8be

SHA256
05b23ec1f5ff6d4b3cb7419ed22b1663281c4ec193c3810b18a2108414de62a3

SHA512
7896f149941425e8c3314b715e53a528f14adcf88be108f94ed6eeee123f3bd5777ba113dfe7cfa7edd9b4a96edf2173f10e2692481443799e8daa75b23c08d2

Download Submit
C:\Users\Admin\Downloads\cat-ceiling (1).jpg

Filesize
7KB

MD5
f488f8cfc743d4c85fdd2e568f61ce2f

SHA1
61c9978bfd4e6ca0462be878fbd04b427a0218f4

SHA256
03ec03f11548c1bae13af126e5f90fdfac51fae70b4749f80a76a433f0fef860

SHA512
9057bdba20d925b565f38e338241c25d8d505de41771bac33194920abba2c7bacbd5ce913a43e49ceb29f7888232363219e833e1eee8b7cde8d863de0e8419f1

Download Submit
C:\Users\Admin\Downloads\cat-crosseyes (1).jpg.crdownload

Filesize
26KB

MD5
ebc880bbc38875853640cde5964f595b

SHA1
14267b4b280d9792795c9c8ec8ee6a0212a2ff38

SHA256
e3dbad3f3e815cf016672c4374361a9d68d5a77f2c89f26b62260795da6940c5

SHA512
0d0cc77e016bfc2076a437a32e42a19ce71c19191ce78a81f2164296491ce92156ffc25684ab6b2743693b7a16c55ca0c75fce8754d5a2c2aae071535ccbe93a

Download Submit
C:\Users\Admin\Downloads\cat-hover (1).jpg.crdownload

Filesize
69KB

MD5
46baa7ddbe6b0fc24d9398cdae8abe96

SHA1
cbd076aaf0ada7813324e7ee617f59c6cd7553c7

SHA256
58c64c8eb076f75e220ea7e86fc8c150cf5303d4fd3a3ba68b94276851db148a

SHA512
1c747c8da6a22a1c9902e639db535df8395153bfe3dcddcd4ebda170fe023db46fb08c7e5301542416d292ca2fb13cd35f2f51f9fed33e49267e842a1f19d31c

Download Submit
C:\Users\Admin\Downloads\cat-marshmellows (3).jpg.crdownload

Filesize
69KB

MD5
145f7a8b5f1e31c7fbc31a37eebe2a32

SHA1
603f1ebe9bd143c05c2e0e5f645d9d2e0afed1c6

SHA256
639c449b9f0198ef53d54cd225260b77a5eedfa719408bea1bbdac5fb37d77e6

SHA512
12f5fa578fc47ea51b06dd6d0411b17c714946a3ccdefc47fbc881c5de6f7c38e3ab354691b9f27d90f7ed187da30a7a0c1a0674596be35da8f08794b48d5d7b

Download Submit
C:\Users\Admin\Downloads\cat-small-face (1).jpg.crdownload

Filesize
49KB

MD5
89095c8234738dd985d0b6605fc6d0e0

SHA1
90ca9298510b376a2af356d9a034536f1bcd95d9

SHA256
9614898e1401364b5dfd727965230477855d21cff4fd49b7f4f9510387659bcd

SHA512
442e607dcf36d5d4ad00aba2f302d53ff5c6d8386061fbce74a961db34614ff714955836afc64e1ebbc94d2518d72374bf881bebc3374299c70ec6e388062e7f

Download Submit
C:\Users\Admin\Downloads\patreon (1).png

Filesize
51KB

MD5
e38a04fccc918f99e4ee279f2a8bd165

SHA1
80d59f045bf9ea60c5e12a44998e3229786b3717

SHA256
a0a96707edfb3a31f96c90978e1fe7876b8c2f8491d776b0b6dbf2f628ff975c

SHA512
f24e487833454a5640e89e294e618349952c1ee785ec13a93f95ffc9809c4dd2bc312595afded5def0aa54781b623a43a703a134cbd4e182fd2f9dbfa64b8f9b

Download Submit
C:\kisinstall.dat

Filesize
218B

MD5
92b2c00ef51102a2595bef9fd5308e74

SHA1
298a7ed9dedf73f29e78773d50280a19f07b293e

SHA256
1b68b62616dbe70eb171b5d72e6a645651090eedbcba72e256031da7163c983f

SHA512
3cc6d53c517e6cf845c00842cd12af7dbc9acfb0859ad768493ad8bb6cfeb394da348228d0e3ee12dc3f39aae2eeb746fd6535d8a2639f5c70591322e97bb9d9

Download Submit
memory/228-8579-0x0000000010000000-0x0000000010034000-memory.dmp

Filesize
208KB

Download
memory/228-8582-0x0000000010000000-0x0000000010034000-memory.dmp

Filesize
208KB

Download
memory/1168-8439-0x0000000005810000-0x0000000005811000-memory.dmp

Filesize
4KB

Download
memory/1168-4023-0x0000000005810000-0x0000000005811000-memory.dmp

Filesize
4KB

Download
memory/1408-8725-0x0000000010000000-0x0000000010034000-memory.dmp

Filesize
208KB

Download
memory/1408-8714-0x0000000010000000-0x0000000010034000-memory.dmp

Filesize
208KB

Download
memory/1420-8555-0x0000000010000000-0x0000000010034000-memory.dmp

Filesize
208KB

Download
memory/1420-8554-0x0000000010000000-0x0000000010034000-memory.dmp

Filesize
208KB

Download
memory/1996-8731-0x0000000010000000-0x0000000010034000-memory.dmp

Filesize
208KB

Download
memory/1996-8730-0x0000000010000000-0x0000000010034000-memory.dmp

Filesize
208KB

Download
memory/2240-8789-0x0000000010000000-0x0000000010034000-memory.dmp

Filesize
208KB

Download
memory/2240-8782-0x0000000010000000-0x0000000010034000-memory.dmp

Filesize
208KB

Download
memory/3464-8794-0x0000000010000000-0x0000000010034000-memory.dmp

Filesize
208KB

Download
memory/3464-8795-0x0000000010000000-0x0000000010034000-memory.dmp

Filesize
208KB

Download
memory/4396-2147-0x0000000000E20000-0x000000000111E000-memory.dmp

Filesize
3.0MB

Download
memory/4396-1968-0x0000000073CB0000-0x0000000073D32000-memory.dmp

Filesize
520KB

Download
memory/4396-2010-0x0000000000E20000-0x000000000111E000-memory.dmp

Filesize
3.0MB

Download
memory/4396-1965-0x0000000073E10000-0x0000000073E92000-memory.dmp

Filesize
520KB

Download
memory/4396-2011-0x0000000073E10000-0x0000000073E92000-memory.dmp

Filesize
520KB

Download
memory/4396-1971-0x0000000073CB0000-0x0000000073D32000-memory.dmp

Filesize
520KB

Download
memory/4396-2012-0x0000000073DF0000-0x0000000073E0C000-memory.dmp

Filesize
112KB

Download
memory/4396-2013-0x0000000073D70000-0x0000000073DE7000-memory.dmp

Filesize
476KB

Download
memory/4396-2015-0x0000000073CB0000-0x0000000073D32000-memory.dmp

Filesize
520KB

Download
memory/4396-2016-0x0000000073A90000-0x0000000073CAC000-memory.dmp

Filesize
2.1MB

Download
memory/4396-2047-0x0000000000E20000-0x000000000111E000-memory.dmp

Filesize
3.0MB

Download
memory/4396-2061-0x0000000000E20000-0x000000000111E000-memory.dmp

Filesize
3.0MB

Download
memory/4396-1972-0x0000000000E20000-0x000000000111E000-memory.dmp

Filesize
3.0MB

Download
memory/4396-2067-0x0000000073A90000-0x0000000073CAC000-memory.dmp

Filesize
2.1MB

Download
memory/4396-2069-0x0000000000E20000-0x000000000111E000-memory.dmp

Filesize
3.0MB

Download
memory/4396-2075-0x0000000073A90000-0x0000000073CAC000-memory.dmp

Filesize
2.1MB

Download
memory/4396-2135-0x0000000000E20000-0x000000000111E000-memory.dmp

Filesize
3.0MB

Download
memory/4396-1973-0x0000000073D40000-0x0000000073D62000-memory.dmp

Filesize
136KB

Download
memory/4396-1969-0x0000000073A90000-0x0000000073CAC000-memory.dmp

Filesize
2.1MB

Download
memory/4396-2157-0x0000000000E20000-0x000000000111E000-memory.dmp

Filesize
3.0MB

Download
memory/4396-2166-0x0000000000E20000-0x000000000111E000-memory.dmp

Filesize
3.0MB

Download
memory/4396-1967-0x0000000073E10000-0x0000000073E92000-memory.dmp

Filesize
520KB

Download
memory/4396-1970-0x0000000073D40000-0x0000000073D62000-memory.dmp

Filesize
136KB

Download
memory/4396-1966-0x0000000073A90000-0x0000000073CAC000-memory.dmp

Filesize
2.1MB

Download
memory/4396-1974-0x0000000000E20000-0x000000000111E000-memory.dmp

Filesize
3.0MB

Download
memory/4568-8564-0x0000000010000000-0x0000000010034000-memory.dmp

Filesize
208KB

Download
memory/4568-8561-0x0000000010000000-0x0000000010034000-memory.dmp

Filesize
208KB

Download
memory/5340-8574-0x0000000010000000-0x0000000010034000-memory.dmp

Filesize
208KB

Download
memory/5340-8570-0x0000000010000000-0x0000000010034000-memory.dmp

Filesize
208KB

Download
memory/5416-8590-0x0000000010000000-0x0000000010034000-memory.dmp

Filesize
208KB

Download
memory/5416-8588-0x0000000010000000-0x0000000010034000-memory.dmp

Filesize
208KB

Download
memory/6008-466-0x0000000010000000-0x0000000010010000-memory.dmp

Filesize
64KB

Download
memory/6336-8553-0x00000000022E0000-0x0000000002314000-memory.dmp

Filesize
208KB

Download
memory/6336-8283-0x00000000022E0000-0x0000000002314000-memory.dmp

Filesize
208KB

Download
memory/6336-8309-0x0000000002AB0000-0x0000000002AB1000-memory.dmp

Filesize
4KB

Download
memory/6336-8560-0x0000000002AB0000-0x0000000002AB1000-memory.dmp

Filesize
4KB

Download
memory/6384-8448-0x0000000002090000-0x00000000020C4000-memory.dmp

Filesize
208KB

Download
memory/6384-8458-0x0000000002090000-0x00000000020C4000-memory.dmp

Filesize
208KB

Download
memory/6556-8651-0x0000000010000000-0x0000000010034000-memory.dmp

Filesize
208KB

Download
memory/6556-8652-0x0000000010000000-0x0000000010034000-memory.dmp

Filesize
208KB

Download
memory/6584-8465-0x0000000010000000-0x0000000010034000-memory.dmp

Filesize
208KB

Download
memory/6584-8471-0x0000000010000000-0x0000000010034000-memory.dmp

Filesize
208KB

Download
memory/6604-8466-0x0000000010000000-0x0000000010034000-memory.dmp

Filesize
208KB

Download
memory/6604-8637-0x0000000010000000-0x0000000010034000-memory.dmp

Filesize
208KB

Download
memory/6620-8411-0x0000000000790000-0x00000000007C4000-memory.dmp

Filesize
208KB

Download
memory/6620-8410-0x0000000000790000-0x00000000007C4000-memory.dmp

Filesize
208KB

Download
memory/6656-8602-0x0000000010000000-0x0000000010034000-memory.dmp

Filesize
208KB

Download
memory/6656-8595-0x0000000010000000-0x0000000010034000-memory.dmp

Filesize
208KB

Download
memory/6700-8608-0x0000000010000000-0x0000000010034000-memory.dmp

Filesize
208KB

Download
memory/6700-8610-0x0000000010000000-0x0000000010034000-memory.dmp

Filesize
208KB

Download
memory/7044-8615-0x0000000010000000-0x0000000010034000-memory.dmp

Filesize
208KB

Download
memory/7044-8617-0x0000000010000000-0x0000000010034000-memory.dmp

Filesize
208KB

Download
memory/7164-8777-0x0000000010000000-0x0000000010034000-memory.dmp

Filesize
208KB

Download
memory/7164-8775-0x0000000010000000-0x0000000010034000-memory.dmp

Filesize
208KB

Download
memory/7200-8622-0x0000000010000000-0x0000000010034000-memory.dmp

Filesize
208KB

Download
memory/7200-8631-0x0000000010000000-0x0000000010034000-memory.dmp

Filesize
208KB

Download
memory/7488-8639-0x0000000010000000-0x0000000010034000-memory.dmp

Filesize
208KB

Download
memory/7488-8636-0x0000000010000000-0x0000000010034000-memory.dmp

Filesize
208KB

Download
memory/7504-8646-0x0000000010000000-0x0000000010034000-memory.dmp

Filesize
208KB

Download
memory/7504-8645-0x0000000010000000-0x0000000010034000-memory.dmp

Filesize
208KB

Download
memory/7568-8351-0x00000000020B0000-0x00000000020E4000-memory.dmp

Filesize
208KB

Download
memory/7568-8352-0x00000000020B0000-0x00000000020E4000-memory.dmp

Filesize
208KB

Download
memory/7648-8399-0x0000000010000000-0x0000000010034000-memory.dmp

Filesize
208KB

Download
memory/7904-8696-0x0000000010000000-0x0000000010034000-memory.dmp

Filesize
208KB

Download
memory/7904-8697-0x0000000010000000-0x0000000010034000-memory.dmp

Filesize
208KB

Download
memory/7928-8421-0x00000000026A0000-0x00000000026D4000-memory.dmp

Filesize
208KB

Download
memory/7928-8428-0x00000000026A0000-0x00000000026D4000-memory.dmp

Filesize
208KB

Download
memory/7988-8702-0x0000000010000000-0x0000000010034000-memory.dmp

Filesize
208KB

Download
memory/7988-8709-0x0000000010000000-0x0000000010034000-memory.dmp

Filesize
208KB

Download
memory/8040-8441-0x0000000002230000-0x0000000002264000-memory.dmp

Filesize
208KB

Download
memory/8040-8440-0x0000000002230000-0x0000000002264000-memory.dmp

Filesize
208KB

Download