chaos | 26fafb03090ce617b53d9b3f6038ba1726211cd77973c1df888fb7092fccb72e

Analysis

max time kernel
1359s
max time network
1365s
platform
windows11-21h2_x64
resource
win11-20240221-en
resource tags

arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
submitted
01/04/2024, 17:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bitdefender_tsecurity.exe
Size

14.1MB
MD5

b193e93da8cb8fb53b3b4cdc081252d9
SHA1

b0d9d7822414095e325d843df73cb13c4ac214b6
SHA256

26fafb03090ce617b53d9b3f6038ba1726211cd77973c1df888fb7092fccb72e
SHA512

7ad1c11cc4d9527df8cb95f9a21e60bf9015de6e8f7f9e43ed89161a77c4f424c7a2286b080e50559a1aa80294e8fe38758816e17fb022aa7c3de90c14c16525
SSDEEP

393216:S6FaXw19Sf25WY27BRR8V9tz8SpNuGNvHqmbet:HFaA19S7Y27BM58ooixA

Score

10^/10

chaos discovery persistence ransomware spyware stealer

Malware Config

Signatures

Chaos
Ransomware family first seen in June 2021.
ransomware chaos

Chaos Ransomware 6 IoCs

resource	yara_rule
behavioral1/files/0x000100000002a995-1044.dat	family_chaos
behavioral1/files/0x000200000002aba3-2939.dat	family_chaos
behavioral1/memory/3208-2945-0x0000000000E10000-0x0000000000E9E000-memory.dmp	family_chaos
behavioral1/memory/5032-4875-0x0000000000030000-0x00000000001B8000-memory.dmp	family_chaos
behavioral1/files/0x000700000002ab48-4880.dat	family_chaos
behavioral1/memory/3176-5349-0x0000000000CC0000-0x0000000000D9E000-memory.dmp	family_chaos

Drops startup file 3 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.url	svchost.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini	svchost.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fuckthisshit.txt	svchost.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-160263616-143223877-1356318919-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\PixillionInstall = "C:\\Users\\Admin\\Downloads\\PixillionImageConverter.exe"	nchsetup.exe

Downloads MZ/PE file

Drops desktop.ini file(s) 34 IoCs

description	ioc	Process
File opened for modification	C:\Users\Public\Desktop\desktop.ini	svchost.exe
File opened for modification	C:\Users\Admin\Desktop\desktop.ini	svchost.exe
File opened for modification	C:\Users\Admin\Pictures\Camera Roll\desktop.ini	svchost.exe
File opened for modification	C:\Users\Public\Pictures\desktop.ini	svchost.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\desktop.ini	svchost.exe
File opened for modification	C:\Users\Public\Videos\desktop.ini	svchost.exe
File opened for modification	C:\Users\Admin\Saved Games\desktop.ini	svchost.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini	svchost.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Libraries\desktop.ini	svchost.exe
File opened for modification	C:\Users\Admin\Videos\desktop.ini	svchost.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\desktop.ini	svchost.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini	svchost.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini	svchost.exe
File opened for modification	C:\Users\Public\Documents\desktop.ini	svchost.exe
File opened for modification	C:\Users\Admin\Documents\desktop.ini	svchost.exe
File opened for modification	C:\Users\Admin\Downloads\desktop.ini	svchost.exe
File opened for modification	C:\Users\Admin\OneDrive\desktop.ini	svchost.exe
File opened for modification	C:\Users\Admin\Favorites\desktop.ini	svchost.exe
File opened for modification	C:\Users\Admin\Searches\desktop.ini	svchost.exe
File opened for modification	C:\Users\Admin\Links\desktop.ini	svchost.exe
File opened for modification	C:\Users\Admin\Contacts\desktop.ini	svchost.exe
File opened for modification	C:\Users\Admin\Music\desktop.ini	svchost.exe
File opened for modification	C:\Users\Public\Music\desktop.ini	svchost.exe
File opened for modification	F:\$RECYCLE.BIN\S-1-5-21-160263616-143223877-1356318919-1000\desktop.ini	svchost.exe
File opened for modification	C:\Users\Admin\Pictures\desktop.ini	svchost.exe
File opened for modification	C:\Users\Admin\Favorites\Links\desktop.ini	svchost.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\SendTo\desktop.ini	svchost.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\desktop.ini	svchost.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\desktop.ini	svchost.exe
File opened for modification	C:\Users\Admin\Pictures\Saved Pictures\desktop.ini	svchost.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\desktop.ini	svchost.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini	svchost.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\AccountPictures\desktop.ini	svchost.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Desktop.ini	svchost.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
489	raw.githubusercontent.com
484	raw.githubusercontent.com

Drops file in System32 directory 8 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_8A3EB3B0E837053838683939C2047254	ProductAgentService.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft	ProductAgentService.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache	ProductAgentService.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData	ProductAgentService.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141	ProductAgentService.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content	ProductAgentService.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141	ProductAgentService.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_8A3EB3B0E837053838683939C2047254	ProductAgentService.exe

Sets desktop wallpaper using registry 2 TTPs 1 IoCs

ransomware

Defacement

T1491

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-160263616-143223877-1356318919-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\h1vprybbo.jpg"	svchost.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Bitdefender Agent\27.0.1.266\skin\images\show-pass.svg	installer.exe
File opened for modification	C:\Program Files\Bitdefender Agent\27.0.1.266\skin\img\check-large.svg	installer.exe
File created	C:\Program Files\Common Files\Bitdefender\SetupInformation\CL-27-A80376B5-6FF2-470E-A642-6DCD2E109C3F\msgbus.dll	installer.exe
File created	C:\Program Files\Bitdefender Agent\27.0.1.266\settings\bdch.template.json	installer.exe
File created	C:\Program Files\Bitdefender Agent\27.0.1.266\skin\images\check-done.svg	installer.exe
File opened for modification	C:\Program Files\Bitdefender Agent\27.0.1.266\skin\images\btn-minimize-w.svg	installer.exe
File created	C:\Program Files\Bitdefender Agent\27.0.1.266\skin\images\ie-icon.png	installer.exe
File created	C:\Program Files\Common Files\Bitdefender\SetupInformation\CL-27-A80376B5-6FF2-470E-A642-6DCD2E109C3F\lang\hu-HU.txtui	installer.exe
File created	C:\Program Files\Bitdefender Agent\27.0.1.266\DiscoverySrv.exe	installer.exe
File opened for modification	C:\Program Files\Bitdefender Agent\27.0.1.266\lang\pl-PL\productagentui.txtui	installer.exe
File created	C:\Program Files\Common Files\Bitdefender\SetupInformation\CL-27-A80376B5-6FF2-470E-A642-6DCD2E109C3F\lang\ko-KR.txtui	installer.exe
File opened for modification	C:\Program Files\Bitdefender Agent\27.0.1.266\skin\images\b-icon-popup.svg	installer.exe
File created	C:\Program Files\Bitdefender Agent\27.0.1.266\installer\lang\ru-RU.txtui	installer.exe
File created	C:\Program Files\Bitdefender Agent\27.0.1.266\skin\img\icons\icon-warning.svg	installer.exe
File opened for modification	C:\Program Files\Bitdefender Agent\27.0.1.266\skin\img\icons\camera-popup-icon.svg	installer.exe
File opened for modification	C:\Program Files\Bitdefender Agent\27.0.1.266\skin\images\loader.png	installer.exe
File created	C:\Program Files\Bitdefender Agent\27.0.1.266\installer\lang\it-IT.txtui	installer.exe
File opened for modification	C:\Program Files\Bitdefender Agent\27.0.1.266\ProductAgent.dll	installer.exe
File created	C:\Program Files\Common Files\Bitdefender\SetupInformation\CL-27-A80376B5-6FF2-470E-A642-6DCD2E109C3F\bdredline.bdch.xml	installer.exe
File created	C:\Program Files\Common Files\Bitdefender\SetupInformation\CL-27-A80376B5-6FF2-470E-A642-6DCD2E109C3F\unrar.dll	installer.exe
File opened for modification	C:\Program Files\Bitdefender Agent\27.0.1.266\lang\de-DE\productagentui.txtui	installer.exe
File opened for modification	C:\Program Files\Bitdefender Agent\27.0.1.266\lang\it-IT\productagentui.txtui	installer.exe
File opened for modification	C:\Program Files\Bitdefender Agent\27.0.1.266\skin\images\pattern.png	installer.exe
File opened for modification	C:\Program Files\Bitdefender Agent\27.0.1.266\skin\images\pattern2.png	installer.exe
File created	C:\Program Files (x86)\NCH Software\Pixillion\pixillion.exe	nchsetup.exe
File created	C:\Program Files\Bitdefender Agent\27.0.1.266\lang\pt-PT\productagentui.txtui	installer.exe
File created	C:\Program Files\Bitdefender Agent\27.0.1.266\skin\images\btn-minimize-w.svg	installer.exe
File created	C:\Program Files (x86)\NCH Software\Pixillion\pixillionsetup_v12.26.exe\:Zone.Identifier:$DATA	nchsetup.exe
File created	C:\Program Files\Bitdefender Agent\27.0.1.266\bdnc.ini	installer.exe
File created	C:\Program Files\Bitdefender Agent\27.0.1.266\installer\lang\sv-SE.txtui	installer.exe
File created	C:\Program Files\Common Files\Bitdefender\SetupInformation\CL-27-A80376B5-6FF2-470E-A642-6DCD2E109C3F\trufos.cat	installer.exe
File created	C:\Program Files\Bitdefender Agent\27.0.1.266\x64\critical_fixups64.dll	installer.exe
File created	C:\Program Files\Common Files\Bitdefender\SetupInformation\CL-27-A80376B5-6FF2-470E-A642-6DCD2E109C3F\lang\sv-SE.txtui	installer.exe
File created	C:\Program Files\Bitdefender Agent\27.0.1.266\lang\tr-TR\productagentui.txtui	installer.exe
File opened for modification	C:\Program Files\Bitdefender Agent\27.0.1.266\settings\UPNPService.xml	installer.exe
File created	C:\Program Files\Bitdefender Agent\27.0.1.266\skin\images\b-icon.svg	installer.exe
File created	C:\Program Files\Bitdefender Agent\27.0.1.266\critical_fixups32.dll	installer.exe
File opened for modification	C:\Program Files\Bitdefender Agent\27.0.1.266\lang\el-GR	installer.exe
File created	C:\Program Files (x86)\NCH Software\Pixillion\shellmenu.dll	nchsetup.exe
File created	C:\Program Files (x86)\NCH Software\Pixillion\superresolution.nn	nchsetup.exe
File opened for modification	C:\Program Files\Bitdefender Agent\27.0.1.266\lang\el-GR\productagentui.txtui	installer.exe
File created	C:\Program Files\Bitdefender Agent\27.0.1.266\skin\img\btn-close.svg	installer.exe
File created	C:\Program Files\Bitdefender Agent\27.0.1.266\skin\images\icon-fb.svg	installer.exe
File opened for modification	C:\Program Files\Bitdefender Agent\27.0.1.266\lang\en-US\productagentui.txtui	installer.exe
File opened for modification	C:\Program Files\Bitdefender Agent\27.0.1.266\ProductAgentService.exe	installer.exe
File created	C:\Program Files\Bitdefender Agent\27.0.1.266\skin\img\icon-warn.svg	installer.exe
File created	C:\Program Files\Common Files\Bitdefender\SetupInformation\CL-27-A80376B5-6FF2-470E-A642-6DCD2E109C3F\lang\nl-NL.txtui	installer.exe
File opened for modification	C:\Program Files\Bitdefender Agent\27.0.1.266\lang\pt-BR\productagentui.txtui	installer.exe
File opened for modification	C:\Program Files\Bitdefender Agent\27.0.1.266\skin\images_2\common\close.svg	installer.exe
File created	C:\Program Files\Bitdefender Agent\27.0.1.266\ProductAgent.dll	installer.exe
File opened for modification	C:\Program Files\Bitdefender Agent\27.0.1.266\skin\images\show-pass-checked.svg	installer.exe
File created	C:\Program Files\Bitdefender Agent\27.0.1.266\installer\lang\de-DE.txtui	installer.exe
File created	C:\Program Files\Bitdefender Agent\27.0.1.266\lang\ja-JP\productagentui.txtui	installer.exe
File created	C:\Program Files\Bitdefender Agent\27.0.1.266\lang\vi-VN\productagentui.txtui	installer.exe
File created	C:\Program Files (x86)\NCH Software\Pixillion\pixillionsetup_v12.26.exe	nchsetup.exe
File created	C:\Program Files\Bitdefender Agent\27.0.1.266\lang\de-DE\productagentui.txtui	installer.exe
File opened for modification	C:\Program Files\Bitdefender Agent\27.0.1.266\lang\ro-RO	installer.exe
File opened for modification	C:\Program Files\Bitdefender Agent\27.0.1.266\WatchDog.exe	installer.exe
File created	C:\Program Files\Common Files\Bitdefender\SetupInformation\CL-27-A80376B5-6FF2-470E-A642-6DCD2E109C3F\lang\pt-PT.txtui	installer.exe
File created	C:\Program Files\Bitdefender Agent\27.0.1.266\lang\es-ES\productagentui.txtui	installer.exe
File created	C:\Program Files\Bitdefender Agent\27.0.1.266\skin\html\Agent\login2_no_net.html	installer.exe
File created	C:\Program Files\Bitdefender Agent\27.0.1.266\lang\ko-KR\productagentui.txtui	installer.exe
File created	C:\Program Files\Bitdefender Agent\27.0.1.266\skin\images\network-error.svg	installer.exe
File opened for modification	C:\Program Files\Bitdefender Agent\settings	installer.exe

Drops file in Windows directory 2 IoCs

description	ioc	Process
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\UPnP Device Host\upnphost\udhisapi.dll	svchost.exe
File opened for modification	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\UPnP Device Host\upnphost\udhisapi.dll	svchost.exe

Executes dropped EXE 34 IoCs

pid	Process
3740	agent_launcher.exe
3604	bddeploy.exe
2452	setuppackage.exe
3132	installer.exe
4904	ProductAgentService.exe
4408	bdredline.exe
976	ProductAgentService.exe
3284	ProductAgentService.exe
2036	ProductAgentService.exe
3040	ProductAgentService.exe
980	DiscoverySrv.exe
4160	DiscoverySrv.exe
2884	ProductAgentService.exe
3380	ProductAgentUI.exe
3248	WatchDog.exe
7572	PixillionImageConverter.exe
6036	nchsetup.exe
7488	freetype.exe
2364	pixillion.exe
6488	pixillion.exe
7812	Chaos Ransomware Builder v4 Cleaned.exe
6608	wgj1CCB.tmp
3208	Chaos Ransomware Builderv4.exe
6532	installer.exe
5576	Installer.exe
7880	pixillion.exe
5472	pixillion.exe
2340	pixillion.exe
5032	bitdefender_tsecurity.exe
2416	svchost.exe
5772	bitdefender_tsecurity.exe
8080	svchost.exe
3176	KG_Ransom.exe
2104	svchost.exe

Loads dropped DLL 64 IoCs

pid	Process
3132	installer.exe
3132	installer.exe
3132	installer.exe
3132	installer.exe
3132	installer.exe
4904	ProductAgentService.exe
4904	ProductAgentService.exe
3132	installer.exe
3132	installer.exe
4408	bdredline.exe
976	ProductAgentService.exe
976	ProductAgentService.exe
976	ProductAgentService.exe
976	ProductAgentService.exe
3284	ProductAgentService.exe
3284	ProductAgentService.exe
3284	ProductAgentService.exe
3284	ProductAgentService.exe
2036	ProductAgentService.exe
2036	ProductAgentService.exe
2036	ProductAgentService.exe
2036	ProductAgentService.exe
2036	ProductAgentService.exe
3132	installer.exe
3132	installer.exe
3040	ProductAgentService.exe
3040	ProductAgentService.exe
3040	ProductAgentService.exe
980	DiscoverySrv.exe
980	DiscoverySrv.exe
2656	regsvr32.exe
3040	ProductAgentService.exe
3040	ProductAgentService.exe
3040	ProductAgentService.exe
3040	ProductAgentService.exe
3040	ProductAgentService.exe
3040	ProductAgentService.exe
3040	ProductAgentService.exe
3040	ProductAgentService.exe
3040	ProductAgentService.exe
3040	ProductAgentService.exe
4160	DiscoverySrv.exe
4160	DiscoverySrv.exe
4160	DiscoverySrv.exe
3132	installer.exe
3040	ProductAgentService.exe
3040	ProductAgentService.exe
2884	ProductAgentService.exe
2884	ProductAgentService.exe
2884	ProductAgentService.exe
2884	ProductAgentService.exe
3380	ProductAgentUI.exe
3380	ProductAgentUI.exe
3380	ProductAgentUI.exe
3380	ProductAgentUI.exe
3248	WatchDog.exe
3248	WatchDog.exe
6448	Process not Found
3880	Process not Found
6532	installer.exe
6532	installer.exe
6532	installer.exe
6532	installer.exe
6532	installer.exe

Registers COM server for autorun 1 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-160263616-143223877-1356318919-1000_Classes\WOW6432Node\CLSID\{cb6ba4f9-380d-4cf8-a5b5-de4c325d6323}\LocalServer32	nchsetup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-160263616-143223877-1356318919-1000_Classes\WOW6432Node\CLSID\{cb6ba4f9-380d-4cf8-a5b5-de4c325d6323}\LocalServer32\ = "\"C:\\Program Files (x86)\\NCH Software\\Pixillion\\pixillion.exe\" -systemnotifyevent"	nchsetup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	ProductAgentService.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	ProductAgentService.exe

Enumerates system info in registry 2 TTPs 5 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	pixillion.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardManufacturer	pixillion.exe

Modifies data under HKEY_USERS 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates	DiscoverySrv.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs	WatchDog.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs	DiscoverySrv.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	ProductAgentService.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs	DiscoverySrv.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	DiscoverySrv.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs	WatchDog.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates	DiscoverySrv.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	ProductAgentService.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs	DiscoverySrv.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs	ProductAgentService.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates	ProductAgentUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Bitdefender\Bdch	ProductAgentUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	ProductAgentService.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	ProductAgentUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs	WatchDog.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs	WatchDog.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	WatchDog.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs	DiscoverySrv.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs	ProductAgentUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs	WatchDog.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates	WatchDog.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs	DiscoverySrv.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates	DiscoverySrv.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	ProductAgentService.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot	ProductAgentService.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates	ProductAgentUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates	ProductAgentUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates	WatchDog.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs	WatchDog.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates	DiscoverySrv.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs	DiscoverySrv.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	ProductAgentService.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs	DiscoverySrv.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	DiscoverySrv.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs	DiscoverySrv.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs	ProductAgentUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates	WatchDog.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs	DiscoverySrv.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	DiscoverySrv.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	ProductAgentService.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	WatchDog.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Bitdefender	ProductAgentService.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	WatchDog.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs	WatchDog.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	DiscoverySrv.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs	ProductAgentService.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs	ProductAgentService.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates	ProductAgentUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates	DiscoverySrv.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs	ProductAgentService.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	DiscoverySrv.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs	DiscoverySrv.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs	ProductAgentUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs	ProductAgentUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs	WatchDog.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Bitdefender\Bdch\productagentservice	ProductAgentService.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs	DiscoverySrv.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs	ProductAgentService.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs	ProductAgentUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates	ProductAgentUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	WatchDog.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates	DiscoverySrv.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates	ProductAgentService.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.dcr	nchsetup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\NCH.Pixillion.svgz\Shell\Convert with Pixillion\command\ = "\"C:\\Program Files (x86)\\NCH Software\\Pixillion\\pixillion.exe\" -add \"%L\""	nchsetup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\NCH.Pixillion.dib\Shell\open	nchsetup.exe
Key created	\REGISTRY\USER\S-1-5-21-160263616-143223877-1356318919-1000_Classes\Local Settings	svchost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\NCH.Pixillion.ras\Shell\Convert with Pixillion\command\ = "\"C:\\Program Files (x86)\\NCH Software\\Pixillion\\pixillion.exe\" -add \"%L\""	nchsetup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-160263616-143223877-1356318919-1000_Classes\.mpdp\ = "mpdpfile"	nchsetup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.png\Shell\NCHslideshow\command	nchsetup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.mef\Shell\Convert with Pixillion	nchsetup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.avifs\Shell	nchsetup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.ape\Shell\NCHconvertsound\command	nchsetup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\NCH.Pixillion.jfif\shell\open\command\ = "\"C:\\Program Files (x86)\\NCH Software\\Pixillion\\pixillion.exe\" \"%L\""	nchsetup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.tga\OpenWithProgIds	nchsetup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.flac\Shell\NCHeditsound	nchsetup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\NCH.Pixillion.raf\shell	nchsetup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.emz\Shell\Convert with Pixillion	nchsetup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.cab	nchsetup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.dng\Shell\NCHeditphoto	nchsetup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\NCH.Pixillion.jxr\shell	nchsetup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\NCH.Pixillion.x3f\Shell\Convert with Pixillion	nchsetup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.shn\Shell\NCHconvertsound\command	nchsetup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.png\Shell\NCHeditphoto	nchsetup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\NCH.Pixillion.nef\Shell\Convert with Pixillion\command\ = "\"C:\\Program Files (x86)\\NCH Software\\Pixillion\\pixillion.exe\" -add \"%L\""	nchsetup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.wma	nchsetup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\SystemFileAssociations\.wpd\Shell\NCHconvertdoc	nchsetup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.raf\Shell\NCHslideshow\command	nchsetup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\SystemFileAssociations\.pdf\Shell\NCHconvertdoc\command	nchsetup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.psd\Shell\NCHeditphoto\command\ = "\"C:\\Program Files (x86)\\NCH Software\\Pixillion\\pixillion.exe\" -extfind PhotoPad \"%L\""	nchsetup.exe
Key created	\REGISTRY\USER\S-1-5-21-160263616-143223877-1356318919-1000_Classes\.psb	nchsetup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\SystemFileAssociations\.m4a\Shell\NCHeditsound\command	nchsetup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.mov	nchsetup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.doc\Shell\NCHconvertdoc\command\ = "\"C:\\Program Files (x86)\\NCH Software\\Pixillion\\pixillion.exe\" -extfind Doxillion \"%L\""	nchsetup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.crw\Shell	nchsetup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\.dcr\OpenWithProgIds	nchsetup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\NCH.Pixillion.heic\Shell\open	nchsetup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\NCH.Pixillion.exr	nchsetup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\NCH.Pixillion.raw\DefaultIcon	nchsetup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\NCH.Pixillion.hdp\DefaultIcon\ = "C:\\Program Files (x86)\\NCH Software\\Pixillion\\pixillion.exe,0"	nchsetup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\NCH.Pixillion.srw\DefaultIcon	nchsetup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\.webp\OpenWithProgIds	nchsetup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.rar\Shell\NCHextract\command\ = "\"C:\\Program Files (x86)\\NCH Software\\Pixillion\\pixillion.exe\" -extfind ExpressZip \"%L\""	nchsetup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\NCH.Pixillion.arw\Shell\Convert with Pixillion\command\ = "\"C:\\Program Files (x86)\\NCH Software\\Pixillion\\pixillion.exe\" -add \"%L\""	nchsetup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.pgm\Shell\Convert with Pixillion	nchsetup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\NCH.Pixillion.dng\Shell	nchsetup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\NCH.Pixillion.jfif\DefaultIcon\ = "C:\\Program Files (x86)\\NCH Software\\Pixillion\\pixillion.exe,0"	nchsetup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\NCH.Pixillion.erf\shell	nchsetup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.svgz\Shell\Convert with Pixillion\command	nchsetup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\NCH.Pixillion.emf	nchsetup.exe
Key created	\REGISTRY\USER\S-1-5-21-160263616-143223877-1356318919-1000_Classes\dssfile\shell	nchsetup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.pgf\OpenWithProgIds	nchsetup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.raw	nchsetup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\NCH.Pixillion.rl8\Shell\open\command	nchsetup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.bz2\Shell\NCHextract	nchsetup.exe
Key created	\REGISTRY\USER\S-1-5-21-160263616-143223877-1356318919-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	pixillion.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-160263616-143223877-1356318919-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Downloads"	pixillion.exe
Key created	\REGISTRY\USER\S-1-5-21-160263616-143223877-1356318919-1000_Classes\.hdp	nchsetup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.tar\Shell\NCHextract	nchsetup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.emz	nchsetup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\SystemFileAssociations\.iso\Shell\NCHextract	nchsetup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-160263616-143223877-1356318919-1000_Classes\.jps\ = "NCH.Pixillion.jps"	nchsetup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\.svg\OpenWithProgIds\NCH.Pixillion.svg = "0"	nchsetup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.ts\Shell\NCHeditvideo\command\ = "\"C:\\Program Files (x86)\\NCH Software\\Pixillion\\pixillion.exe\" -extfind VideoPad \"%L\""	nchsetup.exe
Key created	\REGISTRY\USER\S-1-5-21-160263616-143223877-1356318919-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\3	msedge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\NCH.Pixillion.pbm	nchsetup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\NCH.Pixillion.avif\Shell\ = "Open"	nchsetup.exe

Modifies system certificate store 2 TTPs 5 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 04000000010000001000000078f2fcaa601f2fb4ebc937ba532e75490f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e4190000000100000010000000ffac207997bb2cfe865570179ee037b92000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	agent_launcher.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 5c000000010000000400000000100000190000000100000010000000ffac207997bb2cfe865570179ee037b9030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e199604000000010000001000000078f2fcaa601f2fb4ebc937ba532e75492000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	agent_launcher.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4	agent_launcher.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 0f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e42000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	agent_launcher.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 190000000100000010000000ffac207997bb2cfe865570179ee037b9030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e19962000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	agent_launcher.exe

NTFS ADS 11 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 790843.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\KG_Ransom.exe:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\bitdefender-logo.jpg:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\png-transparent-bitdefender-android-antivirus-software-mobile-security-mobile-security-text-trademark-logo-thumbnail.png:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 190429.crdownload:SmartScreen	msedge.exe
File created	C:\Program Files (x86)\NCH Software\Pixillion\pixillionsetup_v12.26.exe\:Zone.Identifier:$DATA	nchsetup.exe
File opened for modification	C:\Users\Admin\Downloads\PixillionImageConverter.exe:Zone.Identifier	msedge.exe
File created	C:\Program Files (x86)\NCH Software\Pixillion\pixillionsetup_v12.26.exe\:SmartScreen:$DATA	nchsetup.exe
File opened for modification	C:\Users\Admin\Downloads\Chaos_Ransomware_Builder_v4_Cleaned.rar:Zone.Identifier	msedge.exe
File created	C:\Users\Admin\AppData\Local\Temp\7zO8C8198BD\Chaos Ransomware Builder v4 Cleaned.exe:Zone.Identifier	7zFM.exe
File opened for modification	C:\Users\Admin\Downloads\png-transparent-bitdefender-android-antivirus-software-mobile-security-mobile-security-text-trademark-logo-thumbnail-removebg-preview.png:Zone.Identifier	msedge.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
6032	NOTEPAD.EXE

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
2416	svchost.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
5108	msedge.exe
5108	msedge.exe
4304	msedge.exe
4304	msedge.exe
3040	ProductAgentService.exe
3040	ProductAgentService.exe
3040	ProductAgentService.exe
3040	ProductAgentService.exe
3040	ProductAgentService.exe
3040	ProductAgentService.exe
3132	msedge.exe
3132	msedge.exe
3040	ProductAgentService.exe
3040	ProductAgentService.exe
4932	identity_helper.exe
4932	identity_helper.exe
3516	msedge.exe
3516	msedge.exe
5256	msedge.exe
5256	msedge.exe
5256	msedge.exe
5256	msedge.exe
3040	ProductAgentService.exe
3040	ProductAgentService.exe
6560	msedge.exe
6560	msedge.exe
1668	msedge.exe
1668	msedge.exe
7204	msedge.exe
7204	msedge.exe
5724	msedge.exe
5724	msedge.exe
756	msedge.exe
756	msedge.exe
6436	msedge.exe
6436	msedge.exe
6036	nchsetup.exe
6036	nchsetup.exe
6036	nchsetup.exe
6036	nchsetup.exe
6508	msedge.exe
6508	msedge.exe
3040	ProductAgentService.exe
3040	ProductAgentService.exe
6568	msedge.exe
6568	msedge.exe
3972	msedge.exe
3972	msedge.exe
7128	msedge.exe
7128	msedge.exe
5808	msedge.exe
5808	msedge.exe
7444	msedge.exe
7444	msedge.exe
2084	7zFM.exe
2084	7zFM.exe
5032	bitdefender_tsecurity.exe
5032	bitdefender_tsecurity.exe
5032	bitdefender_tsecurity.exe
5032	bitdefender_tsecurity.exe
5032	bitdefender_tsecurity.exe
5032	bitdefender_tsecurity.exe
5032	bitdefender_tsecurity.exe
5032	bitdefender_tsecurity.exe

Suspicious behavior: GetForegroundWindowSpam 6 IoCs

pid	Process
2364	pixillion.exe
6344	7zFM.exe
2084	7zFM.exe
3208	Chaos Ransomware Builderv4.exe
6568	msedge.exe
7128	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs

pid	Process
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe

Suspicious use of AdjustPrivilegeToken 24 IoCs

description	pid	Process
Token: SeDebugPrivilege	3132	installer.exe
Token: 35	3132	installer.exe
Token: 35	3132	installer.exe
Token: 35	3132	installer.exe
Token: SeRestorePrivilege	3132	installer.exe
Token: SeDebugPrivilege	3040	ProductAgentService.exe
Token: SeDebugPrivilege	3040	ProductAgentService.exe
Token: SeDebugPrivilege	3040	ProductAgentService.exe
Token: SeRestorePrivilege	6344	7zFM.exe
Token: 35	6344	7zFM.exe
Token: SeSecurityPrivilege	6344	7zFM.exe
Token: SeDebugPrivilege	3040	ProductAgentService.exe
Token: SeRestorePrivilege	2084	7zFM.exe
Token: 35	2084	7zFM.exe
Token: SeSecurityPrivilege	2084	7zFM.exe
Token: SeSecurityPrivilege	2084	7zFM.exe
Token: SeDebugPrivilege	5576	Installer.exe
Token: SeSecurityPrivilege	5576	Installer.exe
Token: SeDebugPrivilege	5032	bitdefender_tsecurity.exe
Token: SeDebugPrivilege	2416	svchost.exe
Token: SeDebugPrivilege	5772	bitdefender_tsecurity.exe
Token: SeDebugPrivilege	8080	svchost.exe
Token: SeDebugPrivilege	3176	KG_Ransom.exe
Token: SeDebugPrivilege	2104	svchost.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe

Suspicious use of SendNotifyMessage 16 IoCs

pid	Process
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe

Suspicious use of SetWindowsHookEx 19 IoCs

pid	Process
2452	MiniSearchHost.exe
1668	msedge.exe
5724	msedge.exe
2364	pixillion.exe
7812	Chaos Ransomware Builder v4 Cleaned.exe
7812	Chaos Ransomware Builder v4 Cleaned.exe
6532	installer.exe
3208	Chaos Ransomware Builderv4.exe
5576	Installer.exe
6568	msedge.exe
2364	pixillion.exe
3208	Chaos Ransomware Builderv4.exe
3208	Chaos Ransomware Builderv4.exe
3208	Chaos Ransomware Builderv4.exe
3208	Chaos Ransomware Builderv4.exe
3208	Chaos Ransomware Builderv4.exe
7128	msedge.exe
5808	msedge.exe
7444	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2416 wrote to memory of 3740	2416	bitdefender_tsecurity.exe	80
PID 2416 wrote to memory of 3740	2416	bitdefender_tsecurity.exe	80
PID 2416 wrote to memory of 3740	2416	bitdefender_tsecurity.exe	80
PID 3740 wrote to memory of 3604	3740	agent_launcher.exe	83
PID 3740 wrote to memory of 3604	3740	agent_launcher.exe	83
PID 3740 wrote to memory of 3604	3740	agent_launcher.exe	83
PID 3604 wrote to memory of 2452	3604	bddeploy.exe	107
PID 3604 wrote to memory of 2452	3604	bddeploy.exe	107
PID 3604 wrote to memory of 2452	3604	bddeploy.exe	107
PID 3604 wrote to memory of 3132	3604	bddeploy.exe	85
PID 3604 wrote to memory of 3132	3604	bddeploy.exe	85
PID 3604 wrote to memory of 3132	3604	bddeploy.exe	85
PID 5108 wrote to memory of 3580	5108	msedge.exe	87
PID 5108 wrote to memory of 3580	5108	msedge.exe	87
PID 5108 wrote to memory of 2812	5108	msedge.exe	88
PID 5108 wrote to memory of 2812	5108	msedge.exe	88
PID 5108 wrote to memory of 2812	5108	msedge.exe	88
PID 5108 wrote to memory of 2812	5108	msedge.exe	88
PID 5108 wrote to memory of 2812	5108	msedge.exe	88
PID 5108 wrote to memory of 2812	5108	msedge.exe	88
PID 5108 wrote to memory of 2812	5108	msedge.exe	88
PID 5108 wrote to memory of 2812	5108	msedge.exe	88
PID 5108 wrote to memory of 2812	5108	msedge.exe	88
PID 5108 wrote to memory of 2812	5108	msedge.exe	88
PID 5108 wrote to memory of 2812	5108	msedge.exe	88
PID 5108 wrote to memory of 2812	5108	msedge.exe	88
PID 5108 wrote to memory of 2812	5108	msedge.exe	88
PID 5108 wrote to memory of 2812	5108	msedge.exe	88
PID 5108 wrote to memory of 2812	5108	msedge.exe	88
PID 5108 wrote to memory of 2812	5108	msedge.exe	88
PID 5108 wrote to memory of 2812	5108	msedge.exe	88
PID 5108 wrote to memory of 2812	5108	msedge.exe	88
PID 5108 wrote to memory of 2812	5108	msedge.exe	88
PID 5108 wrote to memory of 2812	5108	msedge.exe	88
PID 5108 wrote to memory of 2812	5108	msedge.exe	88
PID 5108 wrote to memory of 2812	5108	msedge.exe	88
PID 5108 wrote to memory of 2812	5108	msedge.exe	88
PID 5108 wrote to memory of 2812	5108	msedge.exe	88
PID 5108 wrote to memory of 2812	5108	msedge.exe	88
PID 5108 wrote to memory of 2812	5108	msedge.exe	88
PID 5108 wrote to memory of 2812	5108	msedge.exe	88
PID 5108 wrote to memory of 2812	5108	msedge.exe	88
PID 5108 wrote to memory of 2812	5108	msedge.exe	88
PID 5108 wrote to memory of 2812	5108	msedge.exe	88
PID 5108 wrote to memory of 2812	5108	msedge.exe	88
PID 5108 wrote to memory of 2812	5108	msedge.exe	88
PID 5108 wrote to memory of 2812	5108	msedge.exe	88
PID 5108 wrote to memory of 2812	5108	msedge.exe	88
PID 5108 wrote to memory of 2812	5108	msedge.exe	88
PID 5108 wrote to memory of 2812	5108	msedge.exe	88
PID 5108 wrote to memory of 2812	5108	msedge.exe	88
PID 5108 wrote to memory of 2812	5108	msedge.exe	88
PID 5108 wrote to memory of 2812	5108	msedge.exe	88
PID 5108 wrote to memory of 2812	5108	msedge.exe	88
PID 5108 wrote to memory of 4304	5108	msedge.exe	89
PID 5108 wrote to memory of 4304	5108	msedge.exe	89
PID 5108 wrote to memory of 2504	5108	msedge.exe	90
PID 5108 wrote to memory of 2504	5108	msedge.exe	90
PID 5108 wrote to memory of 2504	5108	msedge.exe	90
PID 5108 wrote to memory of 2504	5108	msedge.exe	90
PID 5108 wrote to memory of 2504	5108	msedge.exe	90
PID 5108 wrote to memory of 2504	5108	msedge.exe	90
PID 5108 wrote to memory of 2504	5108	msedge.exe	90
PID 5108 wrote to memory of 2504	5108	msedge.exe	90

C:\Users\Admin\AppData\Local\Temp\bitdefender_tsecurity.exe
"C:\Users\Admin\AppData\Local\Temp\bitdefender_tsecurity.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2416
- C:\Users\Admin\AppData\Local\Temp\RarSFX0\agent_launcher.exe
  "C:\Users\Admin\AppData\Local\Temp\RarSFX0\agent_launcher.exe"
  2⤵
  - Executes dropped EXE
  - Modifies system certificate store
  - Suspicious use of WriteProcessMemory
  PID:3740
- - C:\Users\Admin\AppData\Local\Temp\RarSFX0\bddeploy.exe
    "C:\Users\Admin\AppData\Local\Temp\RarSFX0\bddeploy.exe"
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:3604
  - - C:\Users\Admin\AppData\Local\Temp\RarSFX0\packages\setuppackage.exe
      "C:\Users\Admin\AppData\Local\Temp\RarSFX0\packages\setuppackage.exe"
      4⤵
      Executes dropped EXE
      PID:2452
  - - C:\Users\Admin\AppData\Local\Temp\RarSFX0\packages\installer.exe
      "C:\Users\Admin\AppData\Local\Temp\RarSFX0\packages\installer.exe"
      4⤵
      Drops file in Program Files directory
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of AdjustPrivilegeToken
      PID:3132
    - - C:\Program Files\Bitdefender Agent\ProductAgentService.exe
        
        "C:\Program Files\Bitdefender Agent\ProductAgentService.exe" protect
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:4904
    - - C:\Program Files\Bitdefender Agent\ProductAgentService.exe
        
        "C:\Program Files\Bitdefender Agent\ProductAgentService.exe" install
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:976
    - - C:\Program Files\Bitdefender Agent\ProductAgentService.exe
        
        "C:\Program Files\Bitdefender Agent\ProductAgentService.exe" enable
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:3284
    - - C:\Program Files\Bitdefender Agent\ProductAgentService.exe
        
        "C:\Program Files\Bitdefender Agent\ProductAgentService.exe" start "C:\Users\Admin\AppData\Local\Temp\bitdefender_tsecurity.exe"
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2036

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff9aeba3cb8,0x7ff9aeba3cc8,0x7ff9aeba3cd8
  2⤵
  PID:3580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1940 /prefetch:2
  2⤵
  PID:2812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2288 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2500 /prefetch:8
  2⤵
  PID:2504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3180 /prefetch:1
  2⤵
  PID:1408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:1200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4816 /prefetch:1
  2⤵
  PID:1836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4960 /prefetch:1
  2⤵
  PID:2552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:3292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5540 /prefetch:1
  2⤵
  PID:2424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5392 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3132
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5816 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5216 /prefetch:1
  2⤵
  PID:5096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4476 /prefetch:1
  2⤵
  PID:2036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5204 /prefetch:1
  2⤵
  PID:3132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5204 /prefetch:1
  2⤵
  PID:4776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4656 /prefetch:1
  2⤵
  PID:4732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4648 /prefetch:8
  2⤵
  PID:968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=4580 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4832 /prefetch:1
  2⤵
  PID:3300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5920 /prefetch:1
  2⤵
  PID:3132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5128 /prefetch:1
  2⤵
  PID:2960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5488 /prefetch:8
  2⤵
  PID:5440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5916 /prefetch:1
  2⤵
  PID:6124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6520 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7068 /prefetch:1
  2⤵
  PID:5712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6984 /prefetch:1
  2⤵
  PID:1300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6704 /prefetch:1
  2⤵
  PID:4892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6848 /prefetch:1
  2⤵
  PID:5472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7228 /prefetch:1
  2⤵
  PID:4924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7100 /prefetch:1
  2⤵
  PID:4976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5304 /prefetch:1
  2⤵
  PID:3412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7632 /prefetch:1
  2⤵
  PID:4884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2728 /prefetch:1
  2⤵
  PID:3576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:5180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8176 /prefetch:1
  2⤵
  PID:4172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8456 /prefetch:1
  2⤵
  PID:2532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8440 /prefetch:1
  2⤵
  PID:2372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8612 /prefetch:1
  2⤵
  PID:2288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8444 /prefetch:1
  2⤵
  PID:728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=9284 /prefetch:8
  2⤵
  PID:1128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7872 /prefetch:1
  2⤵
  PID:4428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9680 /prefetch:1
  2⤵
  PID:4572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9812 /prefetch:1
  2⤵
  PID:5860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9960 /prefetch:1
  2⤵
  PID:4484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9488 /prefetch:1
  2⤵
  PID:1388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9476 /prefetch:1
  2⤵
  PID:4556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10216 /prefetch:1
  2⤵
  PID:5920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10344 /prefetch:1
  2⤵
  PID:5908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10484 /prefetch:1
  2⤵
  PID:1152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11168 /prefetch:1
  2⤵
  PID:6184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10104 /prefetch:1
  2⤵
  PID:6360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=11456 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:6560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11416 /prefetch:1
  2⤵
  PID:6716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9592 /prefetch:1
  2⤵
  PID:6904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11512 /prefetch:1
  2⤵
  PID:6860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11708 /prefetch:1
  2⤵
  PID:6944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11984 /prefetch:1
  2⤵
  PID:7068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12024 /prefetch:1
  2⤵
  PID:5348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11600 /prefetch:1
  2⤵
  PID:6580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12188 /prefetch:1
  2⤵
  PID:6732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12136 /prefetch:1
  2⤵
  PID:6736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11740 /prefetch:1
  2⤵
  PID:6576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12660 /prefetch:1
  2⤵
  PID:7240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10880 /prefetch:1
  2⤵
  PID:7248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12664 /prefetch:1
  2⤵
  PID:7500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11892 /prefetch:1
  2⤵
  PID:8076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4996 /prefetch:1
  2⤵
  PID:1388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7120 /prefetch:1
  2⤵
  PID:6372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12020 /prefetch:1
  2⤵
  PID:6284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11912 /prefetch:1
  2⤵
  PID:6304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6516 /prefetch:1
  2⤵
  PID:6312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11220 /prefetch:1
  2⤵
  PID:7816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10188 /prefetch:1
  2⤵
  PID:6556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8872 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:1668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10504 /prefetch:1
  2⤵
  PID:3684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4524 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:7204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1756 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:5724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=82 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7132 /prefetch:1
  2⤵
  PID:7296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=12764 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=84 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5600 /prefetch:1
  2⤵
  PID:4668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=85 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:7896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=87 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5968 /prefetch:1
  2⤵
  PID:4644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7912 /prefetch:8
  2⤵
  PID:3288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8928 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:6436
- C:\Users\Admin\Downloads\PixillionImageConverter.exe
  "C:\Users\Admin\Downloads\PixillionImageConverter.exe"
  2⤵
  - Executes dropped EXE
  PID:7572
- - C:\Users\Admin\AppData\Local\Temp\n1s\nchsetup.exe
    "C:\Users\Admin\AppData\Local\Temp\n1s\nchsetup.exe" -installer "C:\Users\Admin\Downloads\PixillionImageConverter.exe" -instdata "C:\Users\Admin\AppData\Local\Temp\n1s\nchdata.dat"
    3⤵
    - Adds Run key to start application
    - Drops file in Program Files directory
    - Executes dropped EXE
    - Registers COM server for autorun
    - Modifies registry class
    - NTFS ADS
    - Suspicious behavior: EnumeratesProcesses
    PID:6036
  - - C:\Program Files (x86)\NCH Software\Pixillion\freetype.exe
      "C:\Program Files (x86)\NCH Software\Pixillion\freetype.exe" -LQUIET -instby fiPixillion -instsvar PIXILLIONRelatedprogramspaidoffLLIBInstquickon
      4⤵
      Executes dropped EXE
      PID:7488
  - - C:\Program Files (x86)\NCH Software\Pixillion\pixillion.exe
      "C:\Program Files (x86)\NCH Software\Pixillion\pixillion.exe"
      4⤵
      Executes dropped EXE
      Enumerates system info in registry
      Modifies registry class
      Suspicious behavior: GetForegroundWindowSpam
      Suspicious use of SetWindowsHookEx
      PID:2364
    - - C:\Program Files (x86)\NCH Software\Pixillion\pixillion.exe
        
        "C:\Program Files (x86)\NCH Software\Pixillion\pixillion.exe" -add "C:\Users\Admin\Pictures\png-transparent-bitdefender-android-antivirus-software-mobile-security-mobile-security-text-trademark-logo-thumbnail-removebg-preview.ico"
        5⤵
        Executes dropped EXE
        
        PID:7880
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.nchsoftware.com/software/thanks.html?software=Pixillion&appname=Pixillion&version=12.26&appbits=32&base=imageconverter&domain=nchsoftware&buyoffer=pixillion&pclass=plus&rgst=0&instby=dl&iid=oFzybWghiuY&help=0&ostype=48&osver=10.0&svar=PIXILLIONRelatedprogramspaidoffLLIBInstquickonPIXILLIONShowoutfilesize2onLLIBControloffPIXILLIONSplashv2offIc2rUTfgPIXILLIONRecentfilesonDRBvGxohPIXILLIONRemovedropdownonF3ocCC9wGUwfPIXILLIONOilpaintfilteroffHZDtR4hvDiphHo1nIb1oNxmtI03nZTUvDFWwIwldPIXILLIONRemovebgtboffOqwkFHoeHtpdPIXILLIONNewoutdirlabeloffPIXILLIONOutputfolderpdlonXparPIXILLIONSetoutfolderonEwdjPz6fOVJfOElvTNDhPIXILLIONCompressbtnv2offPIXILLIONSucav2offBISrHm7bMBNePIXILLIONAllfilesfilteronGVjhPIXILLIONApplyefxchoiceonUizj&usage=07D202&usagestats=png-ico(2)&usechoice=lluim(0)&daysusedprogram=1&usedsubstpct=2&secsfr=238&active10s=5&refdata=refdate%3D1712019369%26referrer%3Dhttps%253A%252F%252Fwww.bing.com%252F%26ref%3D%26ref2%3D%26ref3%3D%26kw%3Dconvert%2520pictures%2520to%2520icons%26theme%3D%26pageconfig%3D%26download%3DPixillionImageConverter%26clientid%3D%26platform%3DWin%26language%3DEN%26browser%3DEdge%26screenwidth%3D0%26screenheight%3D0%26cpucores%3D0%26webvar%3DPixillion.DownloadProgressBar3.Off%252CPixillion.ConvertImgBulletPt.On%252CPixillion.AddFileH1Title.On%252CPixillion.WideBigHdrBanner.On%252CPixillion.WideScreenIncreaseFontSize.On%252CPixillion.H2FileFmtSortPopularity.Off%252CPixillion.RotateIntroBulletAddMultipleTxt.Off%252CPixillion.IntroTxtNewSentence.Off%252CPixillion.ShorterSuppFileFormatBlock.On%252CPixillion.H2TitleAddBatch.On%252CPixillion.ChangeFeaturesRightPreviewImg.On%252CPixillion.AddLinkFreeBulletPt.Off%252CPixillion.MoveGetItFreeBlock2.On%252CImageconverter.H1DownloadLink.On%252CImageconverter.TopDivDldBtn.On%252CImageconverter.CrazyEggHoverStyle.On%252CImageconverter.NavBarFreeTrial.Off%252CImageconverter.NavBarSpecialOffersNsFalse.On%252CPixillion.ChangeStickyHdrBtnTxt.Off%252CAll.ShowManageCookiesLinkNoWV.On%252CAll.CookieNoticeBtnOKWithThat.On%252CAll.EdgeDldBubbleTip.On
        5⤵
        
        PID:948
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff9aeba3cb8,0x7ff9aeba3cc8,0x7ff9aeba3cd8
        6⤵
        
        PID:7580
  - - C:\Program Files (x86)\NCH Software\Pixillion\pixillion.exe
      "C:\Program Files (x86)\NCH Software\Pixillion\pixillion.exe" -installsched
      4⤵
      Executes dropped EXE
      PID:6488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=90 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4956 /prefetch:1
  2⤵
  PID:852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=91 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10332 /prefetch:1
  2⤵
  PID:5356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=92 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5764 /prefetch:1
  2⤵
  PID:2800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=93 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12724 /prefetch:1
  2⤵
  PID:8060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=94 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10436 /prefetch:1
  2⤵
  PID:6068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=95 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10700 /prefetch:1
  2⤵
  PID:7648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=97 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10416 /prefetch:1
  2⤵
  PID:5864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=10068 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:6508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=99 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9908 /prefetch:1
  2⤵
  PID:1648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=100 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9836 /prefetch:1
  2⤵
  PID:5452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=101 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6020 /prefetch:1
  2⤵
  PID:2548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=102 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1276 /prefetch:1
  2⤵
  PID:3464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=103 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5028 /prefetch:1
  2⤵
  PID:8176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=104 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1252 /prefetch:1
  2⤵
  PID:6340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=105 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4972 /prefetch:1
  2⤵
  PID:6384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=106 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4992 /prefetch:1
  2⤵
  PID:1388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=107 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10392 /prefetch:1
  2⤵
  PID:5812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=12828 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:6568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=110 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13252 /prefetch:1
  2⤵
  PID:6560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=13248 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:3972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=112 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11220 /prefetch:1
  2⤵
  PID:4644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=113 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12752 /prefetch:1
  2⤵
  PID:6184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=114 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5060 /prefetch:1
  2⤵
  PID:1584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=115 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8928 /prefetch:1
  2⤵
  PID:6936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=116 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12504 /prefetch:1
  2⤵
  PID:5404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=117 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11884 /prefetch:1
  2⤵
  PID:7524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5940 /prefetch:8
  2⤵
  PID:5924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1756 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:7128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=120 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5552 /prefetch:1
  2⤵
  PID:2872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=121 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10956 /prefetch:1
  2⤵
  PID:488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=122 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:1
  2⤵
  PID:200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=123 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5892 /prefetch:1
  2⤵
  PID:8128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=13016 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:5808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=125 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11228 /prefetch:1
  2⤵
  PID:4776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=126 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13108 /prefetch:1
  2⤵
  PID:5668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=127 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5948 /prefetch:1
  2⤵
  PID:6008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=128 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5940 /prefetch:1
  2⤵
  PID:7792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=13192 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:7444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=130 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5892 /prefetch:1
  2⤵
  PID:2856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=131 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9576 /prefetch:1
  2⤵
  PID:5468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=132 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13192 /prefetch:1
  2⤵
  PID:6060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=133 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7552 /prefetch:1
  2⤵
  PID:7152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=134 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11168 /prefetch:1
  2⤵
  PID:3964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=135 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13020 /prefetch:1
  2⤵
  PID:8044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=136 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13468 /prefetch:1
  2⤵
  PID:8108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=137 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13444 /prefetch:1
  2⤵
  PID:1900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=138 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8748 /prefetch:1
  2⤵
  PID:7628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=139 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9320 /prefetch:1
  2⤵
  PID:2296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=140 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9300 /prefetch:1
  2⤵
  PID:4520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=141 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13960 /prefetch:1
  2⤵
  PID:8176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=142 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12860 /prefetch:1
  2⤵
  PID:8072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=143 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9700 /prefetch:1
  2⤵
  PID:7764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=144 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12484 /prefetch:1
  2⤵
  PID:7280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=145 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13436 /prefetch:1
  2⤵
  PID:7964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=146 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10444 /prefetch:1
  2⤵
  PID:8016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=147 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13656 /prefetch:1
  2⤵
  PID:6652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=148 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3052 /prefetch:1
  2⤵
  PID:4560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=149 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13780 /prefetch:1
  2⤵
  PID:904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=150 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12652 /prefetch:1
  2⤵
  PID:3396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=151 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14152 /prefetch:1
  2⤵
  PID:7612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=152 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14188 /prefetch:1
  2⤵
  PID:3288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=153 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9852 /prefetch:1
  2⤵
  PID:2148

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4684

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4776

C:\Program Files\Bitdefender Agent\redline\bdredline.exe
"C:\Program Files\Bitdefender Agent\redline\bdredline.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:4408

C:\Program Files\Bitdefender Agent\ProductAgentService.exe
"C:\Program Files\Bitdefender Agent\ProductAgentService.exe"
1⤵
- Drops file in System32 directory
- Executes dropped EXE
- Loads dropped DLL
- Checks processor information in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:3040
- C:\Program Files\Bitdefender Agent\27.0.1.266\DiscoverySrv.exe
  "C:\Program Files\Bitdefender Agent\27.0.1.266\DiscoverySrv.exe" install
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Modifies data under HKEY_USERS
  PID:980
- - C:\Windows\SysWOW64\regsvr32.exe
    regsvr32 /s "C:\Program Files\Bitdefender Agent\27.0.1.266\DiscoveryComp.dll"
    3⤵
    - Loads dropped DLL
    PID:2656
- C:\Program Files\Bitdefender Agent\27.0.1.266\DiscoverySrv.exe
  "C:\Program Files\Bitdefender Agent\27.0.1.266\DiscoverySrv.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Modifies data under HKEY_USERS
  PID:4160
- C:\Program Files\Bitdefender Agent\ProductAgentService.exe
  "ProductAgentService.exe" login_silent
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2884
- C:\Program Files\Bitdefender Agent\27.0.1.266\ProductAgentUI.exe
  "C:\Program Files\Bitdefender Agent\27.0.1.266\ProductAgentUI.exe" show=progress event_retry=Global\7295237F-E98C-4C46-A4A4-07F0D66278C2 app_name="Bitdefender Security"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Modifies data under HKEY_USERS
  PID:3380
- C:\Program Files\Bitdefender Agent\27.0.1.266\WatchDog.exe
  "C:\Program Files\Bitdefender Agent\27.0.1.266\WatchDog.exe" install
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Modifies data under HKEY_USERS
  PID:3248
- C:\Windows\TEMP\bd_1CCA.tmp\wgj1CCB.tmp
  "C:\Windows\TEMP\bd_1CCA.tmp\wgj1CCB.tmp" /source:web /attach
  2⤵
  - Executes dropped EXE
  PID:6608
- - C:\Users\Admin\AppData\Local\Temp\RarSFX0\installer.exe
    "C:\Users\Admin\AppData\Local\Temp\RarSFX0\installer.exe" /kitArchive
    3⤵
    - Drops file in Program Files directory
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:6532
  - - C:\Program Files\Common Files\Bitdefender\SetupInformation\CL-27-A80376B5-6FF2-470E-A642-6DCD2E109C3F\Installer.exe
      "C:\Program Files\Common Files\Bitdefender\SetupInformation\CL-27-A80376B5-6FF2-470E-A642-6DCD2E109C3F\Installer.exe" /attach /source:web /setup-folder:"CL-27-A80376B5-6FF2-470E-A642-6DCD2E109C3F" /step=new_install
      4⤵
      Executes dropped EXE
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of SetWindowsHookEx
      PID:5576

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Suspicious use of SetWindowsHookEx
PID:2452

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation -p -s upnphost
1⤵
- Drops file in Windows directory
PID:4260

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x0000000000000440 0x000000000000047C
1⤵
PID:4684

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2792

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
1⤵
PID:6368

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\Chaos_Ransomware_Builder_v4_Cleaned.rar"
1⤵
- NTFS ADS
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
PID:6344
- C:\Users\Admin\AppData\Local\Temp\7zO8C8198BD\Chaos Ransomware Builder v4 Cleaned.exe
  "C:\Users\Admin\AppData\Local\Temp\7zO8C8198BD\Chaos Ransomware Builder v4 Cleaned.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:7812

C:\Windows\SysWOW64\werfault.exe
werfault.exe /h /shared Global\43b432e6b2954c99aeb7fdce78010983 /t 6272 /p 7812
1⤵
PID:7800

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\Chaos_Ransomware_Builder_v4_Cleaned.rar"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
PID:2084
- C:\Users\Admin\AppData\Local\Temp\7zO4284671E\Chaos Ransomware Builderv4.exe
  "C:\Users\Admin\AppData\Local\Temp\7zO4284671E\Chaos Ransomware Builderv4.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:3208
- - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
    "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\qlykvbko\qlykvbko.cmdline"
    3⤵
    PID:2020
  - - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
      C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESF061.tmp" "c:\Users\Admin\Documents\CSC198049FDA07F4C449B5FC8D51646D0CF.TMP"
      4⤵
      PID:2416

C:\Program Files (x86)\NCH Software\Pixillion\pixillion.exe
"C:\Program Files (x86)\NCH Software\Pixillion\pixillion.exe" -add "C:\Users\Admin\Pictures\png-transparent-bitdefender-android-antivirus-software-mobile-security-mobile-security-text-trademark-logo-thumbnail-removebg-preview.ico"
1⤵
- Executes dropped EXE
PID:5472

C:\Program Files (x86)\NCH Software\Pixillion\pixillion.exe
"C:\Program Files (x86)\NCH Software\Pixillion\pixillion.exe" -add "C:\Users\Admin\Pictures\png-transparent-bitdefender-android-antivirus-software-mobile-security-mobile-security-text-trademark-logo-thumbnail-removebg-preview.ico"
1⤵
- Executes dropped EXE
PID:2340

C:\Users\Admin\Desktop\bitdefender_tsecurity.exe
"C:\Users\Admin\Desktop\bitdefender_tsecurity.exe"
1⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:5032
- C:\Users\Admin\AppData\Roaming\svchost.exe
  "C:\Users\Admin\AppData\Roaming\svchost.exe"
  2⤵
  - Drops startup file
  - Drops desktop.ini file(s)
  - Sets desktop wallpaper using registry
  - Executes dropped EXE
  - Modifies registry class
  - Suspicious behavior: AddClipboardFormatListener
  - Suspicious use of AdjustPrivilegeToken
  PID:2416
- - C:\Windows\system32\NOTEPAD.EXE
    "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Roaming\fuckthisshit.txt
    3⤵
    - Opens file in notepad (likely ransom note)
    PID:6032

C:\Users\Admin\Desktop\bitdefender_tsecurity.exe
"C:\Users\Admin\Desktop\bitdefender_tsecurity.exe"
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:5772
- C:\Users\Admin\AppData\Roaming\svchost.exe
  "C:\Users\Admin\AppData\Roaming\svchost.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  PID:8080

C:\Users\Admin\Desktop\KG_Ransom.exe
"C:\Users\Admin\Desktop\KG_Ransom.exe"
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:3176
- C:\Users\Admin\AppData\Roaming\svchost.exe
  "C:\Users\Admin\AppData\Roaming\svchost.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  PID:2104

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Defacement

T1491

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\NCH Software\Pixillion\freetype.exe

Filesize
263KB

MD5
9d922ff98ab5ef728bf482a46c565647

SHA1
a4d4958331070b2c8ca8aed814b32a50d93e595e

SHA256
946ec5e46e155101da5a5e8b03aaafb4f0359efa437a99ae38d395763e73bccf

SHA512
c1c6a50e0d8694838a05fc8f0fdc064ca1b8904fed3ae4de458db226116ab27b636faab00cfaccc5d647244d1b36ddda4a78b354d61a51c262a3645f4d4a453b

Download Submit
C:\Program Files (x86)\NCH Software\Pixillion\shellmenu.dll

Filesize
141KB

MD5
a250181db96761bf9cefd9764d4d6365

SHA1
85af369856ec5d16d001ac22c8fe3556c8495903

SHA256
2c28b15bf2bfe0aef64e3a0102a2cfc8fa2d9d285e2dff29a8c4fd06bf8a5e5f

SHA512
a0dde233622f60085c0266608ddff6ef713fddd23f7f8d333c5cc078b330126f137b701ad64fe837ad35111de7684de54662cbf76e6d0ae2892563177aba87d8

Download Submit
C:\Program Files\Bitdefender Agent\27.0.1.266\ProductAgent.dll

Filesize
1.6MB

MD5
040085a581765d2e45821d944e60d64f

SHA1
ebb4c62842a323d06274d4cab99fd51044412c27

SHA256
efcc3b7457195adb080986525b34cda9e0d5a3582e953f4d2733257039b40db8

SHA512
adb5ba2d2e2c518296a73d0b6c2ded9f3ae8a84f250f7180c4bf833093709fe0cd30ea10c4d2cecb392f9992973a5f707884d9bf6506e84b9c379516a1b60e6f

Download Submit
C:\Program Files\Bitdefender Agent\27.0.1.266\bdch.json

Filesize
1KB

MD5
b396eaa7cfcd6de11bd5087871d30d28

SHA1
353b9f636e6b09cbc035c9033bdad993700b035c

SHA256
3926622c0dbb1343a665edcfbc406047d313f91b90adae7421f9c06f4301d9fa

SHA512
2225c9922fe18d8e5d094d64b835fac8be63a98489bb323e4566b41990be4c40ba2e7fc6695f7c147395bc3e7bb36e9873b0eafd0655cecc98cf08f75c41f38f

Download Submit
C:\Program Files\Bitdefender Agent\27.0.1.266\bdec.dll

Filesize
508KB

MD5
e2a0334684b05bf05a953b80a4832d20

SHA1
d29dec0042c65ac02c411e4caed37a5e1aa84d5b

SHA256
7dedb34158f800166567887c7a007a85eca0be379d20d51da3230f66c6b094c0

SHA512
0d486947d1c87ee632930afb49dae1061bee5b271e16a419c9e37a92c7083509de3e8980a73f8a9f2724421612f2cb9d33ea4156ab5c3afa34e4a98fed84ea92

Download Submit
C:\Program Files\Bitdefender Agent\27.0.1.266\bdec.ini

Filesize
129B

MD5
96d15c4f3db04429631866751a1d2890

SHA1
61066ffead2b6859e4d3fd497a78b05343ccf25e

SHA256
e8d31c1de790f738ef75daa0402584560a0672402d0d3ded0899d2dbc95fb911

SHA512
2e5c94e2d92eadd28f604ed1f04d6e2dc9d9a4ffb3c2270e9d19792ad41c0c536260616a17b433f4f2bc57b31b116ffa06eefb61955b98029f15593db4122189

Download Submit
C:\Program Files\Bitdefender Agent\27.0.1.266\bdnc.dll

Filesize
2.6MB

MD5
c86511990365ac18cfb527e41a6f7eac

SHA1
d5119c749ba9c4f4a91120381cae151ce8cb82ad

SHA256
eb247a43d0cfd0662559f1e3a2bb6656a6b7d465c8d404d5a3ea090daad78196

SHA512
d76df94f69421921a04f768b04120cef09db6e6f8d8a930033893766444029c0be9c86250e49e9ea11c6d804cd16f4676ab0be860486d22f4992a65deaf30df5

Download Submit
C:\Program Files\Bitdefender Agent\27.0.1.266\bdnc.ini

Filesize
155B

MD5
758591d297b16ee7b5127f2fe3e67a27

SHA1
d782a572579a9f52e31bef5377997c7f9be28790

SHA256
2c6224951714e685114b51c4e598c2bad8c7bc16975f7401ac51e101afcab837

SHA512
808f47903ee90c68939aca97ca06b1523bc5355d7de6c1b3ec14d0cd560b3bf77abe7c429964176711b91bf6a9bb2a1a9fe22206daa465ff2ec55e55ccc2eff3

Download Submit
C:\Program Files\Bitdefender Agent\27.0.1.266\bdreinit.exe

Filesize
1.3MB

MD5
87708aa959b727dcbaf61e1e70e39102

SHA1
41742e628b8e5148e7dc79392bb14b51344418ed

SHA256
6192ff8a25dfe8fe1f8ae025fb727ac29e69dd8f6702e89793ee9c27d09b5109

SHA512
0a275257fa5baf92ba982e0d450ed1cd148c106b8a3170f30588df11089cec42b56e2371e62f675db87315622ddcc58bc42798d4927689a8dd4486abc5146b15

Download Submit
C:\Program Files\Bitdefender Agent\27.0.1.266\installer\bdnc.client_id

Filesize
36B

MD5
f4c2784aa289f17d144a589751c7980d

SHA1
b414dd690863acf3614c25c911697f1b16c24c62

SHA256
e6e827f81840ce8975cd5e30467ddc1661c3f407cd9d342d00800f32c01dcc26

SHA512
3f3f8f8ae91d679745189722c88d97d19e8728ce3289deda2e89a79061ad06d0a627a9783a9ef2a833f6a7843d882bebdae77d178f3d810b581093b299f2b70e

Download Submit
C:\Program Files\Bitdefender Agent\27.0.1.266\installer\bdnc.ini.md5

Filesize
34B

MD5
3a0a7d7823833be6e8af5ab1af295139

SHA1
1895dea63fb05e7e6f90e052936de086874c4c75

SHA256
a5f15ba3b16384b584780f2bbb0ef3e7fd49ccabd0b9ca10437882f65f49c7f2

SHA512
0d1377acaf8c5062e4ed7b3ad3fe0fbae594b6ce234aa9339471a31c63d6ea768c6cb2ca24820fc7726282c7fbbd41da29242cd3c288d7a0e8cc6b7e49c9835d

Download Submit
C:\Program Files\Bitdefender Agent\27.0.1.266\log.dll

Filesize
301KB

MD5
6a9e978a4fe23df6dd4c329db64bb893

SHA1
7220c35ec2aac2df1613969ea9fd388f007961c4

SHA256
77eea2da6b65bbcd7ab5852fa3fbbe9c2e8e090ed2af27c4d200ef06eb094154

SHA512
c677fdb998f076302a1acb782b5ab422220abbd686610514c16af9bb5aeafef4af4d04ba60c397db3181ac1cf24bf68571d4f611458976261508a794323b3637

Download Submit
C:\Program Files\Bitdefender Agent\27.0.1.266\settings\LoggerConfig.xml

Filesize
78B

MD5
bda7be337da35949bb617c42de5fd811

SHA1
bf5e6c6a7dc9f9ccdb6207ac0d31a1aa76ec93e6

SHA256
54e2f0d07609a40a45bb12d3a271eec1fb9021f62b756a4bdbdc42191fd79dcd

SHA512
19b96b62a4055bdf254b13acba70fb8a4ec606a45abfe4fbf97c29aeb16a9e12d4e2529339f7571f62558559111f493bc52797388bfe629194cc89fb9d1b275e

Download Submit
C:\Program Files\Bitdefender Agent\27.0.1.266\settings\ProductAgent.json

Filesize
973B

MD5
7a9089116cdda102d9a2d0621846a500

SHA1
ba1c5c58b072e247790f31e13fea0668605d62b5

SHA256
70d5b628a3da01b54abc0f9daa69335272236fb753050e0a905a1cb797530ac7

SHA512
617b1a3991dfccf6b325a1e53a5697372d99680784f5d557f06291f4c6fad5e2f1d448af56e97ff51d625f81295e45e622e6873d1b11356a4ef9e320b0d5de02

Download Submit
C:\Program Files\Bitdefender Agent\ProductAgentService.exe

Filesize
669KB

MD5
33bc0814d3ea990455a2e956a24fb71a

SHA1
09f9d7550d82512ddfdba4aafcb538a9eccab342

SHA256
79a1b5b25ddac2372655399805ee5f8d770e1083440c67247d7ab5a659909f37

SHA512
ea5a8cc2cce28e657d776d81e4d9865773eebc473a6052989d6f88b246bb907f9a3f260f7a816d9e30f752738e0fc18126e0b024f8e628422a58141148b5b5d3

Download Submit
C:\Program Files\Bitdefender Agent\ProductAgentUI.exe

Filesize
1.8MB

MD5
47f4ae0cf87bdc54a2ef7c4f4b11737f

SHA1
c3a9389a6614d0127253d5b6092752dd709570e8

SHA256
af2928fc85499f5e63c78147bc5f971e9155004f557db92a9bf48da6d912431d

SHA512
676619dc3d1c8f7978760bb5a26df62e87006df8c1aa4e6223204f11563dd284c17921e997fbb4f3923785c507b133dadb4b142467d8d48e5efab3b7f7dbb5cb

Download Submit
C:\Program Files\Bitdefender Agent\redline\bdch.dll

Filesize
1.7MB

MD5
3e42b901cb1c89e5994649703aa27d09

SHA1
2df41dc5b36165fa2d3d02f2e5eaed6e33f435b8

SHA256
3431e5ae5302dc04aecd77b1e52c2783c316a32e90349a8c418fb0e16e53a660

SHA512
e7ce58642f32bfcedd787d4c512945d2ec0ee445a9a65ede932196ea87395812729dc3fdb0a22fa601ccb73a9372385b8bdc844f65ba61748175213e7f838b64

Download Submit
C:\Program Files\Bitdefender Agent\redline\bdredline.bdch.json

Filesize
943B

MD5
a55ebebec2556f8d930ccfd213e87b16

SHA1
678cf574f431382fb53e5f0a783d81e9869ea96d

SHA256
41bae1de798795d9614788fc2a69e6058074990820a248f0284ed7fba41b1175

SHA512
128f3f83ea4f70d4f7578b28c65fe269bd070ec28ba8dc09bcddc29644867eb006648f9ce15ca85a7b57a2108d3c20b9aa5dea871dd9e23621ac96fc8b6fd8e5

Download Submit
C:\Program Files\Bitdefender Agent\redline\bdredline.conf

Filesize
357B

MD5
359c00356b7b0e3a871dccf4f5b7e17b

SHA1
2d12be84f3db7a11becc6838b13764103809924f

SHA256
6017a4af984473cb2c626419304c79f1dc33b1632e9601510a5c85323b319a55

SHA512
c6891cbb382983f605457f0ab11d33971b53eb305eb3ce9f518cb329a7f042da6f7634c13e9a8fc02c696e4295d95b5f2a2eb8ce3492b50654740617c900d1b3

Download Submit
C:\Program Files\Bitdefender Agent\version.json

Filesize
44B

MD5
d2de780f292bb508ac912c96910be873

SHA1
99235d586881e5a4cde571b096a8317584f1190b

SHA256
620a66403b2ffc67447fda1d2c839f454fb27026de3d3c3115b19c5d9e92bfc8

SHA512
1454e5cbdc6428e1efe00d2534a83a0defccf8406c4e51e19a508a618145db0b7b5e2d18da7063230d1077dcc844583132774619fd6b41959711cb710cb86b09

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f2dc80f5403feb8461b7ffa09890d6a0

SHA1
d5b61e6d672e7e71571e0132e21cead181da8805

SHA256
eadeadba37eed18e5acba408d7e076270b00403fed372b77164577232232428a

SHA512
5e2119529b99b76be105c43714e4b9977ee2147172c1c44e92bd9b41fa7a66f55d4073c864aac668a912aff2898bd216fb38f2fe34ef65de69ad12965218caf5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
5c48e8b68231fb5b2d7f1188b930bc0e

SHA1
1822aef5da8fdd47626fb91afcf79a2be175a325

SHA256
c3b287c29eaa57166b2ab1ba9bd0aaced13cc2f946a04b8d708ac429187fe944

SHA512
2bd09b83e44e0104fbe080a8573690217dc9fbf7fd59ff25a1a9e9ebd2d87ac533f9b99350773d081a7e748b39657115a13e94538b153bceb13ecdfc4672a0f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\0259d0fa-fab3-45c1-82d4-0207452cccfb.tmp

Filesize
22KB

MD5
d8e447560deeeb982e1184fbc6a52df3

SHA1
19d2dbfcd28b2fda3cc3da8aa241d34fc90f7384

SHA256
f4efc0664389317fb09e78888bc629a977cd7faf715b621342594b97ca50fb40

SHA512
b67e29e00c2d099926f07140186bdfe8d96eb0c9aceeccfb203c8ef2b4b7c4faa50085b0db64a9955b054df13790a3654e675d03f634bb6fa48b12c86fdc3ba5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\60b196a3-ac33-481f-a061-fe88770f5946.tmp

Filesize
21KB

MD5
99e664d58ec6f0bef4330b9e0b067af7

SHA1
0a597e46ea4e298befdf39b63431f72716bf8064

SHA256
b62d1b81da1dab0721c0bcc5fb40682a869d898b7eea80897e5e2dd883d3aa90

SHA512
c5362c9a241009da7b098584096efda47df5e8fe8b9000b9a1a4d0999dd1ba12f44b2c8a05f94b4162fa0d9605b1de6990416857f5a8251ee05c3a5068776c62

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
69KB

MD5
a127a49f49671771565e01d883a5e4fa

SHA1
09ec098e238b34c09406628c6bee1b81472fc003

SHA256
3f208f049ffaf4a7ed808bf0ff759ce7986c177f476b380d0076fd1f5482fca6

SHA512
61b54222e54e7ab8743a2d6ca3c36768a7b2cf22d5689a3309dee9974b1f804533720ea9de2d3beab44853d565a94f1bc0e60b9382997abcf03945219f98d734

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
34KB

MD5
940778258e4fcdac8e634777675f9f34

SHA1
d558ee1b00e167b0b30b194d4e81cdeb41a76bbc

SHA256
04087420922e7ec7b88adc540d15c42732ed22eaf75bd4ca44a3dd8abffafa79

SHA512
66558200377a4526b1c0522be0836b4ca407f33940fd82f915661831a0a8b12a3f44cfb03ed013aa433e302dda3ac3f042d42d3b5e6e4cfa1eda4ab06c8b735e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
63KB

MD5
710d7637cc7e21b62fd3efe6aba1fd27

SHA1
8645d6b137064c7b38e10c736724e17787db6cf3

SHA256
c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b

SHA512
19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
88KB

MD5
b38fbbd0b5c8e8b4452b33d6f85df7dc

SHA1
386ba241790252df01a6a028b3238de2f995a559

SHA256
b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd

SHA512
546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
1.1MB

MD5
93feab00f76536d681c1b77eca2c7caf

SHA1
c48cbe893b3178a56357c132cae2fa63918d790f

SHA256
5da61564d6ae3fa4506522460d177f8b642b20bae63f81cee14b9ca71fd49226

SHA512
6276f945f1008c70bdc559a8d6a14c609a033af2fae6bd80c129da546e7df6cfb3fcdcc452508df8ee5be7a0a87a6f9930664b8b9726c4e52877802a9ceca5ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
75KB

MD5
cf989be758e8dab43e0a5bc0798c71e0

SHA1
97537516ffd3621ffdd0219ede2a0771a9d1e01d

SHA256
beeca69af7bea038faf8f688bf2f10fda22dee6d9d9429306d379a7a4be0c615

SHA512
f8a88edb6bcd029ad02cba25cae57fdf9bbc7fa17c26e7d03f09040eb0559bc27bd4db11025706190ae548363a1d3b3f95519b9740e562bb9531c4d51e3ca2b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
32KB

MD5
bbc7e5859c0d0757b3b1b15e1b11929d

SHA1
59df2c56b3c79ac1de9b400ddf3c5a693fa76c2d

SHA256
851c67fbabfda5b3151a6f73f283f7f0634cd1163719135a8de25c0518234fc2

SHA512
f1fecb77f4cdfe7165cc1f2da042048fd94033ca4e648e50ebc4171c806c3c174666bb321c6dda53f2f175dc310ad2459e8f01778acaee6e7c7606497c0a1dea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
40KB

MD5
3051c1e179d84292d3f84a1a0a112c80

SHA1
c11a63236373abfe574f2935a0e7024688b71ccb

SHA256
992cbdc768319cbd64c1ec740134deccbb990d29d7dccd5ecd5c49672fa98ea3

SHA512
df64e0f8c59b50bcffb523b6eab8fabf5f0c5c3d1abbfc6aa4831b4f6ce008320c66121dcedd124533867a9d5de83c424c5e9390bf0a95c8e641af6de74dabff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
53KB

MD5
68f0a51fa86985999964ee43de12cdd5

SHA1
bbfc7666be00c560b7394fa0b82b864237a99d8c

SHA256
f230c691e1525fac0191e2f4a1db36046306eb7d19808b7bf8227b7ed75e5a0f

SHA512
3049b9bd4160bfa702f2e2b6c1714c960d2c422e3481d3b6dd7006e65aa5075eed1dc9b8a2337e0501e9a7780a38718d298b2415cf30ec9e115a9360df5fa2a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002a

Filesize
162KB

MD5
a1d9428879a7aaefb214e7f5dcc707c6

SHA1
9223cf3d285f0e612e81da3f0a53c98ec3abc7d6

SHA256
dd9a76fa10002fbce9288c8fe3ea9f399f22312828e0d7518f951136db93f10d

SHA512
677e4d3ff3c3eb194eda739a23f6131d9b612f34e608a19839dd5bba983748f93c8174bb1159b498b914ecff0f5cd366520d38929178ac9e7e4326c7ff60a7bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002c

Filesize
44KB

MD5
100afabd23cb02fe8582868da939ea44

SHA1
802b5e8af07c6cdb8ad1d81ed4f8703032598f29

SHA256
6e9e35f2d9abd7852c1105825cb0645222d10e6861eaa6287a6210e5a21aa524

SHA512
f8cb150a915f7cdc393418567962efd20eefa3e31a6575be14bee413c7a3a99b0681178f03cecab8602fc539d9711b0469f0219f0ec94397407ad8ff977e720c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003a

Filesize
1024KB

MD5
4322f0449af173fb3994d2bef7ecb2e4

SHA1
b6ee5c6f76b8eee448f6b4b2b56fa1ec39653934

SHA256
0502e6e2f3fc54a30dea0eb07eb19a395c7ea6fc273321a49a4cc977a59b7cc9

SHA512
d8bae6131a5a8a1fcabb2d7efebc6cdbba27955fb77484a5d87dbce7a237c0cd5e19b74b4dad28312929ad732d3b80cf3d7f15f059c88438d0bc6ff9535ceeef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000043

Filesize
242KB

MD5
ec1d6f2a95ce63412ac2a26f98d2e278

SHA1
71dc591b9dda38379283a88a1d855ad3cb31ffde

SHA256
ceb2ff2b2503d161d3df7cba93731705a44582ef0a4ff0c0caab8a43176e14de

SHA512
56f7c53171f497afa4fce571945d6c59700f9d9fde77c1fbc7793b2afdaf0c7a82b24a28c80ea5fe8f27e103a813a06be9b23b71beb5e24af8ee255805b55704

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005f

Filesize
20KB

MD5
39373644e8b7c341ee42f6afab7e16c2

SHA1
35b1659d04428f3b9a53b1a8527e7920ed6d3fe2

SHA256
833ce2813d693a7c3958b74ac471b64ad0703561ee32d58c191aa964acf223dd

SHA512
7cb85721f5f8d663b27f432c34c1dc9f0f7d831c83155f2e7725e557a6dafd0d66803f5cbc8b485e471e881a90cdedd7b1fc653072684d993641592b579c5e8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00006b

Filesize
37KB

MD5
5624ab9563b1d6e902c7e4733f96117c

SHA1
3287251724e70e9272566c0a6035587f530022a0

SHA256
27442aa29f245775a0e1f2d6f452cfad21944afb6c8a0e36f28683911bbc511f

SHA512
c643c69272f343a10af33c3ef358cbf86d65e0ffcd2615d03e1841492487bf87003bd91fc6c25be64108e5a732fb7aab723b3d6ecb80db45cf94f11d82c14b2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00006e

Filesize
64KB

MD5
b71e1d6916fd133122234072e5374356

SHA1
9cc67ec7eb4c77d564acdac2b05ec4b67ab8d314

SHA256
506eaad993526ce4f9f4d253cff391704a22862904e7148577a4dd030c078cde

SHA512
8528cd4dceec9684fa2233219d7fe8057b1e695b673d4f4a7487045f1fa6c1bada8c6619b78c0a5ac8df77ed7ba796f7ccca8814eab3baa19e637075b5b327e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000077

Filesize
44KB

MD5
da686f9de78291d8a6fa4b6fccdbfa82

SHA1
31eeac6181dc8a3f09f8d5b1c2a6c4e35be4f9bf

SHA256
4cb7bd414353f3fbec7c2312e8fc98c52be880669bb50464c8d07aea58b9b05e

SHA512
1c0ef9048a1881c3e5d5039df92175ef6e48b45a5fd5838dacec4cf5add1f633ad3068915c196dfdc992b9344e5848a0bd854eb70eaf235f281c2977e6228e42

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000a1

Filesize
22KB

MD5
79e675d72bdce45fbc43984cca5b1e11

SHA1
498bd777fdf8d09e6508262fbf04f2f7b4fa46b3

SHA256
60cc64beb4a9047b98408732d4ff65fbd4dfcc9430453436e72c3e0ab57d085f

SHA512
760c8fd2c43f6696b8f20f0e475d68c45a650566dc8bd8d719d4f64652c82b20f7cb37bde18af8c7a5226bb7c21faa0629119a8e46fa768a046a62ee290da889

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000b0

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000c5

Filesize
24KB

MD5
b82ca47ee5d42100e589bdd94e57936e

SHA1
0dad0cd7d0472248b9b409b02122d13bab513b4c

SHA256
d3c59060e591b3839ec59cad150c0a38a2a2a6ba4cc4dc5530f68be54f14ef1d

SHA512
58840a773a3a6cb0913e6a542934daecaef9c0eeab626446a29a70cd6d063fdb012229ff2ccfa283e3c05bc2a91a7cac331293965264715bdb9020f162dc7383

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000c6

Filesize
198KB

MD5
cda68ffa26095220a82ae0a7eaea5f57

SHA1
e892d887688790ddd8f0594607b539fc6baa9e40

SHA256
f9db7dd5930be2a5c8b4f545a361d51ed9c38e56bd3957650a3f8dbdf9c547fb

SHA512
84c8b0a4f78d8f3797dedf13e833280e6b968b7aeb2c5479211f1ff0b0ba8d3c12e8ab71a89ed128387818e05e335e8b9280a49f1dc775bd090a6114644aaf62

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000d3

Filesize
62KB

MD5
74c240d81e71ae376913677111b6fc7e

SHA1
9002418d668b0b5c3541a86fd6195693384b9fe3

SHA256
e0c7d5f46ac580b10c72b512709965137f941d206ab0995d13a77a0e3f5055ea

SHA512
66abaa43ad96f7466d1affa8bf039c90d2bd6fb64898e506fe0889ddfb3554d89a1c3e9f652724cb791c5c104ca68879e8145064173a09fe2580e3fa4fb9b64c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000d4

Filesize
31KB

MD5
c30d2da9fb20e32f49471c06ab0b4683

SHA1
0d1aa96700760ed1564756a24a0eaba66fa27430

SHA256
28c0929af10cee967c8c4b07c6e0cffd475fd6b02ee0fa430d6394c80b8fbe1e

SHA512
431314c00a7de250551d1015b256bcdb50859d43e86729a8ef72470d619a5ef146e6cd74183dba953e0b30e6393116c48aad1b54323905ccc795e831c1c08720

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000d8

Filesize
38KB

MD5
2b7ec9fe5044c75348bc52964bf50b78

SHA1
039e784c53ba423877c5c845ffb044abbf4c110e

SHA256
71c9403962b1f930169325d2c812125a0088d2a695609486bb6f31185e84ff97

SHA512
92cb64599e198177093bda32e1c962fdccaa049d9875292b97c6b014d0d0afde750dcef27151751dda3f8639df41bed611bce7816c04d4e581b17b132d169016

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000d9

Filesize
64KB

MD5
b3cecdb68c56273a9a559a2d966d7e67

SHA1
9ae2157fde228d8571bb5ec3a4d3e2ac3ae3218b

SHA256
69cbf6f57cae1af820ffa152a0ef459f25647175c7567f662205cbbc80e4aa85

SHA512
ab09ffdb889facaa1dc09e811cdc1ac1d1e875037572774e4df80b7d6118150f0a9baedf06b283d1c4fa9772ca9826a80e3f5cd8b2dec5e25463a77431b67f57

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000e1

Filesize
19KB

MD5
48f1bb392d4cf86123e80420497fd7f9

SHA1
d93e1b87852b3664d4863aba65691772e9b516a2

SHA256
67dffef53ad5c00c67b5ec3a9f4e603ff710cfe14588087c2703074eaa223369

SHA512
dc986587ed25b08b194e1232313e6499af0576857786ddb39bdf2a066c36ce654aaa5355d920319d2a46d28735318d471db91c32c316ee426601e9c3506b2d08

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000ef

Filesize
1024KB

MD5
5e087dd5c82d3c53fd0330f39149cb18

SHA1
d1f2507b355e411a66e4dbb91183ba3d530cd590

SHA256
4a2d5c1b2750224e0eb6233a55c08a0e69799ee61bd0935a2780d9b25a1fd190

SHA512
d9a0b3abf300fce2d8b51202b84c7a718e19273774619e01688eb069d65e7ec8a2fcc56a65dce0ece3fd6dc17a5ee58ff03f7a2805d403f75ecdf07c8eb0328a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000f8

Filesize
1024KB

MD5
099d8e1f3f8203715803f284eebd02a6

SHA1
0275efc65797bcdbe502594f2938e215a7bfe80b

SHA256
1bfdab24a0f2ad3a40a43db5afc6ce4f97e4a4092d35768300399ab99fa07730

SHA512
bc57372f13e4f1aa456b0a77621790bfaebe35665e44bfbe5ee1fc22707ebc98c34fa0fd7679cbc793b520160dbd4c387523f645bda5e6a90edbdbc20e61c7b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000fa

Filesize
1024KB

MD5
8910042fe03e114fbd94ad4ff0e5ebab

SHA1
9b5b399f94443348bf8673bb9c5bb557c939ef4d

SHA256
c26b976ce362dafb12bcabb6059ca5f84aea2a5c824f19b310e094b4b717bfc0

SHA512
04eb374767965ae120286543bda6c2bb6ac2a0ddcecb74b28ab064522b9b6e7ee9bd4c1849a4ef2804321fccba579751c4d9410a08a9f75c3abdd28d3cbc317b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000fb

Filesize
64KB

MD5
94a2df7230f5e738824679dbe704adc5

SHA1
c48afd74f3e4378983800cf72cee530bef29b6b6

SHA256
68d7cadc617fcb5790608992ce9b366698bf804e29d8e24d12c9d22a452d4be6

SHA512
85f484cf067441747325e5b02d5c5e659c199d56e963a00fddc8a0d449e3defdbeced55bdd68dd208cb6cdfa955c1fd20885616f0ad77215c5c9b634c1c2d77d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\02735674612cbc52_0

Filesize
1KB

MD5
a8118a762302c7f12a9026f821dbabf4

SHA1
d9fc7807b6c3cbdfb407013d35ae142586ca3cf2

SHA256
9c24ccdfecb995f5ff360b5721255db4071fc3824002c407604c20a46a934105

SHA512
2df6957e1a9a65723bb2f057401e5707f1353cb956727bbf62b9d4000b71c9997fd7cdc50716b2eeea355d655c774fba695d79b6f4fd8d8bbbce7941b0f03750

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0580a8e1646d7bcd_0

Filesize
14KB

MD5
88b374754fa89638306ba0661a954fd4

SHA1
b1954d98f492846e404ad694699fc352e3e004b8

SHA256
62ff3caf02d4531030748f432c3514e6464352b270094b834b18dc31af674da2

SHA512
8e14662ccd2d84a7bb1e2ba65c53046e07802f0537bf3e811344866795294ba5059fad247d0c6c24677423a5b0f8b6ca8a4060f6b491c97f7ce693bc10f6a50d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\06450eb6a7b09545_0

Filesize
2KB

MD5
519ccc334290db123c175369112bf9a5

SHA1
443f8c5a1bc2b4867408924a3940e501967904e0

SHA256
730166cbc41d27fc044252b1302de19626d29df4302fbc4c2490d80845d0c927

SHA512
7a0b0ce55c546e7e28938c5affcba50a5131e4978284822b3c1414469c3a0967bc9221f23f21e073b3c267bdb7ac141ad05eb8cf9194ed066fbfce0baeef2563

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\096fae0c49b6663b_0

Filesize
4KB

MD5
8c3ebfa9ca403c40e2fad8437d1bc6d2

SHA1
8335249ebe2edf3fded941e98677031bff445f27

SHA256
f00e3e522cde5a2bbb51cee8b7c105119ec098283935b9472465a3263d9d3665

SHA512
a33dfa255a33b4141a36b9a2009d18c01f814d10890bc0ea71efd05d240b4932ada6e1433f0bf7cbc6bf931695e3ea97b5e7bd3cc4e4dc57a92b08ba494a5866

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\168251be7271d371_0

Filesize
16KB

MD5
2edd27dbaad5c26f84c19fb917f5ec2b

SHA1
7d4caeb88d36f6a5445b5e6d940f5df529dc3858

SHA256
06812201320caddc809f1dfec3a6538bbdbae1a8e7c46874368913b692f4a02c

SHA512
e2641e2fbe2252cd0fc37f53b43ee8120d7fb2615b450be4b81625d2e01e5119b6db1a5d43c37ba582376bc7467cc1fef1f32eb322e3da648a49a4c6f54834c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\1d5f7287375e54bf_0

Filesize
6KB

MD5
7234b05e208e5dbd77023988312b16ed

SHA1
07d6e6d28a5d8c349cfb28fdd18b0c30df3609b2

SHA256
0bde3e2e2d9011a5e132d9ff5e34aa9bee43ea17e2ac740b9f870455e10dbce2

SHA512
4f7e30bf7075f014e89c32fd5176bf6d14426db2c6f0a780a772eb8f362077da014a9dc658ca39be11c92e1822b15a58a4004ddba2c839ba6a2fdcfed6c2d853

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\252c5afb57e673b7_0

Filesize
1KB

MD5
580f8a2357fd4889af00acad12b9c1e4

SHA1
ac799f42797fa325e0402206de348470a8f0699b

SHA256
887123e33e8a5b4c901212c0f9a237381b5fee4054f22814c30fcc02cfd96151

SHA512
70f1048bc960ed16f84f9332a8b79fd62ab0d5be3a3fd27c866b32025e0f145c241a252d6db53df14fe4ca39d10f0482554418473e16c90320295d0c4e83bafc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\25c90b4fb1c6ef85_0

Filesize
1KB

MD5
7bff2796af643e64f4bc64356838a164

SHA1
53cf8289c636d58e0d249d4677e8dd1365c1b9d8

SHA256
f0fc4630c82de9644e66622c1c1c88c239d1839bb8b9579e2958dfa3425757f8

SHA512
4a7a88d8b879e5d978496aa75d8d88f7121af42ce574498358af87d1c07fe8c6d7c6fe4248ba9a249a2a5a07be8b1842318ad0b4cd58b055191500325cbd78d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\28324e9db7b11193_0

Filesize
27KB

MD5
e1a7e2bfea96c7e8ba8db5e334e99887

SHA1
00aec518fd98714236d5fea5b95079074ef0dc8f

SHA256
f897b9f2a87812129106fe73b3cbf15c46b3111d703404e910f4c917ff3d4bc9

SHA512
a677bdf785dd4f972eecd35fdce490e0f47fd564d8f7e8215938a7d3c8108d6573df70037ea4ee4a7728c0c9112102ae5ff6965ed700878256f00fa3c2755494

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\35fb661c62eb428f_0

Filesize
7KB

MD5
831d6c1a89a997ad98bddae67d3f338a

SHA1
522b752c88d3a0580496f728209164e33cb44671

SHA256
72a58fa68ce58097451f1123fe4b030c16068c63b38cbe1b041fca7bb87c9771

SHA512
ff9e7766e34c6ffbd1d4bf62a6eb54c4f575b55232a8674b7a8f8523d21d74b1d949a106f0a7c99c978e819fd3ecee05e09b45d04b21913aecf1d2ecc29334b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3ba02181741985e0_0

Filesize
175KB

MD5
7c510f09b15e081481c047e942a2afdd

SHA1
ed883f13d332dcab36461433e8feb6df24cb199d

SHA256
a439b8cceade751cfa97d622e6005108730aa871e983750e8c4146c7f626e608

SHA512
52ef352f0d3c574fcafd5784f97f016299d252aefedaa2994a6f0e46c9087015bf2d877b3fefa878c860229fdcefdf8782858f27cf3c179a22b8ec7dc7b647b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\45a16ff6d0d9ab5f_0

Filesize
1KB

MD5
a8c1ea83c77fe3233785490210cbc518

SHA1
d7fde4bab343c1de8b30cf540621960670265e01

SHA256
6c65586519ee8ee39085c1d843140c2fed84fa516cc8318a44f5a83f1856bc22

SHA512
5db0161bfe68402137db344a9916d20de4b3d2611779df202b88698aec8361ecf4eb09ea4c9e3a3ab014f12bc6e18f175aeceb1e0b148660cecc57c96e809c93

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\47d4e623e47f5bdd_0

Filesize
262B

MD5
6122fe57fafac0c927cfce0d15bd6bfd

SHA1
c7b438e46c8fec2d06e808b7593b8541d0d8d4a1

SHA256
2f8208b90452f94897761f0a4ae55feadef7db70d39c70008c0d2d804e5db9d2

SHA512
b6a49c7bdae6dbd378215adbfe7968c1bf800d953428552150a0102c23d88eb2ed9905613dd3e9ea96589c80f00c125e8b7e95f27085351a0b23078b35cd28e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\4c693273baa0190b_0

Filesize
5KB

MD5
38042c5e8a256b3ff4fed69c67b6e6cf

SHA1
77e90d56c12e8fd9314c34920a1e8d91059ec70f

SHA256
e86b8331599de9e7232ba8d59a904a77283e53b420a9f571e8f6b662fc5df334

SHA512
d7ffdb275f44ad8eb93d5994cf3bad79d01cfcbd8a269b29e322dc7f8331587711575d4d804bd46549c0552c114220d623e9be55d43b0559d7511430965c8820

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\4e6742505c79459c_0

Filesize
2KB

MD5
1918ed73e1ab02deeaff40dc3eb0ddf6

SHA1
716fe18b5056af68cfb6a2acbd88f40a1450bc64

SHA256
8211d7452b7b1d8fe56c2985b94deecd8efe4755ea31b0bf6c6601cf3027a08f

SHA512
254c68c13c27630b06adf13d450a0d955f66e9823c4ec115b8d61aeb0838c23ba307c257d546e2bed81e58ede4db0c8e8d7f68ca254d9130ac1304addf0eab93

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\53ac5abc87e80789_0

Filesize
2KB

MD5
57a2fa77400ebc5681637e9981131552

SHA1
6c34fc46aaadf00113e313cea01db8124ebe383c

SHA256
175add4ab161eacaa5b95ade48ef7a13ba65a896ee8c7355fa69322db7e34e43

SHA512
c3d1b11a885de73911f547e449f92914d42751856de1b66e8b21b741bdda1573f6b455b011ec1a238789e12a8244b0801175ed74e782617d7e8d2c912bf1f94e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5901cd6815f5b8c7_0

Filesize
10KB

MD5
e9d9a412386a07a7438448d0fefe978b

SHA1
2cb7b6782cbd49090e90f8a5de241fc27c53e050

SHA256
def811bef8e8efe7df1fdfc17c3b9b0aa7337eb6f9b8cfde5e829a7671b20c65

SHA512
b3674c2ceaf7f05b8db4835449083e804bd4d52e7dcbb1a6fac5f5d11b7709f2d12a17c4bba2e92a3853b3d1a14dac5c1a1373dfd683a817b3cffbe321c46135

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5b76542abdc521bb_0

Filesize
291KB

MD5
7a7b4317907c15e81415d228a9c1fb85

SHA1
2cf2552a3f48b1729b34b5bac83c141979ff2c6c

SHA256
30ceba2450a7ecdd1f5cb76dd0487e0481f8703d6a3487b0f0c7dd2df8de7a09

SHA512
cd9514b13149b80647f303faef5b83aa14dac14822bbdc2c5a5dc2ca303c86e9ce082304f5a79bfb9b8ef8260b3e3c2f46d5ec53ae67097084b6a5ba80f8eb0b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5ebae3eea1f01edc_0

Filesize
2KB

MD5
d61b453feaae5e4cc2f4d7a8b3c90cac

SHA1
13f89521ce4e2c988a3c0f19ccef98c3e831894a

SHA256
919836d80ec6d24bb13a1bf8d0def63b02c01e495da5035676f690e900e1260a

SHA512
53dca0dca82b565585b31ab16cf6ab383ba5a65f5d5fc529c692f21450662a32ad18813fc60b9876c3879c3f7bbc6a466075626936a1dee595b9313734a8881a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\63c6995fb9eb98a2_0

Filesize
1KB

MD5
406deeef66cc48426e26d2606e40e0a4

SHA1
1e30743a32a83c2c8b3cfee86186f07298e858ae

SHA256
9e9f702a164d3e6342d10c5b1be9211f41b99da303aeb96c4a5e6f3de332ab7f

SHA512
49adff3cc6d824f0a6e0d822bb26b47d05fe2b02f66e3a1c9eafd1077c39063edff1a4108d17d694f02553a71a196a9291360c1a02102fb4eedaecb865f25940

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\64fa70d4ab69732e_0

Filesize
6KB

MD5
07a18a6e188c713415c9b8a03dc12e04

SHA1
2c3a8c498cd830266f9a452651821c4ea5a6c689

SHA256
13536e506d54ef7caabacd5675759b54b2f19c2d3dd8f5710af920006fe8c4a5

SHA512
0dafa8c9461b1c3320fda59627eafe7a64ea1b7d88f2358aca1b917e248ea627dbe42c3e38526df1ef2608f4cbb377c46ae62b2d28fb6c6f0fa495d705a5d152

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\695c42f61090a800_0

Filesize
6KB

MD5
eb2055a7131914c31d1eb0f280d9c3e3

SHA1
26dd9b2a7bd5df91ef9c7299cfd84a72e6205498

SHA256
2828534e4f90ebf8f5167651faa302090a587be3b05905fbb07a2723c7589947

SHA512
9a6b5d0ad7df20e879f11e33ab71bd74745da492ed2d5abe68cef1c2f3bbd658b9b419809e6b92dab20a1459baef01b06dbd8349dd49647aa4aa3668a49f8881

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6d3b0ad57bdf7db9_0

Filesize
1KB

MD5
ada11d9b80404a47cf0f708182efa309

SHA1
61defb390ef4fa7675ab5596f3f7e2a5a9516fc4

SHA256
e90348cc242ac5bd9885e87efe17dadfdd25454ae6e9eee028a2aa4a32523945

SHA512
67c3336371945479989fedd1bca8b0bde183d27bb6d2c64bae6720ac7ee88c425049082ca95533f383a5c2774cf869e485170e3086beead3ef6f609c8c6a227c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6ef92dec2ce64284_0

Filesize
26KB

MD5
97d0249283f8d81eb355fae821835930

SHA1
12630abd4b9ac677bb17d4de98b6ab25df9c87de

SHA256
c5babd568e880a260e1268886a4a93730ec617e29e578fbb0f0b848b42f5a340

SHA512
04e1b246c89eeb0c4c8a62922cbe86f7dbd0b3fddbabfc6bf3810794612eba7f127b97e1e28ff567f91a40f4d3fe6ee66d8f199c438a84168d6982231fb18b50

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\733a2ebc15407e86_0

Filesize
3KB

MD5
e076a2b98e9537e405d7018ba36cebff

SHA1
afb939ebb7418fc6769d2aa1413da1e64e38c19b

SHA256
062fd7d0894a3a638971f4e8b8afe0962cb03c200287dc1eb50902a6def62b38

SHA512
a8bd2cee42dc97ba86c3805528cedd738e461c922964e518eee22993db4ff5aa92fcded2d14b76660e0812bbd0c46ed40ff54108208c80a62ad6098e282ee396

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\74b88724f60b0383_0

Filesize
1KB

MD5
a621754d66af523c2ddf187c3f99851e

SHA1
bfb1329c69bbe54b67540a17125e1cf2ffde76e2

SHA256
0521d9d0ba3ca659e48d6cf49b2fb6acd5e9ddd0aa6257ec08cc83e1b9ce8ac1

SHA512
c5f70040d44c702189357fe366bb7d067dc1b469726b0126c65bd0da40ee7c54ab5d9b9f37ed3918f6399c94f766341232220b93082608de10dd52be9be82154

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7a66a1246c4f29f4_0

Filesize
9KB

MD5
4aed891482aa9b2eb2952f5b41a7e922

SHA1
00b710bc71899862ac73e9c8e808469779e0204e

SHA256
37626f159e45eb4adb10a1a453306a252369930cacc1c430fb7350894f4179c8

SHA512
c6ba0dededc13d82d9cb2c3a6f19499cbd527f744060bc1757117e9affebf1705240c803f3281238e35a8535896867d813d1d02b3870d85bbd3251444f4a2bbe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7b4163b741fb8674_0

Filesize
308KB

MD5
7ce544504e5f8cf31268af5a02973555

SHA1
31ecd6539d3f637cdfdd488f0cd7d084ee7cc604

SHA256
eab9559ce23a7c5fb17cd06be347ce4d8ae04ce04196bf9c2723b7fed8aa17d9

SHA512
54547526f1999dcc7cd758e9deab8609b74a3b3815533c7c152bcb6e8f08914f4876c52c0e571e0b812efe857fb08b3c1aba1bad2956c03d4c2848ba222d22bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\839f0d8c7f1a4c83_0

Filesize
1KB

MD5
7828399548c7f73820f8ae6d32fa0c7d

SHA1
ffe735b1d447c57e1a5c0bcb2f284dc045fc0bdc

SHA256
d99475d98e61daa776064167886657148e7bae60d8464e869c4ba89d72a9b54b

SHA512
2739516caa50daa5cd2be4bc7212f15666b107e17899bb38963ff1963091090aa5fca53e740e2accb1ed197f470744750fcb5aa7ede69f0295a87c6943e4a3cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\88b955edb6eae2e7_0

Filesize
262B

MD5
115234bf31b0826163a7fd341f796b56

SHA1
82a10922a457ce7a18b66e59dc21219a1a148573

SHA256
e1aae10af30ebea117b77f7c8a584cf20ca0b862c92cb1afadb84d91dfa76c8e

SHA512
38cbe15ecb6a16fe5401f1352abe40c748aa213eae1e8d405c685bb406d6bab195709ff616f859d131a9088c6755fa053e7c607b71dec05d6ec1338d5df024ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8e5987d08f7b6e11_0

Filesize
1KB

MD5
4f63418d5b6530b1ced4fb6f3eafa775

SHA1
f88f8f6dce8ddd14db2d3bc9cfbdc5742215b0bb

SHA256
7ded1fc54df3e38d844aa86e77d923e16bb9a088c6d5cbf4fddf670f4b6b4222

SHA512
5173e4b89bcc8a3d1b60a7987bc04ee8ab8287fbc804aaf17e23b4b335b2b0e388ff8a35950e31cdbf1f9d8ba47034a01a7b3e75ae4f25627dfd486cdf4c9a50

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9412c8b664751f90_0

Filesize
1KB

MD5
7e78e2a7fdd6071eb932793074095879

SHA1
bc36661b0deadeef7a57575ee76236fe815c5c79

SHA256
cdabfe25eace2168c12a959c52262d71b33edd84c71b05bef5d405227106d6a8

SHA512
d81bff7ec0dd1ca0afead12a3759daf675cec69c24c865ede4fdcefe7725c137996c09dbf6184becf2ab56606c668afa188720b505393e4be3b6b48024432b6a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\94ebe1630900d094_0

Filesize
7KB

MD5
6c6c2bdd072093ed88efcb793d7aaf96

SHA1
baed8828e4ea0e32d798a6e6f58aa108f6f83f8c

SHA256
bf68f4780c7dc1d9779a0810dd1953655390cac594fe7a0f6a65eb3323a2f7c8

SHA512
207bdbe648ce536962edd5092e405b37c3e98cac29dbf66d2ec7f18ab4842b12dd521e0145885ad7b8b86044a82717d60a5c827b265e7685ac607f330d138033

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9eb49b832d016644_0

Filesize
262B

MD5
ac22575c0dbd95492320f4ba7fa34a12

SHA1
e9a5b5af8ee410a0684efd4afcdc0eb7e2e8f2fe

SHA256
9f3f4ad132a9bcce490e7c6c0b58da6f6146e526b4b5d08d0ecdb680bd2fd69e

SHA512
991f817e2da5e8531d330378d8f8e8b146211551764c7d0e222ce0d22b0272f385f3858a7b12063b4529141f68779dcbb6b5b0535e17a2749f038ca0c52a65c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a09f6271ad0c4092_0

Filesize
48KB

MD5
1adf259dc27f88190d04c09c1f28342d

SHA1
cfe89980deabfe3500120c4a7ea3b8513803b45e

SHA256
0409102281b42576278e96db1be499da4e46d79089d6cbf93b2dee53a1ade2b4

SHA512
2860c465c3c8dfd09b13b63fe0ef2bbf08c9716eebc723044bf2b295e2c806c79ebcfdd8156cc6ac053623d8d3e1627f8d49ae32a6338a64fdc7446a9fa5ef4b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ac9b40a0411376f7_0

Filesize
1KB

MD5
f4342fc75a07dfb1d072e9816e000c4b

SHA1
a21269ed7153eda4cbb58d3d890d4b50b28490c1

SHA256
29022ef79d70619e8fde18edf3da3f049ac10a372cc5a7b65b8ccd11013126b6

SHA512
5567f4ea63113f5edf3f59ecfad34d2d194fcafb5e534ed0767f5686eeb8d7dbc2388f808b898d24c3d723c9a6c65a7e850e7a6a68b5d7821e24a2ea72e7a256

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\af48edbd3578ee3b_0

Filesize
2KB

MD5
ce052a84aa384461696f0a2548aa59be

SHA1
4beb1e977dfea62f7940997260fe119f95a03c6e

SHA256
ed3b26a5a6d23d4e8d81afd554c95af146b2739df784010c4b1895a3c78adb38

SHA512
98acfdabb699d8faa21a9d7c8cecc2caa31e8ace138c8f7abf0d80aefdfbb2262a137315240a71441db4e0f911a020244dd278acc74d9af4d3f05a18762b77b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b31d132250e09b6b_0

Filesize
5KB

MD5
2e20e2f4c752012c5fcb5356705c37b2

SHA1
6cffe779b93904e61dc0f65021d1fb93447ed1c6

SHA256
02b92940204a1633734b19692ee271dd1f7ca8bd313cbfccc3148f4f1e6b8b65

SHA512
9006dbd9777d2d0406adbc9b6a258420dd59f672fa716d75fff3d5ccb5d970845bdad2605f1d5a92c3c51f536c14fbeb673455980411a38b309be90d459e5b74

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\bf7544552f2b8c2e_0

Filesize
436KB

MD5
64d35d0961f51a84f8b2854bc465e5ee

SHA1
760a90e8ba84c46886345eaaa3315aa8bf2ac525

SHA256
4180277dba7da40eba47484bcfa5e76ae936a28e0aee455d19a2ba9057fa1d1c

SHA512
7fe8a43a922dd5783009219c554c22c18c4d0af0c329a06d86b7a4ecbc0a5db3c0fa35ecf2a73561eef625fd0667aaf3b1aac865765499996c8e86970a1c97db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c10ea77dff8a635d_0

Filesize
3KB

MD5
52e5afdad4581a7f362bbe206b6c4286

SHA1
3661557d78cfb1e438cf3135b330eea5960f512a

SHA256
07213eda07b6f4fcc457df3ccd851be4998fdf1467ac580a527b849ddca03e89

SHA512
e582c6d46cdbad15611fd8b15d5d2cf0d07e649f690407a44812c0cbdea6168226fa40459288b0932e1ed719a41d724538d6bbd43a830ebeba5fe793ea7dea04

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c6e860d208c8f654_0

Filesize
7KB

MD5
428cd085419946efdd67896fcbdc1c84

SHA1
3d8df7842c8960b6fc5d866dfa0b4bf40cd3ec68

SHA256
493d83c5784e9ce9ba94243cff475b27380c02c2fe050ad43323c76a65c11df2

SHA512
59e3c8e511a0b4334a497d85649b38edcde59240c9dea609fd7101bc25c6377756fb6de86a5ffd4c03b181453444a3ccbdb7d336f4827d20fef7faffdc7a2615

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\cca6dff0f171f457_0

Filesize
26KB

MD5
b04072e774d37dcfb312b64602111277

SHA1
8207ac371fb7ea5ba66fa9348276c6e60767da25

SHA256
821654139fcae12793c1a92ed5cede42dbe9153e734560cbd77efe31bf576edf

SHA512
56c36484d85ded0222fcafb33657dec7718f0fe6bda0f0fd15dc8390f05f5891f2acbed40d02bae250c773aca53740a29dcb35441a96b8e9abd077a0dd288bfc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d00019f29c31fea5_0

Filesize
2KB

MD5
4139f9564f50d9b2488007829b072c33

SHA1
ba606daebb14006b492a8bbc3c4988713ad35b7d

SHA256
19c3e5d07d9736a7c0fd9ac7939693d3733446a2c3862ae51b926ad63a8481fc

SHA512
4e16fdac6d9f91e2d22829b5450914c8b5d8522196271073c7cf65d0c010508877813fdea6b24bf75c59ca518a654e38a61fc5047143c75660aa0f2e24a5bd8e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d145f69efc16229a_0

Filesize
2KB

MD5
cfd38921d462bc5245d1971874e94479

SHA1
7d006e913c2d7f67a07c37a9c294196e2ad64bdc

SHA256
47fcff8991935db71831b23530a81a822f73e49f1d3b8be2ceb6985b807150cd

SHA512
435da252782db86bae85e48674b220923c0a4ecd033aa967e01ff82c766cd6c7a5950a3eff08d63d9fd17d2838973234cf6c2b5a20f0341fd3bb0c9d5cba3250

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d3dbb3008455b523_0

Filesize
262B

MD5
83a24d9989af08aaa013f53bb730b126

SHA1
352703546071dfd6b41826ab88e53105a1bd79b5

SHA256
cd914dbba5d0adcd7ebbfb1f12a9113b73db747bd1cde840088900dcc7bbaff1

SHA512
23aa4939b0a0f7bfb32afaecdfc4e0fec988f83b1db907fe42ff35ebc064585e718a4b8bbbdfb7e942a291a0402ae7b5b499dd9f706eaa15aead996a7027c5b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d5e42077b85df235_0

Filesize
39KB

MD5
45512b9836b7eda9eb9386ab3eee88fb

SHA1
66b2c6004e5cdb743799bac3ea881bcf2907730a

SHA256
b236c94346dea1f6896604b173fd7f427a016cfb10c60dbcd6285cd1a187a4db

SHA512
a5f0595effd1bcc3e6a38e3a6aa1d92b60ce56919dbb8deb6ffa7fe4ff267a016e51639f265332e33ffe3a9c6f0c734be58637c43344ab39a2c0bf299b8ff5a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d700e0dae9d4f8c9_0

Filesize
3KB

MD5
e5b1f50f5952bc828f29c782701fe2a9

SHA1
39a06df220379798ac8d8a68c35793f249233d7f

SHA256
08ca1c3f5d3875a1ad301a661242f752d06c9fae324d236b4ef82fa0045848b4

SHA512
8839f9e1e348ee8273d73617d1f3631b9c92f662844003fa62886b56ecf5025d6aa11c635e816048085384b253dd8212eee78d37c57b95602c8639d99adeab8f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d7a29efad91a1117_0

Filesize
262B

MD5
1e7928ad51aa404d481783f8c3ed49c7

SHA1
e8a4d572cf98dcd849011a38c6d6c789882e8446

SHA256
dd277d94da955d60bcc2d7ec4e2877fb90fcf58f6f100fb7da44b9864ebef064

SHA512
0cca8e816fff38ac81d2006e0c7ae2d5ee609b870d147e7aa2cc708d2df8ab6ea5da71a3c6be635145f1f461b71db1fdc134410716b35669bfd2fe18825d9b0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d86829ee97a8a592_0

Filesize
6KB

MD5
b47558c475056b11d9bb545612362655

SHA1
f24dbc021cf391e4feb12a5c838c63885d0f07b3

SHA256
0d914e5e94b28fc33e4ba609374fd42302ddc4a9bac261017cad90a37b0281af

SHA512
7bf555aae6d9d2c5a1e1c32feb97dd41a64cb01fcb8ca5aaca244e39b7b031c673f154fac8d8ca61e875c043140c46e82f60a1dbbb33e906e4a8ecbc63a4848c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\da1be081e56403ce_0

Filesize
2KB

MD5
acf58000e1e4e320abe5f40522e6b892

SHA1
aa8cfd5791409337b120030d941aa677b55ec201

SHA256
b4a9c9d1befe5f95f105ca46bc3785944d89173a17a5c8a21b9cc94093aade99

SHA512
69c12b894058cc01877a0fdb79e49500506ee3d52f6d7d2144e9e6eb25db8641222dfe4efaca07098bb25c76cea22101fe71edcf9bcf45b0961ee9e44f54d5c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\daea348421cbc209_0

Filesize
2KB

MD5
778db4bcbdfdd917eb284b438d3a4c27

SHA1
ea7fd6dc78f5149339d14790d7e100d98fba4438

SHA256
974c3121692a67537b882d6a6ac11a0d7f393f49dc02fee34bf70b2a1a717882

SHA512
8dc26409494132202615150b9c41d91a48a3495ba6524af203f928144b8236245522c81383ac290aea08f1d9070d39b729e4b02a233b0b36e3292cd591d1da8f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\db70d675c8a8462f_0

Filesize
6KB

MD5
ff6426f88e2ba383296c9eccf57c7cda

SHA1
25c01e42c5c11ad1c5b4351dcbc58892f64e904c

SHA256
88cf612d2df2d53437f7d08a5e7031e07dc08d8c45eb0651842c6f2c7a2e30fb

SHA512
bf88569514f76b9554b3488ccbeac4e59b9e2586bfd32b14d615a1a90276474896fb1d3fd717b8ba94b06fdc790635b519eee34e7859bfef930dc63556d00359

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e52ae3fb759a78f0_0

Filesize
262B

MD5
296e1e6721816221e7e6145390b0bc3f

SHA1
af7462819760ed7d04caf325367e5e43ce843c3a

SHA256
8557dafb5570caeeae3d75b2fbfe3e7bd1348b9d63aa0e7b05ec016e86af24f8

SHA512
0141b90366f1caee11925ddf05d7f2d69d2c95d2cf287b059d7c5db69557ff9c1d46fc5825ab75cf620888d29fd2502db85d73ca957c49a7e5e03429b07ed3e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e55f0a6d1b533c66_0

Filesize
2KB

MD5
4b08c1c3baa7425eb0e3f33dc6d40303

SHA1
179dd215570532734828cda2f99549c3d7bea30e

SHA256
48aa7429d2f73fbd82c7a57a9ae116a54c6573393e5c8ee02bdb89fbc4a6fbab

SHA512
21914c07e161b2db63f3d2f6281f33ad429dfae9f2e09130d861f584bc84bd70707784dc523c1269daf0bef73395c16656018ae1c8caeb5488ed26beecc64732

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e8f18f55d239939a_0

Filesize
4.5MB

MD5
4d36ed0d8eb11ff5e792a44158e844ea

SHA1
e132074cdb6e484cbcc43b1c47ab9ebbd79634e2

SHA256
784510c56f92bab671a6889e45691a86d06b89676c8505a4f70aacd2065db97e

SHA512
e31e21d523a1156e7ef740a8f96a857ba4deee09496ff6a60b8a86b6230015565fb4b161ba28df2ad13fc4ec2714a340317c208a9d5a8252a9f343278f3b40f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f078f5fb70fd150f_0

Filesize
2KB

MD5
5671a2e841a620b2625bc4d1e1ff17ef

SHA1
f464e049b9fdd91f91351549cc69818926ee98cb

SHA256
ea8a59f6d12d3f674270ff97ea007488e82c9e84dbb2ada4b929e4b0c4ebf6f6

SHA512
88e1d79bf8f929f8e429b254db1d954a96f77749604f167a8f576a4a8c0211ca9033d0e44159236ae965b3c97b9c174ba7da11497e544b3d23139f0d0ec4fbff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f2e4bbad99a372cc_0

Filesize
2KB

MD5
b32c43103e30692be8a748c397e67891

SHA1
5f56b982c0477c0258acdd1c996e8c347a889534

SHA256
86f89d07a72617fa0ce0917b5455850de2fd177c8695175339d106d2385fa4da

SHA512
c7521353c46f5d3e69176e18a3e16abc278afa33faf05c2bef19822b650d5bfb5409c8d85f12a17f89c90a0eb1ebdc971ef534de3f97c6567cc7a6741afa1210

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f89251fac2b69325_0

Filesize
3KB

MD5
1bd23db8bac224a581be4632ab142ddf

SHA1
839d8b1c8e117992ada7103fd03900600397ae3f

SHA256
242b288b15cf499ca11efea11f9bda191815ffc9e4938f72bd0644175852f662

SHA512
b25a6461df2ebce6980780e5893c0848f26091027eb02b63e3160bdcce2768cf7bf9559f93758ece14d95c82542b484415f4ff27bbf746adc5444f157e506d2a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\faeef5560bdd72e7_0

Filesize
110KB

MD5
0714c8eed4d2094f01c3cd00df434808

SHA1
ae08ac6bdab89cab6802771dc7ac5ffbdba8582d

SHA256
3b435b6d609e8cc4a4efadd4a085d09b2e661aac5f881beed29c22f9d51ab6e0

SHA512
6fbc4dfe6b48ad912f0321ac22f1139e66d2954d5f5a4b0bb2610f4eca18726b94611ddcda7ee575bb1759ade65ee564d2b5bbffb8aebfd86c4c42e4567d651a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\fdf11c3b3d16b443_0

Filesize
19KB

MD5
8f6ea6e6bcf283a4d81eb29df8fa24d7

SHA1
3b513d218d8717fbc0f626169ffec97b4cee0e8c

SHA256
246e8635b1ebedec091907616f549614bac71e969d7d975ae0e2618382e2666e

SHA512
ab0884e6d896aa7559d1aee658fe944dc2df41344fa5b2939c12993f901baea4c0c50fca9f03f42a56d190f7762130364f6356f2b47ce97a762dc5d0501cdd85

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
10KB

MD5
d99324d83d1da36229433fc55ef1483b

SHA1
569645b094d3354818dcd5df2b55a7d06f41fb63

SHA256
8018a77632f1c278a27a2f31f7596d3c0758105a3526c3da1c5ca70c4337c188

SHA512
2c9fddaf1053593e1b54bf41c9f683f11beac69c6aec8ad423c64b1fca6b31e486a656f5d45c020fb571e35f2f8b122a626f398f6458139147f953405d5f8c59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
423a9540928e6535c810e585c4b3e6e8

SHA1
86b0519915567b9ef224a36ab4ddf38f318fd5c9

SHA256
34bb40c8d89859af5292174b988786e9dd22422f9b66fc986d60ed4d323b03fc

SHA512
d8735cf0282c3294a182873b5d73911bf80af6ce430c78993d47878ece46fd3a4d577afbe48fde55b8e74960731f9fe4a5dee5a4ec565c366d3b75f26dfed284

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
7KB

MD5
aebf52c6cd7719f8e095d8d49faba378

SHA1
38356c9dd84b0c77101c8e6a72f95d33116469ca

SHA256
a6bbe8a271116070b9e7ecfbc495c6f2f19f5243fa82406b0c405c7294b57075

SHA512
ad4702d03c2a4845e5d06de2c0c32516b59461feec1c7afeab39ce875bcc62ff6aad2b2d7898f3555023a44712f7afed1bf2aed12e278f0f1a6f83c3eb68778f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
311f6681fdeca8933d6b075fcacf2c8d

SHA1
f3690bfb7bdd1736ce669ea113506962f650e1e3

SHA256
c34dba38e4b3ac9cef5d76ff48ddf9cf21398258a7aab1b543265278658455f8

SHA512
957338446d1e47146ff5edd7f69bb91db2dc8c12b5f1522656579e91405a7e6dcfac30ced2803b165eae99ba608dd6756dec32493446dfdcccba4280a936c0dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
94147bdbfad3afbcea3ea299a7518c43

SHA1
818f60a532e605b00a9404cf986be733c28a4a98

SHA256
ed93bbf2c739656ffa52739b67bf25804464615a525cc9919bea9e37c365d5ca

SHA512
9934d47bc6c782a06e8bd902189384da00e8d38260cf2b3a7d41bd506a7d009bb48dc522d9673b64d284b66e0675f6e8d1be278350c05a636604d975c213faea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
7KB

MD5
f101977b3c28c1a22db85c54d235272f

SHA1
d017690a5c3e0195ca7ed975ff47da052b9b556a

SHA256
f2d1cc0b0c3820dee2bbe6c11be3f50db4200e04311d0606ed9e51b4f966df97

SHA512
c9494171e4e7eae29f1158f633a6ce2848503027ffe81c0e9c30166dd4ad472bef109589647879c97620a5b8e4f2f0091ca6fca4620566d07f50755773bc5aff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
7KB

MD5
1a8b30136da19753812f2c94d899a34e

SHA1
ef7ebb1f7932cc27305c611f9e315125e7e2be59

SHA256
9a2c8251ea26d3f81df2a212859ca1c687e498be856323400612319842589e1e

SHA512
60304204d1a4ad5cf80b22999be511ecfc0fc35658ae778aae414e19dfeed8611655b6b422c9402bbb8049d3eae52194825bc34a4d5612fc51b264531d643394

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
10KB

MD5
867f0ce337840b8a6e182cd9b58d9088

SHA1
f03d67af89c60169bdc929b89ff97b505cfa6b63

SHA256
344f95c220f0fbf4be91297fb428e380e9e3e0dd860b28585ca10b7c157e6d02

SHA512
658ab75ebeabfe9ec312759d46ff1fa60f77dbcbc031b66d104ef7697fe312bc19ed95a632d68278dce378ad3463518417ccc6fcf20ae9c74710bf9ce1d9c984

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
7KB

MD5
d04f4b21c51da8b877d4a0816cd091f9

SHA1
8866037dd9369e564cbe16c2d78e964ae62a0e77

SHA256
c661ad2a12150277f1d2e169017cc201bfc9607614ffcea422d5e75ef56a31d3

SHA512
3b69b0b2ddbfc58c0a8e4826cd42ba29311825e562393b53ff4fc462761cc8437ca61c3730f120d5c6db6e18206635d102570c0e0695c2e5060bb9eab53b6cca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_prebid.a-mo.net_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
23KB

MD5
459bd40d91b087ebf2b87beba21d700d

SHA1
fb7120ebdd309b8204ed76150cdbd86dc5ca053d

SHA256
5d24daf7e29d9b40d5ebb796eaccf59a9ff83c83b6ad47437d09daf8b5871625

SHA512
ecb4365fa49c907a92889e5a2926ff0427f3878a3f16e15641cab0b1e927403da274d32fcdd4838f66ffa23ee2b2680593dabda85e36607e25acdfb81db16a2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
20KB

MD5
9504e1d342772afc57216d13d2e368bd

SHA1
c26b8232364c790b1925fee00cd8c09c1a70b711

SHA256
9c8607f48ab94044fb296f687433097571b921a320cce51110b29f330e58a63d

SHA512
a8393c797dc07bb251b4021bdf9cc7abc9e1acb6834cc4029a034159c70425e13878bade616d2601c76cff88ee0527db66d2dbd0375c8028905a87e1960d5e55

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
17KB

MD5
764ffdd39bb2509a02922b3be0086d76

SHA1
7bdea9beeca9b697e4a552ae1f70a8cc95a15a88

SHA256
481b610f7d22be2571a50aace5131213b6f507bbb545bf6366b7e5d8f2d75d65

SHA512
843e67f26ff666c2db590331515b096bd66a4099694e53f078a621482e7d7f5f998593cb958cbe8c6a8d6312f6fd3252396edfaaf195da57bf32226cbfffbcdd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
16KB

MD5
b7242cb13d4d865edac90b83fe422da1

SHA1
cfbe6d8d5919b5deabbe0890a5a1ad0b466d6d7a

SHA256
c15b04b7bc744a2451ebe0b1c0294a1c8fef482cf1156285a40d578fb980887c

SHA512
ccec6b9b53b56c69f519977d6399d381ccc315d1ef5cda2b866bbbc56a92892cbe79a24a61a77848de15544fe518d62625fa4e50d6031479584d6e7a543544df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
23KB

MD5
3f2ce845495ee277fd6db4cbfce10e62

SHA1
4392d1056662f7d8f00de550712416ca6a8f629e

SHA256
b63e682a1778518128dd32d716c57c4413e92bc4efe4e46fb0a4fca541136c11

SHA512
502364121059ddf6d19b652390e21249dc9c449fa66deb6b1111166e175cbedb55d81b7103a7f1110f687061da7de5665e8bc2950dd4dcf8a4fe443d0f37d12a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
4bee49e92c62bcbbe4bf57ea27379164

SHA1
65e771977bd3b311ab2238f26bc504b259b64fa8

SHA256
6095f84bf9d990de22bf8fb1b09dcf1ec65d7db3758d8a080206314b04506c8a

SHA512
560d8922a7defbdeae9637dc92329274c8bfc958c5e25c375f610bbe061de687176e70bbfdc6261fa7328d7c14b0322714086c8d1b90881ff4cb62d0fb7231c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
5c79025dff419db750f4f213804edefc

SHA1
4f8783fa32e5f65d7a33a0ab4597c3f0bd13971f

SHA256
597e7027934665aa49a5dc35f7e56888296d74f132e424fc010dd73d8bc19d51

SHA512
a71d5a58d5a300fc52af6d556f8f74fca3be713d769bfae1bf5bb95c67cf24bfca25d49da125ab31d7eea102653a75ec8892db5a49719fe56f0dceb71012c966

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4e27cbc7d50a428dd39e711f30a0e35c

SHA1
21343a3aeb9f16e5c677bc4829fea5d6e8e77514

SHA256
82603682070a1c854a8a3bd411aa44a29f73f0ecf223d39aae376d1fb2f841bb

SHA512
2654646c775635925550807f6715754a6485764b6b29383e0ddc85a78a61538af9ea1235861a938cbb64cb9505e87b57d7958da999ffd945d6858f81cb8f7221

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
5cbc00123de50d218512e28858bbe391

SHA1
d1d4c93764b52bd332f5d86ffd6187d4f714fa5d

SHA256
8d29fed63d86ab6363fa586990c48c8d31411cb93ed65a4c39a30808cca5de16

SHA512
245efc825e780221900fc930f95d6de912d6f8641b9eaceab576f58685d2a3f15a94d40e3ba189941e2776643f75c0b5b50bb364ca2974f110656532842f122b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
21KB

MD5
4559b5edb9a3b28fdbc8328a1ea6eb09

SHA1
efdfba3988cc56fa55746ea088284bb1605a5fcd

SHA256
8dbcb5e7a7c9985c05312a9a4da94732c38e4fa2cc0e51c9c99cec47966478a4

SHA512
34388f9eca796b6473506122976730f6200dd14818d4fa5b01aab190c837fbd34185cbcebb704d6dcb4d0506f37f0638b9f40cc5ca6751d199e8124bc979e038

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
21KB

MD5
bd965e55ffea910cc0346864b023ce76

SHA1
fffd57e52057df7b699adf291d0c46a6c7333096

SHA256
c39f090dffd7c59dc2804a6f103db1a192ee55d0c65dbe59bece402f58edc11d

SHA512
9d3d0c888577d93c947824da928f087436d86cea8de629c50504002bb81dd2a8f789e0f8f055649e975f769cc0b3d766ea4f5f49454c328b089f44f9da7044fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
21KB

MD5
970402b702f2345c162864036972565b

SHA1
61bd4a7a7976b216f4402813a873cd6668d15ff3

SHA256
f03363a6efcc7d4a610a8ac86be098a51b1c206a15df686169cb47273730cac6

SHA512
11029aaf345b5a6ac063c42326a5d5cfac97e9e341bd11a73c9805e6e29d2d7ad335916ecfd9bf1cc9e321459d9fc57519c3133de12f2632dfc39db4140b4ccb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
23KB

MD5
a6a97151acf0985d854a57e09c8ee8e3

SHA1
5de58a646db93d0db8a6777d5663af1ba35bf063

SHA256
c8c42498bc158f556794bf1d8f252b2754b73635e897bef3ce241079c672ad46

SHA512
a24a3091a6d2287ac2a2c05714a5f8c7d131416e9fbdd3179a29e8c874374b97d9ab5dfd93c86504cb478a30c8b7b2cf9ad9305cf66ea63d8e2bac89891d2118

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
23KB

MD5
39152b5274ed307c6a94d8cbd7772476

SHA1
14ab0eb869de02e53cc2dfd5c7180bfeffe166a9

SHA256
be861e0f8673546f0238e9c30e8824edbe8eceb626ce24bfefd42fbc3afba855

SHA512
0aebafc7d39ff835f0914ae427a284f9d83d498571aa295776c43b922b690b2ca03bfe5c30bbc32406857c95d83820ace84d95bb33af84632668984c2feea1cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
20KB

MD5
dfb66beb7f84b0c5af5fcc16246d24ec

SHA1
3e2fafb189cc1147593341ea965933a6e79f3408

SHA256
254a185a563168ff1fcf6cc7f9a71207c8f2a01907bcf4a50a4fcb2ba58b118a

SHA512
bb9f0366a55fd27d92155e9435e7baffaba80b0f22af138b24468eb50f7e08c98cec954817acc654191ac5a55c9a9b65b0697a7f5a920c68e270960b627b0539

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
20KB

MD5
5d44a13cf9718c04c1f750bff16cb1a3

SHA1
4ed7d7181426654614b43620fdfa2170dc585655

SHA256
07188c8be32e808be587663e031504e53f86ea1c1bae4df0881109dfd1026e31

SHA512
f0d847936e747930a943d44ca6e83848fdff2c03894d031b821afd2dad9a7d19dba43225f88a8266ab020ec37cb2fc41cc675d1b0e5f387c356549a8a7691ea4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1d381aa1929a93fd76c7f5c407d11b62

SHA1
0a544a492430320af90c34a8aded5dddfa57ba3f

SHA256
8b93ecddbc0435399c908f087704913eefd6f6ee97bb34da1f9e80fa16449f65

SHA512
e558fcaa56caecaf91b81e9596a54f1e837ee4cb44fd74bfee8cb1329e60c7322b3e314c63a7e6be7947cf54fe20ee1b0d11a2c83965d23055de357709ba926d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
21KB

MD5
00aade93ba7b91e0dd33b4ab0830525e

SHA1
5b5484b1f85b7ea7e20419761b535e208c8a1c6b

SHA256
7433b5ccbe681495136e62640fb539b81fd5d2c157e705c087037656aaa65841

SHA512
63fc97f5a23559075cfc5157a69fba168f39adc21be87ec4e00f553e453454f5abff354b2fd27bd063d4a58a4bdc59be1df0f59c7a2852c191107b387347e5c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
20KB

MD5
88e73e296d17df81cc67c2e3d89c5b02

SHA1
25646cbf3654920557c6a86c61a5921be850da1e

SHA256
203bc7d46b2dff4e94c197c812dc3a048f41c3300528714b8497ba9a8b52be6b

SHA512
7ab24a598b3a11455f460cff0db208a973c44794d28b257ab337377002ff5accbb32ae1a9dea90f85038ff4f5504ddb78ed745aa9e6d097fc47550d7afbdce14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
3b17e6668fe7af540a4887b582e0ba02

SHA1
76107b13fbc10a56a5c90a280cd4007864baeaf4

SHA256
a0372aa4901d31364f2e82f318f5a54fac3378e6f52cc14053b257ab4e0f35cd

SHA512
928c0881c0f73f91b3318d2a3fbd58ebcbd5b4af77312b113520aa6c5e58792c5d812263b967f445d540d44ff7e83559196abaa273a0a64ffdded4abec0c274c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
20KB

MD5
68f4c059385fb2d926ebb30e139854ac

SHA1
c75b1aa6673b2f2d3488431c7c2fdc66153e5061

SHA256
869e7ced5ba4817545aeb78b2a02a0cc504b4a886c3c4cce49dbb8fad98d26bb

SHA512
ad1d9e80a9ad3c033721580d90b4a54b37294a7192f02bf03251d949538a8bb591f9a2fb109f42b83c9abdbe3fac66d433e16755dcad9ba70f12a2d646750b67

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
21KB

MD5
930a3b8a7d3d8f48fa20802211f06ce4

SHA1
13185f7f5e68e0e9b8d382f5a634b8fc9ee1c73b

SHA256
86b744c665a0f9cb4f4e940b6457dc2758784c3fffd40dcabb17a4da5f5e2cb5

SHA512
df7b5abb61067b27c5d6e3322bca29f7dca890c14ffe5be9668b2833e70ab4c23e0ce52f83355e0f180b8959baeaa55ee8b65526f0a12678ca829bb869b11978

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
25KB

MD5
7c5ab77fa4fab973a2b5ab65870677e9

SHA1
efb5eeb54ce9ca02a55f4ccc32d3ebca3896670a

SHA256
c189d0656995f5b60eb542496307aa6c02eb3f19dd4c954d9eb1d90485c12f57

SHA512
5c8f96e8233929d2891ddd51d58fbcceafead081b8cce44569f3c6084da13889068d0136bf70b670d3b18b647e286965cba52470d5aef380c11e7752dfac446c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
20KB

MD5
39be202689e240a54c3aa56fb7abfc60

SHA1
e92b5857a0bb50d58eace812960b3a8561416a85

SHA256
be9d97bb92c99096cf92b41906c83ae066ab8a25ecaec21cb703760bf00c591c

SHA512
69faa9ca17a203de5942d1d757311e7a691db680b1b14e0d77e162dc4f82085a76561d83b05d3b555165de07f8d54444e48911483b7d59835737890b1daceb60

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
4efcd59ebb1b70865676805e63c2452d

SHA1
cfe3b2c546c323c4189a83329a2b494bfd592f77

SHA256
d53564c3786f6308ea21c543b43b256de521b3d146ce5f02401f98eecced9130

SHA512
1ef4f7a4094b86ee8ff76b4e51e2b86c808f9177a54075128479e12dcb075c941d69397dc9660f21ce57cd31557662c44952c849076c8624f7f5fc1e07f205f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe64cdff.TMP

Filesize
48B

MD5
1ea2ea4ad45e106aec43b48cb4825814

SHA1
472d0d8c591f6efbfaf254ea34d48f89a42c977a

SHA256
4936c81a287e6b130acfb40449cd08dd67cacc241abfbee3ea9409777b2b646e

SHA512
1cc0cf8c6cd2eda1fb46776f19711b5c325d694ea4b2a17019b4033d1e3a0171b49cf4408132538859e010684ba73e70b849e8245b04c67c75aa5901a5a2e973

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
29e15bb3c6fbc68b1de41c5156828dcb

SHA1
7f011b3f5aa65e8a8e8accaa1c0dde8b17c26c07

SHA256
5e769c18573d4a624765d54a78512e571538e207d7b1d1c3ea0ae7d8013cd2ee

SHA512
4ce4965ef2370004bfd98a8cd7737cfdb036213d85d0d067f31598ae9d6b30e576e086765f798d7540fe61748853949dcccdc5932f55a4d21fb69f780f3b62cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
d8e57d3146ce1e4fd1864d09f12df466

SHA1
eb3939b7348ce59d00218f22c499447dfc3ab328

SHA256
2f1bedd6aed85a6fbb997948b19f856b5c7346a7cb276d0dc80066f1018c96c6

SHA512
33b65059451e6bb7d65eef55a20e1587ca0ab8b7630a141ec4e6eb040f1ed9f78cea0fadd5007bb27aef31555f5c324028b8c9734d640cd3fcbab47b7b1b6498

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
7KB

MD5
99a24a652c8a678fad99809b6137a27b

SHA1
5436d2ecc6df176847388afd5396d78271e5ff42

SHA256
daf457b17e40ca147863a16cac1c4d3af9379d2239990e14c93ce8dc2ec55590

SHA512
dd2b6915bda1530ea1f28d35820140571b3ee3d11f8d6460a6ded5c0740ab33f4b30313c4ec91c2aa2bf001726058d7b53ebcac79ce09a640fbd6006d4f70f4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
8KB

MD5
4b7d790c0538d655ead86b5f4c18bd79

SHA1
5b1df62a1fc73ca7ee642edd760a8d7f17b22956

SHA256
cf5a4face68a2479593c562700063731ba71df1deb3e1dfaf0c8922291d6c079

SHA512
57afabced1673a749052ddc675622b51b0ebc0b53471d8d4c9c20e61636cac2054837365a661229e32e066d67122e9344018c2245fd8e0dd3d8250c778a75790

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
15a63e60ebc0cdd04697af6022b3dfef

SHA1
253f0076f6ca6498a170be5509a9c5e16468b39b

SHA256
2153ddc6eee56acdc6e21b747e74e954c09358f92499045156c3681a2b1b204e

SHA512
827259abc644e7632a16ac1a2cbf6a3afd3b6c319ceca9c7c32d05e0468b00dca7a26e163bee700f8e06aedbdc017c3794b933413958474d8f8ce32b50177988

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
9eb6118b96d48c635055a9dfb416747d

SHA1
86b1da8ecb543fb2c4683515b23b75fc47a5fab1

SHA256
50e9bfa51428a38b4bea0146506ad155d334bead59e3bcf37a55ed622a506705

SHA512
3bfe5b7c0dac40b8b727d1626274cbb4327f6fd2096331d5010ea6f32446201e606e1a7f7ef82e9de727981fd2029dd5da8fd7d691a86bba7086cf97e0759c72

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
2a29e7643888726c0b3bfb3e4890b40a

SHA1
c7dc4e1d2293ecb928bf64c2ea9857fce55d362c

SHA256
9ea78210406994fd4c87ff8d20b34709d3eeae41ce493c1cf79ba0b1d0919b1c

SHA512
c17f2466ecbf66df9234e395054f6223a119db9f14ecdbbf2a87891304854ee35b0664bbab095859830c00877ed498af777caea31738a67ff0cce59159689490

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
cd2a522c1fb8c749a4f9c890be52934a

SHA1
f0a01f5643c56a1f4a22254187e4a716b7c6ed19

SHA256
1f61bee60e1a1dd26812bf1d9f5e9daf0ccc8028aa104a7f04c771a3ff73a4c6

SHA512
95bb4a0b216f91aec67294a4a360fc9c1862bca10ce5079bee5a8bc3a18fabe7b1aaad4a579a43e18de5354b708f72c4403811444485dbe67c6d103b257a65ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
9KB

MD5
0e8f5b7d8282ac1885e5b7eaaefdd42d

SHA1
2fe4e6b8b3df79b419675db79b86781394f33735

SHA256
25e97273c22f3d8192728f102ff555025110c001b7c88c620d270891196325a6

SHA512
dcc112e092821d6cdec57bc2e5efcc8d7949bb9045f390d0329946aac1b9ad1cb74f01956d9ff1e27bd27b7e8450a25571c215cf51e51f554cb04edd498e79f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
873B

MD5
587e7fa259eb199f1341f2568cc7aa20

SHA1
4e0d0ee23a1f804e6c337f74aefbf38f1f0f5bbc

SHA256
d750076f9194630db1a2fd4bea29758e2377c8b3774be1816ba2e34e386a6e13

SHA512
de2f86b48b665f65d030daf19678f56c152164f4051e219dfe29eb77bb7633f22466f13f6fe1be195d6f596133b407c71f5c6b28d0c8608db1c55ec6ff1e4f52

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
7KB

MD5
995169be24313d09caff5e8e80c1a1ad

SHA1
0ca3b118ccc0f128a8583653c940177898887d60

SHA256
ab3c8c7f6e3b87ba93dbcfc4cadaf0a65b7d369cd493be98d5dd5e9f179e460e

SHA512
a487023f0659fc7e6813021ac85a370c8d35901381068c82344010b1c760c8ca3e4d24b239776da9dc6bbe18cf5f0610ad964bcd218c5fb34a5dab1a3abfedaf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
9KB

MD5
22ef63684fcc8d958d37d3214e229c1d

SHA1
fa590dcdf7f0307d8930da19cacd6a79a2c4f924

SHA256
97ee1c5380a8aa16b3bbe465d01bfb747e2742728d60b5fd563290a65b3b5db8

SHA512
92ef2115bcfdf460d3996cfd94fbea6ced3d8cceeba36a10feb7a6989b1077b57286f69ce2e6af008cd83ba6f6302496034771965fde1ccf8a43383a83de5668

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
9KB

MD5
ffaf05a0cb7184965e7b2db4b3926d7f

SHA1
d63e660b09e10dd460788e354f7997c7884f8142

SHA256
34479b2df4d4526e2927cedecc66a6bee0205e04341837828d312a6635c5d56c

SHA512
f2f9f2ad5607ed8adf2fa832de51ebd6dfd53f1c4e4c835fe901862a9154ea2e6d754580ae45d5954f91a4716c356fc15a40356453d0371e0138b680dfbf48e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
10KB

MD5
53990ddce9596246e904a4bb532d101c

SHA1
8ef08551c5fffac8d8a50fa0106ee6de7df38be4

SHA256
49f3390ce376111a3e74062d631ee2388a9518848fd4718e841bbc2418adb78f

SHA512
97a5446de5639a49615ae07225548aa5f3da1aebef11b5aa59c0de101f86b715374427d0a2762bfd726b3b7af059a5e026a0e0c13da359b75904614fffd46bce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
705B

MD5
4ab6285e29a8989dbae54a0ba2d69d27

SHA1
6c76742cf6f3251072d3939de948cca5ceed0b1f

SHA256
50ae8dee62e47bd8872f90f4347b00cbf018dc5eb35200ddcaa31a777e9cb948

SHA512
35defc89cc41e4dfda4fc63b9461b10b27198208809a12c657ce6bb6929614f55d197a18f7f19efde26900e0f55509879fe769be5a01ecc73df5992d287723f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
d6108d8fc79c283155ce6f525545c8a1

SHA1
54e4fec87bd1da9b9516b91da263b8c9348cb8f7

SHA256
6f8339ce33e02b01be4cdaf751aeb9f7f10f5485bf891e94d6439c6e3ea6191c

SHA512
fdc887e2a2809136741afafd05b468762ecaf3a717acda19b86ac3290779d4db59e0c3e0c1b7166fadc796244807675d596b3d2c42501c655b43fd87d9ea053f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
9KB

MD5
ef9c28d8ccf051f454a8737cd62ac3c0

SHA1
59d2dbc0559604a4b168ea2399e1d6d633d72021

SHA256
781862909275ffadb081a2708cb4b0b1d23705dddc1a80d1a630edc6397d8274

SHA512
f4cdeda6126ded7c37e96c3ad435ea3cfaa917fde2641581541626e97140b286751b0e78221596e7ff3d1d54aa7632b1954ad2950029673ed5c8ee46b550face

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
7KB

MD5
dd117852a19244aa07e62835c40b8253

SHA1
b6993660340f84bb6e53c002469b908f69afe55e

SHA256
9679a0b9021db14c17c5528f7a3f76d1312c61f08acb4e022b08863885ad84fe

SHA512
730743d27202c7ce3a1e0c6a518f53237f82c14a8a0b3d7a78fb9cc5d80d78692361f71eec800f99279a44cf2df5c0ccf5680b0d445f2e57455dae8617ffa469

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\c2de2daa-da52-4595-b7c9-6bad76551fbc.tmp

Filesize
18KB

MD5
3552d1907dcba14afdd03e319ecea54e

SHA1
7f06880a8087d9eedb3467ba2b36ff8042351ec7

SHA256
0a79c506ddeacd99b710219c312e37ab672238c54aebe3c75afe51a3f27f42bf

SHA512
d7520f866207933e49a605211af108967ace22d0014e85e5ebb0d031bf5f3bcd79027c5f9f4f67a5e8b08b0a3d1ec82942b3bb57214cad58994b2987df9c7cc6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\eb33ea45-8aab-4b22-85ec-815649d4a8c0.tmp

Filesize
22KB

MD5
c6a3c57dbe6cdbdaf2118cf4be9243c7

SHA1
8746d86c87050aa3ff5f7cc3320390d03a831fa0

SHA256
4e596b203e54ad5a45b54497216d1bce59921677b4de8312cf309df10c53ee8f

SHA512
73965fd4b2dad23344991a63f193862017e17729028ca9ec44f8b60abd579af2e88393d0505b7d829c14cdfbbd2ac432e671bc75f230b081e6373dc2e87bbff7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
a565cc9195ebf707c4a0e0141c02d27d

SHA1
106b9b0b0c64d7ee480b2c4a3352bbbaab0b0ced

SHA256
39994a1f86325c66023cd6ace353abeaa6b76e74ed948ef661bd3a7185156427

SHA512
77c0fd1f575840e82a6c75858c319da24952dc3cbbd2e092803eb3b02fffa1a7d6121c7f8e00aa6d942383b9beed67ae72b7358fc3818e1ddb02be52b967962c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
e6ae847dd6a08baf3a2f9b344956a80d

SHA1
21afaa81dbd9e5290ec94565868233c187e8920d

SHA256
b6798c1615d0c44edad4f4b4aa079cb14e7094e2ab88498bfcf4ee166cf2195d

SHA512
5e308cef4bd20b2c74b2990317009904aa30832a6abe83070c3fa0508853c9d9535cb204ed9920e683a09b61d1e8ee7a5b631298f01729f7dd47ec051b868baa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
3aec796fe59f8795a509e75d3775711f

SHA1
53d9a080267006076efdcc64d7b4df3822171578

SHA256
cd423f34c294fbd88d7df57f7badd476c7d8c7b1f5018fdd2ca1e7a5c5b479a1

SHA512
7ed69382bf20220287f61580bf2b71cc3cda0171f06fdfe340d69190b1134ff9f279b130438805ce595b112259dd60497c4344d69dcca6c67876012869e7f17d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
a9da5db2a8af062082e66a356abd9c3f

SHA1
6e8b97da0f33b374119cf3ca8a2856c4c52c9958

SHA256
79b088d15e3fb8acb5fa868172583606e09a59460a32c1608f46cd0bd527fee3

SHA512
08db2eab7bb00a9c5607fd5633f29ebecd0224f978f152f9cb71d090400b21341212e1675931bc91d62ebfaeceed8a58698dec255d2fb4a74323bed50a297a03

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
d447a5f7135c3a28a3313d2e1e4f95b4

SHA1
1ea42e53fb06952567199ff46be1f164f14c1dfa

SHA256
0774c21912591f4830bcec24b1eef244827877d8294ebc3e7399ffe209e72afa

SHA512
f21fe047750ef1854f3713b56302a485182ad38461f5a8d1f0a7822cef6d44ab1a48d8602bc3261904c5bd86afb7c0f3ac696ab0c96ac9de0e7ef0a46ec171f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
10e2370127a9c35268b9afa26226e2f8

SHA1
6729526df09ce44c49200b7a37e02c55cd60f3da

SHA256
3dcf3ad9e454643212b0444035e38b8ecefa33cdb7c70ab5d4ff9a503d35c2c5

SHA512
1b058b5fa90e23ef9ba9420e642382f43552b3cad431d4cff5ec71a8f60d602a071b96859bca8ebc2910f5986f9b439939b746f7d01048c8bbb88df6ef647778

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
306025002c00ea4a355ed0a1e546630d

SHA1
d562e52cbcb6d86f024f4a1bed0c5dd5e0581817

SHA256
2cfc8ea7abf1080599ccb261d481bcd1856cf5661a9547a17d22322c8017930a

SHA512
9fb1a3eba1dd14d6a0ab63a9495b4f94936ac0fb8c05edc9fa2e2cd1a8d25e8e7c4d20814995e95e111ad97baa923b6eb27443da6d42a8b56ed741166466370c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
f84c2f0231597704533cba1c8ecf168e

SHA1
6dbc277cc95a46890337fbc5649f25a0d9955a7a

SHA256
1ec6ca46d7ad888aad4f9d616a7f9e9e94c963c7a24ca465f7270f79b990556f

SHA512
937189a042718802731e5e441d3c6a4a215504513303b2b408fe1b6c1fb08ac5e14920db80eb49588c075c5740fe3e7831c1227b5cb23fd6b3d791dfe6a5d531

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
6f85babcfd0b04f91b7bac7f246757de

SHA1
23702371218b5f9cdd678a661eb4c30f9c07a64e

SHA256
e373985f7e08bc485db29a82b6739690a2d397fc6c5b4972d6fdd67310d46cfc

SHA512
382bf498361105a3dbe6c805e2ab55f4bcce65dbc5a47be4bcb6111a2ba15d8d41ba028bb8767c4154d59dfd42c3f542814e8ccf270c2a1a32ff0cf37f4fb42f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
1b6922d088ea33a1530f7bf9f5fd313b

SHA1
47c852b4f3be187a23abd908d6e72ea98a157db8

SHA256
f1d719fc606f20c271325e50353cead331d56e5b05e0d0ab4c9de497b70e6d7d

SHA512
31806dbd88179ca7789daf066816f1b6b2cca0a95529aa17cbd8d731fc24f7c22b378e48c08907a5ecfd4d31f07be9bd6f04b0903440328034212f02a1bf65f4

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
11KB

MD5
bfa79d7a546b5ac60f5a8562b2c86799

SHA1
f3509bbf7224a4e35e92c453cf13d8c522a0219c

SHA256
f23d82f15277079aab16232383cf5829c9f53bc997e98e9bd3b5599cfa80df83

SHA512
32d99ab686be4e39ab1206e048f8fa566948adeff1b2f97e74bc27e85eece45047736e1779aea97fc1d142dcfb7472f3f12650532b86a2d3fe547c7334307366

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
11KB

MD5
ae9795843ff54860f7ebb5569f434e83

SHA1
3bdcba3b4e7ea0f191c90d4211395d5a6e3c8cab

SHA256
b46781bfff93fe6a51f19337b2c0f68c940a8a1497f56ffbc5e66688073abfbd

SHA512
6a6c20f0f39710bb93868d61d7222e5082ceb06c07f1fe685a41e96fd52a6b8d8e568d4cd134b2824e416e8b819b7c94ffae2c7b68c7ec25f411c48943cc2357

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zO4284671E\Chaos Ransomware Builderv4.exe

Filesize
548KB

MD5
9a44537dfcf8ceac515c4aa92f30f4af

SHA1
9a26c3ff3251f69950ce09e3692ce14b5dd536b1

SHA256
3246be7f25f8f4cd9ade8f0a8faf12847df126eecf65d7e8012f35ab45e73a40

SHA512
94da6f1aaae6c25e47e31ac246a8703ec8f7b2893a44ae10f7600cc79ba673bca60d7fb41b2ebac8a4b5497ab98a0a195a32d93f4fc140ba7c9cd25811943500

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zO8C8198BD\Chaos Ransomware Builder v4 Cleaned.exe

Filesize
345KB

MD5
30caa962e1ee863f2fcbed2b8e38f207

SHA1
3ea3d0fdbdf6339756983152df6e3a28d5873a11

SHA256
c5004c691b576c3f3899d628176ade9d8c87b7bf6d44d96945b4d1df1254a132

SHA512
61ce53a94d0a4695368d33f9e3a1435800b9fd828e7e0c14144a0e45ac3ae7c4b4c04ecf9c5a5b794c2049759dc34df6e23ac39741c98bbd8cf18bda9d1c2a21

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zO8C8198BD\Chaos Ransomware Builder v4 Cleaned.exe:Zone.Identifier

Filesize
55B

MD5
0f98a5550abe0fb880568b1480c96a1c

SHA1
d2ce9f7057b201d31f79f3aee2225d89f36be07d

SHA256
2dfb5f4b33e4cf8237b732c02b1f2b1192ffe4b83114bcf821f489bbf48c6aa1

SHA512
dbc1150d831950684ab37407defac0177b7583da0fe13ee8f8eeb65e8b05d23b357722246888189b4681b97507a4262ece96a1c458c4427a9a41d8ea8d11a2f6

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\agent_launcher.exe

Filesize
245KB

MD5
3e68d3affb1d07b291b402b1f8733b52

SHA1
c5d817e20dcd38ef8e8902c05d8a13777b88bc03

SHA256
cca66104abc7b29b365f2f5f55579348f0b5645deafbd962fc802d18c520e676

SHA512
d80225bb9b61ae98d662ff3e95775e3bc3900d3820c669956a090ed076154be6a261b327cb872742aeb1d87dcc4b4fe16147b4b26394397b6bb86f3c446fccb6

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\bdch.json

Filesize
960B

MD5
1824d1d7363534425f8052226819df06

SHA1
aea1d3f6ae660bd254621c45d840d30be4b2c562

SHA256
1c4bec313b4d0a470b39ba39a5cdc844d5c5662d93ed06ac1237c88903329f34

SHA512
799b7e830b82de4ff81172d24ec1008ee24d94f12c9313a9561f291bd1ee4aa1e40b67c3185c97acaa09fc8330ad624069125f1503d0dc0987c76ad1b2118cb1

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\bddeploy.exe

Filesize
399KB

MD5
3a1261cc0bee2591e29842495e3f6aeb

SHA1
13187dcb0b83a6ed856317e5bee716940e811724

SHA256
66436a1a34bb16464111ac1042189d99de00390235c4109ba04e3f3a2d83d467

SHA512
bed901f1345725c6d627021b44451d28fc967838bf7f74388f649f4e52e67e7724ff7807da754d4a54f0da4bd40c33ba6272dd76d130c302c2706f44f58fb77d

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\deploy.dll

Filesize
18KB

MD5
f945c147a9fc387841cad1dfbf4e8d5d

SHA1
c80176950df2d75d3808b068a59515b675b751b5

SHA256
270624099bef280a7b918870d5f91b96e2343b7e99248d63f71060c85848fc5f

SHA512
5bb2287409fd9f234bd14c0326817143ffd9cd0a81b08bffa5d51c67e742f2fd1eaf3e4cabb44f70f57fdcdac4e0b7a6ed08438b4a09d74f857263ac9fc6b942

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\installer.exe

Filesize
939KB

MD5
d692ca8c540889a90430b1dd9134264f

SHA1
2c03285c2b9e86205e94917ad2d46048addfa4eb

SHA256
bb08adbef3d031d9fca1a627f3261b9e3f99fbed42d1ff205723b2297b0d1d07

SHA512
d9565d39bcdc30a692ca5f6973395c36c0dbfa0ad21415e28b6b929433b9dcb5391a88f06048db2fa0fa41abec6bac2e6eb85186fc4032375db80bf40899b330

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\packages\additional.dll

Filesize
1.4MB

MD5
cd10f317d54a8ba35e5ce85ba3b60220

SHA1
f1c33ddb09b0b30fb99917d2d9b8b0346fc20373

SHA256
ee05132599596b99f595b0ecf7783e7e119d5d03519b12fe9f3dbf5deef6fab4

SHA512
e9e56ce0b9a61283c18acaedbe22cf068a3b078e0836e3c0c2ed75d1a3e9199d834bf107321418c587cd235570b2ff48f0f04763d1ade475fb1a97255b2c479f

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\packages\agentpackage.exe

Filesize
8.3MB

MD5
f985bc11f5c253376832368d716887df

SHA1
9928845daece19eec3574663a5002b1f1ad2f1ff

SHA256
7834c16dedb88808908230d77f8ccf9bc33d91e423c73fb433791b4a91ab1fec

SHA512
ec5cad6935161ede888c242fd123cfd88e25485cd9f924df2688e646b70a7c55180768583dfcd6d3cb467ca9736685088ac19856dab8026ecba02d5388f4c3d9

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\packages\agentpackage.exe.md5

Filesize
32B

MD5
bbf5d2f19ba3939692408b5a55b082d5

SHA1
60da06b28920b0ef1f668fdeeb82e908c757e54a

SHA256
318a1ed380d09ad14c444d398a37e82d610451f089c6e9d4fa8aa7fa72205471

SHA512
d3154dd9168fd19016ed40711455adbcc03d1276a42399fe7daf4ece0ab9914fcfe22b9a6c558d49ac74f348d109c715263b4459ef15b71673fc4714543c0c37

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\packages\bdredline.bdch.json

Filesize
730B

MD5
3266bd308834ee8d251433b44ee0a48d

SHA1
c271fbb539824ff577752d2f82b1b498a9ac91b7

SHA256
a773cf585925921309cc117e59ee87c56ae7e9f7e7532b4fb153e4ac72dac76e

SHA512
edcba4498e553b4e6d9eb28b7c29e880b04ab531435c50685d638769ac5ae74c6e3de8c02ecdcb385d05f347b27f2e1e6bab72ff45a16642013b28b44fe85321

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\packages\bdredline.exe

Filesize
2.5MB

MD5
bb8bdc561394c4ecfd2158d228da62b5

SHA1
34b46f4978ce08acf9c2218c22e8f2bf0d24a745

SHA256
ae283b45d858cb916f27b724db05049aceb424e049cd8c8a9b145547299f03c6

SHA512
8d02b3957c3efa279dccbd7aa521c372b03fd2afc2699f29bc178caaec8414baf0405987b5673b8d8e29c94bf962b08b36424ad08d0399b02b4319f5e7c5467e

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\packages\data\params.json

Filesize
89B

MD5
6cc2f0f07cde8f433f9cdcc0d6fa534e

SHA1
3ef3e795be6343c5c117154fcc093b16fb2ac08b

SHA256
1e7bdf1d590492693b939138cbbf80d9c78d8c572fa012a0b33c71d7ebb605fa

SHA512
a2c22413f5a70aec222b96852b70b5e2850ce305857ac534fb97799191b6fa34dfb43f4c7b0ac3e793a2db5b4ca70d2afa98318710b511022bb8946a06026065

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\packages\installer.exe

Filesize
770KB

MD5
af850a5433c3ff2e33bc4222e14800e2

SHA1
74baf15228a800287d13771882bb4eefab75010b

SHA256
e19399997dc084d27126835a42b2e478a37223a6b2f649fe88490112bb6318ce

SHA512
f3ddaa6de21bf615894f638a2ab49d60a914ce30682596f3a2c5b8337ece1657c649c527cd99ce2b7db1dd3522caa4ab43afb228e1657f6fa32eabe2188b3b25

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\packages\lang\ltr\resources.dll

Filesize
94KB

MD5
72dc57d6b0b7a541bbc8f4bed42ba48a

SHA1
8f1269f8351cc6db6f624d5f4bbd2881ad65a15a

SHA256
075e253101ba416a8a3b572e08ca5c371a8cd27cf473be319e7cc88982523a00

SHA512
e198e144ec1043ca1206f65af5c2b46bc8ef4a957c51b89b3d5f74f72f7b1d4d7e2ba765e6e28cead62a4dfe5cce571961366e821504ebab687eea50b7c3c26d

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\packages\productagentdp.dll

Filesize
499KB

MD5
0e170e693a13fcf60a3cd246a24e8822

SHA1
61829794e5d968c3c1c106953002c2851e1a992c

SHA256
6a5f84c751142ecf5bfca2bfcdd00f472fe03eda81125f4561fd7abe4e82ef86

SHA512
de97f1e6d1b1675dbced1c35f4916e74fbe7e28f049a3c6854a6ed1c74cd834a1a83e4642450f46f9a7da85ac70c4ebbcd42db55f3ef530c76cc76c714c4bd2a

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\packages\sciter.dll

Filesize
4.6MB

MD5
258e030e1961923617df3d6ee6dc1e5c

SHA1
fea5a96214480383fa1aa5ff674ad3febd45aee3

SHA256
3eeebdf2a76db3ad7fe70fd72ff2badf495767f0e75d8fb2c3210fb8b541a2a6

SHA512
9269f481a52df490539f65cb71dbb5c582ee7d446c5b5af38146c210b2870bde6a12bfa9df0f3ea9376e14bacd3c5d3b9b42dfdd1904e9bff835c117d97a88c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\packages\setuppackage.exe

Filesize
5.6MB

MD5
9d7304940c94412bf8b673d3eac550a9

SHA1
f8ee2b630e10ea85219b5468a026e4f9fba1e6b1

SHA256
962deac26d2afa9ddf08795353a743b2799bfb7d05974737b0a9f7314ab546b1

SHA512
adcc520c2903c1b3afd496072a9fe80da7a309959c2a9f7538aabe69ead651076bd4b575d2af86991830aaa61ace25dc31e1141ece4fc31ec7f9e7dcebb8efb2

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\packages\setuppackage.exe.md5

Filesize
32B

MD5
d0ff045223f7a464b8e99045311adbcf

SHA1
4a54d4dcc976fba5f621b0fb228f2a1b3d78e5fe

SHA256
456d61d9bccba69af0073dd2f83ea3d85189570e8d5f4a61da417e985e397353

SHA512
579f055753e634e5ea66c844689ea9a5d993f495cb6b70e1fa3aad9a1edfdcf615f8a21c9f635a1224cab1edefbec485dcbc2745135c67b74081e398fe023b69

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\packages\unrar.dll

Filesize
276KB

MD5
02976926dbd2950c19ce250688b210b4

SHA1
70edee2b167e2c4d21f0816d353d06a562aeea53

SHA256
03a9116627f80d4c1ae1c42d341ec5714b0b5c90f6d9defecc1213b5f885c437

SHA512
1d098c89b9849b77e67ea480a588ca4af72bd4301733704f5592311d9d897e195017cc34ab965420bd29aa9b771ab6428de036931e31156cab6d6d736c11c554

Download Submit
C:\Users\Admin\AppData\Local\Temp\n1s\nchsetup.exe

Filesize
3.0MB

MD5
d247b39a197a958b486dd4ac704deb47

SHA1
2ae1f69d10440bb210b415a020f652952b3290d9

SHA256
2e04a32b231d7a4b127c2d822ef3e90576fb83eb92f9258f33e8ca472cd8182b

SHA512
9001c5c083ffec225b9cfb3657b636c9c79d1b05b36c9ef18b6d66d87741ccb048d12e12e326893680955e8f01f7fa446b68277d2ea22bf4c82e19ea76e32fee

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
8d293df9b4ab12106269900079ad666a

SHA1
faaa85a315ef155a82e30b9ab1677e27a9f25bb9

SHA256
98c07fd88301339695b14d248ec3ef0768fe3fac391265d3be03cb8decd9592b

SHA512
a7f5ebfd2cc0403fd8b52214038d896a236d459800426fccd732f158ac0faf1360dac1ae25da987056067aa14da042371d27d9ec5ce986748d66bb7e96bd7d10

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
12KB

MD5
bb4c972c38dc632fa350eb68d384160e

SHA1
06805c6c5a64fa81fcc28d35cea0fd3755565d48

SHA256
bcd34dea888364b196c0590f6f02b00d5e59617053b66783c80655d41cf00013

SHA512
f87145d8842f4e3e2520a19a443c034c032d31f30361b4d75e43078c32aeab6c96fd80163bc91b54ba74f1da3f8d12959d161e8220796f16cc812a896e87dae3

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
d70547eea82cdf15215ae94dc5197704

SHA1
0d5db110703f216126f03b80af7e341140d3b3f1

SHA256
16a735c2f5d821004779321c64c0c594eb87606f3c48c2e0ba0cd5159c8e7077

SHA512
b0171e0c454ff7b70ed9383765eef71f4c5e15c92e97d163522c0acb8a2bdfda4e2ff73d4c0c6c611b962a1e9a07cdd0a2d5e593206c8bdf3c62f4a6dba9dc15

Download Submit
C:\Users\Admin\AppData\Roaming\svchost.exe

Filesize
1.5MB

MD5
dd44afa954cd08c159df539c58104fb4

SHA1
4559a6c54b81cfbd3bc1da333ab63118e8a97c03

SHA256
4cbc5aebe2c346381fa26ae5148166d2fb1ce8d16ef54b6fe1087f131c3b0c3a

SHA512
8ea0fa4c4db15d2bff315d0e04e0ed0dbd51fcbbe048667d81cae29c1ccd3eac2a861dd66d83575d7368c56b3c49906cf36b4518a575af679bf87fa4ab582244

Download Submit
C:\Users\Admin\Documents\fuckthisshit.txt

Filesize
197B

MD5
4c5c90ca524501c56c3e6f89505b8309

SHA1
baa0773e2277eebcfa899259a92156bc399ed1ac

SHA256
2a6ff3e92a2a73bab4aa14c724980eac7697fe2c3febbda74c254d2f2226b36d

SHA512
f0186db84b116bdcdee9b46ad8fb9979eab1bb5bd89a2de6f2093d46a1364499cc9d4b7a747265e6721484bd6d895c09c817c72b718dc239cca0cef59c1055d6

Download Submit
C:\Users\Admin\Downloads\3a09915d-2e21-4fb6-b368-dd3aaeddc561.tmp

Filesize
32KB

MD5
44ffc81f5c110ab00b14c66413f5237e

SHA1
7d141b44000e1e26c6fbaa84ad00139a221ee98a

SHA256
7f7addca8f9b49138c9c5b3c7e9d4378c82cd426badcbd357d36a5bbff9a9ecf

SHA512
d3a4d452a5b89803c4eeb4a8260fafbfe5c66ca45788e1397f58038c85790acee5f04044f4ca72b8a68ae030e53f8868afe2e2f5b8f120ee3765c94f57e24b4f

Download Submit
C:\Users\Admin\Downloads\Chaos_Ransomware_Builder_v4_Cleaned.rar

Filesize
226KB

MD5
6a160e5713b7c4a269ef35eac73e1412

SHA1
36b833c40d83652d450888ff2b602321b9de877c

SHA256
0909910f70a8bad23ba9232fc2d5110fc5841fd2c6600c5a38b1c72aada42b51

SHA512
97eb791552ef0262d903b1f40ebf61731603cb00f57829214c71d4df8c01a1d2f1352f877f9ad0dec08c21afcb7cd3740b9cbc3eb1f1474ca70c3ab6bb30fcf2

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 790843.crdownload

Filesize
865KB

MD5
4b5bf1ef2c7a99a55072bf9103613e64

SHA1
13f8db6b30cd5236bf4b966472875cea6fe3cf4d

SHA256
ac17bef9f99f69d501eda51e76c7cb6542345c74cc382552abcb91c78997b72a

SHA512
02879fe18b3e0fe0d3d74810955cb71430af3bbf372c3ee0f3ca1742419352340cfd2bf2803f08e58c60bfd335b72bae2e8e055761cbaa66ee9caf55fef911e1

Download Submit
C:\Users\Admin\Pictures\png-transparent-bitdefender-android-antivirus-software-mobile-security-mobile-security-text-trademark-logo-thumbnail-removebg-preview.ico

Filesize
11KB

MD5
85eb90ac6848492cdbff61323228a819

SHA1
17e8a5c40650ad469ab48c1fd85e7af642902005

SHA256
afd9e95c4d8b7e97f1b449c4a1777f84b9df9ca157d3dae9c9d414c3f64e635f

SHA512
f74ffe2fda82a585e94e3bf1f688712dec6d056cb19ea78ec7f2c69684ef8779d3f587dd909882bdb1faacc5a1435245ae411db2121a59c393798a371049122f

Download Submit
C:\Windows\Temp\bd_1CCA.tmp\wgj1CCB.tmp

Filesize
711.3MB

MD5
5880b3cbd70c8bebaaf6784ef4417331

SHA1
8e8673dc8cc22221bde20a517d5da70e00df4958

SHA256
2643c793ee12456c037dd2955135c8f3e60a9b15450d23cb06d68aee18698698

SHA512
b0221ef37e427c0f3ffba9007f1727dca0857090e077a966daa8211c539e1fa5bdbcddb3d779a2ff70c0ae188cbc2b06d8b5a28913e26cd727af83dbd5a858d7

Download Submit
memory/980-538-0x000000006F700000-0x000000006F710000-memory.dmp

Filesize
64KB

Download
memory/2104-5358-0x00007FF9975A0000-0x00007FF998062000-memory.dmp

Filesize
10.8MB

Download
memory/2104-5362-0x00007FF9975A0000-0x00007FF998062000-memory.dmp

Filesize
10.8MB

Download
memory/2416-4888-0x00007FF9975A0000-0x00007FF998062000-memory.dmp

Filesize
10.8MB

Download
memory/2416-5334-0x00007FF9975A0000-0x00007FF998062000-memory.dmp

Filesize
10.8MB

Download
memory/3176-5349-0x0000000000CC0000-0x0000000000D9E000-memory.dmp

Filesize
888KB

Download
memory/3176-5350-0x00007FF9975A0000-0x00007FF998062000-memory.dmp

Filesize
10.8MB

Download
memory/3176-5357-0x00007FF9975A0000-0x00007FF998062000-memory.dmp

Filesize
10.8MB

Download
memory/3208-3205-0x000000001BD50000-0x000000001BD60000-memory.dmp

Filesize
64KB

Download
memory/3208-3082-0x000000001BD50000-0x000000001BD60000-memory.dmp

Filesize
64KB

Download
memory/3208-4856-0x00007FF9974B0000-0x00007FF997F72000-memory.dmp

Filesize
10.8MB

Download
memory/3208-2946-0x00007FF9974B0000-0x00007FF997F72000-memory.dmp

Filesize
10.8MB

Download
memory/3208-2947-0x000000001BD50000-0x000000001BD60000-memory.dmp

Filesize
64KB

Download
memory/3208-2949-0x000000001BD50000-0x000000001BD60000-memory.dmp

Filesize
64KB

Download
memory/3208-3058-0x00007FF9974B0000-0x00007FF997F72000-memory.dmp

Filesize
10.8MB

Download
memory/3208-2977-0x000000001BD50000-0x000000001BD60000-memory.dmp

Filesize
64KB

Download
memory/3208-3072-0x000000001BD50000-0x000000001BD60000-memory.dmp

Filesize
64KB

Download
memory/3208-2945-0x0000000000E10000-0x0000000000E9E000-memory.dmp

Filesize
568KB

Download
memory/3208-3083-0x000000001BD50000-0x000000001BD60000-memory.dmp

Filesize
64KB

Download
memory/3208-2948-0x000000001BD50000-0x000000001BD60000-memory.dmp

Filesize
64KB

Download
memory/3248-1029-0x000000006F700000-0x000000006F710000-memory.dmp

Filesize
64KB

Download
memory/3380-598-0x000000006F700000-0x000000006F710000-memory.dmp

Filesize
64KB

Download
memory/5032-4887-0x00007FF9975A0000-0x00007FF998062000-memory.dmp

Filesize
10.8MB

Download
memory/5032-4876-0x00007FF9975A0000-0x00007FF998062000-memory.dmp

Filesize
10.8MB

Download
memory/5032-4875-0x0000000000030000-0x00000000001B8000-memory.dmp

Filesize
1.5MB

Download
memory/5772-5335-0x00007FF9975A0000-0x00007FF998062000-memory.dmp

Filesize
10.8MB

Download
memory/5772-5336-0x00007FF9975A0000-0x00007FF998062000-memory.dmp

Filesize
10.8MB

Download
memory/8080-5337-0x00007FF9975A0000-0x00007FF998062000-memory.dmp

Filesize
10.8MB

Download
memory/8080-5339-0x00007FF9975A0000-0x00007FF998062000-memory.dmp

Filesize
10.8MB

Download