06791c5065dc65368438a6422fe4c8ba3d134333db1ea45ded28138f6702f242

Analysis

max time kernel
233s
max time network
236s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
02/06/2024, 18:37

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

ExtremeDarkAkuma/Command.cmd
Size

44KB
MD5

2f006f98804656d2b6772cfe3dd15d3b
SHA1

946afffa09069a64abe2c88d3c3da5802c649b82
SHA256

3b93914fa89a5cc392fb7634e1223b5e29abef3ec2dfbfd49bc616722b468946
SHA512

4733355a78ad695184e70d863f5944774beb06fac3ec566b160cdeb41b46d36aa814eaf748dea769aa8d1f81f356497e61a96cb4fca7d003d865d80d70f30ab9
SSDEEP

384:T+jVrdQzS/6ZQOrqwP6VXC1sKus94hLyADykaYF3cuiTAtj1/KIbE/04nxEPR0/x:TqQzS/6ZQOrqwuaYvJmB/zF

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 2 IoCs

pid	Process
3296	java.exe
2332	java.exe

Modifies file permissions 1 TTPs 1 IoCs

discovery

File and Directory Permissions Modification

T1222

pid	Process
7924	icacls.exe

Drops desktop.ini file(s) 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Videos\Captures\desktop.ini	svchost.exe

Checks processor information in registry 2 TTPs 16 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	svchost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	svchost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	svchost.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	svchost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	svchost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	svchost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 9 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	7zFM.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3571316656-3665257725-2415531812-1000\{FC7B1538-7355-4937-AD1D-8784A8E193AC}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	7zFM.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3571316656-3665257725-2415531812-1000\{A2DCF43F-97A6-4105-AD3D-6744CB60AB3E}	svchost.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3571316656-3665257725-2415531812-1000\{FDADF9C8-106A-4636-B84A-21AC0793EF32}	svchost.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3571316656-3665257725-2415531812-1000\{CC3D1BC4-F548-4CFA-9FD1-5C48492F03EE}	svchost.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
1948	msedge.exe
1948	msedge.exe
968	msedge.exe
968	msedge.exe
4180	identity_helper.exe
4180	identity_helper.exe
2684	msedge.exe
2684	msedge.exe
6996	msedge.exe
6996	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 4 IoCs

pid	Process
8096	OpenWith.exe
3076	7zFM.exe
6028	OpenWith.exe
3472	OpenWith.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 51 IoCs

pid	Process
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe

Suspicious use of AdjustPrivilegeToken 7 IoCs

description	pid	Process
Token: SeTcbPrivilege	4952	svchost.exe
Token: SeRestorePrivilege	4952	svchost.exe
Token: SeDebugPrivilege	1416	firefox.exe
Token: SeDebugPrivilege	1416	firefox.exe
Token: SeRestorePrivilege	3076	7zFM.exe
Token: 35	3076	7zFM.exe
Token: SeSecurityPrivilege	3076	7zFM.exe

Suspicious use of FindShellTrayWindow 53 IoCs

pid	Process
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
1416	firefox.exe
1416	firefox.exe
1416	firefox.exe
1416	firefox.exe
3076	7zFM.exe
3076	7zFM.exe

Suspicious use of SendNotifyMessage 27 IoCs

pid	Process
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
968	msedge.exe
1416	firefox.exe
1416	firefox.exe
1416	firefox.exe

Suspicious use of SetWindowsHookEx 37 IoCs

pid	Process
8096	OpenWith.exe
8096	OpenWith.exe
8096	OpenWith.exe
8096	OpenWith.exe
8096	OpenWith.exe
8096	OpenWith.exe
8096	OpenWith.exe
8096	OpenWith.exe
8096	OpenWith.exe
8096	OpenWith.exe
8096	OpenWith.exe
8096	OpenWith.exe
8096	OpenWith.exe
8096	OpenWith.exe
8096	OpenWith.exe
8096	OpenWith.exe
8096	OpenWith.exe
8096	OpenWith.exe
8096	OpenWith.exe
8096	OpenWith.exe
8096	OpenWith.exe
8096	OpenWith.exe
8096	OpenWith.exe
8096	OpenWith.exe
8096	OpenWith.exe
8096	OpenWith.exe
8096	OpenWith.exe
1416	firefox.exe
3296	java.exe
3296	java.exe
7304	OpenWith.exe
7628	javaw.exe
7628	javaw.exe
6028	OpenWith.exe
2332	java.exe
2332	java.exe
3472	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4952 wrote to memory of 3588	4952	svchost.exe	97
PID 4952 wrote to memory of 3588	4952	svchost.exe	97
PID 968 wrote to memory of 728	968	msedge.exe	101
PID 968 wrote to memory of 728	968	msedge.exe	101
PID 968 wrote to memory of 4612	968	msedge.exe	102
PID 968 wrote to memory of 4612	968	msedge.exe	102
PID 968 wrote to memory of 4612	968	msedge.exe	102
PID 968 wrote to memory of 4612	968	msedge.exe	102
PID 968 wrote to memory of 4612	968	msedge.exe	102
PID 968 wrote to memory of 4612	968	msedge.exe	102
PID 968 wrote to memory of 4612	968	msedge.exe	102
PID 968 wrote to memory of 4612	968	msedge.exe	102
PID 968 wrote to memory of 4612	968	msedge.exe	102
PID 968 wrote to memory of 4612	968	msedge.exe	102
PID 968 wrote to memory of 4612	968	msedge.exe	102
PID 968 wrote to memory of 4612	968	msedge.exe	102
PID 968 wrote to memory of 4612	968	msedge.exe	102
PID 968 wrote to memory of 4612	968	msedge.exe	102
PID 968 wrote to memory of 4612	968	msedge.exe	102
PID 968 wrote to memory of 4612	968	msedge.exe	102
PID 968 wrote to memory of 4612	968	msedge.exe	102
PID 968 wrote to memory of 4612	968	msedge.exe	102
PID 968 wrote to memory of 4612	968	msedge.exe	102
PID 968 wrote to memory of 4612	968	msedge.exe	102
PID 968 wrote to memory of 4612	968	msedge.exe	102
PID 968 wrote to memory of 4612	968	msedge.exe	102
PID 968 wrote to memory of 4612	968	msedge.exe	102
PID 968 wrote to memory of 4612	968	msedge.exe	102
PID 968 wrote to memory of 4612	968	msedge.exe	102
PID 968 wrote to memory of 4612	968	msedge.exe	102
PID 968 wrote to memory of 4612	968	msedge.exe	102
PID 968 wrote to memory of 4612	968	msedge.exe	102
PID 968 wrote to memory of 4612	968	msedge.exe	102
PID 968 wrote to memory of 4612	968	msedge.exe	102
PID 968 wrote to memory of 4612	968	msedge.exe	102
PID 968 wrote to memory of 4612	968	msedge.exe	102
PID 968 wrote to memory of 4612	968	msedge.exe	102
PID 968 wrote to memory of 4612	968	msedge.exe	102
PID 968 wrote to memory of 4612	968	msedge.exe	102
PID 968 wrote to memory of 4612	968	msedge.exe	102
PID 968 wrote to memory of 4612	968	msedge.exe	102
PID 968 wrote to memory of 4612	968	msedge.exe	102
PID 968 wrote to memory of 4612	968	msedge.exe	102
PID 968 wrote to memory of 4612	968	msedge.exe	102
PID 968 wrote to memory of 1948	968	msedge.exe	103
PID 968 wrote to memory of 1948	968	msedge.exe	103
PID 968 wrote to memory of 4404	968	msedge.exe	104
PID 968 wrote to memory of 4404	968	msedge.exe	104
PID 968 wrote to memory of 4404	968	msedge.exe	104
PID 968 wrote to memory of 4404	968	msedge.exe	104
PID 968 wrote to memory of 4404	968	msedge.exe	104
PID 968 wrote to memory of 4404	968	msedge.exe	104
PID 968 wrote to memory of 4404	968	msedge.exe	104
PID 968 wrote to memory of 4404	968	msedge.exe	104
PID 968 wrote to memory of 4404	968	msedge.exe	104
PID 968 wrote to memory of 4404	968	msedge.exe	104
PID 968 wrote to memory of 4404	968	msedge.exe	104
PID 968 wrote to memory of 4404	968	msedge.exe	104
PID 968 wrote to memory of 4404	968	msedge.exe	104
PID 968 wrote to memory of 4404	968	msedge.exe	104
PID 968 wrote to memory of 4404	968	msedge.exe	104
PID 968 wrote to memory of 4404	968	msedge.exe	104
PID 968 wrote to memory of 4404	968	msedge.exe	104
PID 968 wrote to memory of 4404	968	msedge.exe	104

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\ExtremeDarkAkuma\Command.cmd"
1⤵
PID:228

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DeviceAssociationService
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4952
- C:\Windows\system32\dashost.exe
  dashost.exe {faab9217-10ee-4cb4-abfbbc968ca20096}
  2⤵
  PID:3588

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffc6a4446f8,0x7ffc6a444708,0x7ffc6a444718
  2⤵
  PID:728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,16708304949937949568,3909550383826830420,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2
  2⤵
  PID:4612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,16708304949937949568,3909550383826830420,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2360 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,16708304949937949568,3909550383826830420,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2748 /prefetch:8
  2⤵
  PID:4404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,16708304949937949568,3909550383826830420,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3444 /prefetch:1
  2⤵
  PID:2972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,16708304949937949568,3909550383826830420,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3452 /prefetch:1
  2⤵
  PID:1916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,16708304949937949568,3909550383826830420,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4240 /prefetch:1
  2⤵
  PID:2876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,16708304949937949568,3909550383826830420,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5012 /prefetch:1
  2⤵
  PID:2232
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,16708304949937949568,3909550383826830420,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3632 /prefetch:8
  2⤵
  PID:1176
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,16708304949937949568,3909550383826830420,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3632 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,16708304949937949568,3909550383826830420,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5540 /prefetch:1
  2⤵
  PID:1916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,16708304949937949568,3909550383826830420,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5176 /prefetch:1
  2⤵
  PID:2328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,16708304949937949568,3909550383826830420,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5684 /prefetch:1
  2⤵
  PID:4300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,16708304949937949568,3909550383826830420,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5636 /prefetch:1
  2⤵
  PID:1868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2120,16708304949937949568,3909550383826830420,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5576 /prefetch:8
  2⤵
  PID:4272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2120,16708304949937949568,3909550383826830420,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5564 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:2684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,16708304949937949568,3909550383826830420,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5036 /prefetch:1
  2⤵
  PID:2116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,16708304949937949568,3909550383826830420,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6000 /prefetch:1
  2⤵
  PID:2436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,16708304949937949568,3909550383826830420,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5984 /prefetch:1
  2⤵
  PID:4448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,16708304949937949568,3909550383826830420,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6396 /prefetch:1
  2⤵
  PID:4504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,16708304949937949568,3909550383826830420,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6612 /prefetch:1
  2⤵
  PID:5572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,16708304949937949568,3909550383826830420,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6828 /prefetch:1
  2⤵
  PID:5748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,16708304949937949568,3909550383826830420,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7076 /prefetch:1
  2⤵
  PID:5820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,16708304949937949568,3909550383826830420,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6876 /prefetch:1
  2⤵
  PID:5828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,16708304949937949568,3909550383826830420,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7316 /prefetch:1
  2⤵
  PID:5264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,16708304949937949568,3909550383826830420,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6544 /prefetch:1
  2⤵
  PID:5508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,16708304949937949568,3909550383826830420,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5184 /prefetch:1
  2⤵
  PID:5420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,16708304949937949568,3909550383826830420,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6888 /prefetch:1
  2⤵
  PID:5952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,16708304949937949568,3909550383826830420,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7580 /prefetch:1
  2⤵
  PID:5960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,16708304949937949568,3909550383826830420,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2600 /prefetch:1
  2⤵
  PID:4416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,16708304949937949568,3909550383826830420,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:1
  2⤵
  PID:5380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,16708304949937949568,3909550383826830420,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7628 /prefetch:1
  2⤵
  PID:5936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,16708304949937949568,3909550383826830420,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6004 /prefetch:1
  2⤵
  PID:4936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,16708304949937949568,3909550383826830420,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6596 /prefetch:1
  2⤵
  PID:5928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,16708304949937949568,3909550383826830420,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7964 /prefetch:1
  2⤵
  PID:4188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,16708304949937949568,3909550383826830420,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6912 /prefetch:1
  2⤵
  PID:6124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,16708304949937949568,3909550383826830420,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6820 /prefetch:1
  2⤵
  PID:4724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,16708304949937949568,3909550383826830420,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8360 /prefetch:1
  2⤵
  PID:5376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,16708304949937949568,3909550383826830420,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6776 /prefetch:1
  2⤵
  PID:5620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,16708304949937949568,3909550383826830420,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8912 /prefetch:1
  2⤵
  PID:5656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,16708304949937949568,3909550383826830420,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8608 /prefetch:1
  2⤵
  PID:5920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,16708304949937949568,3909550383826830420,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8616 /prefetch:1
  2⤵
  PID:4256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,16708304949937949568,3909550383826830420,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9284 /prefetch:1
  2⤵
  PID:1636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,16708304949937949568,3909550383826830420,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9424 /prefetch:1
  2⤵
  PID:1916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,16708304949937949568,3909550383826830420,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9456 /prefetch:1
  2⤵
  PID:3336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,16708304949937949568,3909550383826830420,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9592 /prefetch:1
  2⤵
  PID:3244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,16708304949937949568,3909550383826830420,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9600 /prefetch:1
  2⤵
  PID:5464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,16708304949937949568,3909550383826830420,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10032 /prefetch:1
  2⤵
  PID:5112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2120,16708304949937949568,3909550383826830420,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=8972 /prefetch:8
  2⤵
  PID:6712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,16708304949937949568,3909550383826830420,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8556 /prefetch:1
  2⤵
  PID:6720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2120,16708304949937949568,3909550383826830420,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=10304 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,16708304949937949568,3909550383826830420,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8580 /prefetch:1
  2⤵
  PID:6536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,16708304949937949568,3909550383826830420,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10952 /prefetch:1
  2⤵
  PID:6636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,16708304949937949568,3909550383826830420,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10944 /prefetch:1
  2⤵
  PID:6648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,16708304949937949568,3909550383826830420,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11104 /prefetch:1
  2⤵
  PID:6992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,16708304949937949568,3909550383826830420,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11288 /prefetch:1
  2⤵
  PID:7136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,16708304949937949568,3909550383826830420,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11252 /prefetch:1
  2⤵
  PID:7152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,16708304949937949568,3909550383826830420,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11536 /prefetch:1
  2⤵
  PID:6516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,16708304949937949568,3909550383826830420,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11752 /prefetch:1
  2⤵
  PID:6904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,16708304949937949568,3909550383826830420,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11912 /prefetch:1
  2⤵
  PID:7220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,16708304949937949568,3909550383826830420,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9016 /prefetch:1
  2⤵
  PID:7956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,16708304949937949568,3909550383826830420,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4948 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1708

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3228

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2516

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5444

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:8096

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:7372
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:1416
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1416.0.1718733248\2090478151" -parentBuildID 20230214051806 -prefsHandle 1800 -prefMapHandle 1792 -prefsLen 22076 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b467088e-215c-4efa-83f8-0c3a060d9c24} 1416 "\\.\pipe\gecko-crash-server-pipe.1416" 1736 1a9fc612758 gpu
    3⤵
    PID:6464
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1416.1.1462314005\1202139770" -parentBuildID 20230214051806 -prefsHandle 2424 -prefMapHandle 2420 -prefsLen 22112 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cf592c90-8fe8-4bfc-9350-601b6f443a5e} 1416 "\\.\pipe\gecko-crash-server-pipe.1416" 2436 1a9e8389358 socket
    3⤵
    - Checks processor information in registry
    PID:7544
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1416.2.1486798821\258104066" -childID 1 -isForBrowser -prefsHandle 2900 -prefMapHandle 2896 -prefsLen 22150 -prefMapSize 235121 -jsInitHandle 1300 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3acbadab-a090-471e-933c-5668414ebaf4} 1416 "\\.\pipe\gecko-crash-server-pipe.1416" 3060 1a9fcdf9858 tab
    3⤵
    PID:7104
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1416.3.42879969\616387571" -childID 2 -isForBrowser -prefsHandle 3796 -prefMapHandle 3780 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1300 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a73065f8-91ab-4bc2-8f52-9b4884d752a1} 1416 "\\.\pipe\gecko-crash-server-pipe.1416" 3808 1a9ffefc458 tab
    3⤵
    PID:7660
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1416.4.1999536556\1978307436" -childID 3 -isForBrowser -prefsHandle 5124 -prefMapHandle 5020 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 1300 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ab79d631-66ee-4f5c-8b14-5ed2495c14ea} 1416 "\\.\pipe\gecko-crash-server-pipe.1416" 5136 1aa0257e158 tab
    3⤵
    PID:7896
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1416.5.1888918321\1061620125" -childID 4 -isForBrowser -prefsHandle 5264 -prefMapHandle 5268 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 1300 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dc9c458e-2532-409b-ad75-49e5e3b55305} 1416 "\\.\pipe\gecko-crash-server-pipe.1416" 5344 1aa02580258 tab
    3⤵
    PID:7904
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1416.6.1576939601\166716520" -childID 5 -isForBrowser -prefsHandle 5548 -prefMapHandle 5552 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 1300 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ea1134a3-00ba-47bf-9c7b-621f09432eb2} 1416 "\\.\pipe\gecko-crash-server-pipe.1416" 5288 1aa03948c58 tab
    3⤵
    PID:7928

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:7776

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\Alpha 0.0.0.rar"
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:3076

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\Alpha 0.0.0\ᅠ.bat" "
1⤵
PID:6980
- C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
  java -Xmx1024M -Xms1024M -cp Minecraft.jar "-Dorg.lwjgl.librarypath=C:\Users\Admin\Desktop\Alpha 0.0.0/natives" "-Dnet.java.games.input.librarypath=C:\Users\Admin\Desktop\Alpha 0.0.0/natives" Start
  2⤵
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:3296
- - C:\Windows\system32\icacls.exe
    C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
    3⤵
    - Modifies file permissions
    PID:7924

C:\Windows\System32\GameBarPresenceWriter.exe
"C:\Windows\System32\GameBarPresenceWriter.exe" -ServerName:Windows.Gaming.GameBar.Internal.PresenceWriterServer
1⤵
PID:8168

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:7304

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService
1⤵
- Drops desktop.ini file(s)
- Checks processor information in registry
- Modifies registry class
PID:2772

C:\Program Files\Java\jre-1.8\bin\javaw.exe
"C:\Program Files\Java\jre-1.8\bin\javaw.exe" -jar "C:\Users\Admin\Desktop\Alpha 0.0.0\Minecraft.jar"
1⤵
- Suspicious use of SetWindowsHookEx
PID:7628

C:\Windows\System32\GameBarPresenceWriter.exe
"C:\Windows\System32\GameBarPresenceWriter.exe" -ServerName:Windows.Gaming.GameBar.Internal.PresenceWriterServer
1⤵
PID:5320

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:6028

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService
1⤵
- Checks processor information in registry
- Modifies registry class
PID:2040

C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\Desktop\Alpha 0.0.0\ᅠ.bat"
1⤵
PID:8144
- C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
  java -Xmx1024M -Xms1024M -cp Minecraft.jar "-Dorg.lwjgl.librarypath=C:\Users\Admin\Desktop\Alpha 0.0.0/natives" "-Dnet.java.games.input.librarypath=C:\Users\Admin\Desktop\Alpha 0.0.0/natives" Start
  2⤵
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:2332

C:\Windows\System32\GameBarPresenceWriter.exe
"C:\Windows\System32\GameBarPresenceWriter.exe" -ServerName:Windows.Gaming.GameBar.Internal.PresenceWriterServer
1⤵
PID:7608

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:3472

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService
1⤵
- Checks processor information in registry
- Modifies registry class
PID:7224

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4dc6fc5e708279a3310fe55d9c44743d

SHA1
a42e8bdf9d1c25ef3e223d59f6b1d16b095f46d2

SHA256
a1c5f48659d4b3af960971b3a0f433a95fee5bfafe5680a34110c68b342377d8

SHA512
5874b2310187f242b852fa6dcded244cc860abb2be4f6f5a6a1db8322e12e1fef8f825edc0aae75adbb7284a2cd64730650d0643b1e2bb7ead9350e50e1d8c13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c9c4c494f8fba32d95ba2125f00586a3

SHA1
8a600205528aef7953144f1cf6f7a5115e3611de

SHA256
a0ca609205813c307df9122c0c5b0967c5472755700f615b0033129cf7d6b35b

SHA512
9d30cea6cfc259e97b0305f8b5cd19774044fb78feedfcef2014b2947f2e6a101273bc4ad30db9cc1724e62eb441266d7df376e28ac58693f128b9cce2c7d20d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000021

Filesize
46KB

MD5
f871dd44ae8c9e11c5c85c961f8b2ab1

SHA1
7618910822a0f2639b405e3c0b13faff0431140a

SHA256
2ae2564f74716a4e44850d845f0cca255c6c0c3a7dc0c8ee6bfca0212cc394ec

SHA512
3b9638f705f83e37c3e0c9db1205b2ac76b96ba72ac56013a6aca6f34a7a9ff3548e8fc67d2b85c9f23f8337f696baa8fab01523fb04b5fd618b130501eed47c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003f

Filesize
32KB

MD5
0ca678222114585bc701a81128e81da5

SHA1
7153ab703cebe63231f07951ee322af357b30d0c

SHA256
d9899ffd6d9533dd3c0c34f02c7ec9f36c0463e0b9386185b0fd0fc5a6247997

SHA512
173f744c73f5dc6578dde2a593a0b66688b9c90e2ae066fcbc75f8c080378cfb4c863047cc36785250e788bf08b77efaaef02b56c1a4a8874fef8654b16c4f28

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000040

Filesize
19KB

MD5
123e713b365c17b9c3aa2806a47acf8a

SHA1
0dd1c7ac60bbfb6f2bf1f86e447d4eac93ac096b

SHA256
3d3c8cfccaf3ed3413063974fa63bba5e14afdd0ff12c273a7f10a78b2df5271

SHA512
e1dfe024d572366218550a441a1df7ae7f519b6a191f1ac05a0a567518072d7973fa37c4708a8423881c575dc076f7291a1cec37a8013d68b5bd9815a0ab4dbe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005a

Filesize
19KB

MD5
bcc4b91575004b43a8d8784b3ce12385

SHA1
d3248f3bdaea64ee97ba0196051000c31abffa38

SHA256
ccaebf2f7e94b54ccd54438896cc4c3867be5dc986527cc71f57a9404d07af41

SHA512
a1c3dc049ca0252a442cd9fcd7ca4786c43b9d0086b6a1273c224c476e613c53f4966c88b6c5350e026da1e27ec977e3ee6a9b53d33eea9995480d4b41e7e98e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005c

Filesize
65KB

MD5
f3dc36eb8d102c5b65b1a457ea739ef0

SHA1
b18742e75723d4379811ec5cd6a714d5841878e1

SHA256
7b8db0f76ae02660aeb9294c337153d4365ea193c2e9c0ddd4ca2a54fe7457c2

SHA512
db56010e8d7b5f831d64c4daa8ccdeb21deba6ce5b4594f065eb942d551c56c6174a306ee17b3359cb7260f512dfdd645ce0b62bff992bf0d2a96e9771bdbce0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00006d

Filesize
206KB

MD5
f998b8f6765b4c57936ada0bb2eb4a5a

SHA1
13fb29dc0968838653b8414a125c124023c001df

SHA256
374db366966d7b48782f352c78a0b3670ffec33ed046d931415034d6f93dcfef

SHA512
d340ae61467332f99e4606ef022ff71c9495b9d138a40cc7c58b3206be0d080b25f4e877a811a55f4320db9a7f52e39f88f1aa426ba79fc5e78fc73dacf8c716

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\335e69ddec2b9ac6_0

Filesize
212B

MD5
6ca72af89a7e176690764f5a1bd1a900

SHA1
3096dbc551d05950b685ce353e0600715adef131

SHA256
1f22cbb08e153e3fa1d696bb13131fb3b5a99a999d964b12858a13f1e700834c

SHA512
8193d9cb0b2ef5523d1f3637157d59f102791f11c83cb6cba744233131d668aa217ec318afcb5d53553819518e473f4282d03fe2836d2683fdad4cc1044d72c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
ea7d8c35461e563ec04d454fd8d6b8b1

SHA1
80c4d2e83e24e75954b90b42685d18c58b449044

SHA256
0f3a6f8336a77818ea549aae0ddb7e3878df30cde95a077ffc75c3fbe5addccd

SHA512
319725f919d910ff6c12db50b92aadefa02f4400274ce79d568cb110b04b5fbbb199f4f4a5b075e3f587e65a9338ddf4cd04482ed4431d706f51275697205f2e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
b86ada37ce94f76c14cae2292f4b31ad

SHA1
55ebf4801821afbb4c4fd64a42755da2b78abad2

SHA256
d1494445d0ac960c4e401214291ae7c56f69c51f6d063c895389d947ee59dad4

SHA512
ced52faf93d779bb5936db472fe620e3c7e476348f6d13bdd3c65e2eaa251e7d8c0ec692f3a06b63c8ce7a87df3a21f3f2696414a795a6cb970a1c0a663d98af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
15KB

MD5
ce3ff676f4b6f4daae0b851ec61d53d5

SHA1
3f0ea211d1c1be22767fe6304909d103903c6ec3

SHA256
779352ce39e94b4e6e74c27d48b04bcf18ffe72719afeca8157ed979524e84a5

SHA512
6e1fb36332645057c6cc9877a2e1402871f32f63d61289d884816449d88bcc6f798c63604f2f55ac2546a43db1bd0071fa4a16ff7a890e2cb21ec2231fe74730

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
14KB

MD5
8b9b92f01a005a12777d19704cefc0d2

SHA1
d2989d52e84a805cf885949601a80f7309174fef

SHA256
44f075f76dba49de981d4e9d5c211d93b82558be1eafc778d9d17178a04aa7ac

SHA512
2b7108adc8c67d366fac639525f4e98409588e5bbf916dfc75ecebac22e9e8c51f7f59bd0f72eae32f9291a2f88e4f5c80f5ba5db1d46fe12d55803e106b49b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
17KB

MD5
91b94d142d5a0137ec4d77cfdbe90a91

SHA1
022a1b289351e157b66f3455020ded68e3e0398a

SHA256
c7ac308f40c3b922eb21c16f7b130e6b50836c7b2014aa9438a7ead7cdb789ae

SHA512
99d62def027bfe4de4a2c399e3e6b9681c347c8d655b34f7c98552bf5b800633a06c9a6186db2b8621e06542567b864caa27289519ee2a86b5d5919b476f123f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
65197cdc8a9261220ac211eee69a0f58

SHA1
420a24b57187e575bf18486cb898d268068cafac

SHA256
104d773b226a272e03d1ad7fbff29b0e7e3045f9a9cab280e87344275fdd6c53

SHA512
86186cea2cc76ee7396358bf96c59d60012957ccae186a1dda396f426b04faa735409b41e0bc6b62cbd99320b23b604ed25ec999e87fd38206a2eb751379f514

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
43dc9df579f0269e903b3679db7f5fa1

SHA1
475ae98474058baebadd5d9451190a181a98ce4e

SHA256
d58f7b0272de4a1c4213558ae6e7dd7420674f0b06fbafa4a1fde3281f4d80b9

SHA512
dd61b4ea79049cf57fcce189ffcb1460e00f808bb0cb04a6404ddf9b887845e71d8fd98366f61435934e8e2748d1a8d08f2748cf7928025158eabd45d317ac25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
e762da51382026d2731ecf423f0d244c

SHA1
41a958d2ad3594501e95d6db0b57360a94bf5321

SHA256
5f278c923f8dc0e86f8f33fd4bd1042eff95d45a29c9b7709210c723f2622e9b

SHA512
441442b64a2bc9ee65666a134c52e1e88432472377393189903bf3ae1ef30f6c3eab6058905f7cef94df2ab00e2e1d65488215cd0b2b3fb08497747243b47360

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
16KB

MD5
6cdc1f93c5bdbffffbb99f4497cf6458

SHA1
f7f6e76b92638301b0c1cb0441f31e23ceaff353

SHA256
948d94c14383a4593d5ee09eb16b752a34361b8ac510afc3d94c6c132021c41d

SHA512
39b86747c8d6772accb0717efe893272adacc5ae9bde9c84e1e735484a2346b36b4a6486339274232dd79f36ca2c97097a12b247d992db2b5db29e4d6630a1c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
17KB

MD5
d7281760a27fe254e6e014375589b943

SHA1
6ba2ed4945701a9c63a867de9da6006077a7de14

SHA256
6d91c2a3082201489394cebe67ab3f52b059c19c594fa50fbd90bda3f18c2cb9

SHA512
96dfa002803db191f43462de9214f93e4ab1b8da22ab2a0dbad96482c0659b755676691a65e5fa720e27177927013c03bee59293b5593ab12241eb39a6f6ff56

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
49a3e50e362a18b7a4bbe39b53a5339a

SHA1
0c171b2b45d3ba3c91b5e56896702896fd2c0237

SHA256
d26b76f6452fc7931b3df8d2e1475259ded5589e2516374399f07d7b24288bde

SHA512
c600e1c249bdae13f21e97459fa33aa2d55551a345743b876f9a2c7d0a12e24987cac3143d492d7866ddc8a142e2b76583680adcdea1a993489531932b5bab27

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
636113c93ed48edfc01c47b9170e0399

SHA1
b336ed8b6089f178f821298386763b28813f92f9

SHA256
d6ad3d7ae16a18301c5582862999e91ae3664228f579f56a3d96482cdd7c54a8

SHA512
91e012e599824e00cf449c20cadf8a6159543d1442d244b79025eadb9ebf614ee1e02163ad7fa2d5fc802f09504012495bbc4f96682ea23de398ecfe432c6df8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
7f89b88dadd0a9dcaa584bc50570b33c

SHA1
38ba911777d98125810e80b3413f4bb700d89036

SHA256
65102ed293b6ce984a38ea8d1dac8fb59b7daa290cc8857914a506ad79baf0e8

SHA512
63b55c9b206200a75b0aec3871c616b8bd590b81b4a2c30147959b028f723b34532fb48b64df70e6cd83dbede912c89ea9666e89e8a58e9259697f9b16873835

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
4c8df7dbe26ae56f3f2e0d63c2456863

SHA1
87488232d6dd55771dad47a437e2fb7aecfab64f

SHA256
5358822b51dd94bc524c5d9a99c400da617f32ed6609da16eabac0628ac58967

SHA512
07b0d5c389ff340bc0a387aa37294e12c55ad789be27b16cabc6c6caa340ee8f66fe075137e23989440a219650fd6a845c59e23ff9f4895fbf30a64148549836

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
9d85b545808bdf9ad08feda258d8136c

SHA1
cad200e1c3e10d7e692a2468131cafd47c312f19

SHA256
9102eb8019c0ac5080cdba360502a71829a242ff5ab39f197270890cd25b2537

SHA512
f8fe68fa36893e13460d2c26e5f1dc4b9e71efc2e9ce2ad703b19f2c2c65406f451d8e97e95c2322f83ddaec5da9a2d8ee56a8550bcca9b97ae33807671ab5bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
35411805b5ebbf60383ade325cfdd857

SHA1
94aa9a572d9e9259146a7921bfe28ca88b23a120

SHA256
8818330d15f4e208158ec57ed79befe183f9eb98f34397e0739f2b37081948ed

SHA512
c0c9565d331d820008cf568322273220549fe180c30e6434865da49d69cf4e3dd8f999b2d5da05e629fb3064b6f5c5b8c381054dd998dd50dafe83d35302ecd4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
d8bafda28c5c998c86097367d1ad2d96

SHA1
b271ea73616b1f842abcc4973244ac45149070b9

SHA256
38e076513cb708e61d80428b3b8163dc0928a55b9fb8a2a494d0f959d65de5e1

SHA512
011585b5459f533241f89e04c1a176369dc4060b9672a23df3bb8e65d892364088939b71a0a28f098d9cb751b71d76f1fd0d5f3e70b20f244b8d4fc5278b8838

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
ea639cbb529c47a3da8b3f5d99065271

SHA1
36448874976d8d4458fb0d4de6a18f2e392ff9d4

SHA256
344d09a426d4b1e3e2fe902a74715672b1daac6819edd1c964af04d9b560de3b

SHA512
db0d6f25133b066a83ec41d59d4da26f8edd9f34746ab47b1a6610e3b3222b7749eed0e9624f697f21f343d1a9ba0db21d608133d674cbbe299600cc488cb03d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58ad33.TMP

Filesize
1KB

MD5
1ac6a544ece9dcb9994c3665866ae2c3

SHA1
03140f12226e17129d762a9f9cd41e55784c50c3

SHA256
1d515e3b728ddfcd2d195ff8a3c68fbd81c85d027af108111e0c35e4c58cbf23

SHA512
f9ddec934af96af711753e3f170c577e179519f3eeed51f26ab06c0ddda5f96d659b41f1e059f4fa515b874d374df20b6508aa0b24f12a0e11ece8d959c17ec6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
235581df6af87e21bf782770b3391410

SHA1
65ada4830c032effc7c57e7169d7f1b1078cd9d6

SHA256
3f99a2c9d418d3607205113d0150ca5fe02fcda848988d7f3cc0c27999a3f671

SHA512
7873b12f41422a1d5d4b3a0a70a7da8a38a3cb6f1ad55bc37d5d24ecf3e53e4c28ea3b5e6213bbcc7918bcefc7b18ca6e22abf7e20116ca844733e0cc0532157

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
9f14d644a88a4b150e1b5b3c2a378550

SHA1
fbf473e74ca180da2e5323eab6e36e1af6ab40f7

SHA256
5c62182323ec9bf6c6b1f19774eff0df3e9e7bd87866c603a515bebea95b64fd

SHA512
cf8775960fa6c360c5e6fc697a71c5acb17d00824eb5bf489525e7e24cd5f3199b589d542859e71bf5d231cbac3cf9cb816c12cbc2a3724934dc5d5bff9c3621

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
8ee7f3d2aeee8ec9036361177031c805

SHA1
ca442e06712b34ca10e6b7fa9ecb7ca2aec584a4

SHA256
10f3f05378880a2f8f78492d2b66ecbafe61306695a8e05886cf31d591fee53b

SHA512
382ce06107a46ec1a083f732e43ddf8bffa70d56d13a1fc8214176a78135080f24f4736d063d695c3af1f8c4652b0c77d47a66b83d63e8cb537f46177d07b284

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ntkangc5.default-release\activity-stream.discovery_stream.json.tmp

Filesize
27KB

MD5
7bd712039a56df759f5b0ad8fdfc26b3

SHA1
793c8ec1a263ad8ff79c3e914f2e6ecc6fe39088

SHA256
5c2b4ef76c316bdae19df470d7db5139bf988deca89e2502c32105101ffd7f78

SHA512
9364bc55cd877d65960741f56c7a804ddb790d1265da9eb352a162350b92b6a7519caf661328f2392a849e441c19ec90eaf53ed7c847dfce004ebfeedf41bb38

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ntkangc5.default-release\prefs-1.js

Filesize
6KB

MD5
e00fa20b77d89aed3bcd3e837f5cd6f0

SHA1
31ce1cc12de1da925e1634bcc162174fb95a7454

SHA256
c3b1d07e988b018c4afdcf62067dae598b133f1bf73c42c02c851895883b8745

SHA512
16a0a8480969bb1a0d16a8bc37da4b09fe062e125babeb244bbf19e47ad0c6e68b35477cdebc6f16462427a7f70ac3a2ac7a608828deb9f8b87361d98ba4f10f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ntkangc5.default-release\prefs.js

Filesize
6KB

MD5
c75a1f1e0c76dcf3beed54ed6dd267ac

SHA1
d09c3ce72d0a885c64f93ef60a9925e1b8b20672

SHA256
96582f9dfc6a25502f248c432fa1ab3bcba4b5227bdedd693a790512341c6412

SHA512
2222e20512717683df08b842b00d08e8416bc84e7dabe3495154c87837dd1d91dc027de57585204adf81c3015fad97fa12dac86599a67c937a4baa92e391bf76

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ntkangc5.default-release\sessionstore.jsonlz4

Filesize
902B

MD5
4aec27943802353bb3fa5cb2b90a9fd1

SHA1
022949fbfcd0163ee585b3ba352f3974cf98c67d

SHA256
1a5fb823759b89f8d1f092f11bfdb5a1a2f0d1c8d08c84bc3da980b520f2b3cd

SHA512
28e31dd76ca49c9b1fcf2e3fd3db5983249ee8895245b6dc58276a82541b7b1c15bb7c32c1b8e1557ac11918e771a253dea2b51918aac474a8449010324f2b1a

Download Submit
C:\Users\Admin\Desktop\CheckpointProtect.wmf

Filesize
242KB

MD5
9272c4296198f9c5c5aa1a431552f486

SHA1
b430211cb7563a02f988d32513549256a4f825fd

SHA256
6ab14edb393c87e9b3b0b99eeb680cfbce3f4b72d08af4e3791f8a8b56708878

SHA512
261fef0a00cf5d8c01b3426d6cbbbe98ff009009a8e9c0ab4a890fbce92914f999ad06a933bdd766b40806ffea57e452260fb97a13e88fa36c7e5414bc24f8f6

Download Submit
C:\Users\Admin\Desktop\ConvertFromConfirm.zip

Filesize
399KB

MD5
82decd3867b98ee4e4d55a4ddef0ac79

SHA1
54aeaa3d09922837c08229dbb436c7d7948e025a

SHA256
819493c80305abda6d365c40005856690727c48823076a423b48f04203b3ef1f

SHA512
97ccfcf0507aa459410055ac0308f816e88cb1c0492125eeaaf4b0b92b7734e2a3b330afc8bc16242854efec8baf362c5c70d1b09ffce38969c7e08aec514b40

Download Submit
C:\Users\Admin\Desktop\ConvertFromStart.mpe

Filesize
294KB

MD5
ff449ebff5b316bcd7879ca116bebc45

SHA1
3d14c21a51f911e91cf89bb000ffa1bec3da1d0b

SHA256
68f99bd56cb9d8795b001930b620081aba1f95340c77b840f7199e1c93e7d505

SHA512
85be66eafa3a61efb9e790a192977a27ebe5afb717674ec6a7c1285df78e93588cbbcdc7bb6a8699bba24ab997a30043c70f789edda8d2eebffbeb74289f2471

Download Submit
C:\Users\Admin\Desktop\DebugRestore.cr2

Filesize
412KB

MD5
a1e85966e61ff2c21cc70830e91a69ac

SHA1
82bcec58ee879a2e1658053c352bc013e5c17d55

SHA256
459ccccfd977dd8c4b07cbe6c56d5283dcd920b888debf4ee98f2a54e8f2f2fd

SHA512
20e839912819dc0c47d263d1b1ab92eb55f6e48e30aed552314f7c2c4940dcafefb99ca1bea4ffd64b97ee0e76371c38cc299b61ffdc47a1213cd308df5ce390

Download Submit
C:\Users\Admin\Desktop\InitializeNew.odp

Filesize
229KB

MD5
8d49538ca95e81b25a1946c2fe1912d8

SHA1
5c00568cb085088de74371a143c51b57571c5b24

SHA256
3a8ed30b61e8564637b953044d573500795662ba0f89ef3d1e4a319909bf0eb3

SHA512
0dab11299534803b489086837e92bd86e7dfcc5b8d2cdded278982c8c42c41a899fe800131c2218618c0396a94cb87ca7cd71a7b02a8e823bda6f00873e7c14a

Download Submit
C:\Users\Admin\Desktop\InvokeDismount.ocx

Filesize
439KB

MD5
b552f44b6bacc3b0de979b78db929656

SHA1
caf6494843f89a8ba1f15a72151110ef254417b6

SHA256
f5bdb4e386831960788ecd02999482c38415cc8b3b2014b523573ef2534be4c2

SHA512
9e94717e10cd8993cedb55a9b01e541289a8ac5b517f6d330c607dccea5185de8b5238e985c702629e0246794ebcf5bc9b270e9459466cfabe4b05019b2ccc73

Download Submit
C:\Users\Admin\Desktop\JoinMeasure.doc

Filesize
176KB

MD5
0f83a84d63ba8825e0a6854af7c55ff5

SHA1
bc2e1aaec1dc24f87895544231fdafaaf4a61f65

SHA256
54e8fb5c81f16164b6d359bc9b7944b2536d0927aa6117f7a63d28773546cec8

SHA512
836d6381ff55c5b8861c2c108d98bc91cd7d987092767fc99a96e0a683984b240e6b279786f659c1dc244b7e4e7f25674387b89a60830bad30cb1ce633818c62

Download Submit
C:\Users\Admin\Desktop\LockRevoke.xltm

Filesize
216KB

MD5
b036a99157dc5cb33e179a715b1b466f

SHA1
d2fba9ccae92581f43bc0dda0c5556eab18e02f3

SHA256
ad3a01a52ee298b982823b17ee1145bc6faf57895ef34bdf07261cf4266bc592

SHA512
20f13ceae5dec90bc4a4c372733326e4b02367f55fa706bf8935d671daea293b6f6c977f5ab2a0ed3b350c64680d263c1b6f5fc96670e4f5cca6dc68dbdfb959

Download Submit
C:\Users\Admin\Desktop\MeasureRevoke.asp

Filesize
347KB

MD5
3c0bbb6f8b2c61c4a267b672048b254a

SHA1
71cb6c8ced74350d6734edf2de5427b2656abe65

SHA256
7c00e4f2c5eee6dc7ce6bef5da083c369802e92a66ff3283177558e7ea7f6c71

SHA512
f0a1f504882e559166614240fe4bfc2d8bad7d2bafe49fa85e77f3013ec46848114c6d4a7bfe553b20b3609bc8ee05de2c5f7da2b26b4f14d90ee2dd660c0d61

Download Submit
C:\Users\Admin\Desktop\MergeGet.search-ms

Filesize
190KB

MD5
d520eab1ab9abb26db9e27efa4e5cc36

SHA1
775508be82af444992b8753a32426959ff62a09e

SHA256
b9284634bdbd2a5d5ce9894000ff9a6d89d70f2c01372eb0209d2a36529aea17

SHA512
c2c48f9448eb3ec939ff3073e66ebed6b2f4128c6b818127021a2e607e2c92f863f7f53b8cab5f33cb00ccb9e7700ecf10a9a6f424c65a23009d839c5c6bd8a0

Download Submit
C:\Users\Admin\Desktop\NewStep.mpp

Filesize
255KB

MD5
394d0570448a1ec8e955e0e3c7210183

SHA1
8a6ad546fcba267359d150348fc1dd6fd3c9c2e5

SHA256
13fb73747be8c7c1985daffd1c77979071c985b89da96e0a0be3a7472962183a

SHA512
9f902b4cc52c08a3c298f28d00e86a90f1cfd16678796ae3e5c3585eba5f708df0f6483ad9d353562f8531e98b035469bc7080999e5d14d8aaeb6f2b9f0f11a3

Download Submit
C:\Users\Admin\Desktop\OutConvertTo.bmp

Filesize
334KB

MD5
52fed809dc3a9498e7cb9d15499415c3

SHA1
48b89197d24b342cecac0a2bd8f838563feaad25

SHA256
d628b2b7a617fe277faa0c10844cf3a501b78dcfe0327e8010c08bbac9336e51

SHA512
286e4d1c1d7f6acef9d7429044f50ab8f037ea70cfb561a459539ce6027f696dfc41792433c2b0c1298dff5670e75519018a895b00514150444287fb53f06537

Download Submit
C:\Users\Admin\Desktop\PublishMount.mht

Filesize
452KB

MD5
26a990546b9b7583cddf3d91207b4055

SHA1
9a05c838a763407d834f4c1185c9cdcb2ac1a343

SHA256
7435a790e14f78e6f61183b9c17d5ecd261f657dc879234ab7a94308c27f1309

SHA512
7e12486220f424b3b36c60ecff411147ee4137fa851f9707f68656d039e023a37ce877a736b5d01642072413433c3e4162c5c3b7b71d3433ac0585e31df0aca0

Download Submit
C:\Users\Admin\Desktop\PublishNew.xps

Filesize
642KB

MD5
18b3c315ea075dd2ad4e39f2658b7811

SHA1
dbd6e75cd35913331244c619b4f20f2ba9362cde

SHA256
632e3d7a8b087b06db7c63b753f937ac4f77dff6ca150fb1e3d1accb4d982786

SHA512
7b10731ffb864f6b8429b57fc78ca8034c3f7510cd9faa2bbbd87515358f548223617aef830aac716db55481366021d780005fce8f4045a1f71cf29c7ab623d4

Download Submit
C:\Users\Admin\Desktop\ReadResume.raw

Filesize
425KB

MD5
0db37f7bdd408145fd7d52af2b39d0b7

SHA1
e8d5a7583a5cd03f37736a154a035ba48f99e0ba

SHA256
a7fa6a1c55846cf7eccab69ec86c3797cb9c9f5a0cf32360cf32b857009e9352

SHA512
20d93805987d7549350e5dec2a751704c4b9cbd3eeaccb88106307c0f7708921536d81cf7506f42f4e37e4b902d8643eb1133767ab0f6e4c28075054564e4810

Download Submit
C:\Users\Admin\Desktop\RegisterGet.ex_

Filesize
386KB

MD5
ce903357bc346a1438e9d7efd6a6552a

SHA1
bdfe9e48d90b222e759c010b56e20d92e229a12d

SHA256
5a460d52dd54be298bd368399ed0a0bb288d462e8dbfa3acfc4306155b86ffa1

SHA512
b2adac947d5ccf76a7f365745989fcb329b68c30d0f91550a5912d454c1fe74bd09d3767d766fc32601710fabf57001a59304a1ea3a9dacf1ced17fe3ef37568

Download Submit
C:\Users\Admin\Desktop\RenameSync.jtx

Filesize
373KB

MD5
ba5bf4caa2e57dec74dcfba5a9300b6a

SHA1
877bb99e29a40d8f4794fff531ed258a065e1cb8

SHA256
8799547dbea3a3938580b946ca77a30edbe5597eb05090d1ae8990030cfb6025

SHA512
ec6552b41ca27f2201d74faa7010d19020bb39f25ff717d6758b9406372de3cab705234e44252b341278950c274249c79d1d4d319be79bb03ba43dfe3523034c

Download Submit
C:\Users\Admin\Desktop\RepairOptimize.avi

Filesize
203KB

MD5
07ba5ad509864176fd6f020b109918ff

SHA1
d42043a86be7582bc1aa00910ef4cccd2d6d61e6

SHA256
551b8b4ad531d7710dba513a9124fc18700649bd70aa7ad50f7ab266c6ebd536

SHA512
50a2126d7a4a48948bc7beab924a4c1f7ff33c04dfda28dd7effd8560b17a759fb7f3c863c1f8c111bc9e4fde04dd3b2a5cdfca3db7a2c756a9f707b6ee20481

Download Submit
C:\Users\Admin\Desktop\RepairShow.vsd

Filesize
308KB

MD5
458ad02e09f19879716135075ff12574

SHA1
81b3411bc6567bec2ff8f12b27100ca665190a83

SHA256
cf301fe8f062390a391246e9b1a2d256fdd653944b4dda52542225cc06f38b11

SHA512
4d5206fd9ef7b15504d14fa9b8a366c832fe8fea0db758a8fd7a07234bef033635c819c911195af4943b6a75903bb834ecc80efeac50be09fad59c66df715e37

Download Submit
C:\Users\Admin\Desktop\ResolveOut.css

Filesize
465KB

MD5
4ec92585167d48ab5bc2cfa9ca73efe7

SHA1
d73baa9ca7635da8fbc029c0df03d1ed862cc90c

SHA256
d2ad616421ac81fa7235373d440097c049ff6b2837ca866a33ce246d4865fa06

SHA512
79acc87f2d4746716c3eae41689e023b621af314363116105bef9301d4522016bb74f358cc5bc0d4e565df97bc34b09031596789ac5bb88cabbcaef84128f074

Download Submit
C:\Users\Admin\Desktop\RestartFormat.bat

Filesize
360KB

MD5
5c68768f3266eca73269dc5978abeeec

SHA1
b036bfc48fa786af80dd5ca8f20bad9d80df4685

SHA256
bdc9b80170b490859d1895a36277d1b9c70590846ce74118f83b39f27309f57e

SHA512
14bfc0af9bd7117f34f058e9d9c24ddafcc043fa669265f32153ce2172e8e7493321c788e45a3cf409a7ea052a259c34cefa32e34c63eecb84cc4dc9309c9cb1

Download Submit
C:\Users\Admin\Desktop\SearchCompare.cfg

Filesize
163KB

MD5
75220c7436be83ac6d0a575cdb947625

SHA1
449b5f3fcf9dfa6138c9bf408219fbe552cbfcb9

SHA256
f42ad0d4740be926f7cf69caff7a55ca3591caab305cd9c52faecb4ce6afe618

SHA512
fd3b9f368928175ca6ba67bd7c679a08da92aa27a42b003257d183394b775b98ce505c8a93979eb6ac9318d3622f151fafa8dcf30c0123e9e82796a333a8d671

Download Submit
C:\Users\Admin\Desktop\UnblockFind.xps

Filesize
321KB

MD5
76387d12ed76cdd4c1e29c8570d32068

SHA1
56dc372053d23b09137c212872c0d10483ceff3e

SHA256
46aead6e8a7471a270f044d35ea7c00b8abef8a0402fdd87b1cc6ec3b2984f8e

SHA512
096518f97b01eae8a4bb8b6c6460f8d402e2755ee9a5f90ac155bf7ecb42d1d7a47bebd1a90391b109efc1e7d315bcfb312241a90b97ef2c13bbf2bdf45bdd46

Download Submit
C:\Users\Admin\Desktop\WatchBlock.vbe

Filesize
281KB

MD5
d04c1b6c474760ef13fa6a97e38554c8

SHA1
e53a673a790c4490423a866bef93d246c7f57309

SHA256
50b3dfa33357c64c3c128245660536523233b0ce515ee522ee62fbcd5ecc342b

SHA512
bde8ee359392c42dae3671c85d9a535925c6a120e850a561e1fe090bee6a698f146923001bea13c34e51f17b5bb54baaaf0e902a3e2e91bff34323cc95dabcd1

Download Submit
C:\Users\Admin\Desktop\WatchReceive.xml

Filesize
268KB

MD5
12a7aea0ffb1d1277221bc34845433f2

SHA1
bf3f2f98bf4e8a3d35ff3729f1118b2ee40c847d

SHA256
c5fd40f404c5048b2362d97614fc7d79c311b918b173012810c491c848ae0b44

SHA512
482de44939ec38e0eeff1cb80d33031bd2659972e8514c68cd73f16e76660bddf14e86eff09b19429ec2a2187016a3a6efc6baff6e6304df646ca2c5c245ac4a

Download Submit
C:\Users\Admin\Downloads\Alpha 0.0.0.rar

Filesize
3.5MB

MD5
0aea518f8ebba5e88d2f23be208e5b8e

SHA1
6eec3db3345982eb5f6570c70f83c356700e00f6

SHA256
4e51d2e2e89acefa16f3a6555b1391355c046c1c8384f42231c5944c12ead538

SHA512
d726fb6df55cd577e041b845721f4646f30466dbace3ef029f9df2eaf26c2cf7c6345bb8a5b45950187f0374a85a03427107f78f44b127845a427212c3cd6003

Download Submit
C:\Users\Admin\Videos\Captures\desktop.ini

Filesize
190B

MD5
b0d27eaec71f1cd73b015f5ceeb15f9d

SHA1
62264f8b5c2f5034a1e4143df6e8c787165fbc2f

SHA256
86d9f822aeb989755fac82929e8db369b3f5f04117ef96fd76e3d5f920a501d2

SHA512
7b5c9783a0a14b600b156825639d24cbbc000f5066c48ce9fecc195255603fc55129aaaca336d7ce6ad4e941d5492b756562f2c7a1d151fcfc2dabac76f3946c

Download Submit
memory/2332-1282-0x0000025294F90000-0x0000025294F91000-memory.dmp

Filesize
4KB

Download
memory/2332-1344-0x0000025294F90000-0x0000025294F91000-memory.dmp

Filesize
4KB

Download
memory/2332-1311-0x0000025294F90000-0x0000025294F91000-memory.dmp

Filesize
4KB

Download
memory/2332-1302-0x0000025294F90000-0x0000025294F91000-memory.dmp

Filesize
4KB

Download
memory/3296-1193-0x0000016CBBDB0000-0x0000016CBBDB1000-memory.dmp

Filesize
4KB

Download
memory/3296-1242-0x0000016CBBDB0000-0x0000016CBBDB1000-memory.dmp

Filesize
4KB

Download
memory/3296-1204-0x0000016CBBDB0000-0x0000016CBBDB1000-memory.dmp

Filesize
4KB

Download
memory/3296-1183-0x0000016CBBDB0000-0x0000016CBBDB1000-memory.dmp

Filesize
4KB

Download
memory/7628-1271-0x0000019C95F20000-0x0000019C95F21000-memory.dmp

Filesize
4KB

Download
memory/7628-1264-0x0000019C95F20000-0x0000019C95F21000-memory.dmp

Filesize
4KB

Download
memory/7628-1253-0x0000019C95F20000-0x0000019C95F21000-memory.dmp

Filesize
4KB

Download