Analysis

  • max time kernel
    398s
  • max time network
    403s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13-06-2024 13:27

General

  • Target

    https://www.mediafire.com/file/8flnjugjj8s12p5

Score
6/10

Malware Config

Signatures

  • Looks up external IP address via web service 3 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Drops file in System32 directory 64 IoCs
  • Drops file in Windows directory 64 IoCs
  • Checks processor information in registry 2 TTPs 20 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies registry class 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 44 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 56 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 26 IoCs
  • Suspicious use of SetWindowsHookEx 5 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.mediafire.com/file/8flnjugjj8s12p5
    1⤵
    • Enumerates system info in registry
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:1308
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa228f46f8,0x7ffa228f4708,0x7ffa228f4718
      2⤵
        PID:2516
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2016,3985738799924802008,8701280129194072712,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2060 /prefetch:2
        2⤵
          PID:5028
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2016,3985738799924802008,8701280129194072712,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:748
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2016,3985738799924802008,8701280129194072712,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2936 /prefetch:8
          2⤵
            PID:4492
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,3985738799924802008,8701280129194072712,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
            2⤵
              PID:4000
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,3985738799924802008,8701280129194072712,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
              2⤵
                PID:3932
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,3985738799924802008,8701280129194072712,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4828 /prefetch:1
                2⤵
                  PID:3260
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,3985738799924802008,8701280129194072712,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:1
                  2⤵
                    PID:3176
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2016,3985738799924802008,8701280129194072712,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6136 /prefetch:8
                    2⤵
                      PID:4996
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,3985738799924802008,8701280129194072712,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6148 /prefetch:1
                      2⤵
                        PID:3852
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,3985738799924802008,8701280129194072712,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6552 /prefetch:1
                        2⤵
                          PID:1588
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,3985738799924802008,8701280129194072712,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6816 /prefetch:1
                          2⤵
                            PID:1624
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,3985738799924802008,8701280129194072712,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6832 /prefetch:1
                            2⤵
                              PID:3536
                            • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2016,3985738799924802008,8701280129194072712,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5572 /prefetch:8
                              2⤵
                                PID:3052
                              • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2016,3985738799924802008,8701280129194072712,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5572 /prefetch:8
                                2⤵
                                • Suspicious behavior: EnumeratesProcesses
                                PID:3312
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,3985738799924802008,8701280129194072712,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5596 /prefetch:1
                                2⤵
                                  PID:1852
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,3985738799924802008,8701280129194072712,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5640 /prefetch:1
                                  2⤵
                                    PID:2016
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,3985738799924802008,8701280129194072712,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6348 /prefetch:1
                                    2⤵
                                      PID:1736
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,3985738799924802008,8701280129194072712,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6700 /prefetch:1
                                      2⤵
                                        PID:3568
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,3985738799924802008,8701280129194072712,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6800 /prefetch:1
                                        2⤵
                                          PID:1224
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,3985738799924802008,8701280129194072712,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5316 /prefetch:1
                                          2⤵
                                            PID:2940
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,3985738799924802008,8701280129194072712,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6836 /prefetch:1
                                            2⤵
                                              PID:4140
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,3985738799924802008,8701280129194072712,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6808 /prefetch:1
                                              2⤵
                                                PID:5212
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,3985738799924802008,8701280129194072712,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6480 /prefetch:1
                                                2⤵
                                                  PID:5220
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,3985738799924802008,8701280129194072712,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7008 /prefetch:1
                                                  2⤵
                                                    PID:5228
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,3985738799924802008,8701280129194072712,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7012 /prefetch:1
                                                    2⤵
                                                      PID:5236
                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,3985738799924802008,8701280129194072712,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7412 /prefetch:1
                                                      2⤵
                                                        PID:5244
                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,3985738799924802008,8701280129194072712,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7424 /prefetch:1
                                                        2⤵
                                                          PID:5252
                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,3985738799924802008,8701280129194072712,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6504 /prefetch:1
                                                          2⤵
                                                            PID:5260
                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,3985738799924802008,8701280129194072712,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8004 /prefetch:1
                                                            2⤵
                                                              PID:5440
                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,3985738799924802008,8701280129194072712,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8528 /prefetch:1
                                                              2⤵
                                                                PID:5756
                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,3985738799924802008,8701280129194072712,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8024 /prefetch:1
                                                                2⤵
                                                                  PID:5872
                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,3985738799924802008,8701280129194072712,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8952 /prefetch:1
                                                                  2⤵
                                                                    PID:5952
                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,3985738799924802008,8701280129194072712,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8800 /prefetch:1
                                                                    2⤵
                                                                      PID:6084
                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,3985738799924802008,8701280129194072712,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9296 /prefetch:1
                                                                      2⤵
                                                                        PID:4776
                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,3985738799924802008,8701280129194072712,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9436 /prefetch:1
                                                                        2⤵
                                                                          PID:1108
                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,3985738799924802008,8701280129194072712,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9136 /prefetch:1
                                                                          2⤵
                                                                            PID:6056
                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,3985738799924802008,8701280129194072712,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9792 /prefetch:1
                                                                            2⤵
                                                                              PID:6156
                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,3985738799924802008,8701280129194072712,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9116 /prefetch:1
                                                                              2⤵
                                                                                PID:6264
                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,3985738799924802008,8701280129194072712,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7836 /prefetch:1
                                                                                2⤵
                                                                                  PID:6276
                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2016,3985738799924802008,8701280129194072712,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7704 /prefetch:2
                                                                                  2⤵
                                                                                  • Suspicious behavior: EnumeratesProcesses
                                                                                  PID:6896
                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,3985738799924802008,8701280129194072712,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4888 /prefetch:1
                                                                                  2⤵
                                                                                    PID:7052
                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,3985738799924802008,8701280129194072712,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4968 /prefetch:1
                                                                                    2⤵
                                                                                      PID:6420
                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,3985738799924802008,8701280129194072712,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9476 /prefetch:1
                                                                                      2⤵
                                                                                        PID:5132
                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,3985738799924802008,8701280129194072712,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9772 /prefetch:1
                                                                                        2⤵
                                                                                          PID:5140
                                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2016,3985738799924802008,8701280129194072712,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=9508 /prefetch:8
                                                                                          2⤵
                                                                                            PID:1628
                                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2016,3985738799924802008,8701280129194072712,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=10344 /prefetch:8
                                                                                            2⤵
                                                                                            • Modifies registry class
                                                                                            • Suspicious behavior: EnumeratesProcesses
                                                                                            PID:3112
                                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,3985738799924802008,8701280129194072712,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5232 /prefetch:1
                                                                                            2⤵
                                                                                              PID:5752
                                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,3985738799924802008,8701280129194072712,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10116 /prefetch:1
                                                                                              2⤵
                                                                                                PID:6848
                                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,3985738799924802008,8701280129194072712,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4928 /prefetch:1
                                                                                                2⤵
                                                                                                  PID:5524
                                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,3985738799924802008,8701280129194072712,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7764 /prefetch:1
                                                                                                  2⤵
                                                                                                    PID:5004
                                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,3985738799924802008,8701280129194072712,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9808 /prefetch:1
                                                                                                    2⤵
                                                                                                      PID:4736
                                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,3985738799924802008,8701280129194072712,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6216 /prefetch:1
                                                                                                      2⤵
                                                                                                        PID:6684
                                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,3985738799924802008,8701280129194072712,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9580 /prefetch:1
                                                                                                        2⤵
                                                                                                          PID:6692
                                                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,3985738799924802008,8701280129194072712,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8996 /prefetch:1
                                                                                                          2⤵
                                                                                                            PID:3132
                                                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,3985738799924802008,8701280129194072712,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10332 /prefetch:1
                                                                                                            2⤵
                                                                                                              PID:832
                                                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,3985738799924802008,8701280129194072712,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5708 /prefetch:1
                                                                                                              2⤵
                                                                                                                PID:3100
                                                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,3985738799924802008,8701280129194072712,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10076 /prefetch:1
                                                                                                                2⤵
                                                                                                                  PID:5164
                                                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2016,3985738799924802008,8701280129194072712,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5544 /prefetch:8
                                                                                                                  2⤵
                                                                                                                  • Suspicious behavior: EnumeratesProcesses
                                                                                                                  PID:3452
                                                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,3985738799924802008,8701280129194072712,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7532 /prefetch:1
                                                                                                                  2⤵
                                                                                                                    PID:6648
                                                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,3985738799924802008,8701280129194072712,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1748 /prefetch:1
                                                                                                                    2⤵
                                                                                                                      PID:6092
                                                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,3985738799924802008,8701280129194072712,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5572 /prefetch:1
                                                                                                                      2⤵
                                                                                                                        PID:6764
                                                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,3985738799924802008,8701280129194072712,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8712 /prefetch:1
                                                                                                                        2⤵
                                                                                                                          PID:6520
                                                                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,3985738799924802008,8701280129194072712,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7544 /prefetch:1
                                                                                                                          2⤵
                                                                                                                            PID:6960
                                                                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,3985738799924802008,8701280129194072712,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7736 /prefetch:1
                                                                                                                            2⤵
                                                                                                                              PID:4456
                                                                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,3985738799924802008,8701280129194072712,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1396 /prefetch:1
                                                                                                                              2⤵
                                                                                                                                PID:6508
                                                                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,3985738799924802008,8701280129194072712,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3708 /prefetch:1
                                                                                                                                2⤵
                                                                                                                                  PID:5404
                                                                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2016,3985738799924802008,8701280129194072712,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=7776 /prefetch:8
                                                                                                                                  2⤵
                                                                                                                                    PID:6984
                                                                                                                                • C:\Windows\System32\CompPkgSrv.exe
                                                                                                                                  C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                                                                                  1⤵
                                                                                                                                    PID:1668
                                                                                                                                  • C:\Windows\System32\CompPkgSrv.exe
                                                                                                                                    C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                                                                                    1⤵
                                                                                                                                      PID:2428
                                                                                                                                    • C:\Windows\system32\AUDIODG.EXE
                                                                                                                                      C:\Windows\system32\AUDIODG.EXE 0x300 0x2fc
                                                                                                                                      1⤵
                                                                                                                                      • Suspicious use of AdjustPrivilegeToken
                                                                                                                                      PID:6680
                                                                                                                                    • C:\Windows\System32\rundll32.exe
                                                                                                                                      C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                                                                                                                      1⤵
                                                                                                                                        PID:7052
                                                                                                                                      • C:\Users\Admin\Downloads\WorldBox.God.Simulator.Build.11538132\WorldBox.God.Simulator.Build.11538132\worldbox.exe
                                                                                                                                        "C:\Users\Admin\Downloads\WorldBox.God.Simulator.Build.11538132\WorldBox.God.Simulator.Build.11538132\worldbox.exe"
                                                                                                                                        1⤵
                                                                                                                                        • Drops file in System32 directory
                                                                                                                                        • Drops file in Windows directory
                                                                                                                                        • Checks processor information in registry
                                                                                                                                        • Suspicious behavior: EnumeratesProcesses
                                                                                                                                        • Suspicious use of SetWindowsHookEx
                                                                                                                                        PID:6744
                                                                                                                                        • C:\Users\Admin\Downloads\WorldBox.God.Simulator.Build.11538132\WorldBox.God.Simulator.Build.11538132\UnityCrashHandler64.exe
                                                                                                                                          "C:\Users\Admin\Downloads\WorldBox.God.Simulator.Build.11538132\WorldBox.God.Simulator.Build.11538132\UnityCrashHandler64.exe" --attach 6744 2604587028480
                                                                                                                                          2⤵
                                                                                                                                          • Drops file in System32 directory
                                                                                                                                          • Drops file in Windows directory
                                                                                                                                          • Suspicious behavior: EnumeratesProcesses
                                                                                                                                          PID:6556
                                                                                                                                          • C:\Users\Admin\Downloads\WorldBox.God.Simulator.Build.11538132\WorldBox.God.Simulator.Build.11538132\UnityCrashHandler64.exe
                                                                                                                                            "C:\Users\Admin\Downloads\WorldBox.God.Simulator.Build.11538132\WorldBox.God.Simulator.Build.11538132\UnityCrashHandler64.exe" "6744" "2604587028480"
                                                                                                                                            3⤵
                                                                                                                                              PID:2920
                                                                                                                                        • C:\Users\Admin\Downloads\WorldBox.God.Simulator.Build.11538132\WorldBox.God.Simulator.Build.11538132\worldbox.exe
                                                                                                                                          "C:\Users\Admin\Downloads\WorldBox.God.Simulator.Build.11538132\WorldBox.God.Simulator.Build.11538132\worldbox.exe"
                                                                                                                                          1⤵
                                                                                                                                          • Drops file in Windows directory
                                                                                                                                          • Checks processor information in registry
                                                                                                                                          • Suspicious behavior: EnumeratesProcesses
                                                                                                                                          • Suspicious use of SetWindowsHookEx
                                                                                                                                          PID:6764
                                                                                                                                          • C:\Users\Admin\Downloads\WorldBox.God.Simulator.Build.11538132\WorldBox.God.Simulator.Build.11538132\UnityCrashHandler64.exe
                                                                                                                                            "C:\Users\Admin\Downloads\WorldBox.God.Simulator.Build.11538132\WorldBox.God.Simulator.Build.11538132\UnityCrashHandler64.exe" --attach 6764 2096996683776
                                                                                                                                            2⤵
                                                                                                                                            • Drops file in System32 directory
                                                                                                                                            • Drops file in Windows directory
                                                                                                                                            • Suspicious behavior: EnumeratesProcesses
                                                                                                                                            PID:6648
                                                                                                                                            • C:\Users\Admin\Downloads\WorldBox.God.Simulator.Build.11538132\WorldBox.God.Simulator.Build.11538132\UnityCrashHandler64.exe
                                                                                                                                              "C:\Users\Admin\Downloads\WorldBox.God.Simulator.Build.11538132\WorldBox.God.Simulator.Build.11538132\UnityCrashHandler64.exe" "6764" "2096996683776"
                                                                                                                                              3⤵
                                                                                                                                                PID:4320
                                                                                                                                          • C:\Users\Admin\Downloads\WorldBox.God.Simulator.Build.11538132\WorldBox.God.Simulator.Build.11538132\worldbox.exe
                                                                                                                                            "C:\Users\Admin\Downloads\WorldBox.God.Simulator.Build.11538132\WorldBox.God.Simulator.Build.11538132\worldbox.exe"
                                                                                                                                            1⤵
                                                                                                                                            • Drops file in System32 directory
                                                                                                                                            • Drops file in Windows directory
                                                                                                                                            • Checks processor information in registry
                                                                                                                                            • Suspicious behavior: EnumeratesProcesses
                                                                                                                                            • Suspicious use of SetWindowsHookEx
                                                                                                                                            PID:1792
                                                                                                                                            • C:\Users\Admin\Downloads\WorldBox.God.Simulator.Build.11538132\WorldBox.God.Simulator.Build.11538132\UnityCrashHandler64.exe
                                                                                                                                              "C:\Users\Admin\Downloads\WorldBox.God.Simulator.Build.11538132\WorldBox.God.Simulator.Build.11538132\UnityCrashHandler64.exe" --attach 1792 1784463691776
                                                                                                                                              2⤵
                                                                                                                                              • Drops file in System32 directory
                                                                                                                                              • Drops file in Windows directory
                                                                                                                                              • Suspicious behavior: EnumeratesProcesses
                                                                                                                                              PID:4908
                                                                                                                                              • C:\Users\Admin\Downloads\WorldBox.God.Simulator.Build.11538132\WorldBox.God.Simulator.Build.11538132\UnityCrashHandler64.exe
                                                                                                                                                "C:\Users\Admin\Downloads\WorldBox.God.Simulator.Build.11538132\WorldBox.God.Simulator.Build.11538132\UnityCrashHandler64.exe" "1792" "1784463691776"
                                                                                                                                                3⤵
                                                                                                                                                  PID:2344
                                                                                                                                            • C:\Users\Admin\Downloads\WorldBox.God.Simulator.Build.11538132\WorldBox.God.Simulator.Build.11538132\UnityCrashHandler64.exe
                                                                                                                                              "C:\Users\Admin\Downloads\WorldBox.God.Simulator.Build.11538132\WorldBox.God.Simulator.Build.11538132\UnityCrashHandler64.exe"
                                                                                                                                              1⤵
                                                                                                                                                PID:4404
                                                                                                                                              • C:\Users\Admin\Downloads\WorldBox.God.Simulator.Build.11538132\WorldBox.God.Simulator.Build.11538132\UnityCrashHandler64.exe
                                                                                                                                                "C:\Users\Admin\Downloads\WorldBox.God.Simulator.Build.11538132\WorldBox.God.Simulator.Build.11538132\UnityCrashHandler64.exe"
                                                                                                                                                1⤵
                                                                                                                                                  PID:4040
                                                                                                                                                • C:\Users\Admin\Downloads\WorldBox.God.Simulator.Build.11538132\WorldBox.God.Simulator.Build.11538132\worldbox.exe
                                                                                                                                                  "C:\Users\Admin\Downloads\WorldBox.God.Simulator.Build.11538132\WorldBox.God.Simulator.Build.11538132\worldbox.exe"
                                                                                                                                                  1⤵
                                                                                                                                                  • Drops file in System32 directory
                                                                                                                                                  • Drops file in Windows directory
                                                                                                                                                  • Checks processor information in registry
                                                                                                                                                  • Suspicious behavior: EnumeratesProcesses
                                                                                                                                                  • Suspicious use of SetWindowsHookEx
                                                                                                                                                  PID:2480
                                                                                                                                                  • C:\Users\Admin\Downloads\WorldBox.God.Simulator.Build.11538132\WorldBox.God.Simulator.Build.11538132\UnityCrashHandler64.exe
                                                                                                                                                    "C:\Users\Admin\Downloads\WorldBox.God.Simulator.Build.11538132\WorldBox.God.Simulator.Build.11538132\UnityCrashHandler64.exe" --attach 2480 2282906128384
                                                                                                                                                    2⤵
                                                                                                                                                    • Drops file in System32 directory
                                                                                                                                                    • Drops file in Windows directory
                                                                                                                                                    • Suspicious behavior: EnumeratesProcesses
                                                                                                                                                    PID:3460
                                                                                                                                                    • C:\Users\Admin\Downloads\WorldBox.God.Simulator.Build.11538132\WorldBox.God.Simulator.Build.11538132\UnityCrashHandler64.exe
                                                                                                                                                      "C:\Users\Admin\Downloads\WorldBox.God.Simulator.Build.11538132\WorldBox.God.Simulator.Build.11538132\UnityCrashHandler64.exe" "2480" "2282906128384"
                                                                                                                                                      3⤵
                                                                                                                                                        PID:5840
                                                                                                                                                  • C:\Users\Admin\Downloads\WorldBox.God.Simulator.Build.11538132\WorldBox.God.Simulator.Build.11538132\worldbox.exe
                                                                                                                                                    "C:\Users\Admin\Downloads\WorldBox.God.Simulator.Build.11538132\WorldBox.God.Simulator.Build.11538132\worldbox.exe"
                                                                                                                                                    1⤵
                                                                                                                                                    • Drops file in System32 directory
                                                                                                                                                    • Drops file in Windows directory
                                                                                                                                                    • Checks processor information in registry
                                                                                                                                                    • Suspicious behavior: EnumeratesProcesses
                                                                                                                                                    • Suspicious use of SetWindowsHookEx
                                                                                                                                                    PID:6836
                                                                                                                                                    • C:\Users\Admin\Downloads\WorldBox.God.Simulator.Build.11538132\WorldBox.God.Simulator.Build.11538132\UnityCrashHandler64.exe
                                                                                                                                                      "C:\Users\Admin\Downloads\WorldBox.God.Simulator.Build.11538132\WorldBox.God.Simulator.Build.11538132\UnityCrashHandler64.exe" --attach 6836 2174663397376
                                                                                                                                                      2⤵
                                                                                                                                                      • Drops file in System32 directory
                                                                                                                                                      • Drops file in Windows directory
                                                                                                                                                      • Suspicious behavior: EnumeratesProcesses
                                                                                                                                                      PID:6808
                                                                                                                                                      • C:\Users\Admin\Downloads\WorldBox.God.Simulator.Build.11538132\WorldBox.God.Simulator.Build.11538132\UnityCrashHandler64.exe
                                                                                                                                                        "C:\Users\Admin\Downloads\WorldBox.God.Simulator.Build.11538132\WorldBox.God.Simulator.Build.11538132\UnityCrashHandler64.exe" "6836" "2174663397376"
                                                                                                                                                        3⤵
                                                                                                                                                          PID:4836

                                                                                                                                                    Network

                                                                                                                                                    MITRE ATT&CK Enterprise v15

                                                                                                                                                    Replay Monitor

                                                                                                                                                    Loading Replay Monitor...

                                                                                                                                                    Downloads

                                                                                                                                                    • C:\Users\Admin\AppData\LocalLow\Unity\CrashReports\CrashReport2024-06-13_133136197.json.gz

                                                                                                                                                      Filesize

                                                                                                                                                      4KB

                                                                                                                                                      MD5

                                                                                                                                                      8000dcda95f9e783c39e1174fb57cd44

                                                                                                                                                      SHA1

                                                                                                                                                      754e67d0df3f2a70dfac25d86be27f47f3e544da

                                                                                                                                                      SHA256

                                                                                                                                                      a6b848fc2b23b73304f1fa23a8931024f65f299ea91c08e3842ef94367afb1fc

                                                                                                                                                      SHA512

                                                                                                                                                      14943173b48d4f90c9db08fe5cfb4878868731e2fbe4fffe3ab38c2592ed6013fa514decba5324b949714760542909f0527e4dfc91d300bd33347fa1a1d47f56

                                                                                                                                                    • C:\Users\Admin\AppData\LocalLow\Unity\CrashReports\CrashReport2024-06-13_133136197.json.meta

                                                                                                                                                      Filesize

                                                                                                                                                      65B

                                                                                                                                                      MD5

                                                                                                                                                      ba98baaafaefc8fc9349de3e5e12cf1e

                                                                                                                                                      SHA1

                                                                                                                                                      7c1cf07d5f12ed351a802e672575346e5aa4bf78

                                                                                                                                                      SHA256

                                                                                                                                                      23cbbd6cf771a31dc8f6cdb4b3802ee20649b8cdd5b125677f7f26d7b0f21f85

                                                                                                                                                      SHA512

                                                                                                                                                      b5b61dfdd67c925940c9c030514998bab04324e0597c02ea65df73e9bd7a52f4b8e7e79c20f8547d3674f62ffe779d48c21d23d529f79ea09b9ca4ab0de52e96

                                                                                                                                                    • C:\Users\Admin\AppData\LocalLow\mkarpenko\WorldBox\Player.log

                                                                                                                                                      Filesize

                                                                                                                                                      16KB

                                                                                                                                                      MD5

                                                                                                                                                      8336684a47ed3259802510fec868453d

                                                                                                                                                      SHA1

                                                                                                                                                      b920231bfee14b716197aa75555d0bacfca4fd41

                                                                                                                                                      SHA256

                                                                                                                                                      3b250ae25f1d279f0e417a9c750e7145bf7a7c2454df6960c7b4a8d70cf11260

                                                                                                                                                      SHA512

                                                                                                                                                      181943bd5fdb8e25792891226b1105e25a126197501cef75a477ade41e51e13732cc702f56882b6156eac96977c276732fc602f8ef03b385555a2567647cbd92

                                                                                                                                                    • C:\Users\Admin\AppData\LocalLow\mkarpenko\WorldBox\Player.log

                                                                                                                                                      Filesize

                                                                                                                                                      16KB

                                                                                                                                                      MD5

                                                                                                                                                      57f03d412522356e3be34f1edd67cf69

                                                                                                                                                      SHA1

                                                                                                                                                      f99d7b3e499a6e7581927845ddfc5499486c3699

                                                                                                                                                      SHA256

                                                                                                                                                      6cfaaf4a6f2d4d7be0ad5d83da6af8d4287d15394f3f7217775b5e4f1331e285

                                                                                                                                                      SHA512

                                                                                                                                                      4d2f9b1bd8a81b66dbcb388b33d3c9e47d3d079378a840dae251c5c32a9319c48e963a5e501add021baea5ffec6e82fa44831839a2aff9cdf623d295a5449f16

                                                                                                                                                    • C:\Users\Admin\AppData\LocalLow\mkarpenko\WorldBox\Unity\1fee820e-0c37-402a-927d-d35def5ef484\Analytics\ArchivedEvents\171828548900002.8c3ab110\c

                                                                                                                                                      Filesize

                                                                                                                                                      1B

                                                                                                                                                      MD5

                                                                                                                                                      c81e728d9d4c2f636f067f89cc14862c

                                                                                                                                                      SHA1

                                                                                                                                                      da4b9237bacccdf19c0760cab7aec4a8359010b0

                                                                                                                                                      SHA256

                                                                                                                                                      d4735e3a265e16eee03f59718b9b5d03019c07d8b6c51f90da3a666eec13ab35

                                                                                                                                                      SHA512

                                                                                                                                                      40b244112641dd78dd4f93b6c9190dd46e0099194d5a44257b7efad6ef9ff4683da1eda0244448cb343aa688f5d3efd7314dafe580ac0bcbf115aeca9e8dc114

                                                                                                                                                    • C:\Users\Admin\AppData\LocalLow\mkarpenko\WorldBox\Unity\1fee820e-0c37-402a-927d-d35def5ef484\Analytics\ArchivedEvents\171828548900002.8c3ab110\s

                                                                                                                                                      Filesize

                                                                                                                                                      440B

                                                                                                                                                      MD5

                                                                                                                                                      e1e5b1a3190ec42492fe01beb414ce6b

                                                                                                                                                      SHA1

                                                                                                                                                      a9192e6219ce91ad3e452d2eab1218777fcedd81

                                                                                                                                                      SHA256

                                                                                                                                                      452ab7f7b37f5d7cd06baa17c9e1d9c9e6778d9d9f5ca332bb42439a147f67db

                                                                                                                                                      SHA512

                                                                                                                                                      14531e644d1b797e79d20ba1413f043189a0edaa91babe38af0ea200209ad4cc3f37aa5b9774943454c31d65a5e6d19d4e1f8732648305d1c14a18b0c029f828

                                                                                                                                                    • C:\Users\Admin\AppData\LocalLow\mkarpenko\WorldBox\Unity\1fee820e-0c37-402a-927d-d35def5ef484\Analytics\ArchivedEvents\171828552900000.5b75af43\c

                                                                                                                                                      Filesize

                                                                                                                                                      1B

                                                                                                                                                      MD5

                                                                                                                                                      c4ca4238a0b923820dcc509a6f75849b

                                                                                                                                                      SHA1

                                                                                                                                                      356a192b7913b04c54574d18c28d46e6395428ab

                                                                                                                                                      SHA256

                                                                                                                                                      6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

                                                                                                                                                      SHA512

                                                                                                                                                      4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a

                                                                                                                                                    • C:\Users\Admin\AppData\LocalLow\mkarpenko\WorldBox\Unity\1fee820e-0c37-402a-927d-d35def5ef484\Analytics\config

                                                                                                                                                      Filesize

                                                                                                                                                      293B

                                                                                                                                                      MD5

                                                                                                                                                      8673a8ac0b06a9d056d08d62f857ba4b

                                                                                                                                                      SHA1

                                                                                                                                                      a351bea1932270bafbe468584058fef20dcfc31e

                                                                                                                                                      SHA256

                                                                                                                                                      83b3f90c4edf1f122c8faf9784ca0aee4dd017c65493ac181c1814211703db96

                                                                                                                                                      SHA512

                                                                                                                                                      edf28eb7fcef654f139285d308f817ee230d6f064a4c865109d6dfe6f73c11f8f35737c8159c8a302118237ab980899ba5773f547cc9da4028643a53b08e324f

                                                                                                                                                    • C:\Users\Admin\AppData\LocalLow\mkarpenko\WorldBox\Unity\1fee820e-0c37-402a-927d-d35def5ef484\Analytics\values

                                                                                                                                                      Filesize

                                                                                                                                                      135B

                                                                                                                                                      MD5

                                                                                                                                                      8898ee35e4e0b1628839d39038384097

                                                                                                                                                      SHA1

                                                                                                                                                      e47c3aa37af4fac2ab51f5112391103410a87645

                                                                                                                                                      SHA256

                                                                                                                                                      67e3a18a1c68cc5d47e52be039156b31ec987a3aa721c408efa2607a175ab819

                                                                                                                                                      SHA512

                                                                                                                                                      a3e129b4d1ea47f165b2b049dcf3093173b683157295e7d89c9b110f9bad3fc88fa5d8be412e02fe6b6a31e641b185f6ea0d9938d4d7655b5c35aeaf52323e46

                                                                                                                                                    • C:\Users\Admin\AppData\LocalLow\mkarpenko\WorldBox\worldboxData

                                                                                                                                                      Filesize

                                                                                                                                                      2KB

                                                                                                                                                      MD5

                                                                                                                                                      5392d9ea1dd18a7d980811d02bb68cb7

                                                                                                                                                      SHA1

                                                                                                                                                      c0781cdd4146d72cf4526475ee23c00e7805a2ce

                                                                                                                                                      SHA256

                                                                                                                                                      68e09b1af8ae5727374dc9bdd2226f549e5ee9cb148b4b60db6404c89e993cd0

                                                                                                                                                      SHA512

                                                                                                                                                      2d200ad345dc19c1d46570b87f7becbb018b31022efe9ac1bd0ecb1d233129724ac34ea04195716b3a6bf8872f17d4adf4eabf728073d1df511335725417c6d1

                                                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                                                                                      Filesize

                                                                                                                                                      152B

                                                                                                                                                      MD5

                                                                                                                                                      dabfafd78687947a9de64dd5b776d25f

                                                                                                                                                      SHA1

                                                                                                                                                      16084c74980dbad713f9d332091985808b436dea

                                                                                                                                                      SHA256

                                                                                                                                                      c7658f407cbe799282ef202e78319e489ed4e48e23f6d056b505bc0d73e34201

                                                                                                                                                      SHA512

                                                                                                                                                      dae1de5245cd9b72117c430250aa2029eb8df1b85dc414ac50152d8eba4d100bcf0320ac18446f865dc96949f8b06a5b9e7a0c84f9c1b0eada318e80f99f9d2b

                                                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                                                                                      Filesize

                                                                                                                                                      152B

                                                                                                                                                      MD5

                                                                                                                                                      c39b3aa574c0c938c80eb263bb450311

                                                                                                                                                      SHA1

                                                                                                                                                      f4d11275b63f4f906be7a55ec6ca050c62c18c88

                                                                                                                                                      SHA256

                                                                                                                                                      66f8d413a30451055d4b6fa40e007197a4bb93a66a28ca4112967ec417ffab6c

                                                                                                                                                      SHA512

                                                                                                                                                      eeca2e21cd4d66835beb9812e26344c8695584253af397b06f378536ca797c3906a670ed239631729c96ebb93acfb16327cf58d517e83fb8923881c5fdb6d232

                                                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022

                                                                                                                                                      Filesize

                                                                                                                                                      62KB

                                                                                                                                                      MD5

                                                                                                                                                      42d9fcc7172456834d9e05605cfb999f

                                                                                                                                                      SHA1

                                                                                                                                                      d1df0982a953011482b7cc5e97803a5fae290ba7

                                                                                                                                                      SHA256

                                                                                                                                                      5029f1471e648ecdf5518199b5d7a6fdcf2dab7b9ba8367331b0836de3064575

                                                                                                                                                      SHA512

                                                                                                                                                      5fc471dfd6cf0516739b40db211b4f1e0d3e27e7b53eb1e0c8d34f7ddf5d09ff520bd4c3b7baca993857fd462f184621391fed363a548bc7b50eee3b7ef6ade8

                                                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023

                                                                                                                                                      Filesize

                                                                                                                                                      31KB

                                                                                                                                                      MD5

                                                                                                                                                      60140bc834da90837a9a4d1530484677

                                                                                                                                                      SHA1

                                                                                                                                                      d99868b0693b332681b4db7927f3f11b3ed37607

                                                                                                                                                      SHA256

                                                                                                                                                      29c0ba2fb11f5bbedff938e0d0a97da59f725cd153bc0c04f052419e779f134e

                                                                                                                                                      SHA512

                                                                                                                                                      448ddc49ab5128dfc0dc91ebe388d447e748848cd2f7dc15fe1fd0380a5436cc9872c32606d9d161d3648b20bff5eda0e48e8fb77c9293f3c0924ae89589eb37

                                                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000029

                                                                                                                                                      Filesize

                                                                                                                                                      19KB

                                                                                                                                                      MD5

                                                                                                                                                      c52f3521639f61d058b371c90f7340a0

                                                                                                                                                      SHA1

                                                                                                                                                      26cda00aa74d363215fe8e5de80878cf767d9747

                                                                                                                                                      SHA256

                                                                                                                                                      98dadb40ba05b9079b6c7cfdcdce83a11764b15cee748e1d6b06ef13e94f1736

                                                                                                                                                      SHA512

                                                                                                                                                      ead5c9d264cb85f32a1e4e7ca84df51b2d8fcad89abe35b8a9e461cab914224e5ee9c3b0cbcaf720ffaf43566b9d9c958667024e0e6988f948640fd782ff3f23

                                                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000036

                                                                                                                                                      Filesize

                                                                                                                                                      63KB

                                                                                                                                                      MD5

                                                                                                                                                      5d0e354e98734f75eee79829eb7b9039

                                                                                                                                                      SHA1

                                                                                                                                                      86ffc126d8b7473568a4bb04d49021959a892b3a

                                                                                                                                                      SHA256

                                                                                                                                                      1cf8ae1c13406a2b4fc81dae6e30f6ea6a8a72566222d2ffe9e85b7e3676b97e

                                                                                                                                                      SHA512

                                                                                                                                                      4475f576a2cdaac1ebdec9e0a94f3098e2bc84b9a2a1da004c67e73597dd61acfbb88c94d0d39a655732c77565b7cc06880c78a97307cb3aac5abf16dd14ec79

                                                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000037

                                                                                                                                                      Filesize

                                                                                                                                                      69KB

                                                                                                                                                      MD5

                                                                                                                                                      a9ee0092a50e4443e7cd01cefdc6d95e

                                                                                                                                                      SHA1

                                                                                                                                                      18614eadee202eae00c3f22267d18cf648446b93

                                                                                                                                                      SHA256

                                                                                                                                                      78c268c35b00d23224cb9ad9ee70426c943d41d4635d558756ef83f985e7cc9b

                                                                                                                                                      SHA512

                                                                                                                                                      d4db3c81cd081d582017bb678ecc7edac4641c840300b802c88d433a9f79fb709176bb8c11af35d55562ac0a82b25763477e3a6b2784456a5f4b8be625d165a6

                                                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000038

                                                                                                                                                      Filesize

                                                                                                                                                      42KB

                                                                                                                                                      MD5

                                                                                                                                                      57a09a381255b716f97d35162e6d03cf

                                                                                                                                                      SHA1

                                                                                                                                                      2c3896bd47340403f67d2fd834ed396609806b58

                                                                                                                                                      SHA256

                                                                                                                                                      91762de21a32bf7714921e215cf564232ea09afc529b620584de7e16dadfeaf0

                                                                                                                                                      SHA512

                                                                                                                                                      b10bbbc4c552f31aa18458d0eeef6ddc656d7e9b9d99290e764e4a60c0f26f118969bfc0050cf3b710c7cf75486739499c7b9ea9fefe792a20192a67bccfba26

                                                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000039

                                                                                                                                                      Filesize

                                                                                                                                                      64KB

                                                                                                                                                      MD5

                                                                                                                                                      2923c306256864061a11e426841fc44a

                                                                                                                                                      SHA1

                                                                                                                                                      d9bb657845d502acd69a15a66f9e667ce9b68351

                                                                                                                                                      SHA256

                                                                                                                                                      5bc3f12e012e1a39ac69afba923768b758089461ccea0b8391f682d91c0ed2fa

                                                                                                                                                      SHA512

                                                                                                                                                      f2614f699ac296ee1f81e32955c97d2c13177714dbd424e7f5f7de0d8869dd799d13c64929386ac9c942325456d26c4876a09341d17d7c9af4f80695d259cfea

                                                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003a

                                                                                                                                                      Filesize

                                                                                                                                                      19KB

                                                                                                                                                      MD5

                                                                                                                                                      635efe262aec3acfb8be08b7baf97a3d

                                                                                                                                                      SHA1

                                                                                                                                                      232b8fe0965aea5c65605b78c3ba286cefb2f43f

                                                                                                                                                      SHA256

                                                                                                                                                      8a4492d1d9ca694d384d89fa61cf1df2b04583c64762783313029ae405cbfa06

                                                                                                                                                      SHA512

                                                                                                                                                      d4b21b43b67697f1c391147691d8229d429082c389411167386f5c94e3a798f26c2457adf6d06caec446106e0f0aa16d895bfc4e8a1ff9e9c21a51173a923e3d

                                                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003b

                                                                                                                                                      Filesize

                                                                                                                                                      88KB

                                                                                                                                                      MD5

                                                                                                                                                      77e89b1c954303a8aa65ae10e18c1b51

                                                                                                                                                      SHA1

                                                                                                                                                      e2b15a0d930dcc11f0b38c95b1e68d1ca8334d73

                                                                                                                                                      SHA256

                                                                                                                                                      069a7cc0309c5d6fc99259d5d5a8e41926996bbae11dc8631a7303a0c2d8c953

                                                                                                                                                      SHA512

                                                                                                                                                      5780d3532af970f3942eecf731a43f04b0d2bdb9c0f1a262dbd1c3980bcc82fe6d2126236ad33c48ea5434d376de2214d84a9a2ccec46a0671886fe0aa5e5597

                                                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003c

                                                                                                                                                      Filesize

                                                                                                                                                      1.2MB

                                                                                                                                                      MD5

                                                                                                                                                      eb63aad3cfbfc8e4570b89c9f2f651c7

                                                                                                                                                      SHA1

                                                                                                                                                      c4ae7ad4c021508f7721b16e82efd60826b1e96a

                                                                                                                                                      SHA256

                                                                                                                                                      dd2ae4d6b1cbf32b75433ea22afa1022f8aba05f521447bfd9b186694a022467

                                                                                                                                                      SHA512

                                                                                                                                                      df0ee255da8abac46386a70ae562d30d7e898bf7070e9082ded20546cac552ef951b77b5fb8b12f907828c65409f6450258791eaa1e0739c89810cfc3ad07db4

                                                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000070

                                                                                                                                                      Filesize

                                                                                                                                                      64KB

                                                                                                                                                      MD5

                                                                                                                                                      92356d0513ca1b8d064a32ed5c03f331

                                                                                                                                                      SHA1

                                                                                                                                                      9d115a0eef9a38663c9df6c8f3fae605edb37114

                                                                                                                                                      SHA256

                                                                                                                                                      0033a94154e5b25943ce930a90d066f29c49e174e1feaf241d56c1be3514514a

                                                                                                                                                      SHA512

                                                                                                                                                      631d8da4b0df3143a2910ea82355718fb8c926600b3bdabaf19953f5209ec26df7710bb5cb64d420a40a635f93fdc90ae7c9e8b00f80bbeae4eaa9a620526013

                                                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00007a

                                                                                                                                                      Filesize

                                                                                                                                                      19KB

                                                                                                                                                      MD5

                                                                                                                                                      f0c0412e4f7e8ebf6e1c8738622abdf4

                                                                                                                                                      SHA1

                                                                                                                                                      7e5433f4d55ff103426fde504031eea535b3d55d

                                                                                                                                                      SHA256

                                                                                                                                                      a67bd5961e1d3fba115d8d04644accb4df135aefe880d03d7e66c404c85b47de

                                                                                                                                                      SHA512

                                                                                                                                                      5d228fe7f147e41b874a167942c017c130cccb61fa05f80cdab0911dd5e0185b8974c93ae9877c5d0beace13fb248bfdf717b29d450b12e08e2230c806232638

                                                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000091

                                                                                                                                                      Filesize

                                                                                                                                                      26KB

                                                                                                                                                      MD5

                                                                                                                                                      e9f2b85be013faf1fae0e6973211a3ba

                                                                                                                                                      SHA1

                                                                                                                                                      cbaed034b85f22ed7afa9c93cb8f17e21221175b

                                                                                                                                                      SHA256

                                                                                                                                                      ac043245833da9c2bc1b00869f469a2e087228eb2e4751278b41b504779ec092

                                                                                                                                                      SHA512

                                                                                                                                                      366910f1d6dd46822b73b725dba936153a27c48646630ce4f830e556301c41d6e243e729c13566c0c4d9953089bc027d7758e7436a5a3677cd78987ae15dd373

                                                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000092

                                                                                                                                                      Filesize

                                                                                                                                                      62KB

                                                                                                                                                      MD5

                                                                                                                                                      17e08579d28ea14e46c20dde4dd989d3

                                                                                                                                                      SHA1

                                                                                                                                                      34f1da35133b80e527922018d1c60a882c033724

                                                                                                                                                      SHA256

                                                                                                                                                      45ebaaa1455ed1bedea47d3253a843b233358c391b7e48c3ed212c75894b3946

                                                                                                                                                      SHA512

                                                                                                                                                      1ec6733214d091c127633036e53150aecfe6c2853a7413f870fc98ba89d61f671e10fcd4427f072f5debd3359198ea971bbd6a7a0718794621d310aadca8a369

                                                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000a4

                                                                                                                                                      Filesize

                                                                                                                                                      20KB

                                                                                                                                                      MD5

                                                                                                                                                      87e8230a9ca3f0c5ccfa56f70276e2f2

                                                                                                                                                      SHA1

                                                                                                                                                      eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

                                                                                                                                                      SHA256

                                                                                                                                                      e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

                                                                                                                                                      SHA512

                                                                                                                                                      37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

                                                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000aa

                                                                                                                                                      Filesize

                                                                                                                                                      203KB

                                                                                                                                                      MD5

                                                                                                                                                      99916ce0720ed460e59d3fbd24d55be2

                                                                                                                                                      SHA1

                                                                                                                                                      d6bb9106eb65e3b84bfe03d872c931fb27f5a3db

                                                                                                                                                      SHA256

                                                                                                                                                      07118bf4bbc3ba87d75cbc11ddf427219a14d518436d7f3886d75301f897edaf

                                                                                                                                                      SHA512

                                                                                                                                                      8d3d52e57806d1850b57bffee12c1a8d9e1a1edcf871b2395df5c889991a183a8d652a0636d5452068f5ef78d37e08ce10b2b2f4e05c3e3c0f2f2230310418a8

                                                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\13986ccd40e3a0f0_0

                                                                                                                                                      Filesize

                                                                                                                                                      53KB

                                                                                                                                                      MD5

                                                                                                                                                      af393f72367a55558369d0ae0243ff01

                                                                                                                                                      SHA1

                                                                                                                                                      13c58bcd6a7af52ae2bf73b97b5ef52cc882f593

                                                                                                                                                      SHA256

                                                                                                                                                      006a3462d84e53a3cd8adff922316a09ba58cbae2cd90be5cfa9e856dd373bbb

                                                                                                                                                      SHA512

                                                                                                                                                      fc20eabbb9798564baaa8bc4254ca266b8a29900915d1b18030d081f0d868df25425ed7eec1daf185df883f557ba0322abcb1844209f5ef3e2ef3a1870dbd136

                                                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                                                                                                      Filesize

                                                                                                                                                      2KB

                                                                                                                                                      MD5

                                                                                                                                                      b2c11dde4623450b41a957abe23154d7

                                                                                                                                                      SHA1

                                                                                                                                                      395e0def0986bdfff74f189c5aee33730d6ddfd0

                                                                                                                                                      SHA256

                                                                                                                                                      36904831ca05a420e69c7e839229ac658ca8d411a7046a530992a27d4f77938e

                                                                                                                                                      SHA512

                                                                                                                                                      059375f36b8edfe2ba9e8efa8ff991944c44f77d928c5bf64b15d54fb2d61bc534506ad8ed9a6baf16a0f44db39eb1c3f1a586338cf615207ef19b658b69a831

                                                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                                                                                                      Filesize

                                                                                                                                                      5KB

                                                                                                                                                      MD5

                                                                                                                                                      7c7e1278e151911ed4697b2f473b7cf3

                                                                                                                                                      SHA1

                                                                                                                                                      d50825771a1e38404fb980d45c90f83f324ec977

                                                                                                                                                      SHA256

                                                                                                                                                      acaaa9fcee548495d6c3a624396c87a11298e1d4e3a04fd39b7ab79cc4c2e7a8

                                                                                                                                                      SHA512

                                                                                                                                                      d6151a9bf8c0453986e317f16aec715f36077b7e7f73d7c2dbac4684f417879ac095253b9b3eb9879150208fad90ee67b5d033aed2486fab045ad2c2a8a1bcc2

                                                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                                                                                                      Filesize

                                                                                                                                                      1KB

                                                                                                                                                      MD5

                                                                                                                                                      e196e741305361ac6269ed3d020be7a3

                                                                                                                                                      SHA1

                                                                                                                                                      d2fa7a0fee24de85ad8dad716308b988b58daf35

                                                                                                                                                      SHA256

                                                                                                                                                      b04d7ae3755f84493b0813b4d9ef69fedce7444ad8cd768db5fe50bae8db80a7

                                                                                                                                                      SHA512

                                                                                                                                                      6596258ccfdd5d4641e588f066f20fbf608e1f3c682190088dab389438057080a1d107c8d9c68fbd68af9ec3b346765c716ee630d6b641d2f38fb86f4292b5c1

                                                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                                                                                                      Filesize

                                                                                                                                                      5KB

                                                                                                                                                      MD5

                                                                                                                                                      d3e2f840d0ad392dfd3d852b5b3e1382

                                                                                                                                                      SHA1

                                                                                                                                                      84d82a46946919e692ddb701a8d81c7a115988d7

                                                                                                                                                      SHA256

                                                                                                                                                      8df3ddb5b8a53b07611bb557853f63df686c719b71169bb66750576f7d1ef52b

                                                                                                                                                      SHA512

                                                                                                                                                      d00c8bf07c7e7d853999d879af8d1b1634cab29c9751b534b082363f820d280a0a1901b834919b097a5217ae0d8528dd25ed71347cb1f71591f10d83819bbd9c

                                                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                                                                                                      Filesize

                                                                                                                                                      5KB

                                                                                                                                                      MD5

                                                                                                                                                      519cdd1f0fee06cf94be6957b2f7579f

                                                                                                                                                      SHA1

                                                                                                                                                      831eb620023b31fbceefb74d1ca88ed021f42def

                                                                                                                                                      SHA256

                                                                                                                                                      0935370ecece53a3a17d7477d4e8094784b42626bc715b27723e0ef6ae044e78

                                                                                                                                                      SHA512

                                                                                                                                                      55140e2276f022fb279f97241157ea99a22645da47926143bcff5e62c29e8318bf1c8d9c56bf789c1b2b99bffb547395967b912fb2fab173af8782824449108d

                                                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                                                                                                      Filesize

                                                                                                                                                      2KB

                                                                                                                                                      MD5

                                                                                                                                                      f2f36342a02a2e59752ff39e3bb0c1a8

                                                                                                                                                      SHA1

                                                                                                                                                      8c12e217103808aed05974c0ea891aaaaf311755

                                                                                                                                                      SHA256

                                                                                                                                                      f33ce17ad469172b1c47893f8054be234ca8b28698b31906537ef3630831c656

                                                                                                                                                      SHA512

                                                                                                                                                      e9a36c28ef3b9446cb29dd2ec3b08f494d574375dd4242ccedb6a44451ddeef64faf7d93a4f8fa9b0107fc4c06d76025924985176e3d879b36b93e34177114e0

                                                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                                                                                                      Filesize

                                                                                                                                                      5KB

                                                                                                                                                      MD5

                                                                                                                                                      a075a2d2f491765a3fea428f78e5a0ff

                                                                                                                                                      SHA1

                                                                                                                                                      e920f13cecdb9f1a888e152cf079bfd0b5f2c6da

                                                                                                                                                      SHA256

                                                                                                                                                      e81f601d261172379dd6e3f534612d4771e3711c3a4eab2b0f8e5a52675cb896

                                                                                                                                                      SHA512

                                                                                                                                                      ef92d990d1321181c38b32ebca10ff13ad1171e8e583e7a9bf4f55af6052c84572fa77a105a3cf1bb34a2e891fb91c896667687704a0ba416f361ae2fe97e9f3

                                                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                                                                                                      Filesize

                                                                                                                                                      6KB

                                                                                                                                                      MD5

                                                                                                                                                      2ef775dbbffa0fb96ffae064a63e5142

                                                                                                                                                      SHA1

                                                                                                                                                      53ab739da39920eb1fd09a63afadd0212333132c

                                                                                                                                                      SHA256

                                                                                                                                                      eb937bcc5125556067fdb99f93834d3e1d8736bf906bd639caf9b96e14367a4b

                                                                                                                                                      SHA512

                                                                                                                                                      9eaa4caa1e1b2bf8b5c3342e0782adc78277f96ee81ee3f832dd903be3824245e69a3174133828d33880975b75922927bfd72525ab2b46fae08bf0e9be7a5f93

                                                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                                                                                                                                      Filesize

                                                                                                                                                      11KB

                                                                                                                                                      MD5

                                                                                                                                                      3e26c0edc0865d79718294f6f9b4ee05

                                                                                                                                                      SHA1

                                                                                                                                                      37115264bc8b0a959727e86bfa5036f9886497ab

                                                                                                                                                      SHA256

                                                                                                                                                      c6b654c961af20817ba6d6c24e609a75b671b0bb3de7176c3b3f1e945e686b3f

                                                                                                                                                      SHA512

                                                                                                                                                      901e6f3afd507bf2cf303e4927a517db80d3840c01fcbab56d74128e2faca1115323aa5774973b8828d0e6dbefb52975098a843b7c626234dcc10fcb21ce02aa

                                                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                                                                                                                                      Filesize

                                                                                                                                                      11KB

                                                                                                                                                      MD5

                                                                                                                                                      9b0221d446b21f9f7b383399a27fb669

                                                                                                                                                      SHA1

                                                                                                                                                      1ec9990eb4c239616cee385dfb34d480f1ac78d8

                                                                                                                                                      SHA256

                                                                                                                                                      1d92bbbddfa41482b2547c0802dd11e6dfdcb1fcd044238106bb810a06375a9a

                                                                                                                                                      SHA512

                                                                                                                                                      56ee566c41e30e487c354731b6263202670f0c2da65df18ae1f5594bca4a237334afad1bfdd07dbdb083c17e76e0e968058c3e60d113abea347e1cebd30b2418

                                                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                                                                                                                                      Filesize

                                                                                                                                                      19KB

                                                                                                                                                      MD5

                                                                                                                                                      4b76b71ade5b53bed817ad22209140b9

                                                                                                                                                      SHA1

                                                                                                                                                      33aa0b2d0c16ff6f280bb23fbfdc48a51fc119a7

                                                                                                                                                      SHA256

                                                                                                                                                      d4e8c2f2c5bdc5bac9123901342086f9337ec2ae772402e279da747851b834e0

                                                                                                                                                      SHA512

                                                                                                                                                      9e5329764eb614e456a25615674139076ea3407f13b214b4f2a3a8080a19d354015a306e036e71bb6e158e31c7ca7ec88b1060736b64de8ade722b1ec9d3e327

                                                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                                                                                                                                      Filesize

                                                                                                                                                      20KB

                                                                                                                                                      MD5

                                                                                                                                                      f56ea33f618dfc0f4f3ff627dd4f98f0

                                                                                                                                                      SHA1

                                                                                                                                                      0c1f42877144804a3d5ab2273598974ae2849ee7

                                                                                                                                                      SHA256

                                                                                                                                                      814efc6ca0aa57efe69587a5751987585f5a17cf27d3d128fccc44afffc34af2

                                                                                                                                                      SHA512

                                                                                                                                                      106266139a19515874a2c252e773bffd460ecf069d78505bb6c4262eda3fc1f9554b516e266087b682442d4bb51a447a0f23db2a100dc5ebdba56d03f78347c0

                                                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                                                                      Filesize

                                                                                                                                                      6KB

                                                                                                                                                      MD5

                                                                                                                                                      c5a7220619848b9ca5e9815c0f212019

                                                                                                                                                      SHA1

                                                                                                                                                      ce5e48bc5cd23d26667d23b9ec5f5d6229e5fe59

                                                                                                                                                      SHA256

                                                                                                                                                      13025e0e778bf941db95dfefc9aa5ce1c2634a51724a44e683ea77a152aef855

                                                                                                                                                      SHA512

                                                                                                                                                      c02e291ec6fb229ff4891e7306125b56ccb46c129379ad06d0413dfc9fde0ebabb8fe6ee5fcb81abd2f020cf00c01f93f45caf1963efece6379a8a5f85be9edd

                                                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                                                                      Filesize

                                                                                                                                                      15KB

                                                                                                                                                      MD5

                                                                                                                                                      e9fbde828d6b152963a4d6e2d98ebba9

                                                                                                                                                      SHA1

                                                                                                                                                      b947a312a9826a1e5e3748e15a2d7a2273d48f0a

                                                                                                                                                      SHA256

                                                                                                                                                      423720eb4f1055947aad14e1e7f930d0215d37b9e35930f4b1a1b839cfc6967e

                                                                                                                                                      SHA512

                                                                                                                                                      62a19d47b8ad0fd89ce10fb8c2f1aad550e7661b7fb637ee31103abf1f828e4e191e52c4f854ff18c686d204c12c087ec65a091ae27bdad83b11a165eae32de7

                                                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                                                                      Filesize

                                                                                                                                                      21KB

                                                                                                                                                      MD5

                                                                                                                                                      40546386ca12c23f86be3b2a38b136b8

                                                                                                                                                      SHA1

                                                                                                                                                      32506338fa3f3819454d429b9c3cc5991971b6e3

                                                                                                                                                      SHA256

                                                                                                                                                      f49a6abda6f5d6a7b61160e28e726b20b653a819023547371af865357e8881a4

                                                                                                                                                      SHA512

                                                                                                                                                      eaf7836592e6394206fdc2a05175289c9335735a3b9f29b05663f8a4ae86f75d79be2bb64896ac18c07909a9195abfd6eb4e3c9911ad6d7535bf381aaa4e199f

                                                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                                                                      Filesize

                                                                                                                                                      22KB

                                                                                                                                                      MD5

                                                                                                                                                      28f5a3be7543686eaf5bc70e521ffab0

                                                                                                                                                      SHA1

                                                                                                                                                      388506b0aeaa1ab88bff7c010a35e0c210199094

                                                                                                                                                      SHA256

                                                                                                                                                      c9977aadcdc85b95311cf59037441e56d7fb0758f39c0cce14cda7019570d353

                                                                                                                                                      SHA512

                                                                                                                                                      b52046d0c7a913498229c379b2f842e23c767084b4d45b541d65664dde0f59e5975738707222ecb80fcfdfa2283604432057a8229ef2f06a6f48ce22254c1b5d

                                                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                                                                      Filesize

                                                                                                                                                      14KB

                                                                                                                                                      MD5

                                                                                                                                                      002c743ad9370721e8ae4c36179693d2

                                                                                                                                                      SHA1

                                                                                                                                                      b0f0abdcff4cf57d4e9a4a1ceb61a364c04d6a73

                                                                                                                                                      SHA256

                                                                                                                                                      f0218fdfc317d2f0518257306eb8717ac360ecdf657dc50c964d3faf5c756548

                                                                                                                                                      SHA512

                                                                                                                                                      c7c1b45d12fa97c893045aa78d28b423c3f17925c40fb791f25d53a7f9ac51268ba9a0ce6449659992429fc1294169c37c8fed79015fd69b75f3673216354fa7

                                                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                                                                      Filesize

                                                                                                                                                      9KB

                                                                                                                                                      MD5

                                                                                                                                                      90f657a9e0d9e0a87807c2cb2fe4ec22

                                                                                                                                                      SHA1

                                                                                                                                                      35e8086b22a4f5fd38906eaa489edbb28574f8dc

                                                                                                                                                      SHA256

                                                                                                                                                      77548acdc4692264eca33ecd4fb65b13a785879f374f96843a8f883024c277d0

                                                                                                                                                      SHA512

                                                                                                                                                      df44bcc714d3ac9dc77a7c9b240b731c7fa39daf522b1bc1ceeb1bf577e9a36d2e281219edf1a79d27ed17a7ca6c7257c7d486675277d81942d184f784bf7d84

                                                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                                                                      Filesize

                                                                                                                                                      22KB

                                                                                                                                                      MD5

                                                                                                                                                      ed17b99884ad7e7b20b70d0170d34c52

                                                                                                                                                      SHA1

                                                                                                                                                      bc9ae0258e7637181165c9f1861be7cbd4b21886

                                                                                                                                                      SHA256

                                                                                                                                                      4dcb84327213f352980965f82ec21797510cd3e1041b39dbcfbcfeaf63b18ef7

                                                                                                                                                      SHA512

                                                                                                                                                      f89904cba54b5a7a936c8737dd0bfd89a767c128365a0c1bb6532da49397a76a09fd97fc278993512da8ddd6cfd472032393e6255b11903a3bd999d2a519e3ae

                                                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                                                                      Filesize

                                                                                                                                                      23KB

                                                                                                                                                      MD5

                                                                                                                                                      f6c720b9ed8580361b82efe1037042d8

                                                                                                                                                      SHA1

                                                                                                                                                      4e491d0ea59c6f600d1cbc50453a5af9a43564f4

                                                                                                                                                      SHA256

                                                                                                                                                      e976bc6eb2c23de06da029d5c4f103804a1f7ab5ebe0da15075562d86e5973f1

                                                                                                                                                      SHA512

                                                                                                                                                      a43f7500444440c5b930e7893b4595fa5c6bed0a737747fa201c8c406541d35467c4bd5972b23a39fa6e2bb44a93790f13e54cb2e8485568b4c6c5fdea5c4963

                                                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

                                                                                                                                                      Filesize

                                                                                                                                                      16B

                                                                                                                                                      MD5

                                                                                                                                                      46295cac801e5d4857d09837238a6394

                                                                                                                                                      SHA1

                                                                                                                                                      44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                                                                                                                                      SHA256

                                                                                                                                                      0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                                                                                                                                      SHA512

                                                                                                                                                      8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

                                                                                                                                                      Filesize

                                                                                                                                                      72B

                                                                                                                                                      MD5

                                                                                                                                                      6d3e2ec1273c8db24254ecd390b8cc94

                                                                                                                                                      SHA1

                                                                                                                                                      a94c1c768c823a83aa0fb8ac0143254b2f8f9ecf

                                                                                                                                                      SHA256

                                                                                                                                                      1df23c624770bf096b03423d8019383fd5387a14de5f19c378263aa0a61a922a

                                                                                                                                                      SHA512

                                                                                                                                                      1daa60ac82dc4db185eda8eb8f7e9d1ce8b32ef6966657ca97b12b89dbe8e84dadc4a9b1b4f80072c64647315a8069efd695ea0f7c42d01e41d0d14ec85e21fa

                                                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5c08e1.TMP

                                                                                                                                                      Filesize

                                                                                                                                                      48B

                                                                                                                                                      MD5

                                                                                                                                                      27fee743ad012b5ec09206bbdf3ecaf3

                                                                                                                                                      SHA1

                                                                                                                                                      4d0fec4750de4603481cace5c362ccd7a3e6fdaf

                                                                                                                                                      SHA256

                                                                                                                                                      c0e17cac64c152da664e39c60e02144bf7343a320a30a658470febb7ad544dde

                                                                                                                                                      SHA512

                                                                                                                                                      ae412bd1f1a1c7e88ac4283591d1e74af2c91584a04d671d158ea6a4ad02831361ef3c53e9fec2bb8d15f9e4ebbdf447b442207cbaa969a7102c63cce56c22b7

                                                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                                                                                      Filesize

                                                                                                                                                      6KB

                                                                                                                                                      MD5

                                                                                                                                                      2fbf23c7c6b04bd5e4700f77885168a8

                                                                                                                                                      SHA1

                                                                                                                                                      bde75b8fc362872175d0349f8468e14c054aeddf

                                                                                                                                                      SHA256

                                                                                                                                                      8bd7c4b104c32b82e39d033ddbfea0825a46a75d582d8e8230acccfaf81003f4

                                                                                                                                                      SHA512

                                                                                                                                                      29baf1d8ad95605f5835fddd753822fd27f4bf75e0ce0c8e981acea3cf99df28453712daaae548b5190b7af5b36eb4cf8e658a595a9eddbc8a6cacfaf40fd29f

                                                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                                                                                      Filesize

                                                                                                                                                      6KB

                                                                                                                                                      MD5

                                                                                                                                                      017ca67585dd136c69e3f21eff8f87f0

                                                                                                                                                      SHA1

                                                                                                                                                      8428b5c27f9f58ea0981d2c8f829cf01d1e114f5

                                                                                                                                                      SHA256

                                                                                                                                                      38bbdcc45ed02175337f537aa500c0aba2aa2b8018a643c9f14eab3cd7a855e8

                                                                                                                                                      SHA512

                                                                                                                                                      916df21aef067f9b00f9435b3e3accc41bd2eb6465bb2d39a00c2ecd17aa30f15f0f7783f4dddb8cea86bc12fbf5ad8f7d3927a9d7b7c06f30a9721f96deba04

                                                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                                                                                      Filesize

                                                                                                                                                      3KB

                                                                                                                                                      MD5

                                                                                                                                                      2b37e5590ee9bcf801449f5dd18190be

                                                                                                                                                      SHA1

                                                                                                                                                      52fc6863735ab40c1102b740584ee0ee45c92f18

                                                                                                                                                      SHA256

                                                                                                                                                      9fc1124ccf31c086911630ef9228db2fffe038ff71b12803911977556a3947e0

                                                                                                                                                      SHA512

                                                                                                                                                      b89944d4af5eb019cd3bb73b906a31aad5eefdf8dfc080561267f90caa1e4a822d5b02add231f8090d6b5fd9bd4b202f57119f94729a39e29bdb5969b2849a79

                                                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                                                                                      Filesize

                                                                                                                                                      6KB

                                                                                                                                                      MD5

                                                                                                                                                      41ad03abb83fca57a393d2727fd356e6

                                                                                                                                                      SHA1

                                                                                                                                                      34f35047e4cdcec1ae682c31b8824735c53a8dbe

                                                                                                                                                      SHA256

                                                                                                                                                      f0b5f9eade2b0de8ebeec8e13f17750dee1d8159004e17709eee501f9f9624af

                                                                                                                                                      SHA512

                                                                                                                                                      61a47912b3a65fb323ba83f08943c8ce2a72c56f8168403537fdccf3b09046d6addb7384f9bd2d71ba5c3a753151ba679901b34fcab0aa5c6c591a97ea0ab52c

                                                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57a122.TMP

                                                                                                                                                      Filesize

                                                                                                                                                      1KB

                                                                                                                                                      MD5

                                                                                                                                                      dbcb017f7f9cba75803cc153cf2abb5b

                                                                                                                                                      SHA1

                                                                                                                                                      687651b68ae6dc0b597a061de25a43473eee16bf

                                                                                                                                                      SHA256

                                                                                                                                                      02225f36294bfe230d0b53166518ccefd660347947ad66aa5bb27aa5b6330434

                                                                                                                                                      SHA512

                                                                                                                                                      e8d567042611fc8e99213cccd511e7f90dff18b17a4020ea4111ae10ec7cf10de87e8a708828603c8829050ed934ac4781bdc0db1d04efa3b0bd0d50e9ec0f1d

                                                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                                                                                                                                                      Filesize

                                                                                                                                                      16B

                                                                                                                                                      MD5

                                                                                                                                                      6752a1d65b201c13b62ea44016eb221f

                                                                                                                                                      SHA1

                                                                                                                                                      58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                                                                                                                                      SHA256

                                                                                                                                                      0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                                                                                                                                      SHA512

                                                                                                                                                      9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                                                                                      Filesize

                                                                                                                                                      11KB

                                                                                                                                                      MD5

                                                                                                                                                      ddd5c4e425f2af15e3c00b1335167416

                                                                                                                                                      SHA1

                                                                                                                                                      113a376fcc6e784b78bee614a483b523a26b9122

                                                                                                                                                      SHA256

                                                                                                                                                      1bc2d9ba1719304e2d465f6032f22eedcbd7aba02490d1d68ba1e9bf7aa221c4

                                                                                                                                                      SHA512

                                                                                                                                                      5257598bb2a43d91f51748ba3a36c71c2a427315d120a711a3ad000cf62564f14d8a1d6f3cabad3a13a736b8219d173d8158c64052e62a0cf3e3e2cf5e404734

                                                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                                                                                      Filesize

                                                                                                                                                      12KB

                                                                                                                                                      MD5

                                                                                                                                                      a9b7db12120106c3b46f40e511bf3662

                                                                                                                                                      SHA1

                                                                                                                                                      397ea1914b208d425ea3f99a030ace2f456d3597

                                                                                                                                                      SHA256

                                                                                                                                                      70982122e3ba7f8f4b6e4dbbd87483550cf7b0d378acb6bfc7efbe2cf46490ac

                                                                                                                                                      SHA512

                                                                                                                                                      3561630e73207ce77bbb9bad97fd61b43a16d0b8af026b1be844c82ac7b2a45a82e370a287cab971880c948c7eec53cdff0d71b1b0358a67ebe901cdca29727e

                                                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                                                                                      Filesize

                                                                                                                                                      11KB

                                                                                                                                                      MD5

                                                                                                                                                      39fa10409587c3aae761f79ceb9d18f2

                                                                                                                                                      SHA1

                                                                                                                                                      f548d211ee7b48db184fa5fff28f5299b788d88c

                                                                                                                                                      SHA256

                                                                                                                                                      3e697f301b8adc3a4beb8e9ece503da6ef472b28f8626126f0845ffb7541e883

                                                                                                                                                      SHA512

                                                                                                                                                      20c23ba17b3c57937ad2da9df188d5eae231fa954b35ee959316f02053b3e7e943df2bcd2354bcc6115af2ddfaca75bd3d753803360e0067e52ace2c2e0bed90

                                                                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                                                                                      Filesize

                                                                                                                                                      12KB

                                                                                                                                                      MD5

                                                                                                                                                      b354f6d9dcc3f628aa5ed2f346883903

                                                                                                                                                      SHA1

                                                                                                                                                      17e3560a0b37e2b92a90f270e55d74715979cd8a

                                                                                                                                                      SHA256

                                                                                                                                                      e8e2923909a9ff0892bc1a6fe1af4ec89ab094334a256d28860fd979ae3b06cf

                                                                                                                                                      SHA512

                                                                                                                                                      53d7c88986c69acec34786dc45c4e47732ef9b7592155f88ec1ae711707dc0ed171050e6635ea3714a71158c783123bab1aea44424d0462766b2db3819285ef8

                                                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\cur1058.tmp

                                                                                                                                                      Filesize

                                                                                                                                                      7KB

                                                                                                                                                      MD5

                                                                                                                                                      0ad26da2c6964e62a0c4aba120b10a4c

                                                                                                                                                      SHA1

                                                                                                                                                      b7f3d4bf27ccadef4c99658a565983d7390fc27c

                                                                                                                                                      SHA256

                                                                                                                                                      84ead5361e3e86a973113b1e752071e726ec62680db50d906fbd67adbe8f4017

                                                                                                                                                      SHA512

                                                                                                                                                      7ff32768fccac1af15c40c88e4e0c766c5eae5008ba4527f3f52c8d2de55f842d53a0a07d5af893442b6838cc02797714fa4bbaa5f16e1bda49bbc0dc83c852f

                                                                                                                                                    • C:\Users\Admin\AppData\Roaming\Goldberg SteamEmu Saves\settings\account_name.txt

                                                                                                                                                      Filesize

                                                                                                                                                      4B

                                                                                                                                                      MD5

                                                                                                                                                      654e1c2ac6312d8c6441282f155c8ce9

                                                                                                                                                      SHA1

                                                                                                                                                      b601eaa0f87fe94355f635b77a7608b971ea8825

                                                                                                                                                      SHA256

                                                                                                                                                      bc3a7860cd4f58f3e1e66a20e3cb2930477121c46b9e030636bc6c5cfd050071

                                                                                                                                                      SHA512

                                                                                                                                                      a3adcc6bef462dcea21dd995bec6b4466c68ee85c8059c27fba7bb33ec57ec00c6bed9528be92d1044100b749a68ee439f84c9b8a37d1dd13d7fccbe231ed31a

                                                                                                                                                    • C:\Users\Admin\AppData\Roaming\Goldberg SteamEmu Saves\settings\listen_port.txt

                                                                                                                                                      Filesize

                                                                                                                                                      5B

                                                                                                                                                      MD5

                                                                                                                                                      76bf79e9a0a4c128d97dbd6900773f4b

                                                                                                                                                      SHA1

                                                                                                                                                      8abb38a924d5bf8a1ee12fe96aa2d2be942704d6

                                                                                                                                                      SHA256

                                                                                                                                                      45095e3e3f29ea73ffab2e23158b7cd2afa6532004b5a9b6f06d4e5e068a89aa

                                                                                                                                                      SHA512

                                                                                                                                                      8cd54c07d87c41103d963eb7dfd2642b07bb67ceb731b477fc9cd9b736ab03833dc2e2d0b2eb399002d76d405a20d5816d19d77ef760d7dac0c1a67d80662535