Overview

overview

10

Static

static

1

URLScan

urlscan

https://github.com/N...

windows10-2004-x64

1

https://github.com/N...

windows11-21h2-x64

10

Resubmissions

25-06-2024 18:00

240625-wlaabathra 10

25-06-2024 17:57

240625-wjmgvsxann 8

Analysis

  • max time kernel
    685s
  • max time network
    684s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240611-en
  • resource tags

    arch:x64arch:x86image:win11-20240611-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    25-06-2024 18:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://github.com/NightfallGT/Mercurial-Grabber/releases/download/v1.0/Mercurial.Grabber.v1.03.rar

Score
10/10
mercurialgrabberagilenetdiscoveryevasionpersistenceprivilege_escalationspywarestealer

Malware Config

Extracted

Family

mercurialgrabber

C2

https://discord.com/api/webhooks/1255222220603527268/AGD211XsIUormHYH6WFTZtjm98Yftq967hmQ3dWsqqCtZLcva1S6CU8yE68FlfyyQxzs

Signatures

  • Mercurial Grabber Stealer

    Mercurial Grabber is an open source stealer targeting Chrome, Discord and some game clients as well as generic system information.

    stealermercurialgrabber
  • Looks for VirtualBox Guest Additions in registry 2 TTPs 2 IoCs
    evasion
  • Downloads MZ/PE file
  • Looks for VMWare Tools registry key 2 TTPs 2 IoCs
    evasion
  • Checks BIOS information in registry 2 TTPs 2 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Event Triggered Execution: Component Object Model Hijacking 1 TTPs

    Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    persistenceprivilege_escalation
  • Executes dropped EXE 9 IoCs
  • Loads dropped DLL 2 IoCs
  • Obfuscated with Agile.Net obfuscator 12 IoCs

    Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

    agilenet
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 14 IoCs
  • Looks up external IP address via web service 6 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Maps connected drives based on registry 3 TTPs 4 IoCs

    Disk information is often read in order to detect sandboxing environments.

  • Drops file in Program Files directory 64 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks SCSI registry key(s) 3 TTPs 2 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Checks processor information in registry 2 TTPs 6 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 11 IoCs
  • Modifies registry class 30 IoCs
  • NTFS ADS 8 IoCs
  • Opens file in notepad (likely ransom note) 2 IoCs
    ransomware
  • Suspicious behavior: EnumeratesProcesses 54 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 16 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 12 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/NightfallGT/Mercurial-Grabber/releases/download/v1.0/Mercurial.Grabber.v1.03.rar
    1⤵
    • Enumerates system info in registry
    • Modifies registry class
    • NTFS ADS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:3340
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff8bf1c3cb8,0x7ff8bf1c3cc8,0x7ff8bf1c3cd8
      2⤵
        PID:2812
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1916,10899137670579838557,7538365969698206901,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1948 /prefetch:2
        2⤵
          PID:4152
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1916,10899137670579838557,7538365969698206901,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2360 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:4488
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1916,10899137670579838557,7538365969698206901,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2612 /prefetch:8
          2⤵
            PID:3200
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,10899137670579838557,7538365969698206901,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
            2⤵
              PID:4900
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,10899137670579838557,7538365969698206901,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
              2⤵
                PID:3548
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,10899137670579838557,7538365969698206901,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4996 /prefetch:1
                2⤵
                  PID:2776
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1916,10899137670579838557,7538365969698206901,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4068 /prefetch:8
                  2⤵
                  • NTFS ADS
                  • Suspicious behavior: EnumeratesProcesses
                  PID:4220
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1916,10899137670579838557,7538365969698206901,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3860 /prefetch:8
                  2⤵
                  • Suspicious behavior: EnumeratesProcesses
                  PID:488
                • C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1916,10899137670579838557,7538365969698206901,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5912 /prefetch:8
                  2⤵
                  • Suspicious behavior: EnumeratesProcesses
                  PID:3424
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,10899137670579838557,7538365969698206901,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4900 /prefetch:1
                  2⤵
                    PID:3408
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,10899137670579838557,7538365969698206901,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4896 /prefetch:1
                    2⤵
                      PID:3012
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,10899137670579838557,7538365969698206901,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5528 /prefetch:1
                      2⤵
                        PID:4712
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,10899137670579838557,7538365969698206901,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3456 /prefetch:1
                        2⤵
                          PID:1856
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,10899137670579838557,7538365969698206901,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5540 /prefetch:1
                          2⤵
                            PID:4392
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,10899137670579838557,7538365969698206901,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5200 /prefetch:1
                            2⤵
                              PID:712
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1916,10899137670579838557,7538365969698206901,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6000 /prefetch:8
                              2⤵
                                PID:3380
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1916,10899137670579838557,7538365969698206901,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5560 /prefetch:8
                                2⤵
                                • Modifies registry class
                                • Suspicious behavior: EnumeratesProcesses
                                PID:1324
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,10899137670579838557,7538365969698206901,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5876 /prefetch:1
                                2⤵
                                  PID:4576
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,10899137670579838557,7538365969698206901,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5944 /prefetch:1
                                  2⤵
                                    PID:3548
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,10899137670579838557,7538365969698206901,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6152 /prefetch:1
                                    2⤵
                                      PID:4476
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,10899137670579838557,7538365969698206901,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6516 /prefetch:1
                                      2⤵
                                        PID:4308
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1916,10899137670579838557,7538365969698206901,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3436 /prefetch:8
                                        2⤵
                                          PID:4812
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1916,10899137670579838557,7538365969698206901,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4920 /prefetch:8
                                          2⤵
                                          • NTFS ADS
                                          • Suspicious behavior: EnumeratesProcesses
                                          PID:2296
                                        • C:\Users\Admin\Downloads\7z2407-x64.exe
                                          "C:\Users\Admin\Downloads\7z2407-x64.exe"
                                          2⤵
                                          • Executes dropped EXE
                                          • Drops file in Program Files directory
                                          • Modifies registry class
                                          • Suspicious use of SetWindowsHookEx
                                          PID:4716
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1916,10899137670579838557,7538365969698206901,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5008 /prefetch:2
                                          2⤵
                                          • Suspicious behavior: EnumeratesProcesses
                                          PID:4436
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,10899137670579838557,7538365969698206901,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5432 /prefetch:1
                                          2⤵
                                            PID:5008
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,10899137670579838557,7538365969698206901,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4840 /prefetch:1
                                            2⤵
                                              PID:5080
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,10899137670579838557,7538365969698206901,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6456 /prefetch:1
                                              2⤵
                                                PID:1080
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,10899137670579838557,7538365969698206901,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6688 /prefetch:1
                                                2⤵
                                                  PID:4736
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,10899137670579838557,7538365969698206901,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4928 /prefetch:1
                                                  2⤵
                                                    PID:4900
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,10899137670579838557,7538365969698206901,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7120 /prefetch:1
                                                    2⤵
                                                      PID:4944
                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,10899137670579838557,7538365969698206901,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6156 /prefetch:1
                                                      2⤵
                                                        PID:2564
                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,10899137670579838557,7538365969698206901,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7252 /prefetch:1
                                                        2⤵
                                                          PID:1308
                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,10899137670579838557,7538365969698206901,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7080 /prefetch:1
                                                          2⤵
                                                            PID:2324
                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,10899137670579838557,7538365969698206901,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5924 /prefetch:1
                                                            2⤵
                                                              PID:4500
                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,10899137670579838557,7538365969698206901,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7016 /prefetch:1
                                                              2⤵
                                                                PID:1920
                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,10899137670579838557,7538365969698206901,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7296 /prefetch:1
                                                                2⤵
                                                                  PID:428
                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,10899137670579838557,7538365969698206901,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6284 /prefetch:1
                                                                  2⤵
                                                                    PID:1732
                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,10899137670579838557,7538365969698206901,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7144 /prefetch:1
                                                                    2⤵
                                                                      PID:4848
                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,10899137670579838557,7538365969698206901,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7620 /prefetch:1
                                                                      2⤵
                                                                        PID:480
                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,10899137670579838557,7538365969698206901,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6976 /prefetch:1
                                                                        2⤵
                                                                          PID:2100
                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,10899137670579838557,7538365969698206901,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7904 /prefetch:1
                                                                          2⤵
                                                                            PID:2344
                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1916,10899137670579838557,7538365969698206901,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=8172 /prefetch:8
                                                                            2⤵
                                                                              PID:2948
                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,10899137670579838557,7538365969698206901,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6292 /prefetch:1
                                                                              2⤵
                                                                                PID:2948
                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,10899137670579838557,7538365969698206901,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7760 /prefetch:1
                                                                                2⤵
                                                                                  PID:3956
                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,10899137670579838557,7538365969698206901,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8720 /prefetch:1
                                                                                  2⤵
                                                                                    PID:4920
                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,10899137670579838557,7538365969698206901,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8568 /prefetch:1
                                                                                    2⤵
                                                                                      PID:3316
                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1916,10899137670579838557,7538365969698206901,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=9084 /prefetch:8
                                                                                      2⤵
                                                                                        PID:1124
                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,10899137670579838557,7538365969698206901,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9180 /prefetch:1
                                                                                        2⤵
                                                                                          PID:3732
                                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,10899137670579838557,7538365969698206901,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8604 /prefetch:1
                                                                                          2⤵
                                                                                            PID:2668
                                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,10899137670579838557,7538365969698206901,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6460 /prefetch:1
                                                                                            2⤵
                                                                                              PID:3048
                                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,10899137670579838557,7538365969698206901,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7228 /prefetch:1
                                                                                              2⤵
                                                                                                PID:3740
                                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,10899137670579838557,7538365969698206901,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6324 /prefetch:1
                                                                                                2⤵
                                                                                                  PID:1496
                                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,10899137670579838557,7538365969698206901,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6228 /prefetch:1
                                                                                                  2⤵
                                                                                                    PID:4284
                                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,10899137670579838557,7538365969698206901,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7972 /prefetch:1
                                                                                                    2⤵
                                                                                                      PID:912
                                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,10899137670579838557,7538365969698206901,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6976 /prefetch:1
                                                                                                      2⤵
                                                                                                        PID:4104
                                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,10899137670579838557,7538365969698206901,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7500 /prefetch:1
                                                                                                        2⤵
                                                                                                          PID:2204
                                                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,10899137670579838557,7538365969698206901,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5712 /prefetch:1
                                                                                                          2⤵
                                                                                                            PID:1336
                                                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,10899137670579838557,7538365969698206901,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7864 /prefetch:1
                                                                                                            2⤵
                                                                                                              PID:4916
                                                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,10899137670579838557,7538365969698206901,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6892 /prefetch:1
                                                                                                              2⤵
                                                                                                                PID:1556
                                                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1916,10899137670579838557,7538365969698206901,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7676 /prefetch:8
                                                                                                                2⤵
                                                                                                                • NTFS ADS
                                                                                                                • Suspicious behavior: EnumeratesProcesses
                                                                                                                PID:1456
                                                                                                              • C:\Windows\system32\NOTEPAD.EXE
                                                                                                                "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\sigma.txt
                                                                                                                2⤵
                                                                                                                • Opens file in notepad (likely ransom note)
                                                                                                                PID:572
                                                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,10899137670579838557,7538365969698206901,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8980 /prefetch:1
                                                                                                                2⤵
                                                                                                                  PID:3244
                                                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,10899137670579838557,7538365969698206901,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8652 /prefetch:1
                                                                                                                  2⤵
                                                                                                                    PID:3048
                                                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,10899137670579838557,7538365969698206901,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3016 /prefetch:1
                                                                                                                    2⤵
                                                                                                                      PID:1768
                                                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,10899137670579838557,7538365969698206901,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5708 /prefetch:1
                                                                                                                      2⤵
                                                                                                                        PID:4016
                                                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,10899137670579838557,7538365969698206901,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7372 /prefetch:1
                                                                                                                        2⤵
                                                                                                                          PID:2452
                                                                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,10899137670579838557,7538365969698206901,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4840 /prefetch:1
                                                                                                                          2⤵
                                                                                                                            PID:1072
                                                                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,10899137670579838557,7538365969698206901,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7164 /prefetch:1
                                                                                                                            2⤵
                                                                                                                              PID:440
                                                                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,10899137670579838557,7538365969698206901,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1908 /prefetch:1
                                                                                                                              2⤵
                                                                                                                                PID:4100
                                                                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,10899137670579838557,7538365969698206901,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9860 /prefetch:1
                                                                                                                                2⤵
                                                                                                                                  PID:5332
                                                                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,10899137670579838557,7538365969698206901,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10004 /prefetch:1
                                                                                                                                  2⤵
                                                                                                                                    PID:5568
                                                                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,10899137670579838557,7538365969698206901,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10268 /prefetch:1
                                                                                                                                    2⤵
                                                                                                                                      PID:5580
                                                                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,10899137670579838557,7538365969698206901,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10624 /prefetch:1
                                                                                                                                      2⤵
                                                                                                                                        PID:5660
                                                                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,10899137670579838557,7538365969698206901,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10468 /prefetch:1
                                                                                                                                        2⤵
                                                                                                                                          PID:5736
                                                                                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,10899137670579838557,7538365969698206901,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10208 /prefetch:1
                                                                                                                                          2⤵
                                                                                                                                            PID:5804
                                                                                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,10899137670579838557,7538365969698206901,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11000 /prefetch:1
                                                                                                                                            2⤵
                                                                                                                                              PID:5872
                                                                                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,10899137670579838557,7538365969698206901,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10200 /prefetch:1
                                                                                                                                              2⤵
                                                                                                                                                PID:5944
                                                                                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,10899137670579838557,7538365969698206901,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=81 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11172 /prefetch:1
                                                                                                                                                2⤵
                                                                                                                                                  PID:6100
                                                                                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,10899137670579838557,7538365969698206901,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=82 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11520 /prefetch:1
                                                                                                                                                  2⤵
                                                                                                                                                    PID:5324
                                                                                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,10899137670579838557,7538365969698206901,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=83 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11576 /prefetch:1
                                                                                                                                                    2⤵
                                                                                                                                                      PID:5404
                                                                                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,10899137670579838557,7538365969698206901,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=84 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10956 /prefetch:1
                                                                                                                                                      2⤵
                                                                                                                                                        PID:6224
                                                                                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,10899137670579838557,7538365969698206901,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=85 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11168 /prefetch:1
                                                                                                                                                        2⤵
                                                                                                                                                          PID:6296
                                                                                                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,10899137670579838557,7538365969698206901,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=86 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11228 /prefetch:1
                                                                                                                                                          2⤵
                                                                                                                                                            PID:6368
                                                                                                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,10899137670579838557,7538365969698206901,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=87 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11416 /prefetch:1
                                                                                                                                                            2⤵
                                                                                                                                                              PID:5492
                                                                                                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,10899137670579838557,7538365969698206901,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=88 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8072 /prefetch:1
                                                                                                                                                              2⤵
                                                                                                                                                                PID:5836
                                                                                                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,10899137670579838557,7538365969698206901,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=89 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7236 /prefetch:1
                                                                                                                                                                2⤵
                                                                                                                                                                  PID:3008
                                                                                                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,10899137670579838557,7538365969698206901,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=90 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10568 /prefetch:1
                                                                                                                                                                  2⤵
                                                                                                                                                                    PID:6044
                                                                                                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,10899137670579838557,7538365969698206901,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=91 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8508 /prefetch:1
                                                                                                                                                                    2⤵
                                                                                                                                                                      PID:3188
                                                                                                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaService --field-trial-handle=1916,10899137670579838557,7538365969698206901,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=10856 /prefetch:8
                                                                                                                                                                      2⤵
                                                                                                                                                                      • Suspicious behavior: EnumeratesProcesses
                                                                                                                                                                      PID:6832
                                                                                                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,10899137670579838557,7538365969698206901,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=93 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8080 /prefetch:1
                                                                                                                                                                      2⤵
                                                                                                                                                                        PID:2056
                                                                                                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,10899137670579838557,7538365969698206901,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=94 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9092 /prefetch:1
                                                                                                                                                                        2⤵
                                                                                                                                                                          PID:6544
                                                                                                                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,10899137670579838557,7538365969698206901,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=95 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9808 /prefetch:1
                                                                                                                                                                          2⤵
                                                                                                                                                                            PID:6732
                                                                                                                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,10899137670579838557,7538365969698206901,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=96 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7708 /prefetch:1
                                                                                                                                                                            2⤵
                                                                                                                                                                              PID:6728
                                                                                                                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,10899137670579838557,7538365969698206901,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=98 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11852 /prefetch:1
                                                                                                                                                                              2⤵
                                                                                                                                                                                PID:4756
                                                                                                                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1916,10899137670579838557,7538365969698206901,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=11888 /prefetch:8
                                                                                                                                                                                2⤵
                                                                                                                                                                                • NTFS ADS
                                                                                                                                                                                • Suspicious behavior: EnumeratesProcesses
                                                                                                                                                                                PID:2088
                                                                                                                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,10899137670579838557,7538365969698206901,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=101 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11536 /prefetch:1
                                                                                                                                                                                2⤵
                                                                                                                                                                                  PID:6504
                                                                                                                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1916,10899137670579838557,7538365969698206901,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=10500 /prefetch:8
                                                                                                                                                                                  2⤵
                                                                                                                                                                                  • NTFS ADS
                                                                                                                                                                                  • Suspicious behavior: EnumeratesProcesses
                                                                                                                                                                                  PID:2784
                                                                                                                                                                              • C:\Windows\System32\CompPkgSrv.exe
                                                                                                                                                                                C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                                                                                                                                1⤵
                                                                                                                                                                                  PID:468
                                                                                                                                                                                • C:\Windows\System32\CompPkgSrv.exe
                                                                                                                                                                                  C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                                                                                                                                  1⤵
                                                                                                                                                                                    PID:4024
                                                                                                                                                                                  • C:\Windows\System32\rundll32.exe
                                                                                                                                                                                    C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                                                                                                                                                                    1⤵
                                                                                                                                                                                      PID:2392
                                                                                                                                                                                    • C:\Program Files\7-Zip\7z.exe
                                                                                                                                                                                      "C:\Program Files\7-Zip\7z.exe"
                                                                                                                                                                                      1⤵
                                                                                                                                                                                      • Executes dropped EXE
                                                                                                                                                                                      PID:4100
                                                                                                                                                                                    • C:\Program Files\7-Zip\7zFM.exe
                                                                                                                                                                                      "C:\Program Files\7-Zip\7zFM.exe"
                                                                                                                                                                                      1⤵
                                                                                                                                                                                      • Executes dropped EXE
                                                                                                                                                                                      • Loads dropped DLL
                                                                                                                                                                                      • Modifies registry class
                                                                                                                                                                                      • NTFS ADS
                                                                                                                                                                                      • Suspicious behavior: EnumeratesProcesses
                                                                                                                                                                                      • Suspicious behavior: GetForegroundWindowSpam
                                                                                                                                                                                      • Suspicious use of AdjustPrivilegeToken
                                                                                                                                                                                      • Suspicious use of FindShellTrayWindow
                                                                                                                                                                                      PID:3440
                                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Temp\7zO07D06A58\Mercurial.exe
                                                                                                                                                                                        "C:\Users\Admin\AppData\Local\Temp\7zO07D06A58\Mercurial.exe"
                                                                                                                                                                                        2⤵
                                                                                                                                                                                        • Executes dropped EXE
                                                                                                                                                                                        • Suspicious behavior: EnumeratesProcesses
                                                                                                                                                                                        • Suspicious use of AdjustPrivilegeToken
                                                                                                                                                                                        PID:4764
                                                                                                                                                                                        • C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
                                                                                                                                                                                          "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\zsnagdcd\zsnagdcd.cmdline"
                                                                                                                                                                                          3⤵
                                                                                                                                                                                            PID:7044
                                                                                                                                                                                            • C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
                                                                                                                                                                                              C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESCF97.tmp" "c:\Users\Admin\AppData\Local\Temp\7zO07D06A58\CSC345F9AD3350C4901962A1E1CC10DD96.TMP"
                                                                                                                                                                                              4⤵
                                                                                                                                                                                                PID:7120
                                                                                                                                                                                            • C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
                                                                                                                                                                                              "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\gntqtcoe\gntqtcoe.cmdline"
                                                                                                                                                                                              3⤵
                                                                                                                                                                                                PID:5836
                                                                                                                                                                                                • C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
                                                                                                                                                                                                  C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES5AC0.tmp" "c:\Users\Admin\AppData\Local\Temp\7zO07D06A58\CSCCA43D7FC65674BEA8388EAB743C348.TMP"
                                                                                                                                                                                                  4⤵
                                                                                                                                                                                                    PID:5948
                                                                                                                                                                                              • C:\Windows\system32\NOTEPAD.EXE
                                                                                                                                                                                                "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\7zO07D71EA8\readme.txt
                                                                                                                                                                                                2⤵
                                                                                                                                                                                                • Opens file in notepad (likely ransom note)
                                                                                                                                                                                                PID:2796
                                                                                                                                                                                              • C:\Users\Admin\Downloads\Mercurial.exe
                                                                                                                                                                                                "C:\Users\Admin\Downloads\Mercurial.exe"
                                                                                                                                                                                                2⤵
                                                                                                                                                                                                • Executes dropped EXE
                                                                                                                                                                                                • Suspicious behavior: EnumeratesProcesses
                                                                                                                                                                                                • Suspicious use of AdjustPrivilegeToken
                                                                                                                                                                                                PID:6100
                                                                                                                                                                                                • C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
                                                                                                                                                                                                  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\quheodyl\quheodyl.cmdline"
                                                                                                                                                                                                  3⤵
                                                                                                                                                                                                    PID:1864
                                                                                                                                                                                                    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
                                                                                                                                                                                                      C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESEF21.tmp" "c:\Users\Admin\Downloads\CSCA2A6F999297D495BB39D2FD739DEA2.TMP"
                                                                                                                                                                                                      4⤵
                                                                                                                                                                                                        PID:6808
                                                                                                                                                                                                  • C:\Users\Admin\Downloads\Mercurial.exe
                                                                                                                                                                                                    "C:\Users\Admin\Downloads\Mercurial.exe"
                                                                                                                                                                                                    2⤵
                                                                                                                                                                                                    • Executes dropped EXE
                                                                                                                                                                                                    • Suspicious behavior: EnumeratesProcesses
                                                                                                                                                                                                    • Suspicious use of AdjustPrivilegeToken
                                                                                                                                                                                                    PID:6416
                                                                                                                                                                                                    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
                                                                                                                                                                                                      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\renroify\renroify.cmdline"
                                                                                                                                                                                                      3⤵
                                                                                                                                                                                                        PID:3028
                                                                                                                                                                                                        • C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
                                                                                                                                                                                                          C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES9A4.tmp" "c:\Users\Admin\Downloads\CSC23EC6E4D35ED48B68BC1E165BF7A6E6F.TMP"
                                                                                                                                                                                                          4⤵
                                                                                                                                                                                                            PID:7004
                                                                                                                                                                                                    • C:\Windows\system32\AUDIODG.EXE
                                                                                                                                                                                                      C:\Windows\system32\AUDIODG.EXE 0x00000000000004D0 0x00000000000004CC
                                                                                                                                                                                                      1⤵
                                                                                                                                                                                                      • Suspicious use of AdjustPrivilegeToken
                                                                                                                                                                                                      PID:2236
                                                                                                                                                                                                    • C:\Windows\System32\CompPkgSrv.exe
                                                                                                                                                                                                      C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                                                                                                                                                      1⤵
                                                                                                                                                                                                        PID:1344
                                                                                                                                                                                                      • C:\Users\Admin\Downloads\sigma.exe
                                                                                                                                                                                                        "C:\Users\Admin\Downloads\sigma.exe"
                                                                                                                                                                                                        1⤵
                                                                                                                                                                                                        • Looks for VirtualBox Guest Additions in registry
                                                                                                                                                                                                        • Looks for VMWare Tools registry key
                                                                                                                                                                                                        • Checks BIOS information in registry
                                                                                                                                                                                                        • Executes dropped EXE
                                                                                                                                                                                                        • Maps connected drives based on registry
                                                                                                                                                                                                        • Checks SCSI registry key(s)
                                                                                                                                                                                                        • Checks processor information in registry
                                                                                                                                                                                                        • Enumerates system info in registry
                                                                                                                                                                                                        • Suspicious use of AdjustPrivilegeToken
                                                                                                                                                                                                        PID:6840
                                                                                                                                                                                                      • C:\Windows\System32\CompPkgSrv.exe
                                                                                                                                                                                                        C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                                                                                                                                                        1⤵
                                                                                                                                                                                                          PID:5320
                                                                                                                                                                                                        • C:\Users\Admin\Downloads\sigma.exe
                                                                                                                                                                                                          "C:\Users\Admin\Downloads\sigma.exe"
                                                                                                                                                                                                          1⤵
                                                                                                                                                                                                          • Looks for VirtualBox Guest Additions in registry
                                                                                                                                                                                                          • Looks for VMWare Tools registry key
                                                                                                                                                                                                          • Checks BIOS information in registry
                                                                                                                                                                                                          • Executes dropped EXE
                                                                                                                                                                                                          • Maps connected drives based on registry
                                                                                                                                                                                                          • Checks SCSI registry key(s)
                                                                                                                                                                                                          • Checks processor information in registry
                                                                                                                                                                                                          • Enumerates system info in registry
                                                                                                                                                                                                          • Suspicious use of AdjustPrivilegeToken
                                                                                                                                                                                                          PID:1512
                                                                                                                                                                                                        • C:\Users\Admin\Downloads\haha.exe
                                                                                                                                                                                                          "C:\Users\Admin\Downloads\haha.exe"
                                                                                                                                                                                                          1⤵
                                                                                                                                                                                                          • Executes dropped EXE
                                                                                                                                                                                                          • Checks processor information in registry
                                                                                                                                                                                                          • Suspicious use of AdjustPrivilegeToken
                                                                                                                                                                                                          PID:2124

                                                                                                                                                                                                        Network

                                                                                                                                                                                                        MITRE ATT&CK Enterprise v15

                                                                                                                                                                                                        Replay Monitor

                                                                                                                                                                                                        Loading Replay Monitor...

                                                                                                                                                                                                        Downloads

                                                                                                                                                                                                        • C:\Program Files\7-Zip\7-zip.dll
                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          99KB

                                                                                                                                                                                                          MD5

                                                                                                                                                                                                          8af282b10fd825dc83d827c1d8d23b53

                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                          17c08d9ad0fb1537c7e6cb125ec0acbc72f2b355

                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                          1c0012c9785c3283556ac33a70f77a1bc6914d79218a5c4903b1c174aaa558ca

                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                          cb6811df9597796302d33c5c138b576651a1e1f660717dd79602db669692c18844b87c68f2126d5f56ff584eee3c8710206265465583de9ec9da42a6ed2477f8

                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                        • C:\Program Files\7-Zip\7z.dll
                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          1.8MB

                                                                                                                                                                                                          MD5

                                                                                                                                                                                                          0009bd5e13766d11a23289734b383cbe

                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                          913784502be52ce33078d75b97a1c1396414cf44

                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                          3691adcefc6da67eedd02a1b1fc7a21894afd83ecf1b6216d303ed55a5f8d129

                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                          d92cd55fcef5b15975c741f645f9c3cc53ae7cd5dffd5d5745adecf098b9957e8ed379e50f3d0855d54598e950b2dbf79094da70d94dfd7fc40bda7163a09b2b

                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                        • C:\Program Files\7-Zip\7z.exe
                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          548KB

                                                                                                                                                                                                          MD5

                                                                                                                                                                                                          1d1b0349f970c8de7fae7a94520e21f7

                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                          8787ce498c9f1628665dd17004676a9cc5e8f99a

                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                          f63a2d492d7a20e7ae6ace725da0320b05a6250794c9b449e1bc48d3f63cef56

                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                          2ff084ca8b7bd05e156fcce6faaffd861ee09e09821e8f3325093a0aec46d54481d18d61d84b35fc2c760d93aeda70648201c740fb429f6f75dbd6708774f0f2

                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                        • C:\Program Files\7-Zip\7zFM.exe
                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          960KB

                                                                                                                                                                                                          MD5

                                                                                                                                                                                                          79e8ca28aef2f3b1f1484430702b24e1

                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                          76087153a547ce3f03f5b9de217c9b4b11d12f22

                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                          5bc65256b92316f7792e27b0111e208aa6c27628a79a1dec238a4ad1cc9530f7

                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                          b8426b44260a3adcbeaa38c5647e09a891a952774ecd3e6a1b971aef0e4c00d0f2a2def9965ee75be6c6494c3b4e3a84ce28572e376d6c82db0b53ccbbdb1438

                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          152B

                                                                                                                                                                                                          MD5

                                                                                                                                                                                                          f717f56b5d8e2e057c440a5a81043662

                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                          0ad6c9bbd28dab5c9664bad04db95fd50db36b3f

                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                          4286cd3f23251d0a607e47eccb5e0f4af8542d38b32879d2db2ab7f4e6031945

                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                          61e263935d51028ec0aab51b938b880945a950cec9635a0dafddf795658ea0a2dfcf9cfc0cab5459b659bb7204347b047a5c6b924fabea44ce389b1cbb9867d6

                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          152B

                                                                                                                                                                                                          MD5

                                                                                                                                                                                                          196eaa9f7a574c29bd419f9d8c2d9349

                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                          19982d15d1e2688903b0a3e53a8517ab537b68ed

                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                          df1e96677bcfffe5044826aa14a11e85ef2ebb014ee9e890e723a14dc5f31412

                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                          e066d74da36a459c19db30e68b703ec9f92019f2d5f24fd476a5fd3653c0b453871e2c08cdc47f2b4d4c4be19ff99e6ef3956d93b2d7d0a69645577d44125ac7

                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003
                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          63KB

                                                                                                                                                                                                          MD5

                                                                                                                                                                                                          5d0e354e98734f75eee79829eb7b9039

                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                          86ffc126d8b7473568a4bb04d49021959a892b3a

                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                          1cf8ae1c13406a2b4fc81dae6e30f6ea6a8a72566222d2ffe9e85b7e3676b97e

                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                          4475f576a2cdaac1ebdec9e0a94f3098e2bc84b9a2a1da004c67e73597dd61acfbb88c94d0d39a655732c77565b7cc06880c78a97307cb3aac5abf16dd14ec79

                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004
                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          69KB

                                                                                                                                                                                                          MD5

                                                                                                                                                                                                          76c36bd1ed44a95060d82ad323bf12e0

                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                          3d85f59ab9796a32a3f313960b1668af2d9530de

                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                          5d0e5d5fdb4d16cf9341f981b6e4a030f35d4766ad945c27381f8d3afb624542

                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                          9f0555fb531734b786364701e17cb7f57ce94a688d4616fb85bf32cad45a253a9c479a301e05a4f8630cfea141dd52726a31b8e90198c19c16f33fb150a04a40

                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005
                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          42KB

                                                                                                                                                                                                          MD5

                                                                                                                                                                                                          f7189700993d4198ee96bd6af5569539

                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                          1ad2e11bb23ac04c9eebba69fe755fb27fcda164

                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                          2447d53bd765b1f2c752ffda92b6f9a1dcabda1e4edc4d7496797f6cefdebf23

                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                          3b5522068842502f5f6dcb6678248746eabdcdeb25e21d21fb0c9e446b75eb97077f15be7ca8e5b04abd4094bc7cc8ac8452c74a946d369614ee4e77a91753b5

                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006
                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          19KB

                                                                                                                                                                                                          MD5

                                                                                                                                                                                                          635efe262aec3acfb8be08b7baf97a3d

                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                          232b8fe0965aea5c65605b78c3ba286cefb2f43f

                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                          8a4492d1d9ca694d384d89fa61cf1df2b04583c64762783313029ae405cbfa06

                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                          d4b21b43b67697f1c391147691d8229d429082c389411167386f5c94e3a798f26c2457adf6d06caec446106e0f0aa16d895bfc4e8a1ff9e9c21a51173a923e3d

                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007
                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          64KB

                                                                                                                                                                                                          MD5

                                                                                                                                                                                                          2923c306256864061a11e426841fc44a

                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                          d9bb657845d502acd69a15a66f9e667ce9b68351

                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                          5bc3f12e012e1a39ac69afba923768b758089461ccea0b8391f682d91c0ed2fa

                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                          f2614f699ac296ee1f81e32955c97d2c13177714dbd424e7f5f7de0d8869dd799d13c64929386ac9c942325456d26c4876a09341d17d7c9af4f80695d259cfea

                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008
                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          88KB

                                                                                                                                                                                                          MD5

                                                                                                                                                                                                          77e89b1c954303a8aa65ae10e18c1b51

                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                          e2b15a0d930dcc11f0b38c95b1e68d1ca8334d73

                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                          069a7cc0309c5d6fc99259d5d5a8e41926996bbae11dc8631a7303a0c2d8c953

                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                          5780d3532af970f3942eecf731a43f04b0d2bdb9c0f1a262dbd1c3980bcc82fe6d2126236ad33c48ea5434d376de2214d84a9a2ccec46a0671886fe0aa5e5597

                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009
                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          1.2MB

                                                                                                                                                                                                          MD5

                                                                                                                                                                                                          2d900c734e852315afb3da5fa8d50fd8

                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                          80d91f82ff2248d29c0adf2ea815f3522604708d

                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                          1daf6353c26530b2610ed934da8e563e9f43f0d8e15a4bf65103ddbbee9db5c2

                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                          26ac11a5657b2110bb34546ef6bac82c0aa54c821b3fa1ce08c67f394ca1452a57371c0be3e97ec7f398bd5c07c705d7cd9fda5bf3cd2dd881a71b115e65674a

                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b
                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          32KB

                                                                                                                                                                                                          MD5

                                                                                                                                                                                                          e529668d3aa5f8f348e27e6ef2b04212

                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                          bb9875cf7a3db027e78fa28e18c718b3554eff60

                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                          b42f812971f896d4d415df864066588e7f0a2b24d2e5c8078b333d9e7829d563

                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                          cde1008c536ba2cd3e9b8e5470eb2d40c39af3f41b2acc7947810fdb7b640190630865839f830e889eed458a684c1c788fa3ec478ee3aec41eb88fc2ecb8837d

                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c
                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          74KB

                                                                                                                                                                                                          MD5

                                                                                                                                                                                                          c88f69b53606b96dff18c7924bf8bde3

                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                          29fa7b32032ecb1564cb6627a9ec3148cea894b5

                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                          1f7c691bd43a49b47ed23e255c411638953439fa83e5133356aab6e59fe0fb29

                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                          0cc60147c4b0912a9105706e0112e12172679f43896a0ba66085224802bfc6d1b31d2fcfc744b41fd64e37f75183403dd20e0fe43066a60a452c59fd55b385e2

                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e
                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          53KB

                                                                                                                                                                                                          MD5

                                                                                                                                                                                                          68f0a51fa86985999964ee43de12cdd5

                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                          bbfc7666be00c560b7394fa0b82b864237a99d8c

                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                          f230c691e1525fac0191e2f4a1db36046306eb7d19808b7bf8227b7ed75e5a0f

                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                          3049b9bd4160bfa702f2e2b6c1714c960d2c422e3481d3b6dd7006e65aa5075eed1dc9b8a2337e0501e9a7780a38718d298b2415cf30ec9e115a9360df5fa2a7

                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f
                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          40KB

                                                                                                                                                                                                          MD5

                                                                                                                                                                                                          3051c1e179d84292d3f84a1a0a112c80

                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                          c11a63236373abfe574f2935a0e7024688b71ccb

                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                          992cbdc768319cbd64c1ec740134deccbb990d29d7dccd5ecd5c49672fa98ea3

                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                          df64e0f8c59b50bcffb523b6eab8fabf5f0c5c3d1abbfc6aa4831b4f6ce008320c66121dcedd124533867a9d5de83c424c5e9390bf0a95c8e641af6de74dabff

                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000a6
                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          87KB

                                                                                                                                                                                                          MD5

                                                                                                                                                                                                          d2895d96341b1d0c1eefec5fb110bbbd

                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                          3e8cfcf221da48d743936a5acce94851d0a3a3b2

                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                          d389e6eb3728840e524e4aa67ea2e0cda842ba753df9390539fb3768651d27bd

                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                          15623935d525a08f663296543a43483551b4d888367147d7def69d5752b88a169ebfd96ef425a5cde9c1263a35c8059390ace0f94c79c390a936bf52e1e84c38

                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000c1
                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          147KB

                                                                                                                                                                                                          MD5

                                                                                                                                                                                                          759ab24cf5846f06c5cdb324ee4887ea

                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                          41969c5b737bc40bbb54817da755e3aa7d02f3c6

                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                          7037e6c967c38477a5fcd583c74892e16b7a9066cd60287c7035bf0760d05471

                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                          3470ae07eb7c54feee1e791e63a365cfb0da42f570a66e6c84faf5db6bf8395173c6cb60e8c5cf28eae409f26ea5433c3c5d6ea32eb07e5997c979c6e3ccf4be

                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          1KB

                                                                                                                                                                                                          MD5

                                                                                                                                                                                                          03ec1302e4e9d2a2d2a7369e1c428688

                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                          b6fc4fae8572d44f2333d8993ff0baab83f86521

                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                          644db27df80aacf2430c3fe1767732c3f979dc5b21231d9e0792e0aca9010ca9

                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                          647961da033c39f6776908eb4fdc2e8e7a8bf7513f4c0fae435ce9deba9cd93e841c028595d8f98b588fedd40a3c380f39176253e926f2a29374123c7a57baec

                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          4KB

                                                                                                                                                                                                          MD5

                                                                                                                                                                                                          a7e07fc34d2ec4b3db9b32c103b8bbf3

                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                          6d91977e74157debee1714c08b4bebfa2b080213

                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                          2da65878a55d8b9634706ffa6a866622c6798165380f3a7880cb143d0e7ebe56

                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                          44ad510f1882e78c16b4b4ffcae5d6a448c880ce233308fc3e05d0a6e79c08e6644d7fc6c4b8ad6fc366b87392247d4eb8594e0ea8ed6669d4e69767a127c1d5

                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          6KB

                                                                                                                                                                                                          MD5

                                                                                                                                                                                                          63cfb61daab80d987d97ff82440d0ff3

                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                          5167e51a4510702b7c6337c6fa883731d25c84bd

                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                          9483eb529308949a421ab6e458fcd8787ab103129513a5b9162f4a1df90ef3a6

                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                          e7655ac3b41a096f076d969eeeb9137a4c464a66dfd850399ed32bea3f00822f7f6f32c032f5cc99dfc98d0474a168494d05d2f304fcccda9fec60dadf04b312

                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          4KB

                                                                                                                                                                                                          MD5

                                                                                                                                                                                                          b7baf902e0622861b6a44ec2e3b6a5ed

                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                          e35cb2b2d215166f2557cc5dd4822744a1c7c21c

                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                          31ea0fc77d3ec8af1d2e060543a7208d1dfa0c352713e8fac2ae519d87d05ec1

                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                          fcc88a4e8ca2acdc0a52ae74a708ddc4633620f6d1e411d4cc982030fc26022fd734609cbabea6a9adf945b00324b89c53a94028235422b13cc604cb4d676b4f

                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          10KB

                                                                                                                                                                                                          MD5

                                                                                                                                                                                                          2d443b5888220974082afb722972e047

                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                          c8c86b7e57281f6aaed496bc9a41b85bd135c332

                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                          c3703a4a90d53c2ebe252cd8a29e9f89604e12b6fada9de2dbbae1c625a4e77c

                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                          ede9450cf1be6cf47ba2b412eb9dc35cb9d596f1aa6decac87de31983e34a6d08d7024f6c7e8a2c20d533f1bdcff9addb5ba048e6d342778d87a367566f1c6b4

                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          4KB

                                                                                                                                                                                                          MD5

                                                                                                                                                                                                          8c8ebf5c3cf829148ebfb1c7c7388e88

                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                          f1b2229cfde8dbb91dd091e1060004e6f3366683

                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                          8cab7a8181fe4be385eb115d4d80981bd8a3c09e237bf765321163bbe37fb2a9

                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                          a6df95097a20daaae61dff9fb9f4e4d2165ac43dce7d5e01cc50d434d937c7a1763c59b0ff251778192cfaa65f84cb63ad62bd831f621df07c9097fe6647725e

                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          1KB

                                                                                                                                                                                                          MD5

                                                                                                                                                                                                          dd49f27eddb89a473953e8cbcd8b88fa

                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                          d4c364823e1223a071600ac70ba031b1c12bde9b

                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                          0815ac714b1ba311c2c70fe4ac31bcb4c6c72458dc80ba5d17852e6d186ed4f2

                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                          5309ca0428a2114d1e5940b82c7b7deeef2dd9bbe4497623a9d111a190a51a202b8b0a0405b92c990f35f08d33182c0480d0faaae11fee2dccafc80ccc3bd701

                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          16KB

                                                                                                                                                                                                          MD5

                                                                                                                                                                                                          7589da55956c1f91eda7721b1641933a

                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                          35c01ea6913c13c23707d515422aa08fe5364534

                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                          ec1702921c7d0f47a92ccc7e3797766c2caba510183a1ac542f69a124ed83d35

                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                          997e2d332795640933e89c503e4234c7e006499caee00c7d52178595d93ebec50d5a2191914aad405d745cda918d6f94f310b6a5d432a3f2568ee16c0bf51274

                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          4KB

                                                                                                                                                                                                          MD5

                                                                                                                                                                                                          379dd2ada7a806320005404f2dd08997

                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                          22a27465a08258a444680bf12667eab8e029fb29

                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                          c8991ca588038f1c67389acb856043025e9e9f1e74dbb4b0b68cddf84f4f3480

                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                          b2feab801d3a1d1c8b2f5ab8d9bfa36b5b8212fc318eb7f94f7a9cb98c2b721b13de4dab9f3cd85d5e388bc64b01b4d0fd9434719ff01bd8e51e3128f3f29520

                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          22KB

                                                                                                                                                                                                          MD5

                                                                                                                                                                                                          ca2aa5c12c454884458c2a6f550399cc

                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                          f408c98c9a1998bf34dcff61a7ea98a06ef63bdd

                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                          7a50e8229557303604f632b7192ef6cc2aa99361f18ae13d9b337750a6c5afb9

                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                          75a24a1e37d33ba754913f2a6628fe6e4c93f88f425f59f2ebcebe00a4d4bca65d3dbfd04b6e0eb97bbba3871b57bd0bd967c11f1d8144f990fe61409cdd0dae

                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          15KB

                                                                                                                                                                                                          MD5

                                                                                                                                                                                                          4a3f90c553f3ef5028d0e2d953e6ab43

                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                          0149f2c70645329b5ea2376d6adfaf213e37f543

                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                          b88df832220988eef065bc1f0f408baf9ac5f74b462e6a654c1f97f1f73fbc28

                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                          affdb24e855a6695a25e9792fb16a04b4080bfa48bab7d07e20a988bac0b4a3dc99c43af4671e1dad4e85ac7376d6b69913889c6b2fd96eeedd2fc77f506c97d

                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Platform Notifications\MANIFEST-000001
                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          41B

                                                                                                                                                                                                          MD5

                                                                                                                                                                                                          5af87dfd673ba2115e2fcf5cfdb727ab

                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                          d5b5bbf396dc291274584ef71f444f420b6056f1

                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                          f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                          de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          5KB

                                                                                                                                                                                                          MD5

                                                                                                                                                                                                          adf6231dc3f57b08ebdc137cf3e1f023

                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                          5aadf0c84160c196a8bb9cddbca5a05bfa8c0c40

                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                          41bca1e35c6694fe77bb3f1ca608cb214e7db71f537d746b8afa528ffddbe9b6

                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                          b934338efd528cdbe832ac457aebb4b59d33be55f18ee4421e644f9a8ad431c6ae3f80f59fbeb406152d037f3dd90a4f5ec12607845e0bbb0a08ee77f5f4274c

                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          7KB

                                                                                                                                                                                                          MD5

                                                                                                                                                                                                          db1e6875ff9cbbf936c6a19cbf741b0e

                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                          c8ec29ff6e50d2e2b00f87c1379ce2d1d8788eb2

                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                          0d6068ab44b79af43758b5500d6acb4cc14ebd25b6fdfb1539f5ffbdcafa122b

                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                          0055e3e19eab9bf6dbde17d98a172e8ed6f01dd5d988285d23e91a98180495834d2557642ef7867b98fe345e18529bb989dd2f797df8424d5222e8c06cc1f13e

                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          13KB

                                                                                                                                                                                                          MD5

                                                                                                                                                                                                          80ac891c2ed0b3cd5842c62e08b059ae

                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                          b8dc99a892b91400eabe8f8118b0fe7692eecc05

                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                          4167e2bac3151639e1d690a566d63b04670c6bf2bdb21af1fa4c81132887336c

                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                          6b8ee73c2b0a88bba66a5ec08736e2d7d18efe6bc5aaa3e4abde08f9cce6ec34f73b9147d7329f34479d84bdc357ee506ecb7a1cdfc38ee0584de62d9d39b45d

                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          18KB

                                                                                                                                                                                                          MD5

                                                                                                                                                                                                          f28dfc7c73dab91c4483bb417c159002

                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                          ecba9a4823c7aa0252456c13906f7cdc9b96634f

                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                          9cdebd1187cb1ab155a46ea1d01b39d764d5bcc392949f55ff4d2660e21047ab

                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                          440cf2b40fc75cd0cba9b8824aecfccb0ecca454c22747d65bd7ad573accd25faa00425c4d9711ef80961f8cc91f3c90f7dc4ddefb73ed0523cd1b2cd4daf438

                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          18KB

                                                                                                                                                                                                          MD5

                                                                                                                                                                                                          7831e2d7ee486f11eacdb84feebbb632

                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                          f3b443ec3191ca70ab9cb56554eb751cd756b569

                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                          136a3540bc858f7e2c42d9d9e13c15a88fd8e2551a4be79a63300c039f234ed1

                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                          7094b55b388b14c3e583007ff2ddd4d91c4d40ef99d587a4b64db0a8fd98e1b5b4599e356909f882166f00ecbd0bf1d6a1875aa8aeefdc2658f38ad6690a1a55

                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          5KB

                                                                                                                                                                                                          MD5

                                                                                                                                                                                                          d577c1a8a9d260e3f33cf15e1f843da6

                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                          fb44cd8d225ad33b757dddc22d69f096fef6c1cf

                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                          05c92be861d4af1e4458248a6c5c2c04791ae987dd9569c21dd28b3a4ced9daf

                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                          8a8bae6a23611f889b25ce5f12ed740cd713e8db6b77a308798f44a5182757d1f72eab44afa85847ca6e3516b6e15c1713a84530d785e8ab337244a8ab5464c8

                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          6KB

                                                                                                                                                                                                          MD5

                                                                                                                                                                                                          25fa98f3563c9cf4ab9b9dc6d61a7442

                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                          d35e68a55220e54afacf5c53bca9fda6118ca90b

                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                          2c03ee50d685dda713687a30787f80649064d0da8c3d95c009515a67bf71b7e6

                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                          504b2dd3b58aa96bc984a8defc03d90044edc9cbc095a0a01ce1a70a3808349ef016a08ad5fdbaf1103e7050329e2a134e9be47b84671bc70168e11198a933b3

                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          6KB

                                                                                                                                                                                                          MD5

                                                                                                                                                                                                          76a6b6c524505392ef1d8ad530c00137

                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                          17d9b3778255c8bf4109b757f3a859a0ad117376

                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                          a2b0178babb18e9c7cbffdf6214d323fca748796b7458919f7d5c875357d27df

                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                          1747565b8de3244de42d73304c1bbf7302b32d681a9171b4c5b561653d16364ac74f8b420634c0ee1e6c4dbc56b6bdacfebcf0d71a44e02104b7aa47a0690641

                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          8KB

                                                                                                                                                                                                          MD5

                                                                                                                                                                                                          6d4651e88a0ee44c8cf7539152c2e39b

                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                          353488ebba18b625efa6607ab09278f201e5bd47

                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                          c17e9d44028f17201667549725a7416254b13969571135a779e4691b477cb6e5

                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                          aa1c74e51bc9db21b98a7f78a3bc56fde9f7deddc47b0a4628a60fb23db5f937bca89a7554471aa17291091a9bf13fd67c96cf47aad0eb182c9c2b2823d05b78

                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          7KB

                                                                                                                                                                                                          MD5

                                                                                                                                                                                                          34ffb9fa23761b8f2b1a428729db672c

                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                          ea499bbd614176ca5df547315b59fee24fa53b6f

                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                          7834d5438df49f48fe4194e62db963146042aeff8596a9b5f5afc6aa104efe72

                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                          334224c84ab067b16874898148ddc5b152f5212d39ad8496c85d0f45e8b03855692d76c9a297ca1fcb9df4ee77b41a85343f1a1e47bbef814341f8e2712f3851

                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          18KB

                                                                                                                                                                                                          MD5

                                                                                                                                                                                                          8904cd3c80814002f3cddf778b2fad80

                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                          8ea971ef6f47ae32e810a97c1d9869a8e77bbb44

                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                          92231049ee2b1cc9ed90e67350d7643eeb8c360125e490abe29718d74c9ae70e

                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                          14b7b3b6b603c942e39bb15ad014d0cbd7aeeb13dd3dc8ed0b94c23c378eb4894ca139892101808cfc7810c1b024b8cadc3ae2bec9654274bb25736c4344f48d

                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          6KB

                                                                                                                                                                                                          MD5

                                                                                                                                                                                                          233f99f913cf0476b62dd3b1455d98a5

                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                          6c8d4b683532d1f092ac1888d6a433643416d3e3

                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                          dddc0e47102e95d047db006ac5abb4057e01e38ec6410387779d8b1bcd498725

                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                          24a0a53fa90b6c5b0356c75418751bd35154fb0b84c6cbb5aed147803696df6398dcdf6c8221859f8bd215153aef336a2a3db78865271513a99f4d937d220f63

                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          18KB

                                                                                                                                                                                                          MD5

                                                                                                                                                                                                          d7b0b97c7e8e259fd96f8c0a9de5b67f

                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                          894a66e7b864af77f8b3e6587edfc4724aadd5d0

                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                          730d8627a8913d1ff0e0acd26f2c3342312df77a32ca2039a07228fd643c8f26

                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                          17f941bfe9e1ae58f95b9de74daa9618b2519d2a90dcc242796630923ac7b09d4f4e4f46cd306500d79e46e0424e09e4eec13ea37dd3bea47dffd76b4677f0e0

                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\b7843b71-f94b-4de1-84f3-d38241531812\index-dir\the-real-index
                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          2KB

                                                                                                                                                                                                          MD5

                                                                                                                                                                                                          702880ae65c81aa530c010fe2e33d159

                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                          ef29fac6f99c20ef8fcf08d14c4dd5c8aaecccc6

                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                          a66431b7938d08ac6cf1cfe25dbb8f95e5264ffba9e57732621315299e074472

                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                          8ae845981cb5cdfb7d2ae6c234b8614fde054dc3eba23a08dc83d250dd5a5a0140c8d3e02df04a455b0dbfd8f63148e3835f882414d4fcbe52a2754ec80fa898

                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\b7843b71-f94b-4de1-84f3-d38241531812\index-dir\the-real-index~RFe5a39af.TMP
                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          48B

                                                                                                                                                                                                          MD5

                                                                                                                                                                                                          77a7f4bfbecec59df99bcb22b224e3f6

                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                          ddc3311041300d7385317ce907f96832dfaf1970

                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                          78f7c0688944ff8ba0909888248943fe4cbc298c48ff490fb94dde84d36c5b41

                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                          a1fb9aced955ac02765c52119be3bbf4bde96adf27700a223b88378b17f2258e49d484f1607c7d79b712cfd1e67a403153465790e807c8ad155c99243f9de343

                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          89B

                                                                                                                                                                                                          MD5

                                                                                                                                                                                                          a67a2b51050e5a5fc03a34bf20a52a57

                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                          68250e4f9a823890f0bbf8c6abaceb2f818ac896

                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                          80415326380dab61d4bb34d44ae18900fc8649a105ffaca48972239e8aa45c9a

                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                          edffabe18675374184824e040d14545ae509fb33fe9713197d213a947707014db760f5221ed894c011eaa0a1acae8f52b03282cd5a3d80eb9a3479007a4167e2

                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          146B

                                                                                                                                                                                                          MD5

                                                                                                                                                                                                          02166bdfca08e00b2fa59d1e851d61b6

                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                          adbf0c1c62f40a1fda79e090b4c4308cd721f311

                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                          330b3b9c588421abea4bd2a826621b30e63848eeea7ad627047eeff123d6a0d7

                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                          a57b29d6e71476e7e31213f2ce3060bc4468037c71af10bd2fbb8d369b960991cea9d688f0be3827378dcdda8c7827e5c1e4f5f7b8ab73c6ff0bf655eba873d8

                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          84B

                                                                                                                                                                                                          MD5

                                                                                                                                                                                                          803a8b055ad5127bd205cbedbbdc5808

                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                          e70b3fd302016a4738ab5ed2dab421812807ffdf

                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                          0c1cd1c04526e90518aafc72942aa7b7f4af40bbb2a95290133da25acf6fdbff

                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                          4a68417ffc3ba2267a7a12822d274cd971e6f852d278b5b11b695112bbf240b1f6e19cb98c53136edf3e0f300a3e9c41771d87cc5b7e8cea4beda5b5bf40147d

                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          82B

                                                                                                                                                                                                          MD5

                                                                                                                                                                                                          02c4e41a8d469d82f600fb5de4e5e587

                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                          b33496a5c71e92969968ff1072e817c4c5a7ee9e

                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                          618c05f5bbd67c5c1f69ddca7810ed4ba38e2824d0bf059ec9061f8291a2d2a7

                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                          055ed9b620abc16a7f04f301e224691e4dbbba1bbeb9b34e75d983727b6e0f328110fd6dff705225f8b75770e8612ca91d975e37b299225bb7e2ed8cbf504526

                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          48B

                                                                                                                                                                                                          MD5

                                                                                                                                                                                                          abfa5be9f70c6872524d5bb5cd16a044

                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                          680ae362cee971cf0c651884534740ff7c001020

                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                          6b04e1670c08b2557fd1588a5a8a77f0fbf5193e9865610810eab74c0462b406

                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                          147368bbe2733501bfb66398d60a7d3a780f87b645f8df70e0c617ee6dcec0d7ed785363d5587cba88c6941f359868201b6725482261c53a4c4c70f47ce8e6cc

                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5a87bf.TMP
                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          48B

                                                                                                                                                                                                          MD5

                                                                                                                                                                                                          9ebc6d4550cfe14bec8a8310e5d02361

                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                          14dcb3895ad5514fa36ff282187a29443121f296

                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                          12e057154367fd40f0d7252007ad61a8e21c01633f82d33ea98c096a43ae0c75

                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                          71f8007b391993779f42ba41e945dbc91582472cf2641ed8ed5f924c7458fb729fce3a18e9f422df79d0a30d0f1ba170e2ac7293b11a9e8ec827e2e3128a0751

                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          1KB

                                                                                                                                                                                                          MD5

                                                                                                                                                                                                          56f6605bb3bca8aee7de58078cc0d3d9

                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                          5203d7eb0786de3e882edf3b398963ce0ec67d4b

                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                          c070eec81e72ae19121100e29984209d82ab0e96ca83824e24a9ad733167e31e

                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                          2f551773f747a8036e7afb4527c79160e2febe69fd721c53a956d27ffdd3c9a89af71c3cde46237ee52e7169f0d8aebb65ebf2c8dc056a300b574ddedd3faa88

                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          2KB

                                                                                                                                                                                                          MD5

                                                                                                                                                                                                          ec9bff14b54dc07cad3cad6510e797ed

                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                          af164b117d44e3e5e9de7edc56229cc7ba59dee6

                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                          6b7cdd70c2bafc9c70de30f901bfb99ac2e1d62f2f16f2919e9b963e1ef042c7

                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                          37d5005f18b19044085ef905bff384b1bd967e6264a762a2ff4d032fa5cd087ce54cc72896b754122717de126380198e699fe19ddffd8dee7b8d6a8d231f84b9

                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          2KB

                                                                                                                                                                                                          MD5

                                                                                                                                                                                                          1ce90170e71ee8e4c398b6dcf241f912

                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                          dd518ca8c0da77642fb4336f640cbaa5f9c0fa1c

                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                          c125d02116221b0a32fe074086de1973f7b257f23a80c2e4aa52a72a8544f434

                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                          215ab55a07c7d52e71ccfa927e4650086afbd8caf45e79a5bfad4b13d0396911e5225958aaccfa57a0d5e1165c49f22f23e21c50668717cf2c96a217f0a5f7da

                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          5KB

                                                                                                                                                                                                          MD5

                                                                                                                                                                                                          bf79dfaaac5a158a4ec72add71dc005e

                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                          9de393cf4e041417fb7cf2ad98ccfefd4e5db50b

                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                          e12e18c8c2b04bc8bc75f5d79c2a74e69ab46e6af156315b4082c69b0347e21b

                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                          922c92e056c9c1663b2e28b82397d88539051267332929637f3a518f170f3313cd65542d03f5f32d56f702ec7784f5c8d09bb877e0b2b68d6865567bc0de78fd

                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          7KB

                                                                                                                                                                                                          MD5

                                                                                                                                                                                                          a0e2675c4d655f98c123feb914cac34f

                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                          178db1e98a39d1b108c3001abecba18a3a6578e2

                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                          50ecc45844109e1061bb0bd21fe7dda746e6e5ac90016ba21f96c0783a96388e

                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                          ec9907434d1f939cb21fea317b43778ecb0371b9a4249e693519968fcdcb68630526a5f82713bcbe2e859213d9db56eaf59e39b1a6658ffc28c44e4a3a2db9dd

                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          9KB

                                                                                                                                                                                                          MD5

                                                                                                                                                                                                          f81385c2afef75b8c6873749a33d0c05

                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                          a2050715e346a04017474a5321d7be99642179cc

                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                          58ec046112e3d3d73093fd7b0bbc1f68e7de73fa1ad2e8a84aea9f14453d2e40

                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                          0cf8ed5a6fe3e3a4bbee2aee47fca277b56bd6b497fce18a47de0e236c1679638538d3a35204b177f651f64c721d8b32512c1295b5a9a282477bc20bc025cdca

                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          705B

                                                                                                                                                                                                          MD5

                                                                                                                                                                                                          1053a7c3345085d24a2f07f99e83285e

                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                          0a32b685659211cf8cb668c667c062882bc2d625

                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                          fea1db3c34d694b222206c7c1e6305e86b9ae7a4691acb2f95dc21138def874a

                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                          c3d124da52e5b944ef96b10954c92eaf281c580a433f509c9326678e686045e8a3b542daafe8fbff68a35b823b2cbe8a331124ed0e56ee586467ab5fe4b4bedb

                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          1KB

                                                                                                                                                                                                          MD5

                                                                                                                                                                                                          eafae313f78da3cdea50b2f6ccf9341a

                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                          839ab02371ac9671a23878a329dbb0bf726ddd37

                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                          b160d52fef5032234c86da34bfca3c6e9a9fafccb89e93a0dc744ab5c490fe83

                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                          38fa280a15ac9dd269198b62bc6eee4fa46e969f0482c1d20252fe48a05d548ecb1e955a9a858ed1a18bc9cf26de6c2c3cb605e0b43575eaf778ca8abad91e7b

                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          2KB

                                                                                                                                                                                                          MD5

                                                                                                                                                                                                          cfda459f4d40dda5ef7ad78ac9d880bd

                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                          8ca06126356d73819ffb6c7c54f62369d3be15bb

                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                          aaa60018ac36c50696b57635fcf4381e883bdf1e19267804bed13488ab9e90c0

                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                          3e24dffdb0e1d44ddf250c7afa9707d967cba738331809f3b545fcd808d646c7a5a904f7ed55cc2cebd00bdc34cad40557731a12550fc1749660b3d674191f0e

                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          2KB

                                                                                                                                                                                                          MD5

                                                                                                                                                                                                          a115de0870ef0fe71eb6ed5ab94317a4

                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                          97f709298c5483006917e0cd31db3fe60df6aeae

                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                          33dad3a033ef8ce815f7d70d5860bb424c251ca80d3b996a14a76f8d80581ab8

                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                          190b5eaecda8d2a4ce35c8a5ec91c108b3f8eec146e76fd6a9dbfadde7ff65645db3f6ef346723f03b663fafb8ca690e97aec873e5d41c05ee8bba1fdce94a24

                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          6KB

                                                                                                                                                                                                          MD5

                                                                                                                                                                                                          28617863112c65ada06d62de82a1ba16

                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                          fbdc2fc207a783d5aa0c35eac85783ac7ef25f4d

                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                          db57f82eee578bd2482561947758745c368a64b8ab86cb83ec44a97bb69457f9

                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                          ea5bc818c434dfc10ca4acef4ade0a8874b83c92b68b6129cfd1a949c5b97ed09c00b7c69ffa922b608e832a4ad1b2086124dd2e7c901e33b5cb8231be559ac4

                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          9KB

                                                                                                                                                                                                          MD5

                                                                                                                                                                                                          1cd5c2b40020505694a1bb50de6eff09

                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                          904681d78f65df8ed8beb77111babfa2af7b2db8

                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                          aad11c3992fae90a6cc4689318a0d08bb25f1811a8e93f7e495278dafd4943d5

                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                          cacd9a2af1f74f597b9adbe9c3ff34ee9d063dadd869beda0f9f403c8773c05a2df7bc8d7979de69ec253391f161634f2a4cbbed57bd47f940d69796f2cda468

                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          9KB

                                                                                                                                                                                                          MD5

                                                                                                                                                                                                          92dabbfe5e714c3fbb2a0fb8d3afa67b

                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                          435a4692e3151ff02f45f82a2b6fec16470ebc30

                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                          48d79f2cd227cfbce7513c0554600265c84d46131d0247fe7786ebba0411cded

                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                          ba168098ef0820a632ca9d4a66cd17c4bc8ac3c660d08cecd4b56671b477423d397d60477eb4f1da0f844b227a6d38041eaec5ff51216ea51639ff2c2f905a12

                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          7KB

                                                                                                                                                                                                          MD5

                                                                                                                                                                                                          1e0eb2cf9366d909eddc8284ebb866ee

                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                          6a0e139ab742b463e2ebc684896a7ccf62e1d5ce

                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                          a6640c9dd7eebdfaeaf0caa667bb2db9a5044de7ee2dd97cf376f773d5273bba

                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                          b29c949a0447d7c0ac293a0ed19b1b97f9f378e8e47d2e61e57f419f4d31810c5a0276d2a4f01c17c9e6e02f90282b19d631b40ff4221e50d9de51a29b2a6da3

                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          9KB

                                                                                                                                                                                                          MD5

                                                                                                                                                                                                          5aaff3008d9366961d08bc44709ec8d5

                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                          5b90eb83b7f712addf68fb82b9f002c4c99939cd

                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                          02a790684f24e28919a6ef86e349a58a02a040b179314f294c1dba02e0197e1a

                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                          c325b597e29ca08a30f57580344734769a05c7bda8e00a6440a324c998f1703c2e8a9ecd7795fb0f278e924222de34ccaa8bc1ed56ba0c4cfdea3f48b67a3b10

                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          9KB

                                                                                                                                                                                                          MD5

                                                                                                                                                                                                          64f010842901ecf609805a7a375017b7

                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                          d40847909e0d7276babbe7f2fb69ada23f7a3583

                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                          3311ffbc163056a68576e84beaaa065270bc26a16a9241b773ae1323aea2ca01

                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                          0558ded93541e8ba90fb28919770372062cadaac8f840939cc73f38b747f6486bb49f277295b42cef333e33260f59aa355606a1373095763e6bbec864f286394

                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          9KB

                                                                                                                                                                                                          MD5

                                                                                                                                                                                                          6665324a62dd66becf884aa410bc2f06

                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                          6a874b76cd5e00c89f8d30db117fb044c1db16d2

                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                          02cee3f556ac2937fb81e96fc433ccfe46e3995215c4456235211b52f9bc2f4a

                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                          dea7052746494821f8f8ad95fb7ce3bcafac57c7e7749a6a238df392450f29b157b46ab2a508b181c7b564733e6c55970f5cd98199852a41248b336faf8721b1

                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          9KB

                                                                                                                                                                                                          MD5

                                                                                                                                                                                                          4039b17035e4a07a050810bec008e470

                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                          a3f3b48e159d998777adf7aaecfbd28e37b2fb43

                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                          fb97ffe44460d8fe7e97d45612f5fd0aa112f0345e4a63c106e9f2592bbe519e

                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                          f84bd26ca93f5ecddc9854f403733e9616465f63f36bd357de743d1e5b97be094c3777e98e411954e07f38b7dd630c867518f455bbb8126694ef8d6a9484924a

                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57b5a4.TMP
                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          203B

                                                                                                                                                                                                          MD5

                                                                                                                                                                                                          4ea768162a24149c67f3f054fd89eb11

                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                          2a0f7c15119227e7c48caaf11144b9e2dcb01d8e

                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                          8ae00a1d4e14d81820900db39401456c4c2a4d16bdefbb94c8e9c7b37331314a

                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                          435fe3649561da03f56d130eeb94390f9409acbbd500be22f77864c58d4baa6c509baca988c89ab3e660c3f2635dcb267858272bacdff8baeaf75e4c9a07a197

                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          16B

                                                                                                                                                                                                          MD5

                                                                                                                                                                                                          46295cac801e5d4857d09837238a6394

                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                          44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                          0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                          8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          16B

                                                                                                                                                                                                          MD5

                                                                                                                                                                                                          206702161f94c5cd39fadd03f4014d98

                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                          bd8bfc144fb5326d21bd1531523d9fb50e1b600a

                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                          1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                          0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          11KB

                                                                                                                                                                                                          MD5

                                                                                                                                                                                                          81273cb4b35abfd3c7d7641ff20d9db3

                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                          a30ffc6374debfff7e47ffe5b035f0c40315ea06

                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                          f04083bed43aec9b5f28f0bc49c46ca26bb4b71629423af60f8e332061fed303

                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                          e4b1d80a8fd6504445f03bfbeb98a453e35eb3a620a94a5045f7efdcdde3475c712b634b90671388c203bde736f73a115365dd0f449ec33020cbe9a6c76279ee

                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          11KB

                                                                                                                                                                                                          MD5

                                                                                                                                                                                                          1da6a45f97d4676b6bc7df00b0341a0a

                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                          54d94001498dc8d6956b60bfcb843558efde3146

                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                          fdedf3875484c25f01e7d4a1a5874d254fd2082e5d2bb27be500385ee9ff399a

                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                          3f2d96c3b71342b70ac131d172f85ede43cf9ec747e36349f46bc133a8ebb4e4f26fa320c03f966a77b330fa7ee48b2f142b0004ff2c517fa75163f44fd6ef39

                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          12KB

                                                                                                                                                                                                          MD5

                                                                                                                                                                                                          4e43cfd21730fb18619b01d7772c0c48

                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                          b778765fbf8870c262115f135ec82dce74ba230e

                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                          0c1475c44b6951e535f296c3fdc7b7a3a4e22b51cb4796bfff21f93aa72e3686

                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                          778e6a329bcdeccf6f680263103c482999a110400f511989d16a50f772faee5bf84ec81dab27c903da7bf0907900db064d39c9347188d05f2707c2e47acdccc1

                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          12KB

                                                                                                                                                                                                          MD5

                                                                                                                                                                                                          526742df46e5abc1a0428abd141ee695

                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                          4db8c78b732283bb9baa47b49df3c474207a576f

                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                          d0ce621c0676ad84e2ce0ebbfe531df79919a27433c140130819b73a08566beb

                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                          3d48b8c98d965b189aec34288516da5f1d438825c8af3bc16cf23fee4e4d04dc342bb9c297f5d75537bf6336154da8a7f9a1d3a444872df792ddf9a36cbcf645

                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          12KB

                                                                                                                                                                                                          MD5

                                                                                                                                                                                                          f436cac2422925df0c5130285b6b5cf7

                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                          3ff1e495e77de969d0d9f147ff273efc93215389

                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                          c7d87b4555cabc8da8a1fbc5e8632fd41fc521f9fff31845bbbb904ed6f289f4

                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                          cb038528e44d88fe13ff8f5328ac3b72edcc69a33c3053f2475f1bf7978258c9da1aa847229ce722dfd52fd6efdf4164aa92756ab5d1516425c9d940c8da3442

                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          12KB

                                                                                                                                                                                                          MD5

                                                                                                                                                                                                          08e7dc2e0b078b3758433803406a9422

                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                          7bd3f38759bc5db7cc57ebd0d212e84f8129d7f3

                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                          1d5a166e3d7059c5756cc29a22eaecd1d7e0fb9543617f6c52d4df8352d61b83

                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                          7b481c6312fa66a7b447e3b6a4544a8f46c3cd014c7e501bdc5f6072522e82286c418275b942a61b2cabbf5cbbfd616ce4fd505ab971f6e4cf90e439a4214bc1

                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\7zO07D06A58\Mercurial.exe
                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          3.2MB

                                                                                                                                                                                                          MD5

                                                                                                                                                                                                          a9477b3e21018b96fc5d2264d4016e65

                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                          493fa8da8bf89ea773aeb282215f78219a5401b7

                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                          890fd59af3370e2ce12e0d11916d1ad4ee9b9c267c434347dbed11e9572e8645

                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                          66529a656865400fe37d40ae125a1d057f8be5aa17da80d367ebbe1a9dcea38f5174870d0dc5b56771f6ca5a13e2fad22d803f5357f3ef59a46e3bdf0cc5ee9c

                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\7zO07D06A58\Mercurial.exe:Zone.Identifier
                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          598B

                                                                                                                                                                                                          MD5

                                                                                                                                                                                                          583d2a80c62db3cfb135857504098837

                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                          8dfe6f9a3a557a5a18f1220cfb8e47b79b510e97

                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                          2e7d0714da4e8d56ecbb08910bcf231bd7c6339701b66e06f0724aed0faeb2d7

                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                          647af55486074aa5a53e00c73e81d1b0ff61a424491c7adc4192e7e410b8ff271ab987b130360806af8b40a828c4de0aacb257220f77208ea9f930e18d63073e

                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\7zO07D71EA8\readme.txt
                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          64B

                                                                                                                                                                                                          MD5

                                                                                                                                                                                                          77976ab4f7b14569dd64f212ce6ee64e

                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                          f442ef7a74ac6922628bc8ba03ea08e62f83253e

                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                          044b863e9895e669d45d97d44a4f80f2b9ac5f941635ef3c1e9f39ad12747ecf

                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                          52d4b884b2462449576fe9dac654de500985b53d0262472d88a1bc659b3a5ffe0ed5f0581c50ef006c3b3d7dbf816a80d21e6b6f4c03b595bb108a4360a60723

                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                        • C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          2B

                                                                                                                                                                                                          MD5

                                                                                                                                                                                                          f3b25701fe362ec84616a93a45ce9998

                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                          d62636d8caec13f04e28442a0a6fa1afeb024bbb

                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                          b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                          98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                        • C:\Users\Admin\Downloads\7z2407-x64.exe:Zone.Identifier
                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          26B

                                                                                                                                                                                                          MD5

                                                                                                                                                                                                          fbccf14d504b7b2dbcb5a5bda75bd93b

                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                          d59fc84cdd5217c6cf74785703655f78da6b582b

                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                          eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                          aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                        • C:\Users\Admin\Downloads\CSCA2A6F999297D495BB39D2FD739DEA2.TMP
                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          1KB

                                                                                                                                                                                                          MD5

                                                                                                                                                                                                          b1945693be11ef931e9eaf02dea4e470

                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                          2f5c2025e2d67b9b8533eea09f231326b93a71b8

                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                          7fa56b1219f90f18a298a0b768cbb6a74dec7226fe262d50c0ae444ff5469cf1

                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                          da09381dd9bae9486007fd3e40dc62fe1f8102a818c7f91ebeb1d6a4afb35cc3046e8d26a862b3a3eb831bf31fe230fa90393fcac2e1cea61f9e0f1046b3cf7a

                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                        • C:\Users\Admin\Downloads\Mercurial.Grabber.v1.03.rar
                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          2.9MB

                                                                                                                                                                                                          MD5

                                                                                                                                                                                                          635903bad1ada856d701f34d3070ccd9

                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                          3ff98d91b9a3a47bf9f64bdf161efb9c5ac99fb0

                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                          3759744039346620e9613f40f90e8f318e5f54ad49c070e2bd23b667f7e65bf6

                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                          fee2c64124c47bcb1251b7b87969a1ff493e24bc196633e3a301565b126f5ed2e2967d4d1426ff5d9be9466c852bacf405229308acf946368e00ca887a4ef015

                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                        • C:\Users\Admin\Downloads\Unconfirmed 849902.crdownload
                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          1.5MB

                                                                                                                                                                                                          MD5

                                                                                                                                                                                                          f1320bd826092e99fcec85cc96a29791

                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                          c0fa3b83cf9f9ec5e584fbca4a0afa9a9faa13ed

                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                          ad12cec3a3957ff73a689e0d65a05b6328c80fd76336a1b1a6285335f8dab1ba

                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                          c6ba7770de0302dd90b04393a47dd7d80a0de26fab0bc11e147bf356e3e54ec69ba78e3df05f4f8718ba08ccaefbd6ea0409857973af3b6b57d271762685823a

                                                                                                                                                                                                          Download Submit

                                                                                                                                                                                                        • memory/2124-3202-0x0000000000530000-0x0000000000540000-memory.dmp

                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          64KB

                                                                                                                                                                                                          Download

                                                                                                                                                                                                        • memory/4764-563-0x0000000005650000-0x0000000005670000-memory.dmp

                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          128KB

                                                                                                                                                                                                          Download

                                                                                                                                                                                                        • memory/4764-570-0x0000000005970000-0x000000000597E000-memory.dmp

                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          56KB

                                                                                                                                                                                                          Download

                                                                                                                                                                                                        • memory/4764-558-0x00000000007A0000-0x0000000000ADA000-memory.dmp

                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          3.2MB

                                                                                                                                                                                                          Download

                                                                                                                                                                                                        • memory/4764-564-0x0000000005670000-0x0000000005690000-memory.dmp

                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          128KB

                                                                                                                                                                                                          Download

                                                                                                                                                                                                        • memory/4764-561-0x0000000005580000-0x000000000558A000-memory.dmp

                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          40KB

                                                                                                                                                                                                          Download

                                                                                                                                                                                                        • memory/4764-565-0x0000000005850000-0x0000000005860000-memory.dmp

                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          64KB

                                                                                                                                                                                                          Download

                                                                                                                                                                                                        • memory/4764-566-0x0000000005860000-0x0000000005874000-memory.dmp

                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          80KB

                                                                                                                                                                                                          Download

                                                                                                                                                                                                        • memory/4764-567-0x0000000005870000-0x00000000058DE000-memory.dmp

                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          440KB

                                                                                                                                                                                                          Download

                                                                                                                                                                                                        • memory/4764-568-0x00000000058F0000-0x000000000590E000-memory.dmp

                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          120KB

                                                                                                                                                                                                          Download

                                                                                                                                                                                                        • memory/4764-562-0x0000000005610000-0x000000000562C000-memory.dmp

                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          112KB

                                                                                                                                                                                                          Download

                                                                                                                                                                                                        • memory/4764-571-0x0000000005990000-0x000000000599E000-memory.dmp

                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          56KB

                                                                                                                                                                                                          Download

                                                                                                                                                                                                        • memory/4764-582-0x0000000006FB0000-0x0000000006FB8000-memory.dmp

                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          32KB

                                                                                                                                                                                                          Download

                                                                                                                                                                                                        • memory/4764-569-0x0000000005930000-0x0000000005966000-memory.dmp

                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          216KB

                                                                                                                                                                                                          Download

                                                                                                                                                                                                        • memory/4764-560-0x00000000056C0000-0x0000000005752000-memory.dmp

                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          584KB

                                                                                                                                                                                                          Download

                                                                                                                                                                                                        • memory/4764-559-0x0000000005C70000-0x0000000006216000-memory.dmp

                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          5.6MB

                                                                                                                                                                                                          Download

                                                                                                                                                                                                        • memory/4764-572-0x0000000006220000-0x000000000636A000-memory.dmp

                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          1.3MB

                                                                                                                                                                                                          Download

                                                                                                                                                                                                        • memory/4764-573-0x0000000006370000-0x0000000006486000-memory.dmp

                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          1.1MB

                                                                                                                                                                                                          Download

                                                                                                                                                                                                        • memory/4764-574-0x0000000005C10000-0x0000000005C40000-memory.dmp

                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          192KB

                                                                                                                                                                                                          Download

                                                                                                                                                                                                        • memory/6416-3166-0x00000000059D0000-0x00000000059E4000-memory.dmp

                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          80KB

                                                                                                                                                                                                          Download

                                                                                                                                                                                                        • memory/6840-2121-0x0000000000990000-0x00000000009A0000-memory.dmp

                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                          64KB

                                                                                                                                                                                                          Download