hxxps://www[.]youtube[.]com/redirect?event=video_description&redir_token=QUFFLUhqbmJ6bXA5RVpRSWFKUmwwNDcybF8tRklmY0lzZ3xBQ3Jtc0ttWXRncm81Z1BzeXpqN1JQYkN6RElrYno0azZEamxfaGpBV3N4YWZxVU1LT1l4alNkX19jLVNNVy1XSXRrdEFlNjF6YVRHWWlvRmRDZzVRb1VyWUlVR21ZQmh0UGxqclFOQ0VRZkhrQlR4YTRSQ3lWWQ&q=https%3A%2F%2Farticexploits[.]com%2F&v=lMG3ew7s_fg

Analysis

max time kernel
659s
max time network
666s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
07/07/2024, 19:05

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqbmJ6bXA5RVpRSWFKUmwwNDcybF8tRklmY0lzZ3xBQ3Jtc0ttWXRncm81Z1BzeXpqN1JQYkN6RElrYno0azZEamxfaGpBV3N4YWZxVU1LT1l4alNkX19jLVNNVy1XSXRrdEFlNjF6YVRHWWlvRmRDZzVRb1VyWUlVR21ZQmh0UGxqclFOQ0VRZkhrQlR4YTRSQ3lWWQ&q=https%3A%2F%2Farticexploits.com%2F&v=lMG3ew7s_fg

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

Checks computer location settings 2 TTPs 6 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2547232018-1419253926-3356748848-1000\Control Panel\International\Geo\Nation	setup37952599.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2547232018-1419253926-3356748848-1000\Control Panel\International\Geo\Nation	Artic X Roblox Exploit V1.0.3C_37952599.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2547232018-1419253926-3356748848-1000\Control Panel\International\Geo\Nation	setup37952599.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2547232018-1419253926-3356748848-1000\Control Panel\International\Geo\Nation	Artic X Roblox Exploit V1.0.3C_37952599.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2547232018-1419253926-3356748848-1000\Control Panel\International\Geo\Nation	setup37952599.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2547232018-1419253926-3356748848-1000\Control Panel\International\Geo\Nation	Artic X Roblox Exploit V1.0.3C_37952599.exe

Executes dropped EXE 14 IoCs

pid	Process
2152	Artic X Roblox Exploit V1.0.3C_37952599.exe
4968	setup37952599.exe
1300	setup37952599.exe
3400	OfferInstaller.exe
3996	Artic X Roblox Exploit V1.0.3C_37952599.exe
4420	setup37952599.exe
1768	setup37952599.exe
320	OfferInstaller.exe
968	Artic X Roblox Exploit V1.0.3C_37952599.exe
2544	Artic X Roblox Exploit V1.0.3C_37952599.exe
372	setup37952599.exe
4976	setup37952599.exe
2080	OfferInstaller.exe
2760	setup37952599.exe

Loads dropped DLL 64 IoCs

pid	Process
4968	setup37952599.exe
4968	setup37952599.exe
4968	setup37952599.exe
4968	setup37952599.exe
4968	setup37952599.exe
4968	setup37952599.exe
4968	setup37952599.exe
4968	setup37952599.exe
4968	setup37952599.exe
4968	setup37952599.exe
4968	setup37952599.exe
4968	setup37952599.exe
4968	setup37952599.exe
4968	setup37952599.exe
4968	setup37952599.exe
4968	setup37952599.exe
4968	setup37952599.exe
4968	setup37952599.exe
4968	setup37952599.exe
4968	setup37952599.exe
4968	setup37952599.exe
4968	setup37952599.exe
4968	setup37952599.exe
4968	setup37952599.exe
4968	setup37952599.exe
4968	setup37952599.exe
4968	setup37952599.exe
4968	setup37952599.exe
4968	setup37952599.exe
4968	setup37952599.exe
4968	setup37952599.exe
4968	setup37952599.exe
4968	setup37952599.exe
4968	setup37952599.exe
4968	setup37952599.exe
4968	setup37952599.exe
4968	setup37952599.exe
4968	setup37952599.exe
4968	setup37952599.exe
1300	setup37952599.exe
1300	setup37952599.exe
1300	setup37952599.exe
1300	setup37952599.exe
1300	setup37952599.exe
1300	setup37952599.exe
1300	setup37952599.exe
1300	setup37952599.exe
1300	setup37952599.exe
1300	setup37952599.exe
1300	setup37952599.exe
1300	setup37952599.exe
1300	setup37952599.exe
1300	setup37952599.exe
1300	setup37952599.exe
1300	setup37952599.exe
1300	setup37952599.exe
1300	setup37952599.exe
1300	setup37952599.exe
1300	setup37952599.exe
1300	setup37952599.exe
1300	setup37952599.exe
1300	setup37952599.exe
1300	setup37952599.exe
1300	setup37952599.exe

Checks for any installed AV software in registry 1 TTPs 32 IoCs

Security Software Discovery

T1518.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\AVAST Software\Avast\Version	setup37952599.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\AVG\AV	setup37952599.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\AVG\AV	setup37952599.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\AVAST Software\Avast\Version	setup37952599.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\AVAST Software\Avast	setup37952599.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\AVG\AV	setup37952599.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\AVG\AV\Dir	setup37952599.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\AVG\AV\Dir	setup37952599.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\AVAST Software\Avast	setup37952599.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\AVG\AV\Dir	setup37952599.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\AVG\AV\Dir	setup37952599.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\AVAST Software\Avast\Version	setup37952599.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\AVG\AV\Dir	setup37952599.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\AVAST Software\Avast\Version	setup37952599.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\AVG\AV\Dir	setup37952599.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\AVAST Software\Avast	setup37952599.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\AVAST Software\Avast	setup37952599.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\AVG\AV\Dir	setup37952599.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\AVG\AV\Dir	setup37952599.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\AVAST Software\Avast	setup37952599.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\AVAST Software\Avast	setup37952599.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\AVG\AV	setup37952599.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\AVAST Software\Avast\Version	setup37952599.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\AVAST Software\Avast	setup37952599.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\AVAST Software\Avast\Version	setup37952599.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\AVG\AV	setup37952599.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\AVAST Software\Avast\Version	setup37952599.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\AVG\AV	setup37952599.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\AVG\AV	setup37952599.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\AVAST Software\Avast\Version	setup37952599.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\AVG\AV	setup37952599.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\AVAST Software\Avast	setup37952599.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
490	discord.com
491	discord.com
492	discord.com

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Delays execution with timeout.exe 10 IoCs

evasion

pid	Process
1420	timeout.exe
4660	timeout.exe
4520	timeout.exe
1960	timeout.exe
1220	timeout.exe
3824	timeout.exe
4936	timeout.exe
1820	timeout.exe
2236	timeout.exe
4072	timeout.exe

Enumerates processes with tasklist 1 TTPs 11 IoCs

Process Discovery

T1057

pid	Process
5088	tasklist.exe
4300	tasklist.exe
4688	tasklist.exe
4992	tasklist.exe
2188	tasklist.exe
5080	tasklist.exe
3044	tasklist.exe
2888	tasklist.exe
3680	tasklist.exe
1296	tasklist.exe
644	tasklist.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies registry class 13 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2547232018-1419253926-3356748848-1000_Classes\Opera GXStable	Artic X Roblox Exploit V1.0.3C_37952599.exe
Key created	\REGISTRY\USER\S-1-5-21-2547232018-1419253926-3356748848-1000_Classes\Opera GXStable	Artic X Roblox Exploit V1.0.3C_37952599.exe
Key created	\REGISTRY\USER\S-1-5-21-2547232018-1419253926-3356748848-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Opera GXStable	Artic X Roblox Exploit V1.0.3C_37952599.exe
Key created	\REGISTRY\USER\S-1-5-21-2547232018-1419253926-3356748848-1000_Classes\Local Settings	Artic X Roblox Exploit V1.0.3C_37952599.exe
Key created	\REGISTRY\USER\S-1-5-21-2547232018-1419253926-3356748848-1000_Classes\Opera GXStable	Artic X Roblox Exploit V1.0.3C_37952599.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Opera GXStable	Artic X Roblox Exploit V1.0.3C_37952599.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Opera GXStable	Artic X Roblox Exploit V1.0.3C_37952599.exe
Key created	\REGISTRY\USER\S-1-5-21-2547232018-1419253926-3356748848-1000_Classes\Local Settings	Artic X Roblox Exploit V1.0.3C_37952599.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Opera GXStable	Artic X Roblox Exploit V1.0.3C_37952599.exe
Key created	\REGISTRY\USER\S-1-5-21-2547232018-1419253926-3356748848-1000_Classes\Local Settings	Artic X Roblox Exploit V1.0.3C_37952599.exe
Key created	\REGISTRY\USER\S-1-5-21-2547232018-1419253926-3356748848-1000_Classes\Opera GXStable	Artic X Roblox Exploit V1.0.3C_37952599.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2547232018-1419253926-3356748848-1000\{720FC676-48EE-42B8-9DF6-92CB526B7250}	msedge.exe

Modifies system certificate store 2 TTPs 3 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8CF427FD790C3AD166068DE81E57EFBB932272D4	setup37952599.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8CF427FD790C3AD166068DE81E57EFBB932272D4\Blob = 0400000001000000100000004be2c99196650cf40e5a9392a00afeb20f0000000100000020000000fde5f2d9ce2026e1e10064c0a468c9f355b90acf85baf5ce6f52d4016837fd94090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b06010505070308530000000100000041000000303f3020060a6086480186fa6c0a010230123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c07f000000010000002c000000302a060a2b0601040182370a030406082b0601050507030506082b0601050507030606082b0601050507030762000000010000002000000043df5774b03e7fef5fe40d931a7bedf1bb2e6b42738c4e6d3841103d3aa7f3390b000000010000001800000045006e00740072007500730074002e006e006500740000001400000001000000140000006a72267ad01eef7de73b6951d46c8d9f901266ab1d0000000100000010000000521b5f4582c1dcaae381b05e37ca2d347e000000010000000800000000c001b39667d6010300000001000000140000008cf427fd790c3ad166068de81e57efbb932272d4190000000100000010000000fa46ce7cbb85cfb4310075313a09ee052000000001000000420400003082043e30820326a00302010202044a538c28300d06092a864886f70d01010b05003081be310b300906035504061302555331163014060355040a130d456e74727573742c20496e632e31283026060355040b131f536565207777772e656e74727573742e6e65742f6c6567616c2d7465726d7331393037060355040b1330286329203230303920456e74727573742c20496e632e202d20666f7220617574686f72697a656420757365206f6e6c793132303006035504031329456e747275737420526f6f742043657274696669636174696f6e20417574686f72697479202d204732301e170d3039303730373137323535345a170d3330313230373137353535345a3081be310b300906035504061302555331163014060355040a130d456e74727573742c20496e632e31283026060355040b131f536565207777772e656e74727573742e6e65742f6c6567616c2d7465726d7331393037060355040b1330286329203230303920456e74727573742c20496e632e202d20666f7220617574686f72697a656420757365206f6e6c793132303006035504031329456e747275737420526f6f742043657274696669636174696f6e20417574686f72697479202d20473230820122300d06092a864886f70d01010105000382010f003082010a0282010100ba84b672db9e0c6be299e93001a776ea32b895411ac9da614e5872cffef68279bf7361060aa527d8b35fd3454e1c72d64e32f2728a0ff78319d06a808000451eb0c7e79abf1257271ca3682f0a87bd6a6b0e5e65f31c77d5d4858d7021b4b332e78ba2d5863902b1b8d247cee4c949c43ba7defb547d57bef0e86ec279b23a0b55e250981632135c2f7856c1c294b3f25ae4279a9f24d7c6ecd09b2582e3ccc2c445c58c977a066b2a119fa90a6e483b6fdbd4111942f78f07bff5535f9c3ef4172ce669ac4e324c6277eab7e8e5bb34bc198bae9c51e7b77eb553b13322e56dcf703c1afae29b67b683f48da5af624c4de058ac64341203f8b68d946324a4710203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604146a72267ad01eef7de73b6951d46c8d9f901266ab300d06092a864886f70d01010b05000382010100799f1d96c6b6793f228d87d3870304606a6b9a2e59897311ac43d1f513ff8d392bc0f2bd4f708ca92fea17c40b549ed41b9698333ca8ad62a20076ab59696e061d7ec4b9448d98af12d461db0a194647f3ebf763c1400540a5d2b7f4b59a36bfa98876880455042b9c877f1a373c7e2da51ad8d4895ecabdac3d6cd86dafd5f3760fcd3b8838229d6c939ac43dbf821b653fa60f5daafce5b215cab5adc6bc3dd084e8ea0672b04d393278bf3e119c0ba49d9a21f3f09b0b3078dbc1dc8743febc639acac5c21cc9c78dff3b125808e6b63dec7a2c4efb8396ce0c3c69875473a473c293ff5110ac155401d8fc05b189a17f74839a49d7dc4e7b8a486f8b45f6	setup37952599.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8CF427FD790C3AD166068DE81E57EFBB932272D4\Blob = 5c000000010000000400000000080000190000000100000010000000fa46ce7cbb85cfb4310075313a09ee050300000001000000140000008cf427fd790c3ad166068de81e57efbb932272d47e000000010000000800000000c001b39667d6011d0000000100000010000000521b5f4582c1dcaae381b05e37ca2d341400000001000000140000006a72267ad01eef7de73b6951d46c8d9f901266ab0b000000010000001800000045006e00740072007500730074002e006e0065007400000062000000010000002000000043df5774b03e7fef5fe40d931a7bedf1bb2e6b42738c4e6d3841103d3aa7f3397f000000010000002c000000302a060a2b0601040182370a030406082b0601050507030506082b0601050507030606082b06010505070307530000000100000041000000303f3020060a6086480186fa6c0a010230123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f0000000100000020000000fde5f2d9ce2026e1e10064c0a468c9f355b90acf85baf5ce6f52d4016837fd940400000001000000100000004be2c99196650cf40e5a9392a00afeb22000000001000000420400003082043e30820326a00302010202044a538c28300d06092a864886f70d01010b05003081be310b300906035504061302555331163014060355040a130d456e74727573742c20496e632e31283026060355040b131f536565207777772e656e74727573742e6e65742f6c6567616c2d7465726d7331393037060355040b1330286329203230303920456e74727573742c20496e632e202d20666f7220617574686f72697a656420757365206f6e6c793132303006035504031329456e747275737420526f6f742043657274696669636174696f6e20417574686f72697479202d204732301e170d3039303730373137323535345a170d3330313230373137353535345a3081be310b300906035504061302555331163014060355040a130d456e74727573742c20496e632e31283026060355040b131f536565207777772e656e74727573742e6e65742f6c6567616c2d7465726d7331393037060355040b1330286329203230303920456e74727573742c20496e632e202d20666f7220617574686f72697a656420757365206f6e6c793132303006035504031329456e747275737420526f6f742043657274696669636174696f6e20417574686f72697479202d20473230820122300d06092a864886f70d01010105000382010f003082010a0282010100ba84b672db9e0c6be299e93001a776ea32b895411ac9da614e5872cffef68279bf7361060aa527d8b35fd3454e1c72d64e32f2728a0ff78319d06a808000451eb0c7e79abf1257271ca3682f0a87bd6a6b0e5e65f31c77d5d4858d7021b4b332e78ba2d5863902b1b8d247cee4c949c43ba7defb547d57bef0e86ec279b23a0b55e250981632135c2f7856c1c294b3f25ae4279a9f24d7c6ecd09b2582e3ccc2c445c58c977a066b2a119fa90a6e483b6fdbd4111942f78f07bff5535f9c3ef4172ce669ac4e324c6277eab7e8e5bb34bc198bae9c51e7b77eb553b13322e56dcf703c1afae29b67b683f48da5af624c4de058ac64341203f8b68d946324a4710203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604146a72267ad01eef7de73b6951d46c8d9f901266ab300d06092a864886f70d01010b05000382010100799f1d96c6b6793f228d87d3870304606a6b9a2e59897311ac43d1f513ff8d392bc0f2bd4f708ca92fea17c40b549ed41b9698333ca8ad62a20076ab59696e061d7ec4b9448d98af12d461db0a194647f3ebf763c1400540a5d2b7f4b59a36bfa98876880455042b9c877f1a373c7e2da51ad8d4895ecabdac3d6cd86dafd5f3760fcd3b8838229d6c939ac43dbf821b653fa60f5daafce5b215cab5adc6bc3dd084e8ea0672b04d393278bf3e119c0ba49d9a21f3f09b0b3078dbc1dc8743febc639acac5c21cc9c78dff3b125808e6b63dec7a2c4efb8396ce0c3c69875473a473c293ff5110ac155401d8fc05b189a17f74839a49d7dc4e7b8a486f8b45f6	setup37952599.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 87829.crdownload:SmartScreen	msedge.exe

Opens file in notepad (likely ransom note) 3 IoCs

ransomware

pid	Process
320	NOTEPAD.EXE
4668	NOTEPAD.EXE
4348	NOTEPAD.EXE

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
1652	msedge.exe
1652	msedge.exe
3696	msedge.exe
3696	msedge.exe
4660	identity_helper.exe
4660	identity_helper.exe
2876	msedge.exe
2876	msedge.exe
2876	msedge.exe
2876	msedge.exe
3480	msedge.exe
3480	msedge.exe
4968	setup37952599.exe
4968	setup37952599.exe
4968	setup37952599.exe
4968	setup37952599.exe
4968	setup37952599.exe
4968	setup37952599.exe
4968	setup37952599.exe
4968	setup37952599.exe
4968	setup37952599.exe
4968	setup37952599.exe
2152	Artic X Roblox Exploit V1.0.3C_37952599.exe
2152	Artic X Roblox Exploit V1.0.3C_37952599.exe
2152	Artic X Roblox Exploit V1.0.3C_37952599.exe
2152	Artic X Roblox Exploit V1.0.3C_37952599.exe
2152	Artic X Roblox Exploit V1.0.3C_37952599.exe
2152	Artic X Roblox Exploit V1.0.3C_37952599.exe
2152	Artic X Roblox Exploit V1.0.3C_37952599.exe
2152	Artic X Roblox Exploit V1.0.3C_37952599.exe
2152	Artic X Roblox Exploit V1.0.3C_37952599.exe
2152	Artic X Roblox Exploit V1.0.3C_37952599.exe
2152	Artic X Roblox Exploit V1.0.3C_37952599.exe
2152	Artic X Roblox Exploit V1.0.3C_37952599.exe
2152	Artic X Roblox Exploit V1.0.3C_37952599.exe
2152	Artic X Roblox Exploit V1.0.3C_37952599.exe
2152	Artic X Roblox Exploit V1.0.3C_37952599.exe
2152	Artic X Roblox Exploit V1.0.3C_37952599.exe
2152	Artic X Roblox Exploit V1.0.3C_37952599.exe
2152	Artic X Roblox Exploit V1.0.3C_37952599.exe
2152	Artic X Roblox Exploit V1.0.3C_37952599.exe
2152	Artic X Roblox Exploit V1.0.3C_37952599.exe
2152	Artic X Roblox Exploit V1.0.3C_37952599.exe
2152	Artic X Roblox Exploit V1.0.3C_37952599.exe
2152	Artic X Roblox Exploit V1.0.3C_37952599.exe
2152	Artic X Roblox Exploit V1.0.3C_37952599.exe
2152	Artic X Roblox Exploit V1.0.3C_37952599.exe
2152	Artic X Roblox Exploit V1.0.3C_37952599.exe
2152	Artic X Roblox Exploit V1.0.3C_37952599.exe
2152	Artic X Roblox Exploit V1.0.3C_37952599.exe
2152	Artic X Roblox Exploit V1.0.3C_37952599.exe
2152	Artic X Roblox Exploit V1.0.3C_37952599.exe
2152	Artic X Roblox Exploit V1.0.3C_37952599.exe
2152	Artic X Roblox Exploit V1.0.3C_37952599.exe
2152	Artic X Roblox Exploit V1.0.3C_37952599.exe
2152	Artic X Roblox Exploit V1.0.3C_37952599.exe
2152	Artic X Roblox Exploit V1.0.3C_37952599.exe
2152	Artic X Roblox Exploit V1.0.3C_37952599.exe
2152	Artic X Roblox Exploit V1.0.3C_37952599.exe
2152	Artic X Roblox Exploit V1.0.3C_37952599.exe
4968	setup37952599.exe
4968	setup37952599.exe
4968	setup37952599.exe
4968	setup37952599.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1404	OpenWith.exe

Suspicious behavior: LoadsDriver 6 IoCs

pid	Process
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
660	Process not Found

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 60 IoCs

pid	Process
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe

Suspicious use of AdjustPrivilegeToken 20 IoCs

description	pid	Process
Token: SeDebugPrivilege	4968	setup37952599.exe
Token: SeDebugPrivilege	3400	OfferInstaller.exe
Token: SeDebugPrivilege	5088	tasklist.exe
Token: SeDebugPrivilege	3044	tasklist.exe
Token: SeDebugPrivilege	2888	tasklist.exe
Token: SeDebugPrivilege	4420	setup37952599.exe
Token: SeDebugPrivilege	320	OfferInstaller.exe
Token: SeDebugPrivilege	4300	tasklist.exe
Token: SeDebugPrivilege	4688	tasklist.exe
Token: SeDebugPrivilege	4992	tasklist.exe
Token: SeDebugPrivilege	3680	tasklist.exe
Token: SeDebugPrivilege	372	setup37952599.exe
Token: SeDebugPrivilege	2080	OfferInstaller.exe
Token: SeDebugPrivilege	1296	tasklist.exe
Token: SeDebugPrivilege	2760	setup37952599.exe
Token: SeDebugPrivilege	644	tasklist.exe
Token: SeDebugPrivilege	2188	tasklist.exe
Token: SeDebugPrivilege	5080	tasklist.exe
Token: 33	3200	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3200	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe
3696	msedge.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2152	Artic X Roblox Exploit V1.0.3C_37952599.exe
2152	Artic X Roblox Exploit V1.0.3C_37952599.exe
2152	Artic X Roblox Exploit V1.0.3C_37952599.exe
4968	setup37952599.exe
3996	Artic X Roblox Exploit V1.0.3C_37952599.exe
3996	Artic X Roblox Exploit V1.0.3C_37952599.exe
4420	setup37952599.exe
3996	Artic X Roblox Exploit V1.0.3C_37952599.exe
968	Artic X Roblox Exploit V1.0.3C_37952599.exe
968	Artic X Roblox Exploit V1.0.3C_37952599.exe
2544	Artic X Roblox Exploit V1.0.3C_37952599.exe
2544	Artic X Roblox Exploit V1.0.3C_37952599.exe
372	setup37952599.exe
2544	Artic X Roblox Exploit V1.0.3C_37952599.exe
2760	setup37952599.exe
968	Artic X Roblox Exploit V1.0.3C_37952599.exe
1404	OpenWith.exe
1404	OpenWith.exe
1404	OpenWith.exe
1404	OpenWith.exe
1404	OpenWith.exe
1404	OpenWith.exe
1404	OpenWith.exe
1404	OpenWith.exe
1404	OpenWith.exe
1404	OpenWith.exe
1404	OpenWith.exe
1404	OpenWith.exe
1404	OpenWith.exe
1404	OpenWith.exe
1404	OpenWith.exe
1404	OpenWith.exe
1404	OpenWith.exe
1404	OpenWith.exe
1404	OpenWith.exe
1404	OpenWith.exe
1404	OpenWith.exe
1404	OpenWith.exe
1404	OpenWith.exe
1404	OpenWith.exe
1404	OpenWith.exe
1404	OpenWith.exe
1404	OpenWith.exe
1404	OpenWith.exe
1404	OpenWith.exe
1404	OpenWith.exe
1404	OpenWith.exe
1404	OpenWith.exe
1404	OpenWith.exe
1404	OpenWith.exe
1404	OpenWith.exe
1404	OpenWith.exe
1404	OpenWith.exe
1404	OpenWith.exe
1404	OpenWith.exe
1404	OpenWith.exe
1404	OpenWith.exe
1404	OpenWith.exe
1404	OpenWith.exe
1404	OpenWith.exe
1404	OpenWith.exe
1404	OpenWith.exe
1404	OpenWith.exe
1404	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3696 wrote to memory of 4396	3696	msedge.exe	82
PID 3696 wrote to memory of 4396	3696	msedge.exe	82
PID 3696 wrote to memory of 2244	3696	msedge.exe	84
PID 3696 wrote to memory of 2244	3696	msedge.exe	84
PID 3696 wrote to memory of 2244	3696	msedge.exe	84
PID 3696 wrote to memory of 2244	3696	msedge.exe	84
PID 3696 wrote to memory of 2244	3696	msedge.exe	84
PID 3696 wrote to memory of 2244	3696	msedge.exe	84
PID 3696 wrote to memory of 2244	3696	msedge.exe	84
PID 3696 wrote to memory of 2244	3696	msedge.exe	84
PID 3696 wrote to memory of 2244	3696	msedge.exe	84
PID 3696 wrote to memory of 2244	3696	msedge.exe	84
PID 3696 wrote to memory of 2244	3696	msedge.exe	84
PID 3696 wrote to memory of 2244	3696	msedge.exe	84
PID 3696 wrote to memory of 2244	3696	msedge.exe	84
PID 3696 wrote to memory of 2244	3696	msedge.exe	84
PID 3696 wrote to memory of 2244	3696	msedge.exe	84
PID 3696 wrote to memory of 2244	3696	msedge.exe	84
PID 3696 wrote to memory of 2244	3696	msedge.exe	84
PID 3696 wrote to memory of 2244	3696	msedge.exe	84
PID 3696 wrote to memory of 2244	3696	msedge.exe	84
PID 3696 wrote to memory of 2244	3696	msedge.exe	84
PID 3696 wrote to memory of 2244	3696	msedge.exe	84
PID 3696 wrote to memory of 2244	3696	msedge.exe	84
PID 3696 wrote to memory of 2244	3696	msedge.exe	84
PID 3696 wrote to memory of 2244	3696	msedge.exe	84
PID 3696 wrote to memory of 2244	3696	msedge.exe	84
PID 3696 wrote to memory of 2244	3696	msedge.exe	84
PID 3696 wrote to memory of 2244	3696	msedge.exe	84
PID 3696 wrote to memory of 2244	3696	msedge.exe	84
PID 3696 wrote to memory of 2244	3696	msedge.exe	84
PID 3696 wrote to memory of 2244	3696	msedge.exe	84
PID 3696 wrote to memory of 2244	3696	msedge.exe	84
PID 3696 wrote to memory of 2244	3696	msedge.exe	84
PID 3696 wrote to memory of 2244	3696	msedge.exe	84
PID 3696 wrote to memory of 2244	3696	msedge.exe	84
PID 3696 wrote to memory of 2244	3696	msedge.exe	84
PID 3696 wrote to memory of 2244	3696	msedge.exe	84
PID 3696 wrote to memory of 2244	3696	msedge.exe	84
PID 3696 wrote to memory of 2244	3696	msedge.exe	84
PID 3696 wrote to memory of 2244	3696	msedge.exe	84
PID 3696 wrote to memory of 2244	3696	msedge.exe	84
PID 3696 wrote to memory of 1652	3696	msedge.exe	85
PID 3696 wrote to memory of 1652	3696	msedge.exe	85
PID 3696 wrote to memory of 1528	3696	msedge.exe	86
PID 3696 wrote to memory of 1528	3696	msedge.exe	86
PID 3696 wrote to memory of 1528	3696	msedge.exe	86
PID 3696 wrote to memory of 1528	3696	msedge.exe	86
PID 3696 wrote to memory of 1528	3696	msedge.exe	86
PID 3696 wrote to memory of 1528	3696	msedge.exe	86
PID 3696 wrote to memory of 1528	3696	msedge.exe	86
PID 3696 wrote to memory of 1528	3696	msedge.exe	86
PID 3696 wrote to memory of 1528	3696	msedge.exe	86
PID 3696 wrote to memory of 1528	3696	msedge.exe	86
PID 3696 wrote to memory of 1528	3696	msedge.exe	86
PID 3696 wrote to memory of 1528	3696	msedge.exe	86
PID 3696 wrote to memory of 1528	3696	msedge.exe	86
PID 3696 wrote to memory of 1528	3696	msedge.exe	86
PID 3696 wrote to memory of 1528	3696	msedge.exe	86
PID 3696 wrote to memory of 1528	3696	msedge.exe	86
PID 3696 wrote to memory of 1528	3696	msedge.exe	86
PID 3696 wrote to memory of 1528	3696	msedge.exe	86
PID 3696 wrote to memory of 1528	3696	msedge.exe	86
PID 3696 wrote to memory of 1528	3696	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqbmJ6bXA5RVpRSWFKUmwwNDcybF8tRklmY0lzZ3xBQ3Jtc0ttWXRncm81Z1BzeXpqN1JQYkN6RElrYno0azZEamxfaGpBV3N4YWZxVU1LT1l4alNkX19jLVNNVy1XSXRrdEFlNjF6YVRHWWlvRmRDZzVRb1VyWUlVR21ZQmh0UGxqclFOQ0VRZkhrQlR4YTRSQ3lWWQ&q=https%3A%2F%2Farticexploits.com%2F&v=lMG3ew7s_fg
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff09ff46f8,0x7fff09ff4708,0x7fff09ff4718
  2⤵
  PID:4396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,3285136474932762978,1594866948098456258,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2072 /prefetch:2
  2⤵
  PID:2244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,3285136474932762978,1594866948098456258,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2484 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2060,3285136474932762978,1594866948098456258,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2916 /prefetch:8
  2⤵
  PID:1528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,3285136474932762978,1594866948098456258,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
  2⤵
  PID:1344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,3285136474932762978,1594866948098456258,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
  2⤵
  PID:1976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,3285136474932762978,1594866948098456258,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5064 /prefetch:1
  2⤵
  PID:4992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,3285136474932762978,1594866948098456258,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5548 /prefetch:1
  2⤵
  PID:3892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,3285136474932762978,1594866948098456258,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5528 /prefetch:1
  2⤵
  PID:1540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,3285136474932762978,1594866948098456258,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5592 /prefetch:1
  2⤵
  PID:3400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,3285136474932762978,1594866948098456258,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5964 /prefetch:1
  2⤵
  PID:5072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,3285136474932762978,1594866948098456258,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5648 /prefetch:1
  2⤵
  PID:3212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,3285136474932762978,1594866948098456258,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:1
  2⤵
  PID:3180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,3285136474932762978,1594866948098456258,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6344 /prefetch:1
  2⤵
  PID:5044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,3285136474932762978,1594866948098456258,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6084 /prefetch:1
  2⤵
  PID:4780
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,3285136474932762978,1594866948098456258,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6700 /prefetch:8
  2⤵
  PID:2764
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,3285136474932762978,1594866948098456258,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6700 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,3285136474932762978,1594866948098456258,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5560 /prefetch:1
  2⤵
  PID:1976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,3285136474932762978,1594866948098456258,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5164 /prefetch:1
  2⤵
  PID:4140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,3285136474932762978,1594866948098456258,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5704 /prefetch:1
  2⤵
  PID:4340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,3285136474932762978,1594866948098456258,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6604 /prefetch:1
  2⤵
  PID:1724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,3285136474932762978,1594866948098456258,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5912 /prefetch:1
  2⤵
  PID:3372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,3285136474932762978,1594866948098456258,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5832 /prefetch:1
  2⤵
  PID:2404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,3285136474932762978,1594866948098456258,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6280 /prefetch:1
  2⤵
  PID:4792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,3285136474932762978,1594866948098456258,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5844 /prefetch:1
  2⤵
  PID:2952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,3285136474932762978,1594866948098456258,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5872 /prefetch:1
  2⤵
  PID:220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,3285136474932762978,1594866948098456258,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5280 /prefetch:1
  2⤵
  PID:3284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,3285136474932762978,1594866948098456258,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5552 /prefetch:1
  2⤵
  PID:4152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,3285136474932762978,1594866948098456258,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6228 /prefetch:1
  2⤵
  PID:4648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,3285136474932762978,1594866948098456258,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6020 /prefetch:1
  2⤵
  PID:4436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,3285136474932762978,1594866948098456258,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5460 /prefetch:1
  2⤵
  PID:3252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,3285136474932762978,1594866948098456258,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5628 /prefetch:1
  2⤵
  PID:4020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,3285136474932762978,1594866948098456258,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5240 /prefetch:1
  2⤵
  PID:1328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,3285136474932762978,1594866948098456258,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1300 /prefetch:1
  2⤵
  PID:4360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,3285136474932762978,1594866948098456258,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5392 /prefetch:1
  2⤵
  PID:4340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,3285136474932762978,1594866948098456258,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3592 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,3285136474932762978,1594866948098456258,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5564 /prefetch:1
  2⤵
  PID:1900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,3285136474932762978,1594866948098456258,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6864 /prefetch:1
  2⤵
  PID:3992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,3285136474932762978,1594866948098456258,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3756 /prefetch:1
  2⤵
  PID:1844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,3285136474932762978,1594866948098456258,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5352 /prefetch:1
  2⤵
  PID:5080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,3285136474932762978,1594866948098456258,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6920 /prefetch:1
  2⤵
  PID:3352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,3285136474932762978,1594866948098456258,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6272 /prefetch:1
  2⤵
  PID:4816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,3285136474932762978,1594866948098456258,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5124 /prefetch:1
  2⤵
  PID:2988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,3285136474932762978,1594866948098456258,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5316 /prefetch:1
  2⤵
  PID:5028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,3285136474932762978,1594866948098456258,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6064 /prefetch:1
  2⤵
  PID:1180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,3285136474932762978,1594866948098456258,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4640 /prefetch:1
  2⤵
  PID:888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,3285136474932762978,1594866948098456258,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6576 /prefetch:1
  2⤵
  PID:2908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,3285136474932762978,1594866948098456258,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4828 /prefetch:1
  2⤵
  PID:5000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,3285136474932762978,1594866948098456258,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6820 /prefetch:1
  2⤵
  PID:3180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,3285136474932762978,1594866948098456258,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5360 /prefetch:1
  2⤵
  PID:972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,3285136474932762978,1594866948098456258,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2512 /prefetch:1
  2⤵
  PID:4424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,3285136474932762978,1594866948098456258,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1712 /prefetch:1
  2⤵
  PID:3196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,3285136474932762978,1594866948098456258,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2496 /prefetch:1
  2⤵
  PID:1300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,3285136474932762978,1594866948098456258,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3580 /prefetch:1
  2⤵
  PID:1216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,3285136474932762978,1594866948098456258,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1064 /prefetch:1
  2⤵
  PID:4228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,3285136474932762978,1594866948098456258,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:1
  2⤵
  PID:3268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2060,3285136474932762978,1594866948098456258,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=2160 /prefetch:8
  2⤵
  PID:1324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,3285136474932762978,1594866948098456258,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6568 /prefetch:1
  2⤵
  PID:3200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2060,3285136474932762978,1594866948098456258,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3760 /prefetch:8
  2⤵
  PID:1060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2060,3285136474932762978,1594866948098456258,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7008 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,3285136474932762978,1594866948098456258,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:1
  2⤵
  PID:3400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,3285136474932762978,1594866948098456258,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4800 /prefetch:1
  2⤵
  PID:4332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,3285136474932762978,1594866948098456258,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6552 /prefetch:1
  2⤵
  PID:3076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,3285136474932762978,1594866948098456258,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5496 /prefetch:1
  2⤵
  PID:1444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,3285136474932762978,1594866948098456258,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2224 /prefetch:1
  2⤵
  PID:2576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2060,3285136474932762978,1594866948098456258,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3056 /prefetch:8
  2⤵
  PID:4112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,3285136474932762978,1594866948098456258,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5832 /prefetch:1
  2⤵
  PID:4944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,3285136474932762978,1594866948098456258,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5300 /prefetch:1
  2⤵
  PID:5000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,3285136474932762978,1594866948098456258,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6552 /prefetch:1
  2⤵
  PID:1116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2060,3285136474932762978,1594866948098456258,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6996 /prefetch:8
  2⤵
  PID:3240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,3285136474932762978,1594866948098456258,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3772 /prefetch:1
  2⤵
  PID:2080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2060,3285136474932762978,1594866948098456258,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5668 /prefetch:8
  2⤵
  - Modifies registry class
  PID:1836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,3285136474932762978,1594866948098456258,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3620 /prefetch:1
  2⤵
  PID:3356

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2184

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2612

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3280

C:\Users\Admin\Downloads\Artic X Roblox Exploit V1.0.3C_37952599.exe
"C:\Users\Admin\Downloads\Artic X Roblox Exploit V1.0.3C_37952599.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:2152
- C:\Users\Admin\AppData\Local\setup37952599.exe
  C:\Users\Admin\AppData\Local\setup37952599.exe hhwnd=328190 hreturntoinstaller hextras=id:964bc9f9d4b9a45-US-48CL0
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks for any installed AV software in registry
  - Modifies system certificate store
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  PID:4968
- - C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\OfferInstaller.exe
    "C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\OfferInstaller.exe"
    3⤵
    - Executes dropped EXE
    - Suspicious use of AdjustPrivilegeToken
    PID:3400
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\H2OCleanup.bat""
      4⤵
      PID:4208
    - - C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /FI "PID eq 3400" /fo csv
        5⤵
        Enumerates processes with tasklist
        Suspicious use of AdjustPrivilegeToken
        
        PID:3044
    - - C:\Windows\SysWOW64\find.exe
        
        find /I "3400"
        5⤵
        
        PID:2052
    - - C:\Windows\SysWOW64\timeout.exe
        
        timeout 1
        5⤵
        Delays execution with timeout.exe
        
        PID:1820
    - - C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /FI "PID eq 3400" /fo csv
        5⤵
        Enumerates processes with tasklist
        Suspicious use of AdjustPrivilegeToken
        
        PID:2888
    - - C:\Windows\SysWOW64\find.exe
        
        find /I "3400"
        5⤵
        
        PID:4736
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\H2OCleanup.bat""
    3⤵
    PID:2308
  - - C:\Windows\SysWOW64\tasklist.exe
      tasklist /FI "PID eq 4968" /fo csv
      4⤵
      Enumerates processes with tasklist
      Suspicious use of AdjustPrivilegeToken
      PID:5088
  - - C:\Windows\SysWOW64\find.exe
      find /I "4968"
      4⤵
      PID:4176
  - - C:\Windows\SysWOW64\timeout.exe
      timeout 5
      4⤵
      Delays execution with timeout.exe
      PID:1420
- C:\Users\Admin\AppData\Local\setup37952599.exe
  C:\Users\Admin\AppData\Local\setup37952599.exe hready
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:1300
- C:\Windows\SysWOW64\NOTEPAD.EXE
  "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\link.txt
  2⤵
  - Opens file in notepad (likely ransom note)
  PID:320

C:\Users\Admin\Downloads\Artic X Roblox Exploit V1.0.3C_37952599.exe
"C:\Users\Admin\Downloads\Artic X Roblox Exploit V1.0.3C_37952599.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3996
- C:\Users\Admin\AppData\Local\setup37952599.exe
  C:\Users\Admin\AppData\Local\setup37952599.exe hhwnd=459276 hreturntoinstaller hextras=id:964bc9f9d4b9a45-US-48CL0
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Checks for any installed AV software in registry
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  PID:4420
- - C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\OfferInstaller.exe
    "C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\OfferInstaller.exe"
    3⤵
    - Executes dropped EXE
    - Suspicious use of AdjustPrivilegeToken
    PID:320
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\H2OCleanup.bat""
      4⤵
      PID:684
    - - C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /FI "PID eq 320" /fo csv
        5⤵
        Enumerates processes with tasklist
        Suspicious use of AdjustPrivilegeToken
        
        PID:4688
    - - C:\Windows\SysWOW64\find.exe
        
        find /I "320"
        5⤵
        
        PID:5112
    - - C:\Windows\SysWOW64\timeout.exe
        
        timeout 1
        5⤵
        Delays execution with timeout.exe
        
        PID:4520
    - - C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /FI "PID eq 320" /fo csv
        5⤵
        Enumerates processes with tasklist
        Suspicious use of AdjustPrivilegeToken
        
        PID:4992
    - - C:\Windows\SysWOW64\find.exe
        
        find /I "320"
        5⤵
        
        PID:4108
    - - C:\Windows\SysWOW64\timeout.exe
        
        timeout 1
        5⤵
        Delays execution with timeout.exe
        
        PID:2236
    - - C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /FI "PID eq 320" /fo csv
        5⤵
        Enumerates processes with tasklist
        Suspicious use of AdjustPrivilegeToken
        
        PID:3680
    - - C:\Windows\SysWOW64\find.exe
        
        find /I "320"
        5⤵
        
        PID:1604
    - - C:\Windows\SysWOW64\timeout.exe
        
        timeout 5
        5⤵
        Delays execution with timeout.exe
        
        PID:1960
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\H2OCleanup.bat""
    3⤵
    PID:2764
  - - C:\Windows\SysWOW64\tasklist.exe
      tasklist /FI "PID eq 4420" /fo csv
      4⤵
      Enumerates processes with tasklist
      Suspicious use of AdjustPrivilegeToken
      PID:4300
  - - C:\Windows\SysWOW64\find.exe
      find /I "4420"
      4⤵
      PID:3272
  - - C:\Windows\SysWOW64\timeout.exe
      timeout 5
      4⤵
      Delays execution with timeout.exe
      PID:4660
- C:\Users\Admin\AppData\Local\setup37952599.exe
  C:\Users\Admin\AppData\Local\setup37952599.exe hready
  2⤵
  - Executes dropped EXE
  PID:1768
- C:\Windows\SysWOW64\NOTEPAD.EXE
  "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\link.txt
  2⤵
  - Opens file in notepad (likely ransom note)
  PID:4668

C:\Users\Admin\Downloads\Artic X Roblox Exploit V1.0.3C_37952599.exe
"C:\Users\Admin\Downloads\Artic X Roblox Exploit V1.0.3C_37952599.exe"
1⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:968
- C:\Users\Admin\AppData\Local\setup37952599.exe
  C:\Users\Admin\AppData\Local\setup37952599.exe hhwnd=524774 hreturntoinstaller hextras=id:--48CL0
  2⤵
  - Executes dropped EXE
  - Checks for any installed AV software in registry
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  PID:2760

C:\Users\Admin\Downloads\Artic X Roblox Exploit V1.0.3C_37952599.exe
"C:\Users\Admin\Downloads\Artic X Roblox Exploit V1.0.3C_37952599.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2544
- C:\Users\Admin\AppData\Local\setup37952599.exe
  C:\Users\Admin\AppData\Local\setup37952599.exe hhwnd=655938 hreturntoinstaller hextras=id:964bc9f9d4b9a45-US-48CL0
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Checks for any installed AV software in registry
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  PID:372
- - C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\OfferInstaller.exe
    "C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\OfferInstaller.exe"
    3⤵
    - Executes dropped EXE
    - Suspicious use of AdjustPrivilegeToken
    PID:2080
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\H2OCleanup.bat""
      4⤵
      PID:5104
    - - C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /FI "PID eq 2080" /fo csv
        5⤵
        Enumerates processes with tasklist
        Suspicious use of AdjustPrivilegeToken
        
        PID:644
    - - C:\Windows\SysWOW64\find.exe
        
        find /I "2080"
        5⤵
        
        PID:2816
    - - C:\Windows\SysWOW64\timeout.exe
        
        timeout 1
        5⤵
        Delays execution with timeout.exe
        
        PID:3824
    - - C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /FI "PID eq 2080" /fo csv
        5⤵
        Enumerates processes with tasklist
        Suspicious use of AdjustPrivilegeToken
        
        PID:2188
    - - C:\Windows\SysWOW64\find.exe
        
        find /I "2080"
        5⤵
        
        PID:768
    - - C:\Windows\SysWOW64\timeout.exe
        
        timeout 1
        5⤵
        Delays execution with timeout.exe
        
        PID:4072
    - - C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /FI "PID eq 2080" /fo csv
        5⤵
        Enumerates processes with tasklist
        Suspicious use of AdjustPrivilegeToken
        
        PID:5080
    - - C:\Windows\SysWOW64\find.exe
        
        find /I "2080"
        5⤵
        
        PID:440
    - - C:\Windows\SysWOW64\timeout.exe
        
        timeout 5
        5⤵
        Delays execution with timeout.exe
        
        PID:4936
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\H2OCleanup.bat""
    3⤵
    PID:1492
  - - C:\Windows\SysWOW64\tasklist.exe
      tasklist /FI "PID eq 372" /fo csv
      4⤵
      Enumerates processes with tasklist
      Suspicious use of AdjustPrivilegeToken
      PID:1296
  - - C:\Windows\SysWOW64\find.exe
      find /I "372"
      4⤵
      PID:1276
  - - C:\Windows\SysWOW64\timeout.exe
      timeout 5
      4⤵
      Delays execution with timeout.exe
      PID:1220
- C:\Users\Admin\AppData\Local\setup37952599.exe
  C:\Users\Admin\AppData\Local\setup37952599.exe hready
  2⤵
  - Executes dropped EXE
  PID:4976
- C:\Windows\SysWOW64\NOTEPAD.EXE
  "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\link.txt
  2⤵
  - Opens file in notepad (likely ransom note)
  PID:4348

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1404

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x154 0x4ec
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3200

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Process Discovery

T1057

Query Registry

T1012

Software Discovery

T1518

Security Software Discovery

T1518.001

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\DT001\setup37952599.exe_Url_ggr3fhi4rj5j4xr4mailyssdanw3nngn\2.0.5.6649\uvjrrjw0.newcfg

Filesize
798B

MD5
f3da41e2f01ec12a28efa662df2fa963

SHA1
9760227f497132829ec34fffec6184969043bba1

SHA256
a4544f806b5637e45e2e702c7997d0b6a52b805670a72aac518d189c3004d1c2

SHA512
ae4f56f93a2386abe8891ba5ba1cc7de166a28c6a2f3913870bed2926ac43469bbbf0b4b18acf2fce7c7f120056e36b3777aabbdf9715cc12d2159403e392e59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f0f818d52a59eb6cf9c4dd2a1c844df9

SHA1
26afc4b28c0287274624690bd5bd4786cfe11d16

SHA256
58c0beea55fecbeded2d2c593473149214df818be1e4e4a28c97171dc8179d61

SHA512
7e8a1d3a6c8c9b0f1ac497e509e9edbe9e121df1df0147ce4421b8cf526ad238bd146868e177f9ce02e2d8f99cf7bb9ce7db4a582d487bbc921945211a977509

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0331fa75ac7846bafcf885ea76d47447

SHA1
5a141ffda430e091153fefc4aa36317422ba28ae

SHA256
64b4b2e791644fc04f164ecd13b8b9a3e62669896fb7907bf0a072bbeebaf74a

SHA512
f8b960d38d73cf29ce17ea409ef6830cae99d7deafaf2ff59f8347120d81925ff16e38faaa0f7f4c39936472d05d1d131df2a8a383351f138c38afb21c1a60e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
51KB

MD5
af4f2229dfb5e3002179b08b4ac53c12

SHA1
c4423af45b807203d0c46538705d109844f24351

SHA256
e797f4085c16f65a52478b54211fbbd6d910937b22d4233ef1fce53a1e09f0a7

SHA512
7e140e31bfd7224f3467cbe769677b63af5aafd513cfc211c75ce98f3a14b9734cd68095b10c4edfe3ad9c2ae623baf7ccace32da73df4aff867722291df9483

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
106KB

MD5
97c7dfc9bc804174ec12e037d95ce9b6

SHA1
5677d01177f6168f87a0bc311fa38c139640ade1

SHA256
5d80fc2130292550a71f03cd80e97fd97dd7ff951b0c6e55d575b968b2b4d5f9

SHA512
b57031ed93565da425dc31c01b5133eebd8aaee7d72641cc38279bbf3d1410e446f95e5845fbcd2779c53a4f1a04cb9d63ff37f6de1d94619c258cd7fb95aabc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
20KB

MD5
da6c261bbb35e0ab03c5802e6906dde4

SHA1
598b7d3899f57f065a4bfde3241d58c4b1222527

SHA256
fc1072d596c8e9d74d964e10f2e684524f93069a11555213a87e0443c6b0ff22

SHA512
c3dadfcfc26eb1e6c398eac11f1ef4b0d09b2b8dee15320e1a06f06d8a1f148974ab69ab7d37f208b432f0cd7e96c59c2b469c59fbf40b36b9806e7241618460

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
143KB

MD5
9d503d9c597154fac3105c7809236b47

SHA1
a9fac2ab3a1db5b9cabe89e2b18a2055613d2bcd

SHA256
8fec559c11ab8dfa89605c1fb92c3922acd8538b708efe0c3f8a30483dd58625

SHA512
1b99447107bfa39cac1b68ddf34996cdf050dad0335a93c0f99c900566a601cc3cd64659d2954732a9ea84bdfe2f9d9d4fe769fe665b0e4e3c2ff958bc7888c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
32KB

MD5
057478083c1d55ea0c2182b24f6dd72f

SHA1
caf557cd276a76992084efc4c8857b66791a6b7f

SHA256
bb2f90081933c0f2475883ca2c5cfee94e96d7314a09433fffc42e37f4cffd3b

SHA512
98ff4416db333e5a5a8f8f299c393dd1a50f574a2c1c601a0724a8ea7fb652f6ec0ba2267390327185ebea55f5c5049ab486d88b4c5fc1585a6a975238507a15

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
17KB

MD5
1880eff5cb064f7a8f11b64b8c708fb0

SHA1
b936621f1e377ab002990a11a7ad6333b8d98bed

SHA256
9c142443e43f2c1a7f3c7b165b4d44f35799485c63845ab60c6d161b1c4d4fa1

SHA512
215fb68e3ce2abe3eb967bc35bf8d6ea6ab18895a9a5c773df8b09b5de480a6a200b333baf93ee06e9c0e01190fc1004206b3f2b839e965873a83b2436ee304e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
26KB

MD5
a9645ee97b75414399903bbdebdbce11

SHA1
c73a6871ca0c80c271f81cc9cd937d640ce1256f

SHA256
afef04b3f74bb12a1bdf7a11a0d2a5f538c94c15976317619f7540efbc9202e1

SHA512
4677a1e4f6448bb0208d9bd1683c222d2cf29da7ed3f36f259139d9fba565b80f9159aa9b87b76387326ca4df70ac5342f494cdf0a0a0fff1fd692aafd62796a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

Filesize
19KB

MD5
3ffbd1e963d6dcce5ddad8916f3d0fd4

SHA1
f9eed0613dc30a8822bdb897914315f5a0e949e6

SHA256
f603aed80eb6a8d8568689c4c735b73eac658e5a402f7d8840bc5fdaeeff9f73

SHA512
f0dba2780a4994a38a400b577229c7dac71e8c175c4c6d73bcd750086b4e45e2f13a1ba43ca139da2998c7fa1d0d8bf39ebfea83b31441aa6ed1df70e8498bf9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

Filesize
26KB

MD5
b51f9d778be466703e73aceee13d836d

SHA1
cc5cd9dd2b48712dcf90f14a1ff19d729c43e378

SHA256
f1e36d8f99614eef048fe3cb4275f3234536bff3e3b1b8f763f14a8a0cadab45

SHA512
381681bd3a3624e955b6db012fac9a27eb28d816a0fb1f2c460983506feddce13aa9d59df2cf6d0f0ad44eeaa3c5fbe2d72f638b47dfe92b16c7b568cd2bdbbe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001c

Filesize
107KB

MD5
386581ac25fb5fe1e1b8817701b54c8f

SHA1
a4864cf0ae763bb303e67bac74576afc073afb14

SHA256
e7f892cbb8baebcf18ac46d7ed788bdc7ab1f8a51f383388d84d88f88f77c2c0

SHA512
e1187417fdaad370b6710835eb007d3429d2c61889793b47e0ae3d6a9c814c343d83ff388061a791fd6ae770451845af26b8327009ac3ee35cd482ff65ccb708

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d

Filesize
107KB

MD5
5d4967e41a15a7ddd1c227e81c552df8

SHA1
9c6092d3be8ff19eaff0a1eadd8db147f83a4969

SHA256
9912bf2d8e704e1fb2b09e1e14aad3f57c1fd63103a82ef802ba266533dea85f

SHA512
ea3e590f7accf44b1f4cc986176fa62dad05a0e60ce14ed8b9adcd73ff41b61ab43a446f8145ad6bcc4beb83d68c79ffdcd99e7716fee15643cb39bfa4910732

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001e

Filesize
204KB

MD5
a9bee966fd4edf7bf6aaa5ed73cbd061

SHA1
cb9960db5b5223577771224748e202e3e5ba0d6c

SHA256
0af83afc486e5d0e4d2ed1f238d757ca9be959603991fe4075f0f1d56e98e557

SHA512
88d1864c22ab69e0fbe356f0c63ab2a6929fd8d656bd82eb63abd8312748ed8bbeddf44b5dbb9c7f3008861f8db65594dcb2fbd88d1813c5d7c68e8e9b40c36c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002e

Filesize
22KB

MD5
6b37e64711753b8be597defcb0d7fcdf

SHA1
98cf032d3b3cce17b823a67c33222b07bedddabb

SHA256
163a2bcb1ce31464673eb8b94c02776e08972ec1a157452b06fed48a2e30900c

SHA512
9fe401708c54503141103b94740ee73099dc22512e243c59191438a05ae8e571cc2ad581a0dd05082d714f50601254bbd89b4e0453a2d4579af7ba08d1301287

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0eb835f2aa3d8a03_0

Filesize
401B

MD5
eced5e6e39c2e17dd4f52e53cd1f21d5

SHA1
1c8f98096cd0702517624c7803801eabe8cdafc2

SHA256
1ecd435339b9aaab7219eee05aa90c606b3e6c462d16ce8b54ab8311c84d8037

SHA512
aa075e98e9c8537d4bbd7185154621b7ef0688f103ca66947c8962d3379f797bcc181220b90e865084098b8c7b2d3ef01551ccfad3297481d4402b14683c49c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\13b8484fb126862c_0

Filesize
52KB

MD5
c33376e0bde4cf670827c78269493b9d

SHA1
90fc4dbf6ffce5b2c050291c9f860cbf77082c4f

SHA256
590bf19058bd9c857a2c25192b551b71fc705198a33a475e2b5822c37df5acdc

SHA512
e5e646ed4b4c3de415887558b11943a2f7f1dca19f17ac5b7fd459a64825195a501e1d4a09765b9a96500722412d6135ee534e9ebfc94ed04be4da45fe97dcbc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\1fe7c421b6e7fdb3_0

Filesize
27KB

MD5
c23bf79102a4ac2bbd43fd189ea5d966

SHA1
5adf18355b516607b76319928429fce88c5203f1

SHA256
349c68f6e1e5c43a1e69c9d69a5edaf121ec1ebbd6e17471e760418e3b463cf1

SHA512
f3eb10759845909ef62385c6459ad6247ce56d1653a8afb83e64fcba28d68978a4757ad1f4626dafeb0915c2aa6f0849ad600bc4ecba27101593f26f949c9a65

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\2de7c989a58bf298_0

Filesize
241B

MD5
be4b3075c5251c182d335ff807629142

SHA1
eb77bd077195c425429c82aff04ba0a74e88ee5f

SHA256
12a9744702ec42d3c88b3d5aabc4bb1943b467edea52e3d30b2bf1e3b7a8ee81

SHA512
02b46215e06ffbd54c54f0434031fdb30955bd414be7ace225337fe402fc5d0807816fe6956951d5192992653d649a63fc13cc7432787b88021400aa00d264d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\35b90e5a3820726f_0

Filesize
254B

MD5
afaf97d36acc8a5147e9baa674c29d00

SHA1
f552002d78f039661ab0a2b208637c6443743205

SHA256
704ba442348f4160807845734152e65c8b32664a320bc6f3ca26c5d732eeb4fa

SHA512
43aba2238662c3ba5870b368d212d06835d6d527b01d54155dd6af876ec742cfae36346bc187c57dd4f1cbbecfaa2a45630216fefcea382d2830462e6cefa030

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\615f99abf9471b39_0

Filesize
32KB

MD5
a0e686f3181e4aa1984c7f30865b81fe

SHA1
b7005e82d521181e9f6e79fad92e7e82925471fe

SHA256
eeeb0628236dc5d4b2c9464bf3d4e93ffe116177746f453178278269f5da82e5

SHA512
37bc1c40ac0ec18311c3296c6931cfdf101e3c9877c6675b04bc48d3b7322be59d161ce048d050fc2076adc4e0f3c11400b244b71d082b0e4b5dcde5826502cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\64272101c913c1b6_0

Filesize
236KB

MD5
db530e3a6da748e822389048b6bcd11c

SHA1
a608450e266d84fcc0d5de0e3f9934ab3415cf56

SHA256
81ebad20236500c0696b1dc518c2da9cb4aaa7106e8fadabe58755968968811f

SHA512
3049613b8afa8dbe3e557f10333110394f561ea5f75973b7199829c1e1aeb8fffecd7f63d35f01b846db144af08da9d06cdd27910291e89c874391907a4fc30b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6670e9c778e613c4_0

Filesize
331KB

MD5
b6660a06c8853c0804baa489ed7cae1f

SHA1
e69fcd1cf95c024e43f3e6c6e9409fc2e4a926dd

SHA256
e5cf2906a2feaa11dd5e09b5b8a756682e9435b12af388ce7a732f3731d6c189

SHA512
a1bd0cc818f40ed3f40f85bfd46ced2e673d4e5d8ae5fbb421cc4c2fe00f2042b7521be5d74ac53f92297d2a53668ba9f334a89028c4820faf77643352ea45dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6e0d0d7c92f7fbe4_0

Filesize
207KB

MD5
f5bd81894a42ebf19a9e269961ff7cd9

SHA1
bdc176efbae98565fe1e0f016a8c092ac10d1862

SHA256
8a57e2dce685de2585a0005773c96aca76a11b9179f276b1452a15f2ae49bab5

SHA512
74a357ca6dba1513d2216b14daefc4d710d3263b1c34795ee8a4cb75e1f9ffdff562cdad8a2091ca12c7ed0ee459a8ce2f0e2166e698008aa70c0ff19e2cf6d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8a875fd26a5c8dda_0

Filesize
305B

MD5
4570c7d004692a0fe0ba8c02f0336818

SHA1
bd699b8e969a8aae3d6be4d1deb8bb8371707b4e

SHA256
4eeb96b82b0850b1fc67fbdf8620008dedf33ec5e1bac76ac8463c1f145e6f3b

SHA512
8fd9b31b80957caa40468065fa06058ce1a28370593d04ccd5dc803a71ecd6c36707f9e90b49dd061f39211285512d80e87a86a2786253d9f14646e440ec56c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c889295558a6f229_0

Filesize
454KB

MD5
6b701420d351f19da6ff992fcab318ec

SHA1
830d59a2240d38bcb852941dc7c1e71d0472ba8f

SHA256
c84cba2056e57e16fdc7e8352635e911fbc5a4f85a02df177f8f00d52e1546f0

SHA512
b3a2e090779c05877f1bd38e8a0a509138ea2d0da5c64e3845f4b06cf61b889b97563f356d89f30a72f44d767907fcc31851cc217bbacfd985974f4b334d10f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c924cf904ccc9f2a_0

Filesize
485KB

MD5
d28d50c8c63870f252485a19f1912a98

SHA1
bb279aa5a1cb1ba1b7906aa0173e84d3e03aa743

SHA256
102a5f580ee8cb235462a2b73f8d8749c757ff9779c7d56db8d9105e07570b14

SHA512
98c440eb85e3c94dfb67eef762a51f4df0c94b78e0b4b1e2e08d258356ff091ef84f522f004e24a7f8816da77cdab604bb9551a09de8491a2f2c39dce93abcba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d43b4462f06eebe8_0

Filesize
268B

MD5
12086d7b0fe342cc52ce1fad1948aa18

SHA1
ebde4f7c2c1051603d7e1ecb1acc74dd0b9c1185

SHA256
e09be97faa62d4662153afed727ad6bf4c594717aed286cb10ffab6253ef78c7

SHA512
d4d3623530fcddbc2d2cec7afdfbc2cdcbf207813e97acc8a79bd864e833098351f165535f93ff4acf59c3e97b9c4d6469f70940f93682c58b0f513800b63712

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
840B

MD5
bcdeb1002769b8737544b1f22c060464

SHA1
e0a183583f757e95c8d10cb8ad160cff4e15b48b

SHA256
bf213e2a46e073f8c04d9b5fc947e8f303799f40fddef956dcdcd4a97b471d48

SHA512
517988713c2396da7b012bddfb8fe9067eab237e4c3bfced2401dfd4f91b21acd5e40f7c1c4d7da0c7e21e0b94514bc87bf73017f9e0d9522c736fd96516444d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
672B

MD5
e12c1b25a428f2917ff135171260be9f

SHA1
007705bc23eb05cb54f11ec6f280a758193a79b2

SHA256
0f8aa8e9f2beb775ec2be8cbf2523eee451b2a423e4b0dc90107d33268d31374

SHA512
4cd9d3cc3ac594cbac1a26035fe987909213bd335045b057e1d741ffdc17ef9e5fb4c7660c25fe53f03e3f9380cf6ebfb8bf3314efe54380844a1be16e3492b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
672B

MD5
b73de1a17f27f914e40943e101773e66

SHA1
f73a370711f5e614499fae1c107e554df6aed371

SHA256
f593c955ae3f86c0684b9f04256a2a742f599f58139bb163a6d661e559bac527

SHA512
601a9fd1313600915b0da9667ac65ff809de88c900a780f193d20362ed9274457dbf803b5b3fda863b1cb344c71e8f97e85820cfbc79a91b4bca2c78e1a2e8ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
672B

MD5
e69279943f5dc0181bb1bb4b35062201

SHA1
442e6fea36799d8155cb62927c763311a4ef14b2

SHA256
c3c738a5def0f9fa04ac591d012f72917090afadce12fc85bf7f6d6e0d952a77

SHA512
7c0a0b09d9dbd369f7a1561d98593bffbbd4c16cdb21e7fda14523610277411fbf4a7d1de598434627b4bff012135760879c12b4146484adadf4e100f6824eff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_articexploits.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\JumpListIconsRecentClosed\1c1d7dfc-b017-4e4b-8b28-2d9cea872738.tmp

Filesize
25KB

MD5
00c43abffa8e09abc98026c4849760a9

SHA1
c614b537ebc5b1f9b4b6de6d32566d50acbdc9df

SHA256
1b2895003ae91061e36d4e9d2dd1c297d8b1208b67ae887aeaa8b7a8cec22b7d

SHA512
dc0452aad9c8884237fcc8aac44aef4ed7473d1d43d205df59a492b876cf6994ae1e25321706a4b9a3bc8d4893f24b75aef0295eba926d60b183c2c855bd36e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
241df1bb22e9fb54abcee452f16d1719

SHA1
ef8b68f56324b3539191bdb7095666b780c7fa3c

SHA256
44c0ad713412ba792be54e2eab365c9e8bbf985c816d5ba2ba245139c24996ab

SHA512
e81cabd3f346deb8291b2d34ee110ee797b95a3c2bb4db8792c44c43e6ef3b162b63ac7ca9c41972565b77723bead08497bccc761e9b5d268831323272d34697

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
dfccb22b0f7cfc3d6c8c15f68b486208

SHA1
940ccfc0cfe9838b9eda77fab7481e51e8970ec2

SHA256
6662da3d8784d7c83b374bf716d024e3ba758181fc5cdba94a5118a33c682125

SHA512
a8d49bcc9eb8bb30d17050abe3f7a1ba34ba4cc274be54f883a5678ed5523b04ff96ac0aa01bb15067206a1b74813b459f0fbee6b82126897aafcb1ce9099f97

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
9ad0e006167b5589b780328e1a63fb3f

SHA1
9404db023685c02b62bb85b5ff782a51195e43d3

SHA256
eb6a4084e1580bf17186d8226fcc7bce46b3de7fbfee836179ef3d9b85b27bae

SHA512
c6556b5e953e30cd00f22bea221a4e923c1735016c3d7402edc78518b98e4b1170fa79ebdc54a71ad1becaa4f6639cb253466dc72f3d524512e09580dd423aab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
526296156463e7dd0063bba2620cf630

SHA1
5af363b0b87e5a89faf9286b54fa10b79cfa583c

SHA256
f2f82385e092248280778e62ab6ad4792968b85902be2c66bba69a48929d092c

SHA512
4b8683cc37d001c521d119d297689d0b81a5477fa9a0a7c8824f29a88533416a6355a8e61d38cd7794bebface86f6def7480cfbcef06377f8a7449281b73811c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
469eeedf274d04eb32b8751095f407a1

SHA1
94630068124591dfa682a17bd324d68fbaeaf3ac

SHA256
e181724f9c184676dc07101f5d64ff0e8562037303eaec430c0def4e9dc1223e

SHA512
ac95db09be40c6bb719c822706fab16170b7ffdd1e2e0a54b839125a74423bf3015ad1af8e9d4884e70f0a3b713c75b582930edf95ed6efee0c789eb8bf3a92c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
b37ca0cdb282d66b705485b3299232b1

SHA1
7ffda2b314af328a2012077b46b2c6b572355ad4

SHA256
ceeccfd8bc1b8367cca51ab73192e0c42334d59d35bbd99e4cd64d36b02ecc8d

SHA512
35211a680eb180a3f25a54a5d6e9feb7fd02a09eec38479a65b4130c78a184c72299717c32abd387cda8fe2c35f2d0a98f0bdb38ca801b29446bf54cc4325880

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Platform Notifications\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
647e78835b766f056368280c0060595d

SHA1
0626e5e7804738089b98dc24fc05c07293aa5c33

SHA256
9792768935234c466be2b700d2443cda39bafe219c31e7cbd09ee1ff4c2cb619

SHA512
88b0a74c7e55574dd331998e98525a0d8fa5d86e1a72d45d47ef5925810ffaba9251ada02e212eb113fdb93e5c10ca06b5dbcc443cb683b0ebccaebe907a25b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a997656a1e982dcee688db3773cd8269

SHA1
0d9eba27e664390a4a2242c6fab3ac30475b4a95

SHA256
a3fab49534baeec9c930738d2f19792e174ba0091c030831c0f658f8d5775369

SHA512
8b2b062fb0c5075dc6d1e0a214bbe77f9362e5efbbdedf05cfbad6918df0b1946dfd80d74cc9fe5d60bbce5ff0db2b48c4f3239f3b1e4a528f4c913d321630d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
71846cf81fff34e640eb31937a531d70

SHA1
468963c160047c624c93a8e3bcc40d5a9bd7d03b

SHA256
a608e651f60e5b266b14f6ce67200c27c4843d51b396722295c24bc6206d2a0e

SHA512
c02c210a6261273bd1b770590696cc8dc0bb9234fac360291a1acbb71a35260f6265381cc1cdb1a2418c60d9ebb53f5e6e5b6b482f3ffe8d814bb6fdbebc65c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
8c0c23dbdb5eecd9d08a870bb67158ee

SHA1
f37003bc89b87579720f4237b7599fd56369d717

SHA256
65506cf11fdc26a8e36747cc7f6bea24b96403299cefc5fa095266efd0af6a26

SHA512
3a78186ae9302cb905c5a2bf80d21d3867fc0cd1b3b9fe9e94bd4cd4d36dcd36aa717b63753014e518a404405389dbc42e7d76abc584463481c460741b326381

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e77c721c2e3400f9fb48e98e145103ed

SHA1
1bb1674a84acb7ad0c514adca86535b093da4523

SHA256
9feff78c9c2131d7891ae774d27c809241b0fd22875fdbaccfc4c046d82b1530

SHA512
4eec81feba647e39fb19d7ec4602ce4536e4df23c2bc3e8664e9a77d537aa8b41c7de5a73c964eadb8675842bfda92a3ab873f317a91f980b076ba7938215630

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
05350ca926733d38aff143615b35ea17

SHA1
e99937094f01043d33a1dd05a83d570fb5af2847

SHA256
22fb6648620e314ce5dcbc48d3049c006719d9afc4286e9d8a1f45a15c2822c6

SHA512
b7775d21c288bfb453e834719aa9ece2ee84a587a15f72b02da19c8d08e7c18c565bc6edee14af511329b0ca5720560aa7ac2dd1a4848ee2fd213db5f7bc6393

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
7e28c04e8bb33c3266ae275eaaa8d0a8

SHA1
142e249614ee55d4e549e084f0d1793b623cb3ab

SHA256
aa05178271b30814056734d088912c492565da01d26bbbe63591b69fd0fad3ec

SHA512
75fe49d9b659ea2b7bea45a49f974009562fd5cb363979905016f11a8517178249dcddaee5c91c08b78bd470dcb75a426920e732b465341b43eb001dd242d404

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
1694d3feac5f98fa9d2c80bb7e39863a

SHA1
b8923fba1bb970b3de94fc80cce7ff7b3400f7b8

SHA256
2f67953873cb00082b35766a600fca51d313d201094458b29c8c734c38039bef

SHA512
6b18886fa9739cf4e4a37f366ddf8f6f9c3e0ef3ab40965119120bf8efbbf04cb1ac227cf36e664773bc1c46f28e4cd43454d99446196057f288d9634ec57c3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
f2638c55c7e0dd95eeb0cb94efceb500

SHA1
3472778f5a01a8840c80b0a7bc654bb654a71672

SHA256
96c4723ff125e0c9d04a81aacc8cff9336616d0eae22b531e1fb87a86de11957

SHA512
783a44ca61e4623baae23a5e525f71a60fac7b4d6a5eeb0fe523bbb8900778e2cab9b8b142b5e5a484136b7a9d97e9fa3548f14d8a84e3782c18f2bb4f9f6119

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
b8425e4dd463c89ea78b39344a6ad749

SHA1
86b6388f08fad42d1cc859d121303db87945dc46

SHA256
b5f0b15694dcaeb1ff61ec082144a2a71674ed6860492f8e364bc4ddc26950b2

SHA512
70f939a42b8bde618388f9c7b6c9a3b86621d61538d11db872e24bd63d9bc481ee61b671f9d577dfdb4df92d9790111f8531d4d98a540402a5ff44a98f0cebf6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
3f3cdf92545e0efc4f1258d72ead5b5b

SHA1
7facdde4fcbd7c033f9fdc4a8df697f444de7956

SHA256
1449c078e8becc9a77ae2b159bf931e23d14c7d0d2bf28b87c9ccf84e0b57526

SHA512
2af529d80c36dca291730a0f5a6bca4c00dbed4d2913b7dd44b3311c0bcecfadbc255ebc17926f6508bab5dec5d80518478b8488d6b5654dea0576d6474a3252

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
a6b4a11916be9b9f7fb4e89fe93f54d2

SHA1
e7e404a37a2c4ee13440a6bbc184181f8ec6cab3

SHA256
3cc37fe614d73e5bd1825226962d7dbfb447f919be8900f4e11691541dffb176

SHA512
4f9f535471ac69618ef6d41ecf6ea4ee3588dc853e26b072c8559db0f67ee1ced64503cfea7b73548bb8ceb56481005b2588dee9aab067464cc12a1009bf0fc3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
08ab5eea5b6d4e80e20295f5c6c5d893

SHA1
cd1c308643555ddff3e3cb74cd823aa838191b69

SHA256
fc9ce2b2b5c1edf2bfc83fc98cb465252b77202954857131d2e1575ac4dc67ab

SHA512
72db54ed38efa02111e24074b82db134317c77e8776b3c37d74a5ad3bd377087496872cf15bd1f60f6812e000d477b05761d184514b9c3ad568d7882c2beddab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
0ef1d52e97807fc26fef6c0b795e4ec3

SHA1
d5c1beefe8c11503205d32c3531868b9c251fae9

SHA256
2bb12209e9b925414909eb8600bff5ab2288191b8c966e8445e89ec8bdc52e75

SHA512
496bc5a36803cc0de9e03aabf46191f2c89fbefa88666ef08182589d65e502b3282f5fe1c55b0da4e80637f3acd185df7de2ca5b2006e98534d98a778894cd24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
baee1e0d8153e9676fabdf1ef157eaac

SHA1
d4bc57f46c571ce96e3c2be13217ca4992b827cd

SHA256
f4e1cd551c4f38577835d8e0f2dec38bccf23bbabea7f2184986040d51403ce1

SHA512
e2f9c8a3bf6c3dc86250cc233a35e8185857126247cc0d31e471403456d9d49824435a28d0cd881ec3de8220b98dbdc4b5cbe8498d3b881490c9feb265e503cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
7c33f5f9fa0d807a77e00917ef57bc1f

SHA1
37d8ca166e65df81e813ae9be2b85c9af54ebf83

SHA256
a7d2d36a1d31e8a2047da245cd208f8c5c80aab1c36d49038c433504db7980bc

SHA512
85db04b877462e2a32479437e1d713b3a0b49327ca04c046c3983470961ac01cd041b9684b3876dfa81071a2eb22b48c3a5c888eed4c0544886b30688ea8df57

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
1036c1f583e6efc470f76541017e90b9

SHA1
ae28aa6d098deddf9623a5ac38f47c064a728791

SHA256
5398b3cc48d62f5327dc99626746a68440094d11934bdc3535ea15b3eb6e22fd

SHA512
b761f02e947fb7813677d990325c7ffafb36117a8252a163d44bf864a2c6d1b41d40296cb2d017883bcbc7baf1c65e887cf8dc74303ae80aaa5709e9b41e22fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
566f89aae2b6d38f38e57c654c5be4bf

SHA1
22d2001f8fd1c030f0d8305e84ef4fabfc9ff8ca

SHA256
483b6eeaf39ed14bd9d7d6c210614f05f3252d8daddf9601fb3af80bf34c83c2

SHA512
04ae920887797c887932d931f2a90cb056fe48c76001853281709b668f4538073f70f1fb5edc745cbcfd648c4b6657ecc0eb9812920d852446cdd8bb85727932

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
acdb06ce0833c31434fc89ff6bc8239b

SHA1
097bf7a43977004f7b6740a069310c3d6ed98515

SHA256
eae95cc5d49f8684b90c875bee92c281149c4c9aa79b243d618ee00cbdba8f27

SHA512
fb548c286a79004963f65e0fce7f22c41ddc49c2051e1f72079737f8344432177154845c4cf60b6a126d8c19f4baa13c78b858592f5b47fdaa8bdf527d526193

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
59989ed53a4ad2e67bb1b5b679dc6ee5

SHA1
2d0f250bf377a09008962a9514d84cac7fc01f0c

SHA256
29fa91e53b9ad8f5020254366214e03db89060d276abda99dab1f9f59a386bc6

SHA512
5a88308a0f17d990a8fe7c8a3210eb8b3e9696b2baa682c4c416f590f1d733f084ff76ef6077070196f7858439e8fe13eb5e9d2a70bd29135438c10f0d91ee72

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
3a1547e483084fbecd9c8eadf659f328

SHA1
5bf9e5e23b3dc3af599de907b02bfeddad1a5c56

SHA256
619463251002a3e1b81345b3e00c068632b3330c7332be6940ae4148e0fafc2c

SHA512
80d2e5fe34714904ef4104fd41386fe01214f8897b1656a3d59ed8849e9405d352fdf8a26d102f03b0d541875d1eef3dc7d121a118f65379202e054fc2e108cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
48B

MD5
ed34122c74b568f9b690e03b95e33cde

SHA1
ca51f697c676284c6153ed0ed8dce0406171b803

SHA256
52467510ebf48dacea7ac6620c871d16e793370d3002b48309a1944e756377c8

SHA512
8ec1354f58c8cc909d7f4e9a37a18c468445e91e581c186a8130ef1e218e5472a336b8b83567247024d5ca8d57e341d0d533b61970d30d6b8ef46849a513c5b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
48B

MD5
32c361cf22ba99f5836e9cb166b3e868

SHA1
2340057170fcf02d4c34c7495554705f281efd6f

SHA256
3775c0221281c3ef383978c16e3a8dccadd9b8dc7ba022b35b9be670182ac0a3

SHA512
9d5203268cc99bdef3d45489fbc3e9191b60a313a6bbc386bc375353780fdfbd729cf325e3b47e315a55e8ae57419134ba577da99b4db05b97e720288f961280

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
48B

MD5
43c6225cd2b986c6cfca51fbda54c9ef

SHA1
bc2446329a780e50fa75d8f558651e78a327b70d

SHA256
5d3ead1ce025141eb6d9eaa52da7d61c270cdc99e9fe4e5daf643fc498446dfe

SHA512
dfc200668e072a8a1696b8f638ee24ffc00d119cb4c0414d78ec0d04e299090386b17a55f135cbbd14f5a66c8804cdd985a64683a03df9d4f50bcb9862bbb985

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
48B

MD5
fd3bc8f7a860113c8ee78464f9f45057

SHA1
2b1338d8ead2a78682f872ddfccb61a238db15ab

SHA256
fe9ea7976eed974b78a2c0f0a5ee91a975b73b34d091fdd1d1c14663bb69ee80

SHA512
eefee88466e2f23b545eb4645f3f99293f3029b0b637c67ccacaf410f0706a10f8c1796e2e19d02a0a2ae9e74bbca302f9ad4ff05cc9348651240b0aa578449c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58e1a1.TMP

Filesize
48B

MD5
785c1dd337c2df9cbeda6eacb7c8a97d

SHA1
79d7669058479b49cf364d7b23cb4c3f88c0a901

SHA256
5f8bf4090ef8737215fe26ad7f7f5f6150e2f8c9f0cd96cd26560ecfde0eb4bf

SHA512
6a417e5f2dc8eea2c3316c2f961ce403b8d56c1255eab969393b4c957ad68fe36de3671f769d61cf060cf500fc795a0828c82d165b4fb14b14e5e24c7b345bca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
03a0f0c360364d1b91c0925580f8414f

SHA1
a6c8f032cb1ff05bcce876305dd32b04ce5c7ea9

SHA256
7e9224da7947a58b2ccd2982d11af39c38e247a21d6493fab45c6883422f5789

SHA512
b60eb5a704fc13993dcc2bc5e049295ff7b25a2b3924630ecb119714829505a207f8c1474cbb26061755bd23d621b626ee965805a3d2626a889011a2d8748a7a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e14208a2f58610cb14ec102e485ec618

SHA1
74794fd60535c092e7aed45e5171939259c0dcda

SHA256
dad73a294b1975112cfa651f7333ea8468f21b1d548f8874c2fe27cdd0828559

SHA512
96a5fe52c94b93c180812afc048ccdb15fd67c05c500a336c04f637f712d2ababd53290a4c6589b88fca68b96710514068b73376953142483cae501ed961d2f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
d9de7d2cee143af11a6f8fbdef531351

SHA1
0be8e253146edf40e99cf41f577939a9d90ed084

SHA256
652daf1efcb8a9c8b28eca4ae8035fbb568f97e92c91080e180cbe7c9437a241

SHA512
2823e3ab80dc26ced4d1df953b2221e0e07e943e72f8c060750a203811fb0f84c18777c7fd717de6fee6dd730546010e41e44344805c4dac8dfcc560b3ae4f73

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
494d79eccc4035c76ef4d27cb4093e9c

SHA1
ac03cdc30bcbeb452bd87afd2f8e9941ee925576

SHA256
ae6978c5e8a847b4c2c6079f83f7f1d40018d740462ad6d032be08556ebc6486

SHA512
1745bc45d22d9502b85d5d8d3d6700ed1e1ab953927e4eb8ef9313db742ff2452414fce13bc3ab7d17af57d0b31688e6508072b233b5cecce0b3357fea9360eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
3acf5da1d129c9396786ae361a266090

SHA1
81b58758c9f98e3aca9161b0b178e032eb0d5dd6

SHA256
be0e0809bb64dd527d426c64b0d174195ec7af49e0634eee0ba974432685b0e0

SHA512
10bb3729d3cad21eb3526cbb45c38c555d524b866e7d75d0996d45013c07681f798641c802b58d466790d16842ad7a8e0f0197e6590a27a200606a1fad33782e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
b9820cb378495bc710408789dba49440

SHA1
a25ea7ce4f84892fd6dffd067a507e852e56edf5

SHA256
b80780c3371e7c620f3cb35669dc3cfca1811a95db13b28e45778a6522649e86

SHA512
ab27b4ac1fb8ed8903995b60a4949ff2eb91ccc8d5bc91ebf7198f93ec9cec410093cb758fd4bc8e396cc928e16a27ee3f1ddd608310b16d5a6475706adfbe7b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
7b708b7672205a1e14e8ce9fb3979c0d

SHA1
83d57336ad1e6f1762801bc436165aef653ec6f2

SHA256
69d6c2c09fe5e0b2ddf3b0ab577e65d8d60b6b36fc86060860abb8fc441e6f4d

SHA512
92ecffe3b5285bc7c4c119d18029213eee0503b596b5ae7898cd02966be887c178677cd929d88a0bd23a7047df714369160289cc75d481f694c5d288a698b67d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
214bb5806791776295263bddc85b253f

SHA1
18f6e6409a25c05ee14489898bfb814e16e2b05d

SHA256
49d9f6d9a89709780dd7af54a7236018ddc530b745d3c6768bcbdef7c9fc07f9

SHA512
7040723bff9ba3a9ca1c35d0a82a9159085ceb30d2eb0683bfa0c16172bc8b68c1b3c44e0b5efa4be4086bd0b9c16306d29f5f9ec4ea148e07dd2bcbaf4d7c70

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e448fb15d9eb22b31ee8c6d832030fbb

SHA1
4c700faa53c9715554e74d900a578d21aea6a05f

SHA256
0e3b2366b60c302c622727ceee58982ffcca3418b472d449d75b349f283c62f7

SHA512
6bfb7e2f851738f86339a9d7b32982dcf814fc80671033c08338d45bb07c7441419030b0de88fe7db368a944b2de5035783fcf520be1838d0bfde05c5e71b320

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
61b5f6b7afb712693d5a84a5c2fb7994

SHA1
e51c85bce6c7c721f66070d197c87a7517167db0

SHA256
148fea599018b658e8db9f9b3c5befd7e4e67e5d914d3a76b1989e4b40ac409f

SHA512
149e8a645886651d44a0e0d10de4aff562b0e04b13d51e4de924daa0d5aa5819673e4b2a40dbe246b82ae205766099d684e69f17106ba4ca8224a6eb77d382c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
661992d96b553f3d6177c355d0a5bbc7

SHA1
ccd3a4aa035f06d8fd07df0ff6b8118b4065f566

SHA256
6713a1599552ecf7d6f297dae7b5abfef2813d702b20e266db80fdb323610796

SHA512
e9ae3ed0f5498b04110755b7e759ab6f0e7f53c57e855462cad708a79ee50430f3b39a5e5351741c25f826f13327d49c1cd0b53e616f0a6bcfb15eb6e01401b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
65702a11e7dfee087e381304d395b0e5

SHA1
e4cbe52d4681b0de98d25b1bb362ce8f4784e818

SHA256
5d146d18e00363e6987b93e1f143d88dc60b7818fd0a322b9f0edb809ca75bda

SHA512
e5b0ef5834e0ecf4adfb3168c9d1266da7f408618aa8f300d05e74647f2fa6ab51fc9bc4e4a4ac56e364640e6d7afcff2667fe606d3c302a7d67b7cd5a4a8d05

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
94466e7a5c5f3cd123d240751c835b8f

SHA1
f01a16472bac3d8d599e555416960a334dd2471b

SHA256
09040ad96d3ad8a50e5c26466745d98b9a9a11338267789f02f483da7b147200

SHA512
b176313f35f9f7e2f0fc80ecae8998ddcc91fa3c5643623cc9c12ae7236ece2e45524b58e3b3a929a3377f13db9dd7fd989ca23423a9b140be1f31678eef2808

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
867e9ebd616ecbd47777dc279d8c727a

SHA1
d9fcbaf932c4354f65fade8bf85a3affcee43eec

SHA256
63f60273ae9c4ce4a33036583bf81d2ee7a50ea81a96ed87efb9513d46a6da30

SHA512
e137404f12da19a822be5ba4fd0267597ac50f7d9998e7beb6e517ac887a52dce0a638235b7389615b0bf78156b970a25865b85cddc223ac43955ea0c53d38bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a77d93beb65aa7c6face1b9cbe90f7f3

SHA1
5b1123fe037932d276a9afe87b9dbe8a91e06358

SHA256
2eec9e2ee7c68599ea7a5c6564d38c095b2cd1c2184ca182a22769c94653df15

SHA512
32ae8ad7bd66e1039719899db17dcc9ec88e4df28fc1fd3fc68077fc914f9f582124a0299dd6a7c177d04c6d1c7f809d5ece5e2fe9914f02de3cd8e2ee3e837d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
8fbf866b0a807c09378d91058abd2c2f

SHA1
cbbf80214a7c965a209b97a39f52d71351021104

SHA256
dedbf41043192adc6ea51e154b0b0b170867d9608df9ce4d657c7ba960b13d71

SHA512
c090c09c8ec48542415d98479eed2bea2c5d3f028c45b3ba117dbf9e1700fc086ae746471b2ceabfba4c2c941b2ad3c9d101518c1203d77e29ffa7793239b035

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e630202ad58134ab0361cfb833908901

SHA1
982288e6f4e2ecc18d7b7ddb947eb0a168a4c5ab

SHA256
90d992aa3e8f4c66f2a4ed80ce203c8399c85ce9e4604000654f4d18c96303af

SHA512
98e66e175e20e38e801f97ebc935c0f0227e4f3c7ac4fdb3daa4c1b0a043d9ea86ab5bee4dc633c5d0624618ec1c24e487e87aeab3c48e1e5e61e172316d0035

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
6c51d02988c6d96030b7b90d6525256c

SHA1
4dcf21d2a71a530b55b1fb69c960b4cfdca9a335

SHA256
a7b5d33ecc7fed3eed8610d89775184ac019a0f859908ff0b987bd5502e81017

SHA512
92221623bdc3e806065c2443014f80b7976ad26e7e659986d51806db5e64afb4c5315181e6753a294ce2b68c55eab704d28abae92a241a41718d0075a6dd87b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
1c6b960d6a2ec508413fcbfb7d3bfe3d

SHA1
e7e6cd41f47a20e888f7a5bb9b10a8dafdad2dfa

SHA256
dc0281011200b6a897b9984556c8dfbc0e3f0df92f09aea86982818b7213cf02

SHA512
c37afafe3a2815afc9458fe014c36224c4b45fb7b223e4d05ab0b2fba8c3dc1f15b88eca389f0a84fe0e8c596ffd29dea33e6d6ac69ea0417ba3b56964773a0a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
61fdeccae0d7df31f50950032102a284

SHA1
757bd58c3840cc2b480e324a875670a5278cdbac

SHA256
135d2e46dc2bdbf2e0d405f1e07c950c23bad1c939483948d6a6ae67b9a8932b

SHA512
dd366627984c77177412b33727cde715475481f41ebf625ae65473c84b8562f93721fdcf8f0ff5b69f6751af8f6787bc9ecc025c529ec46cd6bfd69834c993ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
6f6d11d531f959579504dcd8a718e9ec

SHA1
f70eb6662b026e1f6a521f1f4e6bb8fd708f097a

SHA256
8fd4e3485109be3621546d0d3f6c0ba7cb54713b7b0d2f7487f8b2d85fe4d7de

SHA512
54de48e92606ed882b1d161389fe9207eb508b72861a4a17365998f4636ccb5034ce418719ccd0455c5ccb13d8557a3130ed2b8fe4231c73c380fde6b35aa555

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
de05b6e12ea5655d4c1ecae580f5861d

SHA1
b51d69a0163818254efd4367b5d46df1c9679c59

SHA256
8a31af750b982baadf730a06db3332f1cda96518fd1aab719d773bf49c312b38

SHA512
5e0aceda463116d1261b8f4118b54eb31c491af300144cb53f3e1a299b85cf230b0a7a4db387319a138f1f47810d6070c2cc7f2d295a05697fd0f5ff42b68a44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
1faafc8f6f444f3cda1d072b8b0f548a

SHA1
9db23548765083439792492113b62ee8e4f6a826

SHA256
1e9b79a08e8aa9e15a9173330137dbff13188dcb727a9e68e05b8e373497f3de

SHA512
e23c53267f35f53381fa894603b18cef1703e5adfa3f4b4b67ed2390affcc871e9aa17701b8028e89517a1b6eba87534ee054e0739badb95053ced1d0efb6ad5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe583071.TMP

Filesize
204B

MD5
d3b25c50ce48e77e16a433e2b892e54d

SHA1
13f9730d9b88bd89c7c500bfd441150d43e69dd3

SHA256
3b805baa489333b9f4392ce6030ed2049af694ed5a83b6a592b261cb45575a0b

SHA512
fe675df6b6bcaf4ba9a0833f90eda7e2cce6c737676ce44481d970c157f91776e720aae33f4fda16f594c549be7398dbd14b858a250dd1d618278b85771302c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\c2b01a76-5ef4-4124-a5c2-27d0bb478e4a.tmp

Filesize
8KB

MD5
b6d9d4c0d9d68b38e85cd1efa2d646aa

SHA1
d537e00b1e8bdbda3f6ba8769c8a1e481eb5d3df

SHA256
7ec93b4940a2871df6aa652bcdb6a17866711b832c29aaf9276ad2dfc01332cc

SHA512
7656d5b930cca89307b9bafeafb22c85ecac951bbbc3aff0bf6ed83f19b37b82da841d91809c94afa84bb0f473d5445aabe0ba0dc2473c06b05ed84ea7b119ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
2a9579016e5501f0b5cb267f76a04d6c

SHA1
2e4e9cf621a5cb2782334eff9e7a9f5e673f1525

SHA256
b114b963dcb48aed4d7692c4ef8d407575f553aa061a283fe77515f700152ef3

SHA512
63a50f8a8a5e587bc31c2466b9c47af859cd55643b2aba4210825a5b7ea7266c88c23ade59c2c4cc453cc655692ecd265ef9c42aff7a1ec1667cf059b44e5749

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
a66704e35e303e1bb846014071522a36

SHA1
1ab5b7da4682ed25190d7b13367e464aa9224831

SHA256
1d22728b933e7012c787a6cb0b1669810ae188c6815fa09a1e3434a8945d0733

SHA512
729174be31966613b9831fb45ca2c1fc5bcd2b83a5d148348a99bc99699a461661961f6bbb6f33d5de569b9bb406da63f22542abbf7b5330f8b24c6031eb9d42

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
f90837953e6d2ed9352ca5e27cd5ecd8

SHA1
c777e72b940575fbb877b91872a4ec028e00d840

SHA256
6803c25f4ab49e0db39d38b6e690b4f81916ce32212b5c56b50d4d60720f5b29

SHA512
15b66139264b1a6395db678998ba02556a71892a556506b7b03c60f02de1c067a5fccbd982f46fbf7f59ae2201e78956775bddac5330041ef8b6f407820933d7

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\GenericSetup.LastScreen.dll

Filesize
57KB

MD5
6e001f8d0ee4f09a6673a9e8168836b6

SHA1
334ad3cf0e4e3c03415a4907b2d6cf7ba4cbcd38

SHA256
6a30f9c604c4012d1d2e1ba075213c378afb1bfcb94276de7995ed7bbf492859

SHA512
0eff2e6d3ad75abf801c2ab48b62bc93ebc5a128d2e03e507e6e5665ff9a2ab58a9d82ca71195073b971f8c473f339baffdd23694084eaaff321331b5faaecf6

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\GenericSetup.dll

Filesize
117KB

MD5
08112f27dcd8f1d779231a7a3e944cb1

SHA1
39a98a95feb1b6295ad762e22aa47854f57c226f

SHA256
11c6a8470a3f2b2be9b8cafe5f9a0afce7303bfd02ab783a0f0ee09a184649fa

SHA512
afd0c7df58b63c7cfdbedea7169a1617f2ac4bad07347f8ed7757a25ab0719489d93272109b73a1b53e9c5997dedad8da89da7b339d30fc2573ca2f76c630ddb

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\H2OCommonResources.dll

Filesize
5.7MB

MD5
38cc1b5c2a4c510b8d4930a3821d7e0b

SHA1
f06d1d695012ace0aef7a45e340b70981ca023ba

SHA256
c2ba8645c5c9507d422961ceaeaf422adf6d378c2a7c02199ed760fb37a727f2

SHA512
99170f8094f61109d08a6e7cf25e7fba49160b0009277d10e9f0b9dac6f022e7a52e3d822e9aee3f736c2d285c4c3f62a2e6eb3e70f827ac6e8b867eea77f298

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\H2ODAL.dll

Filesize
15KB

MD5
422be1a0c08185b107050fcf32f8fa40

SHA1
c8746a8dad7b4bf18380207b0c7c848362567a92

SHA256
723aea78755292d2f4f87ad100a99b37bef951b6b40b62e2e2bbd4df3346d528

SHA512
dff51c890cb395665839070d37170d321dc0800981a42f173c6ea570684460146b4936af9d8567a6089bef3a7802ac4931c14031827689ef345ea384ceb47599

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\H2OModels.dll

Filesize
75KB

MD5
c06ac6dcfa7780cd781fc9af269e33c0

SHA1
f6b69337b369df50427f6d5968eb75b6283c199d

SHA256
b23b8310265c14d7e530b80defc6d39cdc638c07d07cd2668e387863c463741d

SHA512
ad167ad62913243e97efaeaa7bad38714aba7fc11f48001974d4f9c68615e9bdfb83bf623388008e77d61cee0eaba55ce47ebbb1f378d89067e74a05a11d9fe3

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\H2OResources.dll

Filesize
19KB

MD5
554c3e1d68c8b5d04ca7a2264ca44e71

SHA1
ef749e325f52179e6875e9b2dd397bee2ca41bb4

SHA256
1eb0795b1928f6b0459199dace5affdc0842b6fba87be53ca108661275df2f3e

SHA512
58ce13c47e0daf99d66af1ea35984344c0bb11ba70fe92bc4ffa4cd6799d6f13bcad652b6883c0e32c6e155e9c1b020319c90da87cb0830f963639d53a51f9c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\H2OServices.dll

Filesize
160KB

MD5
6df226bda27d26ce4523b80dbf57a9ea

SHA1
615f9aba84856026460dc54b581711dad63da469

SHA256
17d737175d50eee97ac1c77db415fe25cc3c7a3871b65b93cc3fad63808a9abc

SHA512
988961d7a95c9883a9a1732d0b5d4443c790c38e342a9e996b072b41d2e8686389f36a249f2232cb58d72f8396c849e9cc52285f35071942bec5c3754b213dd5

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\H2OUtilities.dll

Filesize
119KB

MD5
9d2c520bfa294a6aa0c5cbc6d87caeec

SHA1
20b390db533153e4bf84f3d17225384b924b391f

SHA256
669c812cb8f09799083014a199b0deee10237c95fb49ee107376b952fee5bd89

SHA512
7e2e569549edb6ddd2b0cb0012386aed1f069e35d1f3045bb57704ef17b97129deb7cde8e23bc49980e908e1a5a90b739f68f36a1d231b1302a5d29b722e7c15

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\H2OViewModels.dll

Filesize
8KB

MD5
be4c2b0862d2fc399c393fca163094df

SHA1
7c03c84b2871c27fa0f1914825e504a090c2a550

SHA256
c202e4f92b792d34cb6859361aebdbfc8c61cf9e735edfd95e825839920fb88a

SHA512
d9c531687a5051bbfe5050c5088623b3fd5f20b1e53dd4d3ed281c8769c15f45da36620231f6d0d76f8e2aa7de00c2324a4bf35a815cefc70ca97bc4ab253799

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\HtmlAgilityPack.dll

Filesize
154KB

MD5
17220f65bd242b6a491423d5bb7940c1

SHA1
a33fabf2b788e80f0f7f84524fe3ed9b797be7ad

SHA256
23056f14edb6e0afc70224d65de272a710b5d26e6c3b9fe2dfd022073050c59f

SHA512
bfbe284a2ee7361ada9a9cb192580fd64476e70bc78d14e80ad1266f7722a244d890600cf24bfb83d4914e2434272679ba177ee5f98c709950e43192f05e215e

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\MyDownloader.Core.dll

Filesize
56KB

MD5
f931e960cc4ed0d2f392376525ff44db

SHA1
1895aaa8f5b8314d8a4c5938d1405775d3837109

SHA256
1c1c5330ea35f518bf85fad69dc2da1a98a4dfeadbf6ac0ba0ac7cc51bbcc870

SHA512
7fa5e582ad1bb094cbbb68b1db301dcf360e180eb58f8d726a112133277ceaa39660c6d4b3248c19a8b5767a4ae09f4597535711d789ca4f9f334a204d87ffe0

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\MyDownloader.Extension.dll

Filesize
168KB

MD5
28f1996059e79df241388bd9f89cf0b1

SHA1
6ad6f7cde374686a42d9c0fcebadaf00adf21c76

SHA256
c3f8a46e81f16bbfc75de44dc95f0d145213c8af0006bb097950ac4d1562f5ce

SHA512
9654d451cb2f184548649aa04b902f5f6aff300c6f03b9261ee3be5405527b4f23862d8988f9811987da22e386813e844e7c5068fd6421c91551f5b33c625f29

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\Newtonsoft.Json.dll

Filesize
541KB

MD5
9de86cdf74a30602d6baa7affc8c4a0f

SHA1
9c79b6fbf85b8b87dd781b20fc38ba2ac0664143

SHA256
56032ade45ccf8f4c259a2e57487124cf448a90bca2eeb430da2722d9e109583

SHA512
dca0f6078df789bb8c61ffb095d78f564bfc3223c6795ec88aeb5f132c014c5e3cb1bd8268f1e5dc96d7302c7f3de97e73807f3583cb4a320d7adbe93f432641

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\Ninject.dll

Filesize
133KB

MD5
8db691813a26e7d0f1db5e2f4d0d05e3

SHA1
7c7a33553dd0b50b78bf0ca6974c77088da253eb

SHA256
3043a65f11ac204e65bca142ff4166d85f1b22078b126b806f1fecb2a315c701

SHA512
d02458180ec6e6eda89b5b0e387510ab2fad80f9ce57b8da548aaf85c34a59c39afaeacd1947bd5eb81bee1f6d612ca57d0b2b756d64098dfc96ca0bf2d9f62f

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\OfferInstaller.exe

Filesize
26KB

MD5
cef027c3341afbcdb83c72080df7f002

SHA1
e538f1dd4aee8544d888a616a6ebe4aeecaf1661

SHA256
e87db511aa5b8144905cd24d9b425f0d9a7037fface3ca7824b7e23cfddbbbb7

SHA512
71ba423c761064937569922f1d1381bd11d23d1d2ed207fc0fead19e9111c1970f2a69b66e0d8a74497277ffc36e0fc119db146b5fd068f4a6b794dc54c5d4bf

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\OfferSDK.dll

Filesize
172KB

MD5
b199dcd6824a02522a4d29a69ab65058

SHA1
f9c7f8c5c6543b80fa6f1940402430b37fa8dce4

SHA256
9310a58f26be8bd453cde5ca6aa05042942832711fbdeb5430a2840232bfa5e4

SHA512
1d3e85e13ff24640c76848981ca84bafb32f819a082e390cb06fe13445814f50f8e3fc3a8a8e962aae8867e199c1517d570c07f28d5f7e5f007b2bb6e664ddb1

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\Resources\OfferPage.html

Filesize
1KB

MD5
9ba0a91b564e22c876e58a8a5921b528

SHA1
8eb23cab5effc0d0df63120a4dbad3cffcac6f1e

SHA256
2ad742b544e72c245f4e9c2e69f989486222477c7eb06e85d28492bd93040941

SHA512
38b5fb0f12887a619facce82779cb66e2592e5922d883b9dc4d5f9d2cb12e0f84324422cd881c948f430575febd510e948a22cd291595e3a0ba0307fce73bec9

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\Resources\images\loader.gif

Filesize
16KB

MD5
2b26f73d382ab69f3914a7d9fda97b0f

SHA1
a3f5ad928d4bec107ae2941fa6b23c69d19eedd0

SHA256
a6a0b05b1d5c52303dd3e9e2f9cda1e688a490fbe84ea0d6e22a051ab6efd643

SHA512
744ff7e91c8d1059f48de97dc816bc7cc0f1a41ea7b8b7e3382ff69bc283255dfdf7b46d708a062967a6c1f2e5138665be2943ed89d7543fc707e752543ac9a7

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\Resources\style.css

Filesize
5KB

MD5
626313d8f4c859ba6473a8d94dfea5e7

SHA1
142a57c5e31d7317b7d52b2d4435df53d4123663

SHA256
989e5474b74fbdf5abe98b607870bb7f4757967c51412bc940ecab7dd9babd54

SHA512
dbaefd7f7409839971ec87bc0e49fbc4992de9dd319e28bea401b35b0a7952e56281084b123b6bbeb06080706ada0ffabcd0cf2fb3f75986d34f844d8cd50de9

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\Resources\tis\Config.tis

Filesize
291B

MD5
bf5328e51e8ab1211c509b5a65ab9972

SHA1
480dfb920e926d81bce67113576781815fbd1ea4

SHA256
98f22fb45530506548ae320c32ee4939d27017481d2ad0d784aa5516f939545b

SHA512
92bd7895c5ff8c40eecfdc2325ee5d1fb7ed86ce0ef04e8e4a65714fcf5603ea0c87b71afadb473433abb24f040ccabd960fa847b885322ad9771e304b661928

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\Resources\tis\EventHandler.tis

Filesize
10KB

MD5
1116d7747130f4552a91e61a3a6000b1

SHA1
bc36996a664dab24b941ec263679c9d6322e61a2

SHA256
5c09c6784f3fdc4a6b2998c4c9e02e366265ee5314c0f982859825576dc0eafd

SHA512
af34413f242b64737ac9f7076e449b0d0485842d653d1cad12b54b868f09817d3595cd935ad7e03003d536127c173d624dd9a031c079fdb8f897ab0b7b9474e8

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\Resources\tis\Log.tis

Filesize
1014B

MD5
cef7a21acf607d44e160eac5a21bdf67

SHA1
f24f674250a381d6bf09df16d00dbf617354d315

SHA256
73ed0be73f408ab8f15f2da73c839f86fef46d0a269607330b28f9564fae73c7

SHA512
5afb4609ef46f156155f7c1b5fed48fd178d7f3395f80fb3a4fb02f454a3f977d8a15f3ef8541af62df83426a3316d31e1b9e2fd77726cf866c75f6d4e7adc2f

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\Resources\tis\TranslateOfferTemplate.tis

Filesize
2KB

MD5
551029a3e046c5ed6390cc85f632a689

SHA1
b4bd706f753db6ba3c13551099d4eef55f65b057

SHA256
7b8c76a85261c5f9e40e49f97e01a14320e9b224ff3d6af8286632ca94cf96f8

SHA512
22a67a8371d2aa2fdbc840c8e5452c650cb161e71c39b49d868c66db8b4c47d3297cf83c711ec1d002bc3e3ae16b1e0e4faf2761954ce56c495827306bab677e

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\Resources\tis\ViewStateLoader.tis

Filesize
16KB

MD5
85c33c8207f5fcb2d31c7ce7322771ac

SHA1
6b64f919e6b731447b9add9221b3b7570de25061

SHA256
940ef5e9f28da759fbf3676fba6da5cc4199b78ffc4fefe078ab11d53e70fb0a

SHA512
904188ab57cfb4f3d8c51eb55746ae2589852f271b9fa3840b82bda93f69c9f985e65f67169302d08818b707f36246f83f245470d5175dba5f0ad3a2482740c4

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\SciterWrapper.dll

Filesize
134KB

MD5
105a9e404f7ac841c46380063cc27f50

SHA1
ec27d9e1c3b546848324096283797a8644516ee3

SHA256
69fe749457218ec9a765f9aac74caf6d4f73084cf5175d3fd1e4f345af8b3b8b

SHA512
6990cbfc90c63962abde4fdaae321386f768be9fcf4d08bccd760d55aba85199f7a3e18bd7abe23c3a8d20ea9807cecaffb4e83237633663a8bb63dd9292d940

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\ServiceHide.Net.dll

Filesize
101KB

MD5
83d37fb4f754c7f4e41605ec3c8608ea

SHA1
70401de8ce89f809c6e601834d48768c0d65159f

SHA256
56db33c0962b3c34cba5279d2441bc4c12f28b569eadc1b3885dd0951b2c4020

SHA512
f5f3479f485b1829bbfb7eb8087353aee569184f9c506af15c4e28bfe4f73bf2cc220d817f6dfc34b2a7a6f69453f0b71e64b79c4d500ff9a243799f68e88b9f

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\ServiceHide.dll

Filesize
151KB

MD5
72990c7e32ee6c811ea3d2ea64523234

SHA1
a7fcbf83ec6eefb2235d40f51d0d6172d364b822

SHA256
e77e0b4f2762f76a3eaaadf5a3138a35ec06ece80edc4b3396de7a601f8da1b3

SHA512
2908b8c387d46b6329f027bc1e21a230e5b5c32460f8667db32746bc5f12f86927faa10866961cb2c45f6d594941f6828f9078ae7209a27053f6d11586fd2682

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\app.ico

Filesize
766B

MD5
4003efa6e7d44e2cbd3d7486e2e0451a

SHA1
a2a9ab4a88cd4732647faa37bbdf726fd885ea1e

SHA256
effd42c5e471ea3792f12538bf7c982a5cda4d25bfbffaf51eed7e09035f4508

SHA512
86e71ca8ca3e62949b44cfbc7ffa61d97b6d709fc38216f937a026fb668fbb1f515bac2f25629181a82e3521dafa576cac959d2b527d9cc9eb395e50d64c1198

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\msvcp140.dll

Filesize
426KB

MD5
8ff1898897f3f4391803c7253366a87b

SHA1
9bdbeed8f75a892b6b630ef9e634667f4c620fa0

SHA256
51398691feef7ae0a876b523aec47c4a06d9a1ee62f1a0aee27de6d6191c68ad

SHA512
cb071ad55beaa541b5baf1f7d5e145f2c26fbee53e535e8c31b8f2b8df4bf7723f7bef214b670b2c3de57a4a75711dd204a940a2158939ad72f551e32da7ab03

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\sciter32.dll

Filesize
5.6MB

MD5
b431083586e39d018e19880ad1a5ce8f

SHA1
3bbf957ab534d845d485a8698accc0a40b63cedd

SHA256
b525fdcc32c5a359a7f5738a30eff0c6390734d8a2c987c62e14c619f99d406b

SHA512
7805a3464fcc3ac4ea1258e2412180c52f2af40a79b540348486c830a20c2bbed337bbf5f4a8926b3ef98c63c87747014f5b43c35f7ec4e7a3693b9dbd0ae67b

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\vcruntime140.dll

Filesize
74KB

MD5
1a84957b6e681fca057160cd04e26b27

SHA1
8d7e4c98d1ec858db26a3540baaaa9bbf96b5bfe

SHA256
9faeaa45e8cc986af56f28350b38238b03c01c355e9564b849604b8d690919c5

SHA512
5f54c9e87f2510c56f3cf2ceeb5b5ad7711abd9f85a1ff84e74dd82d15181505e7e5428eae6ff823f1190964eb0a82a569273a4562ec4131cecfa00a9d0d02aa

Download Submit
C:\Users\Admin\AppData\Local\link.txt

Filesize
57B

MD5
1408558dcea8f9abad85ac20970d1414

SHA1
38146e2fc9325c42298fd0d7e6b862234bd2500c

SHA256
18385c843ba8cbb28a36cda4d437d51e7a628e8d6a0520f39a2649662bc9fb9d

SHA512
bc802491a8de8aa38cfbe9814b5481ce075d2f925dcb262d7177d5cdb4d978be49c60a863bf7db58af18c9415b898bb3814ca0c0f5e3e239ee05c42558e776f4

Download Submit
C:\Users\Admin\AppData\Local\setup37952599.exe

Filesize
3.8MB

MD5
29d3a70cec060614e1691e64162a6c1e

SHA1
ce4daf2b1d39a1a881635b393450e435bfb7f7d1

SHA256
cc70b093a19610e9752794d757aec9ef07ca862ea9267ec6f9cc92b2aa882c72

SHA512
69d07437714259536373872e8b086fc4548f586e389f67e50f56d343e980546f92b8a13f28c853fc1daf187261087a9dceb33769ba2031c42382742d86c60e4b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
c244fca54845a088bc30f589cfa20c36

SHA1
47f40dfe735bbfd806442d33cc84b3f8ed944633

SHA256
a27ea0511fd0a766c84a91128eaed052a3f8e55d711becaf9f7226af5962bfe3

SHA512
676498e436a9ccb9bc50d08934125b3f73a8a86cba66a1eefa8ac35134fc911e75d4c8c8e90cc701f70211144db9b5562371117ce34ee22d661f74ec8a101ec2

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
45882d7b9e3611e66eb5666eb89e19e7

SHA1
82d400e11fe039ff1dfa851f6bd826eb8b6302a7

SHA256
a0249d125c6a1f6a3a3dd4a4fab88be22cb1a179d4c0d29456172c61a6b7a044

SHA512
6303a5bbff82649484229c294d9853a5f00796b123d3acd1efdbe3349f91acc93010970113b49a02456ed09f0c899c007895fa6e2a0d26e6b8464f716c020fb7

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
6f8d4eb7f73c210d562690d237379615

SHA1
3556767d9686dd75a04810a70f853e8de7feaed3

SHA256
19f6a8e4e34276c67726a01175d81742b387b971b177ab3e7f3aa5441d6b3759

SHA512
a4f03d3d8cb1ae04f6c3d6ad56adea6fde66c08a25c3bc4af8634bae2f6b1e31c7d1a2763073c0f8667e68454a70c7de54f5f5badfb9bd933e382d35e7952558

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
a39921813698a99723d462658402b229

SHA1
afa972228438d708dc43d3e3797f64a02cfbc0ce

SHA256
9ee0e271762228ed861f8dde4d3b4edb64a886c79d8785bffef98b54a505028f

SHA512
5de943eefb43b657b5a55c31c7036aa96a400b32b6ebe3bbfddb863851f5107e99c53c751e868edbbc6753567799799a9a189ca137f67f897f93af792e9f0283

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
14KB

MD5
8a33b4032b75cd1a8dd80a1ac9c76b14

SHA1
8ec31471f62a54092e6e7f3105dbc905c9d1ae28

SHA256
354a662110b2fc151bf0110c11a696b3da9f1e725c30429de3566d99c2891e20

SHA512
2aa3dc7043e2c651765cfffdf899b4ed5571590b1466cac92478648ee8aa31e9837b0c52d7ed0feaf360303eb7d8bdf6db520d091e11cdaea6da62b91f9f8084

Download Submit
C:\Users\Admin\Downloads\Artic X Roblox Exploit V1.0.3C_37952599.exe

Filesize
9.5MB

MD5
3d50042e3e3991be509f56a2951a2183

SHA1
f027790afe9d7ce2ddf17973f0778fb9e983ded1

SHA256
76eee256f1223082e8396611baca498542c656edd0fac5fe903e06e6cb5677e2

SHA512
120c6a7778bd9f65f469d3335987b780e736bd895ed944d0988372f891b48f9ba09b50ed9dcffd0bf1fa23a12e215ed1f1ffe75d11c925ff4c08d3e48259a873

Download Submit
memory/3400-1868-0x0000000000960000-0x000000000096C000-memory.dmp

Filesize
48KB

Download
memory/4420-1965-0x0000000005360000-0x000000000537D000-memory.dmp

Filesize
116KB

Download
memory/4420-1993-0x0000000006190000-0x00000000064E4000-memory.dmp

Filesize
3.3MB

Download
memory/4968-1756-0x00000000065F0000-0x0000000006602000-memory.dmp

Filesize
72KB

Download
memory/4968-1821-0x0000000008350000-0x000000000837E000-memory.dmp

Filesize
184KB

Download
memory/4968-1804-0x00000000074D0000-0x0000000007562000-memory.dmp

Filesize
584KB

Download
memory/4968-1654-0x0000000000F60000-0x0000000001338000-memory.dmp

Filesize
3.8MB

Download
memory/4968-1788-0x00000000083D0000-0x0000000008984000-memory.dmp

Filesize
5.7MB

Download
memory/4968-1781-0x0000000007860000-0x0000000007E04000-memory.dmp

Filesize
5.6MB

Download
memory/4968-1778-0x0000000007280000-0x000000000728C000-memory.dmp

Filesize
48KB

Download
memory/4968-1774-0x0000000006DC0000-0x0000000007114000-memory.dmp

Filesize
3.3MB

Download
memory/4968-1773-0x0000000006D90000-0x0000000006DB2000-memory.dmp

Filesize
136KB

Download
memory/4968-1772-0x0000000006C60000-0x0000000006C6A000-memory.dmp

Filesize
40KB

Download
memory/4968-1674-0x0000000005CE0000-0x0000000005CF4000-memory.dmp

Filesize
80KB

Download
memory/4968-1767-0x0000000006CE0000-0x0000000006D6C000-memory.dmp

Filesize
560KB

Download
memory/4968-1680-0x0000000005D30000-0x0000000005D54000-memory.dmp

Filesize
144KB

Download
memory/4968-1704-0x0000000005E90000-0x0000000005EC2000-memory.dmp

Filesize
200KB

Download
memory/4968-1742-0x0000000005EE0000-0x0000000005EFD000-memory.dmp

Filesize
116KB

Download
memory/4968-1686-0x0000000005D90000-0x0000000005DB8000-memory.dmp

Filesize
160KB

Download
memory/4968-1734-0x0000000005F80000-0x0000000005FAC000-memory.dmp

Filesize
176KB

Download
memory/4968-1728-0x0000000005F30000-0x0000000005F38000-memory.dmp

Filesize
32KB

Download
memory/4968-1692-0x0000000005DC0000-0x0000000005DEE000-memory.dmp

Filesize
184KB

Download
memory/4968-1722-0x0000000005E10000-0x0000000005E1A000-memory.dmp

Filesize
40KB

Download
memory/4968-1698-0x0000000005E20000-0x0000000005E48000-memory.dmp

Filesize
160KB

Download
memory/4968-1716-0x0000000005F00000-0x0000000005F24000-memory.dmp

Filesize
144KB

Download
memory/4968-1710-0x0000000005E50000-0x0000000005E6A000-memory.dmp

Filesize
104KB

Download