danabot | hxxps://github[.]com/Dfmaaa/MEMZ-virus

Analysis

max time kernel
1050s
max time network
1048s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
06-08-2024 17:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/Dfmaaa/MEMZ-virus

Score

10^/10

danabot aspackv2 banker botnet discovery macro trojan xlm

Malware Config

Extracted

Family

danabot

51.178.195.151

51.222.39.81

149.255.35.125

38.68.50.179

51.77.7.204

rsa_pubkey.plain

Signatures

Danabot
Danabot is a modular banking Trojan that has been linked with other malware.
trojan banker danabot

Danabot x86 payload 1 IoCs

Detection of Danabot x86 payload, mapped in memory during the execution of its loader.

botnet

Processes:

resource	yara_rule
behavioral1/files/0x0009000000023559-615.dat	family_danabot

Process spawned unexpected child process 1 IoCs

This typically indicates the parent process was compromised via an exploit or macro.

Processes:

rundll32.exe

description	pid	pid_target	Process	procid_target
Parent C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE is not expected to spawn this process	3592	852	rundll32.exe	139

Suspicious use of NtCreateProcessExOtherParentProcess 4 IoCs

Processes:

taskmgr.exe

description	pid	Process	procid_target
PID 3128 created 3536	3128	taskmgr.exe	206
PID 3128 created 3536	3128	taskmgr.exe	206
PID 3128 created 4508	3128	taskmgr.exe	205
PID 3128 created 4508	3128	taskmgr.exe	205

Blocklisted process makes network request 20 IoCs

Processes:

rundll32.exe

flow	pid	Process
86	3356	rundll32.exe
92	3356	rundll32.exe
106	3356	rundll32.exe
113	3356	rundll32.exe
115	3356	rundll32.exe
165	3356	rundll32.exe
167	3356	rundll32.exe
168	3356	rundll32.exe
169	3356	rundll32.exe
171	3356	rundll32.exe
328	3356	rundll32.exe
331	3356	rundll32.exe
332	3356	rundll32.exe
333	3356	rundll32.exe
334	3356	rundll32.exe
336	3356	rundll32.exe
337	3356	rundll32.exe
338	3356	rundll32.exe
341	3356	rundll32.exe
352	3356	rundll32.exe

Downloads MZ/PE file

Suspicious Office macro 1 IoCs

Office document equipped with 4.0 macros.

macro xlm

Processes:

resource	yara_rule
behavioral1/files/0x000e000000023570-686.dat	office_xlm_macros

ASPack v2.12-2.42 1 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

Processes:

resource	yara_rule
behavioral1/files/0x000d00000002356f-865.dat	aspack_v212_v242

Executes dropped EXE 19 IoCs

Processes:

DanaBot.exeDanaBot.exeDanaBot.exeDanaBot.exeAvoid.exeAvoid.exeAvoid.exeAvoid.exeAvoid.exeAvoid.exeChilledWindows.exeCookieClickerHack.exeCookieClickerHack.exeCrazyNCS.exeCrazyNCS.exeCrazyNCS.exeCurfun.exeDesktopBoom.exeDesktopBoom.exe

pid	Process
852	DanaBot.exe
3480	DanaBot.exe
2672	DanaBot.exe
4784	DanaBot.exe
3668	Avoid.exe
4488	Avoid.exe
1700	Avoid.exe
4332	Avoid.exe
1460	Avoid.exe
3808	Avoid.exe
736	ChilledWindows.exe
4508	CookieClickerHack.exe
3536	CookieClickerHack.exe
4860	CrazyNCS.exe
752	CrazyNCS.exe
3200	CrazyNCS.exe
180	Curfun.exe
2880	DesktopBoom.exe
592	DesktopBoom.exe

Loads dropped DLL 4 IoCs

Processes:

regsvr32.exerundll32.exetaskmgr.exe

pid	Process
2156	regsvr32.exe
3356	rundll32.exe
2772	taskmgr.exe
2772	taskmgr.exe

Enumerates connected drives 3 TTPs 46 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

ChilledWindows.exeEXCEL.EXE

description	ioc	Process
File opened (read-only)	\??\T:	ChilledWindows.exe
File opened (read-only)	\??\A:	EXCEL.EXE
File opened (read-only)	\??\R:	EXCEL.EXE
File opened (read-only)	\??\Z:	EXCEL.EXE
File opened (read-only)	\??\B:	ChilledWindows.exe
File opened (read-only)	\??\M:	ChilledWindows.exe
File opened (read-only)	\??\Q:	ChilledWindows.exe
File opened (read-only)	\??\R:	ChilledWindows.exe
File opened (read-only)	\??\Z:	ChilledWindows.exe
File opened (read-only)	\??\H:	EXCEL.EXE
File opened (read-only)	\??\M:	EXCEL.EXE
File opened (read-only)	\??\G:	ChilledWindows.exe
File opened (read-only)	\??\L:	ChilledWindows.exe
File opened (read-only)	\??\I:	ChilledWindows.exe
File opened (read-only)	\??\O:	ChilledWindows.exe
File opened (read-only)	\??\W:	ChilledWindows.exe
File opened (read-only)	\??\I:	EXCEL.EXE
File opened (read-only)	\??\P:	EXCEL.EXE
File opened (read-only)	\??\U:	EXCEL.EXE
File opened (read-only)	\??\H:	ChilledWindows.exe
File opened (read-only)	\??\J:	ChilledWindows.exe
File opened (read-only)	\??\K:	ChilledWindows.exe
File opened (read-only)	\??\Y:	ChilledWindows.exe
File opened (read-only)	\??\J:	EXCEL.EXE
File opened (read-only)	\??\O:	EXCEL.EXE
File opened (read-only)	\??\X:	EXCEL.EXE
File opened (read-only)	\??\Y:	EXCEL.EXE
File opened (read-only)	\??\S:	ChilledWindows.exe
File opened (read-only)	\??\B:	EXCEL.EXE
File opened (read-only)	\??\S:	EXCEL.EXE
File opened (read-only)	\??\T:	EXCEL.EXE
File opened (read-only)	\??\V:	EXCEL.EXE
File opened (read-only)	\??\G:	EXCEL.EXE
File opened (read-only)	\??\A:	ChilledWindows.exe
File opened (read-only)	\??\U:	ChilledWindows.exe
File opened (read-only)	\??\W:	EXCEL.EXE
File opened (read-only)	\??\E:	ChilledWindows.exe
File opened (read-only)	\??\N:	ChilledWindows.exe
File opened (read-only)	\??\V:	ChilledWindows.exe
File opened (read-only)	\??\E:	EXCEL.EXE
File opened (read-only)	\??\K:	EXCEL.EXE
File opened (read-only)	\??\N:	EXCEL.EXE
File opened (read-only)	\??\Q:	EXCEL.EXE
File opened (read-only)	\??\X:	ChilledWindows.exe
File opened (read-only)	\??\L:	EXCEL.EXE
File opened (read-only)	\??\P:	ChilledWindows.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 5 IoCs

Web Service

T1102

Processes:

flow	ioc
82	raw.githubusercontent.com
83	raw.githubusercontent.com
206	raw.githubusercontent.com
207	raw.githubusercontent.com
324	raw.githubusercontent.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 3 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exe

pid	pid_target	Process	procid_target
4132	852	WerFault.exe	120
4300	3480	WerFault.exe	128
4060	4784	WerFault.exe	147

System Location Discovery: System Language Discovery 1 TTPs 15 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

rundll32.exeAvoid.exeCrazyNCS.exeCurfun.exeDanaBot.exeAvoid.exeAvoid.exeAvoid.exeCrazyNCS.exeDanaBot.exeDanaBot.exeregsvr32.exeAvoid.exeAvoid.exeCrazyNCS.exe

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Avoid.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	CrazyNCS.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Curfun.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DanaBot.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Avoid.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Avoid.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Avoid.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	CrazyNCS.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DanaBot.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DanaBot.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regsvr32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Avoid.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Avoid.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	CrazyNCS.exe

Checks SCSI registry key(s) 3 TTPs 18 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

taskmgr.exetaskmgr.exetaskmgr.exetaskmgr.exetaskmgr.exetaskmgr.exe

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe

Checks processor information in registry 2 TTPs 7 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

taskmgr.exetaskmgr.exeEXCEL.EXE

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	taskmgr.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	taskmgr.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	EXCEL.EXE

Enumerates system info in registry 2 TTPs 18 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

EXCEL.EXEmsedge.exemsedge.exemsedge.exemsedge.exemsedge.exe

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies registry class 6 IoCs

Processes:

msedge.exemsedge.exemsedge.exeChilledWindows.exemsedge.exemsedge.exe

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-656926755-4116854191-210765258-1000\{6AC8B508-268E-497B-ADB8-98509AF977AC}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-656926755-4116854191-210765258-1000\{6096FFF9-60FA-485C-8BEB-27BCF3FF4829}	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-656926755-4116854191-210765258-1000\{5ECC8ED6-6FFF-45CA-ACB4-5D62E86876CC}	ChilledWindows.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-656926755-4116854191-210765258-1000\{1316C00D-AF07-475F-A964-66A489D87C36}	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-656926755-4116854191-210765258-1000\{27BC23E2-80AB-403D-826D-47FB9D9E9053}	msedge.exe

NTFS ADS 11 IoCs

Processes:

msedge.exemsedge.exemsedge.exemsedge.exe

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 388745.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 122876.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 29704.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 907522.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 33211.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 374361.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 915850.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 983140.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 373717.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 222909.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 699144.crdownload:SmartScreen	msedge.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

Processes:

EXCEL.EXE

pid	Process
852	EXCEL.EXE

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exetaskmgr.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exetaskmgr.exe

pid	Process
1160	msedge.exe
1160	msedge.exe
4916	msedge.exe
4916	msedge.exe
4676	identity_helper.exe
4676	identity_helper.exe
2920	msedge.exe
2920	msedge.exe
5064	msedge.exe
5064	msedge.exe
4304	taskmgr.exe
4304	taskmgr.exe
4304	taskmgr.exe
4304	taskmgr.exe
4304	taskmgr.exe
4304	taskmgr.exe
4304	taskmgr.exe
4304	taskmgr.exe
4304	taskmgr.exe
1396	msedge.exe
1396	msedge.exe
1180	msedge.exe
1180	msedge.exe
3584	msedge.exe
3584	msedge.exe
4932	msedge.exe
4932	msedge.exe
4932	msedge.exe
4932	msedge.exe
432	msedge.exe
432	msedge.exe
1472	taskmgr.exe
1472	taskmgr.exe
1472	taskmgr.exe
1472	taskmgr.exe
1472	taskmgr.exe
1472	taskmgr.exe
1472	taskmgr.exe
1472	taskmgr.exe
1472	taskmgr.exe
1472	taskmgr.exe
1472	taskmgr.exe
1472	taskmgr.exe
1472	taskmgr.exe
1472	taskmgr.exe
1472	taskmgr.exe
1472	taskmgr.exe
1472	taskmgr.exe
1472	taskmgr.exe
1472	taskmgr.exe
1472	taskmgr.exe
1472	taskmgr.exe
1472	taskmgr.exe
1472	taskmgr.exe
1472	taskmgr.exe
1472	taskmgr.exe
1472	taskmgr.exe
1472	taskmgr.exe
1472	taskmgr.exe
1472	taskmgr.exe
1472	taskmgr.exe
1472	taskmgr.exe
1472	taskmgr.exe
1472	taskmgr.exe

Suspicious behavior: GetForegroundWindowSpam 4 IoCs

Processes:

DesktopBoom.exeDesktopBoom.exetaskmgr.exetaskmgr.exe

pid	Process
2880	DesktopBoom.exe
592	DesktopBoom.exe
3128	taskmgr.exe
2772	taskmgr.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs

Processes:

msedge.exemsedge.exemsedge.exe

pid	Process
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe

Suspicious use of AdjustPrivilegeToken 32 IoCs

Processes:

taskmgr.exetaskmgr.exeChilledWindows.exeAUDIODG.EXEtaskmgr.exetaskmgr.exetaskmgr.exetaskmgr.exe

description	pid	Process
Token: SeDebugPrivilege	4304	taskmgr.exe
Token: SeSystemProfilePrivilege	4304	taskmgr.exe
Token: SeCreateGlobalPrivilege	4304	taskmgr.exe
Token: 33	4304	taskmgr.exe
Token: SeIncBasePriorityPrivilege	4304	taskmgr.exe
Token: SeDebugPrivilege	1472	taskmgr.exe
Token: SeSystemProfilePrivilege	1472	taskmgr.exe
Token: SeCreateGlobalPrivilege	1472	taskmgr.exe
Token: 33	1472	taskmgr.exe
Token: SeIncBasePriorityPrivilege	1472	taskmgr.exe
Token: SeShutdownPrivilege	736	ChilledWindows.exe
Token: SeCreatePagefilePrivilege	736	ChilledWindows.exe
Token: 33	2960	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2960	AUDIODG.EXE
Token: SeShutdownPrivilege	736	ChilledWindows.exe
Token: SeCreatePagefilePrivilege	736	ChilledWindows.exe
Token: SeShutdownPrivilege	736	ChilledWindows.exe
Token: SeCreatePagefilePrivilege	736	ChilledWindows.exe
Token: SeDebugPrivilege	4060	taskmgr.exe
Token: SeSystemProfilePrivilege	4060	taskmgr.exe
Token: SeCreateGlobalPrivilege	4060	taskmgr.exe
Token: 33	4060	taskmgr.exe
Token: SeIncBasePriorityPrivilege	4060	taskmgr.exe
Token: SeDebugPrivilege	3128	taskmgr.exe
Token: SeSystemProfilePrivilege	3128	taskmgr.exe
Token: SeCreateGlobalPrivilege	3128	taskmgr.exe
Token: SeDebugPrivilege	2772	taskmgr.exe
Token: SeSystemProfilePrivilege	2772	taskmgr.exe
Token: SeCreateGlobalPrivilege	2772	taskmgr.exe
Token: SeDebugPrivilege	5548	taskmgr.exe
Token: SeSystemProfilePrivilege	5548	taskmgr.exe
Token: SeCreateGlobalPrivilege	5548	taskmgr.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

msedge.exetaskmgr.exe

pid	Process
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4304	taskmgr.exe
4304	taskmgr.exe
4304	taskmgr.exe
4304	taskmgr.exe
4304	taskmgr.exe
4304	taskmgr.exe
4304	taskmgr.exe
4304	taskmgr.exe
4304	taskmgr.exe
4304	taskmgr.exe
4304	taskmgr.exe
4304	taskmgr.exe
4304	taskmgr.exe
4304	taskmgr.exe
4304	taskmgr.exe
4304	taskmgr.exe
4304	taskmgr.exe
4304	taskmgr.exe
4304	taskmgr.exe
4304	taskmgr.exe
4304	taskmgr.exe
4304	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

Processes:

msedge.exetaskmgr.exe

pid	Process
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4304	taskmgr.exe
4304	taskmgr.exe
4304	taskmgr.exe
4304	taskmgr.exe
4304	taskmgr.exe
4304	taskmgr.exe
4304	taskmgr.exe
4304	taskmgr.exe
4304	taskmgr.exe
4304	taskmgr.exe
4304	taskmgr.exe
4304	taskmgr.exe
4304	taskmgr.exe
4304	taskmgr.exe
4304	taskmgr.exe
4304	taskmgr.exe
4304	taskmgr.exe
4304	taskmgr.exe
4304	taskmgr.exe
4304	taskmgr.exe
4304	taskmgr.exe
4304	taskmgr.exe
4304	taskmgr.exe
4304	taskmgr.exe
4304	taskmgr.exe
4304	taskmgr.exe
4304	taskmgr.exe
4304	taskmgr.exe
4304	taskmgr.exe
4304	taskmgr.exe
4304	taskmgr.exe
4304	taskmgr.exe
4304	taskmgr.exe
4304	taskmgr.exe
4304	taskmgr.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe
4916	msedge.exe

Suspicious use of SetWindowsHookEx 16 IoCs

Processes:

EXCEL.EXEmsedge.exe

pid	Process
852	EXCEL.EXE
852	EXCEL.EXE
852	EXCEL.EXE
852	EXCEL.EXE
852	EXCEL.EXE
852	EXCEL.EXE
852	EXCEL.EXE
852	EXCEL.EXE
852	EXCEL.EXE
852	EXCEL.EXE
852	EXCEL.EXE
852	EXCEL.EXE
852	EXCEL.EXE
852	EXCEL.EXE
5016	msedge.exe
5016	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	Process	procid_target
PID 4916 wrote to memory of 2752	4916	msedge.exe	83
PID 4916 wrote to memory of 2752	4916	msedge.exe	83
PID 4916 wrote to memory of 3600	4916	msedge.exe	85
PID 4916 wrote to memory of 3600	4916	msedge.exe	85
PID 4916 wrote to memory of 3600	4916	msedge.exe	85
PID 4916 wrote to memory of 3600	4916	msedge.exe	85
PID 4916 wrote to memory of 3600	4916	msedge.exe	85
PID 4916 wrote to memory of 3600	4916	msedge.exe	85
PID 4916 wrote to memory of 3600	4916	msedge.exe	85
PID 4916 wrote to memory of 3600	4916	msedge.exe	85
PID 4916 wrote to memory of 3600	4916	msedge.exe	85
PID 4916 wrote to memory of 3600	4916	msedge.exe	85
PID 4916 wrote to memory of 3600	4916	msedge.exe	85
PID 4916 wrote to memory of 3600	4916	msedge.exe	85
PID 4916 wrote to memory of 3600	4916	msedge.exe	85
PID 4916 wrote to memory of 3600	4916	msedge.exe	85
PID 4916 wrote to memory of 3600	4916	msedge.exe	85
PID 4916 wrote to memory of 3600	4916	msedge.exe	85
PID 4916 wrote to memory of 3600	4916	msedge.exe	85
PID 4916 wrote to memory of 3600	4916	msedge.exe	85
PID 4916 wrote to memory of 3600	4916	msedge.exe	85
PID 4916 wrote to memory of 3600	4916	msedge.exe	85
PID 4916 wrote to memory of 3600	4916	msedge.exe	85
PID 4916 wrote to memory of 3600	4916	msedge.exe	85
PID 4916 wrote to memory of 3600	4916	msedge.exe	85
PID 4916 wrote to memory of 3600	4916	msedge.exe	85
PID 4916 wrote to memory of 3600	4916	msedge.exe	85
PID 4916 wrote to memory of 3600	4916	msedge.exe	85
PID 4916 wrote to memory of 3600	4916	msedge.exe	85
PID 4916 wrote to memory of 3600	4916	msedge.exe	85
PID 4916 wrote to memory of 3600	4916	msedge.exe	85
PID 4916 wrote to memory of 3600	4916	msedge.exe	85
PID 4916 wrote to memory of 3600	4916	msedge.exe	85
PID 4916 wrote to memory of 3600	4916	msedge.exe	85
PID 4916 wrote to memory of 3600	4916	msedge.exe	85
PID 4916 wrote to memory of 3600	4916	msedge.exe	85
PID 4916 wrote to memory of 3600	4916	msedge.exe	85
PID 4916 wrote to memory of 3600	4916	msedge.exe	85
PID 4916 wrote to memory of 3600	4916	msedge.exe	85
PID 4916 wrote to memory of 3600	4916	msedge.exe	85
PID 4916 wrote to memory of 3600	4916	msedge.exe	85
PID 4916 wrote to memory of 3600	4916	msedge.exe	85
PID 4916 wrote to memory of 1160	4916	msedge.exe	86
PID 4916 wrote to memory of 1160	4916	msedge.exe	86
PID 4916 wrote to memory of 4148	4916	msedge.exe	87
PID 4916 wrote to memory of 4148	4916	msedge.exe	87
PID 4916 wrote to memory of 4148	4916	msedge.exe	87
PID 4916 wrote to memory of 4148	4916	msedge.exe	87
PID 4916 wrote to memory of 4148	4916	msedge.exe	87
PID 4916 wrote to memory of 4148	4916	msedge.exe	87
PID 4916 wrote to memory of 4148	4916	msedge.exe	87
PID 4916 wrote to memory of 4148	4916	msedge.exe	87
PID 4916 wrote to memory of 4148	4916	msedge.exe	87
PID 4916 wrote to memory of 4148	4916	msedge.exe	87
PID 4916 wrote to memory of 4148	4916	msedge.exe	87
PID 4916 wrote to memory of 4148	4916	msedge.exe	87
PID 4916 wrote to memory of 4148	4916	msedge.exe	87
PID 4916 wrote to memory of 4148	4916	msedge.exe	87
PID 4916 wrote to memory of 4148	4916	msedge.exe	87
PID 4916 wrote to memory of 4148	4916	msedge.exe	87
PID 4916 wrote to memory of 4148	4916	msedge.exe	87
PID 4916 wrote to memory of 4148	4916	msedge.exe	87
PID 4916 wrote to memory of 4148	4916	msedge.exe	87
PID 4916 wrote to memory of 4148	4916	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/Dfmaaa/MEMZ-virus
1⤵
- Enumerates system info in registry
- Modifies registry class
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcb34c46f8,0x7ffcb34c4708,0x7ffcb34c4718
  2⤵
  PID:2752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,2766571640082219841,17447657374690912740,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2064 /prefetch:2
  2⤵
  PID:3600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,2766571640082219841,17447657374690912740,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,2766571640082219841,17447657374690912740,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2844 /prefetch:8
  2⤵
  PID:4148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,2766571640082219841,17447657374690912740,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:2552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,2766571640082219841,17447657374690912740,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:3832
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,2766571640082219841,17447657374690912740,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5340 /prefetch:8
  2⤵
  PID:1792
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,2766571640082219841,17447657374690912740,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5340 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,2766571640082219841,17447657374690912740,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5520 /prefetch:1
  2⤵
  PID:5028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,2766571640082219841,17447657374690912740,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3940 /prefetch:1
  2⤵
  PID:2920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,2766571640082219841,17447657374690912740,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5996 /prefetch:1
  2⤵
  PID:3888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,2766571640082219841,17447657374690912740,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5568 /prefetch:1
  2⤵
  PID:2836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,2766571640082219841,17447657374690912740,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5544 /prefetch:1
  2⤵
  PID:1968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,2766571640082219841,17447657374690912740,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5864 /prefetch:1
  2⤵
  PID:5020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,2766571640082219841,17447657374690912740,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4844 /prefetch:1
  2⤵
  PID:2724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,2766571640082219841,17447657374690912740,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6032 /prefetch:1
  2⤵
  PID:5036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2120,2766571640082219841,17447657374690912740,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4708 /prefetch:8
  2⤵
  PID:2080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2120,2766571640082219841,17447657374690912740,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5540 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:2920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,2766571640082219841,17447657374690912740,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5696 /prefetch:1
  2⤵
  PID:4820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,2766571640082219841,17447657374690912740,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4968 /prefetch:1
  2⤵
  PID:3480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,2766571640082219841,17447657374690912740,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5520 /prefetch:1
  2⤵
  PID:4048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2120,2766571640082219841,17447657374690912740,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6312 /prefetch:8
  2⤵
  PID:2948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,2766571640082219841,17447657374690912740,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3616 /prefetch:1
  2⤵
  PID:844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2120,2766571640082219841,17447657374690912740,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6652 /prefetch:8
  2⤵
  PID:1068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2120,2766571640082219841,17447657374690912740,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6732 /prefetch:8
  2⤵
  PID:4812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2120,2766571640082219841,17447657374690912740,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6496 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5064
- C:\Users\Admin\Downloads\DanaBot.exe
  "C:\Users\Admin\Downloads\DanaBot.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:852
- - C:\Windows\SysWOW64\regsvr32.exe
    C:\Windows\system32\regsvr32.exe -s C:\Users\Admin\DOWNLO~1\DanaBot.dll f1 C:\Users\Admin\DOWNLO~1\DanaBot.exe@852
    3⤵
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    PID:2156
  - - C:\Windows\SysWOW64\rundll32.exe
      C:\Windows\SysWOW64\rundll32.exe C:\Users\Admin\DOWNLO~1\DanaBot.dll,f0
      4⤵
      Blocklisted process makes network request
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      PID:3356
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 852 -s 460
    3⤵
    - Program crash
    PID:4132
- C:\Users\Admin\Downloads\DanaBot.exe
  "C:\Users\Admin\Downloads\DanaBot.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:3480
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3480 -s 152
    3⤵
    - Program crash
    PID:4300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,2766571640082219841,17447657374690912740,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3932 /prefetch:1
  2⤵
  PID:3340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2120,2766571640082219841,17447657374690912740,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6540 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,2766571640082219841,17447657374690912740,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5656 /prefetch:1
  2⤵
  PID:4304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2120,2766571640082219841,17447657374690912740,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6676 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,2766571640082219841,17447657374690912740,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6976 /prefetch:1
  2⤵
  PID:3428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2120,2766571640082219841,17447657374690912740,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6940 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3584
- C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
  "C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\Downloads\Zloader (2).xlsm"
  2⤵
  - Enumerates connected drives
  - Checks processor information in registry
  - Enumerates system info in registry
  - Suspicious behavior: AddClipboardFormatListener
  - Suspicious use of SetWindowsHookEx
  PID:852
- - C:\Windows\System32\rundll32.exe
    "C:\Windows\System32\rundll32.exe" C:\nxTgTGh\ECeMdPT\EnVYsVZ.dll,DllRegisterServer
    3⤵
    - Process spawned unexpected child process
    PID:3592
- C:\Users\Admin\Downloads\DanaBot.exe
  "C:\Users\Admin\Downloads\DanaBot.exe"
  2⤵
  - Executes dropped EXE
  PID:2672
- C:\Users\Admin\Downloads\DanaBot.exe
  "C:\Users\Admin\Downloads\DanaBot.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:4784
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4784 -s 136
    3⤵
    - Program crash
    PID:4060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,2766571640082219841,17447657374690912740,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6640 /prefetch:1
  2⤵
  PID:1444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2120,2766571640082219841,17447657374690912740,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6188 /prefetch:8
  2⤵
  PID:4152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,2766571640082219841,17447657374690912740,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7116 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2120,2766571640082219841,17447657374690912740,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6908 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,2766571640082219841,17447657374690912740,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7128 /prefetch:1
  2⤵
  PID:4256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,2766571640082219841,17447657374690912740,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5672 /prefetch:1
  2⤵
  PID:2432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,2766571640082219841,17447657374690912740,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6344 /prefetch:1
  2⤵
  PID:876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,2766571640082219841,17447657374690912740,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5896 /prefetch:1
  2⤵
  PID:3408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2120,2766571640082219841,17447657374690912740,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5752 /prefetch:8
  2⤵
  PID:2296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,2766571640082219841,17447657374690912740,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1932 /prefetch:1
  2⤵
  PID:4712

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2624

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 852 -ip 852
1⤵
PID:8

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 3480 -ip 3480
1⤵
PID:316

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 360 -p 4784 -ip 4784
1⤵
PID:3392

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1836

C:\Users\Admin\Downloads\Avoid.exe
"C:\Users\Admin\Downloads\Avoid.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:3668

C:\Users\Admin\Downloads\Avoid.exe
"C:\Users\Admin\Downloads\Avoid.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:4488

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1472

C:\Users\Admin\Downloads\Avoid.exe
"C:\Users\Admin\Downloads\Avoid.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:1700

C:\Users\Admin\Downloads\Avoid.exe
"C:\Users\Admin\Downloads\Avoid.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:4332

C:\Users\Admin\Downloads\Avoid.exe
"C:\Users\Admin\Downloads\Avoid.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:1460

C:\Users\Admin\Downloads\Avoid.exe
"C:\Users\Admin\Downloads\Avoid.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:3808

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
PID:3324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffcb34c46f8,0x7ffcb34c4708,0x7ffcb34c4718
  2⤵
  PID:396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,11709945770561759482,5570852596368167175,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:2
  2⤵
  PID:3112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,11709945770561759482,5570852596368167175,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:3
  2⤵
  PID:1368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2072,11709945770561759482,5570852596368167175,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2908 /prefetch:8
  2⤵
  PID:1512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,11709945770561759482,5570852596368167175,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
  2⤵
  PID:1484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,11709945770561759482,5570852596368167175,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:1
  2⤵
  PID:2796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,11709945770561759482,5570852596368167175,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4432 /prefetch:1
  2⤵
  PID:4372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,11709945770561759482,5570852596368167175,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3996 /prefetch:1
  2⤵
  PID:3060
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,11709945770561759482,5570852596368167175,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5288 /prefetch:8
  2⤵
  PID:2292
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,11709945770561759482,5570852596368167175,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5288 /prefetch:8
  2⤵
  PID:3628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,11709945770561759482,5570852596368167175,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5308 /prefetch:1
  2⤵
  PID:1516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2072,11709945770561759482,5570852596368167175,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5160 /prefetch:8
  2⤵
  PID:1840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2072,11709945770561759482,5570852596368167175,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5112 /prefetch:8
  2⤵
  - Modifies registry class
  PID:4076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,11709945770561759482,5570852596368167175,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4412 /prefetch:1
  2⤵
  PID:3300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,11709945770561759482,5570852596368167175,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5648 /prefetch:1
  2⤵
  PID:4964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,11709945770561759482,5570852596368167175,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5808 /prefetch:1
  2⤵
  PID:4480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,11709945770561759482,5570852596368167175,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4104 /prefetch:1
  2⤵
  PID:384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,11709945770561759482,5570852596368167175,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4396 /prefetch:1
  2⤵
  PID:1976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,11709945770561759482,5570852596368167175,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5940 /prefetch:1
  2⤵
  PID:5052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2072,11709945770561759482,5570852596368167175,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5336 /prefetch:8
  2⤵
  PID:2032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,11709945770561759482,5570852596368167175,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5448 /prefetch:1
  2⤵
  PID:3108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2072,11709945770561759482,5570852596368167175,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6592 /prefetch:8
  2⤵
  PID:4820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2072,11709945770561759482,5570852596368167175,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6076 /prefetch:8
  2⤵
  PID:1996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2072,11709945770561759482,5570852596368167175,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4112 /prefetch:8
  2⤵
  PID:1300
- C:\Users\Admin\Downloads\ChilledWindows.exe
  "C:\Users\Admin\Downloads\ChilledWindows.exe"
  2⤵
  - Executes dropped EXE
  - Enumerates connected drives
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  PID:736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,11709945770561759482,5570852596368167175,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6100 /prefetch:2
  2⤵
  PID:1612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,11709945770561759482,5570852596368167175,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1768 /prefetch:1
  2⤵
  PID:452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2072,11709945770561759482,5570852596368167175,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6900 /prefetch:8
  2⤵
  PID:3708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2072,11709945770561759482,5570852596368167175,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6212 /prefetch:8
  2⤵
  PID:4592
- C:\Users\Admin\Downloads\CookieClickerHack.exe
  "C:\Users\Admin\Downloads\CookieClickerHack.exe"
  2⤵
  - Executes dropped EXE
  PID:4508
- C:\Users\Admin\Downloads\CookieClickerHack.exe
  "C:\Users\Admin\Downloads\CookieClickerHack.exe"
  2⤵
  - Executes dropped EXE
  PID:3536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,11709945770561759482,5570852596368167175,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7000 /prefetch:1
  2⤵
  PID:988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,11709945770561759482,5570852596368167175,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6892 /prefetch:1
  2⤵
  PID:2860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,11709945770561759482,5570852596368167175,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2024 /prefetch:1
  2⤵
  PID:3424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,11709945770561759482,5570852596368167175,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6092 /prefetch:1
  2⤵
  PID:3948

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1492

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4508

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4a4 0x3dc
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2960

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Suspicious use of AdjustPrivilegeToken
PID:4060

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of SetWindowsHookEx
PID:5016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcb34c46f8,0x7ffcb34c4708,0x7ffcb34c4718
  2⤵
  PID:2200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,714069547115035066,17902051931836539000,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2192 /prefetch:2
  2⤵
  PID:3140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,714069547115035066,17902051931836539000,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:3
  2⤵
  PID:4660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2140,714069547115035066,17902051931836539000,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2864 /prefetch:8
  2⤵
  PID:540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,714069547115035066,17902051931836539000,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
  2⤵
  PID:2992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,714069547115035066,17902051931836539000,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1
  2⤵
  PID:4904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,714069547115035066,17902051931836539000,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5040 /prefetch:1
  2⤵
  PID:3220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,714069547115035066,17902051931836539000,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4536 /prefetch:1
  2⤵
  PID:4964
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,714069547115035066,17902051931836539000,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5452 /prefetch:8
  2⤵
  PID:3232
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,714069547115035066,17902051931836539000,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5452 /prefetch:8
  2⤵
  PID:4648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,714069547115035066,17902051931836539000,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5496 /prefetch:1
  2⤵
  PID:4128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2140,714069547115035066,17902051931836539000,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5720 /prefetch:8
  2⤵
  PID:5076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2140,714069547115035066,17902051931836539000,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5656 /prefetch:8
  2⤵
  - Modifies registry class
  PID:2460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,714069547115035066,17902051931836539000,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5620 /prefetch:1
  2⤵
  PID:4420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,714069547115035066,17902051931836539000,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5972 /prefetch:1
  2⤵
  PID:3000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,714069547115035066,17902051931836539000,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5136 /prefetch:1
  2⤵
  PID:3932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,714069547115035066,17902051931836539000,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3600 /prefetch:1
  2⤵
  PID:3096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,714069547115035066,17902051931836539000,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3456 /prefetch:1
  2⤵
  PID:3200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,714069547115035066,17902051931836539000,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3552 /prefetch:1
  2⤵
  PID:1624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,714069547115035066,17902051931836539000,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3984 /prefetch:1
  2⤵
  PID:3516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,714069547115035066,17902051931836539000,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:1
  2⤵
  PID:1512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2140,714069547115035066,17902051931836539000,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3752 /prefetch:8
  2⤵
  PID:1484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,714069547115035066,17902051931836539000,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6068 /prefetch:1
  2⤵
  PID:728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2140,714069547115035066,17902051931836539000,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6712 /prefetch:8
  2⤵
  PID:1188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2140,714069547115035066,17902051931836539000,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6736 /prefetch:8
  2⤵
  PID:3464
- C:\Users\Admin\Downloads\CrazyNCS.exe
  "C:\Users\Admin\Downloads\CrazyNCS.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:4860
- C:\Users\Admin\Downloads\CrazyNCS.exe
  "C:\Users\Admin\Downloads\CrazyNCS.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:752
- C:\Users\Admin\Downloads\CrazyNCS.exe
  "C:\Users\Admin\Downloads\CrazyNCS.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:3200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,714069547115035066,17902051931836539000,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6252 /prefetch:1
  2⤵
  PID:1504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2140,714069547115035066,17902051931836539000,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6568 /prefetch:8
  2⤵
  PID:3924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2140,714069547115035066,17902051931836539000,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6488 /prefetch:8
  2⤵
  PID:1320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2140,714069547115035066,17902051931836539000,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6200 /prefetch:8
  2⤵
  PID:4720
- C:\Users\Admin\Downloads\Curfun.exe
  "C:\Users\Admin\Downloads\Curfun.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:180
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.rjlsoftware.com/redir/cursorfun.htm
    3⤵
    - Enumerates system info in registry
    PID:5764
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcb34c46f8,0x7ffcb34c4708,0x7ffcb34c4718
      4⤵
      PID:4332
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,13927990638675883644,8513408073067610438,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2
      4⤵
      PID:1712
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,13927990638675883644,8513408073067610438,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 /prefetch:3
      4⤵
      PID:392
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,13927990638675883644,8513408073067610438,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2828 /prefetch:8
      4⤵
      PID:1336
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,13927990638675883644,8513408073067610438,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
      4⤵
      PID:3232
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,13927990638675883644,8513408073067610438,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
      4⤵
      PID:736
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,13927990638675883644,8513408073067610438,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3052 /prefetch:1
      4⤵
      PID:4732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,714069547115035066,17902051931836539000,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3396 /prefetch:2
  2⤵
  PID:3972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,714069547115035066,17902051931836539000,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6412 /prefetch:1
  2⤵
  PID:3924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2140,714069547115035066,17902051931836539000,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6440 /prefetch:8
  2⤵
  PID:3592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2140,714069547115035066,17902051931836539000,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6932 /prefetch:8
  2⤵
  PID:1052
- C:\Users\Admin\Downloads\DesktopBoom.exe
  "C:\Users\Admin\Downloads\DesktopBoom.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: GetForegroundWindowSpam
  PID:2880
- C:\Users\Admin\Downloads\DesktopBoom.exe
  "C:\Users\Admin\Downloads\DesktopBoom.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: GetForegroundWindowSpam
  PID:592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,714069547115035066,17902051931836539000,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4492 /prefetch:1
  2⤵
  PID:1180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,714069547115035066,17902051931836539000,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4412 /prefetch:1
  2⤵
  PID:4728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,714069547115035066,17902051931836539000,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6400 /prefetch:1
  2⤵
  PID:4612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,714069547115035066,17902051931836539000,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4216 /prefetch:1
  2⤵
  PID:3340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,714069547115035066,17902051931836539000,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5484 /prefetch:1
  2⤵
  PID:4472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,714069547115035066,17902051931836539000,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5052 /prefetch:1
  2⤵
  PID:4228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,714069547115035066,17902051931836539000,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5800 /prefetch:1
  2⤵
  PID:796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,714069547115035066,17902051931836539000,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
  2⤵
  PID:752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,714069547115035066,17902051931836539000,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7020 /prefetch:1
  2⤵
  PID:2960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,714069547115035066,17902051931836539000,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7352 /prefetch:1
  2⤵
  PID:1176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,714069547115035066,17902051931836539000,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7376 /prefetch:1
  2⤵
  PID:1976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,714069547115035066,17902051931836539000,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6516 /prefetch:1
  2⤵
  PID:4548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,714069547115035066,17902051931836539000,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7892 /prefetch:1
  2⤵
  PID:4140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,714069547115035066,17902051931836539000,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7996 /prefetch:1
  2⤵
  PID:3680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,714069547115035066,17902051931836539000,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7336 /prefetch:1
  2⤵
  PID:5192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,714069547115035066,17902051931836539000,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6900 /prefetch:1
  2⤵
  PID:5280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,714069547115035066,17902051931836539000,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3980 /prefetch:1
  2⤵
  PID:5528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,714069547115035066,17902051931836539000,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6240 /prefetch:1
  2⤵
  PID:5636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,714069547115035066,17902051931836539000,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8172 /prefetch:1
  2⤵
  PID:5748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,714069547115035066,17902051931836539000,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8176 /prefetch:1
  2⤵
  PID:5756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,714069547115035066,17902051931836539000,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8464 /prefetch:1
  2⤵
  PID:5912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,714069547115035066,17902051931836539000,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8676 /prefetch:1
  2⤵
  PID:6060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,714069547115035066,17902051931836539000,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8920 /prefetch:1
  2⤵
  PID:5600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,714069547115035066,17902051931836539000,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8104 /prefetch:1
  2⤵
  PID:1600

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3428

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1520

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Suspicious use of NtCreateProcessExOtherParentProcess
- Checks SCSI registry key(s)
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
PID:3128

C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\e6d2873651ae42ebbd4b60d271bf4b4f /t 2512 /p 3536
1⤵
PID:4964

C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\7df9729ac7084523a54086d29d335c6d /t 1744 /p 4508
1⤵
PID:4356

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4a4 0x3dc
1⤵
PID:4168

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4852

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5212

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Loads dropped DLL
- Checks SCSI registry key(s)
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
PID:2772

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- NTFS ADS
PID:5704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcb34c46f8,0x7ffcb34c4708,0x7ffcb34c4718
  2⤵
  PID:5932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,13861449104025617837,13875049153951900945,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2184 /prefetch:2
  2⤵
  PID:1396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2172,13861449104025617837,13875049153951900945,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:3
  2⤵
  PID:3004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2172,13861449104025617837,13875049153951900945,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2988 /prefetch:8
  2⤵
  PID:2832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,13861449104025617837,13875049153951900945,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1
  2⤵
  PID:1432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,13861449104025617837,13875049153951900945,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:1
  2⤵
  PID:2172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,13861449104025617837,13875049153951900945,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5080 /prefetch:1
  2⤵
  PID:6088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,13861449104025617837,13875049153951900945,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5124 /prefetch:1
  2⤵
  PID:2408
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2172,13861449104025617837,13875049153951900945,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5392 /prefetch:8
  2⤵
  PID:5140
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2172,13861449104025617837,13875049153951900945,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5392 /prefetch:8
  2⤵
  PID:2292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,13861449104025617837,13875049153951900945,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4188 /prefetch:1
  2⤵
  PID:1420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2172,13861449104025617837,13875049153951900945,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4428 /prefetch:8
  2⤵
  PID:2040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2172,13861449104025617837,13875049153951900945,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3512 /prefetch:8
  2⤵
  - Modifies registry class
  PID:1616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,13861449104025617837,13875049153951900945,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5536 /prefetch:1
  2⤵
  PID:3932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,13861449104025617837,13875049153951900945,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5624 /prefetch:1
  2⤵
  PID:5988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,13861449104025617837,13875049153951900945,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3624 /prefetch:1
  2⤵
  PID:2820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,13861449104025617837,13875049153951900945,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3136 /prefetch:1
  2⤵
  PID:5392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,13861449104025617837,13875049153951900945,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5824 /prefetch:1
  2⤵
  PID:5664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,13861449104025617837,13875049153951900945,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2028 /prefetch:1
  2⤵
  PID:3760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,13861449104025617837,13875049153951900945,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6032 /prefetch:1
  2⤵
  PID:5508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,13861449104025617837,13875049153951900945,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4436 /prefetch:1
  2⤵
  PID:796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,13861449104025617837,13875049153951900945,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6344 /prefetch:1
  2⤵
  PID:5616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,13861449104025617837,13875049153951900945,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6492 /prefetch:1
  2⤵
  PID:2572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,13861449104025617837,13875049153951900945,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6532 /prefetch:1
  2⤵
  PID:6140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,13861449104025617837,13875049153951900945,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6128 /prefetch:1
  2⤵
  PID:2904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,13861449104025617837,13875049153951900945,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1732 /prefetch:1
  2⤵
  PID:3416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,13861449104025617837,13875049153951900945,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2752 /prefetch:1
  2⤵
  PID:4924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,13861449104025617837,13875049153951900945,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6344 /prefetch:1
  2⤵
  PID:5292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,13861449104025617837,13875049153951900945,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6332 /prefetch:1
  2⤵
  PID:4628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,13861449104025617837,13875049153951900945,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6684 /prefetch:1
  2⤵
  PID:4900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,13861449104025617837,13875049153951900945,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6600 /prefetch:1
  2⤵
  PID:988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,13861449104025617837,13875049153951900945,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1932 /prefetch:1
  2⤵
  PID:5204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,13861449104025617837,13875049153951900945,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1860 /prefetch:1
  2⤵
  PID:2904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,13861449104025617837,13875049153951900945,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6896 /prefetch:1
  2⤵
  PID:4648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2172,13861449104025617837,13875049153951900945,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6860 /prefetch:8
  2⤵
  PID:664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,13861449104025617837,13875049153951900945,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7380 /prefetch:1
  2⤵
  PID:2288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2172,13861449104025617837,13875049153951900945,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7752 /prefetch:8
  2⤵
  PID:4796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,13861449104025617837,13875049153951900945,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7824 /prefetch:2
  2⤵
  PID:212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,13861449104025617837,13875049153951900945,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5520 /prefetch:1
  2⤵
  PID:4048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,13861449104025617837,13875049153951900945,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5656 /prefetch:1
  2⤵
  PID:1056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,13861449104025617837,13875049153951900945,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7840 /prefetch:1
  2⤵
  PID:6064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,13861449104025617837,13875049153951900945,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7576 /prefetch:1
  2⤵
  PID:640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,13861449104025617837,13875049153951900945,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7028 /prefetch:1
  2⤵
  PID:1420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,13861449104025617837,13875049153951900945,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5512 /prefetch:1
  2⤵
  PID:2804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,13861449104025617837,13875049153951900945,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7312 /prefetch:1
  2⤵
  PID:1480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,13861449104025617837,13875049153951900945,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7560 /prefetch:1
  2⤵
  PID:4152

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5024

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5520

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Checks processor information in registry
- Suspicious use of AdjustPrivilegeToken
PID:5548

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
d2fb266b97caff2086bf0fa74eddb6b2

SHA1
2f0061ce9c51b5b4fbab76b37fc6a540be7f805d

SHA256
b09f68b61d9ff5a7c7c8b10eee9447d4813ee0e866346e629e788cd4adecb66a

SHA512
c3ba95a538c1d266beb83334af755c34ce642a4178ab0f2e5f7822fd6821d3b68862a8b58f167a9294e6d913b08c1054a69b5d7aec2efdb3cf9796ed84de21a8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
944B

MD5
6bd369f7c74a28194c991ed1404da30f

SHA1
0f8e3f8ab822c9374409fe399b6bfe5d68cbd643

SHA256
878947d0ec814fe7c343cdebc05eebf00eb14f3023bdb3809a559e17f399fe5d

SHA512
8fc5f073dc9fa1e1ae47c60a5f06e0a48709fd6a4302dffaa721858409e7bde64bc6856d3fb28891090516d1a7afc542579de287778b5755eafe75cc67d45d93

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
24796e94f34b4507a581a5bdccca86a7

SHA1
817f4322da7449806e80c8bac152e9cc6e3cb64b

SHA256
49853d54fa7d53305e1c52180f15e5e0a0ec92a4e1d4177c1c6bf5e4db8f7bb2

SHA512
5265123a98adf29d2e1dcf6c8edc42b64e036702b5e8ebcd90ddb02e898be77721c341ebe7feb3b3943197b04e95395f8ab841deddadce091a568d8e0763463e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9e3fc58a8fb86c93d19e1500b873ef6f

SHA1
c6aae5f4e26f5570db5e14bba8d5061867a33b56

SHA256
828f4eacac1c40b790fd70dbb6fa6ba03dcc681171d9b2a6579626d27837b1c4

SHA512
e5e245b56fa82075e060f468a3224cf2ef43f1b6d87f0351a2102d85c7c897e559be4caeaecfdc4059af29fdc674681b61229319dda95cb2ee649b2eb98d313e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e6b08134029c86e46f7511f971fd6fc6

SHA1
1123419b3c9368ad29a2137cd3056a567445f0e2

SHA256
384c9710adf0a455f101050797b05d68c9d4c5b6cb9136e5e4184c0d25e5c71f

SHA512
8d00314adaffde25600b75d0b4ca46b4cd9edfc02c1ce9b142b7fb5114a95768f38ae3656fffcff203a5dc6cea86fb5c5cd8c06bae16729b5f4857ce0ce24770

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2fa38702a06f2c277f47288703904b65

SHA1
c2c1f3feae4aaade85f1c712aa652e34af74c97a

SHA256
cbe73e1d91243a07cf5790e4134ac6249a9fa69790c86e42b4f854136f54b362

SHA512
3e6b083d935c63f332c44ebb7a86aaf0cf87f78b166404a54350c3b53f79efe75f192c73ec1818fb8c577323b71e9c3b328c142924a93ba33701dcf85505f83d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
aa56a4c230ba9c41b8aed6ce11889c2c

SHA1
37752b28407a087a5a753f730b6b9f8ff2033906

SHA256
290ed6ef66b3125d3a62c878cc657a593ec4eb9ff785658e3c2c22de7e39cc3a

SHA512
2c680d18da115e512a45c864a735ab58ed9dc55c5185765030c86bd5e9b9dace55eced24f7386c21584867d42de67fdb2d0927def31ee397a58e244eb87f3575

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
111424a9de05969fb3f1f54981b482c3

SHA1
75e2a5245666f6d5b7153280fad8b2b3b794f1b3

SHA256
4041fd1af2d538506d6744aa579d1d0cdc9df14f41dab608829cb75e36f84196

SHA512
26f1fb4a0558ef189010b02f72baed918434655f1110304d29e0153e82828e21df252fd09a5c84f974c2b5489fdf205e1bc06528ac3cd9191af51807ab4a60ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
27304926d60324abe74d7a4b571c35ea

SHA1
78b8f92fcaf4a09eaa786bbe33fd1b0222ef29c1

SHA256
7039ad5c2b40f4d97c8c2269f4942be13436d739b2e1f8feb7a0c9f9fdb931de

SHA512
f5b6181d3f432238c7365f64fc8a373299e23ba8178bcc419471916ef8b23e909787c7c0617ab22e4eb90909c02bd7b84f1386fbc61e2bdb5a0eb474175da4bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\295e6c2b-d8ef-4bdf-8898-746141f352a0.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
62KB

MD5
c3c0eb5e044497577bec91b5970f6d30

SHA1
d833f81cf21f68d43ba64a6c28892945adc317a6

SHA256
eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb

SHA512
83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
69KB

MD5
24a806fccb1d271a0e884e1897f2c1bc

SHA1
11bde7bb9cc39a5ef1bcddfc526f3083c9f2298a

SHA256
e83f90413d723b682d15972abeaaa71b9cead9b0c25bf8aac88485d4be46fb85

SHA512
33255665affcba0a0ada9cf3712ee237c92433a09cda894d63dd1384349e2159d0fe06fa09cca616668ef8fcbb8d0a73ef381d30702c20aad95fc5e9396101ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
41KB

MD5
cc6a7af85ef808b23fb0d7856ed6aafb

SHA1
9c32e7d7b33e9769211fbce53001a17848d546b5

SHA256
0d8b4860b16e4ee74beff0e2034bd195352dba61a455efdeb35d6ede7c4c7391

SHA512
d9e9086a0d6827ba073028b67a73e8d0936ff9813238075af53dd75af0f7417b56dc4642417ced05af36ec9e66bac671ab8ed9d0f73dd7b84a6695026ba2abf6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

Filesize
88KB

MD5
b38fbbd0b5c8e8b4452b33d6f85df7dc

SHA1
386ba241790252df01a6a028b3238de2f995a559

SHA256
b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd

SHA512
546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

Filesize
1.2MB

MD5
027a77a637cb439865b2008d68867e99

SHA1
ba448ff5be0d69dbe0889237693371f4f0a2425e

SHA256
6f0e8c5ae26abbae3efc6ca213cacaaebd19bf2c7ed88495289a8f40428803dd

SHA512
66f8fbdd68de925148228fe1368d78aa8efa5695a2b4f70ab21a0a4eb2e6e9f0f54ed57708bd9200c2bbe431b9d09e5ca08c3f29a4347aeb65b090790652b5c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001f

Filesize
2.7MB

MD5
48d8f7bbb500af66baa765279ce58045

SHA1
2cdb5fdeee4e9c7bd2e5f744150521963487eb71

SHA256
db0d72bc7d10209f7fa354ec100d57abbb9fe2e57ce72789f5f88257c5d3ebd1

SHA512
aef8aa8e0d16aab35b5cc19487e53583691e4471064bc556a2ee13e94a0546b54a33995739f0fa3c4de6ff4c6abf02014aef3efb0d93ca6847bad2220c3302bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000031

Filesize
209KB

MD5
3e552d017d45f8fd93b94cfc86f842f2

SHA1
dbeebe83854328e2575ff67259e3fb6704b17a47

SHA256
27d9c4613df7a3c04da0b79c13217aa69992b441acb7e44bf2a7578ca87d97d6

SHA512
e616436f2f15615429c7c5c37de3990c3e86c5e1da7d75a0f524fc458b75d44a5be1a3648a628d63e1cf8aa062e08b538f2f2bc9c6a0b42157beb24f82c571d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000041

Filesize
4.4MB

MD5
6a4853cd0584dc90067e15afb43c4962

SHA1
ae59bbb123e98dc8379d08887f83d7e52b1b47fc

SHA256
ccb9502bf8ba5becf8b758ca04a5625c30b79e2d10d2677cc43ae4253e1288ec

SHA512
feb223e0de9bd64e32dc4f3227e175b58196b5e614bca8c2df0bbca2442a564e39d66bcd465154149dc7ebbd3e1ca644ed09d9a9174b52236c76e7388cb9d996

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000064

Filesize
18KB

MD5
0903e68602923cba27b04d0e4b2f1cf5

SHA1
9c7bcd897a5d7676abdc9664ba414f825ccacc92

SHA256
adf8f3775843eaf7a80cee6feb22fff3f7b08cc9c504d660f7afd1ca2b35bed8

SHA512
2ab52d1fb08ffdea5de16a4fcdb9fb70db8ff8e7224b2c6c6040009aa3dbd0e820adf14249211b58d51a62b16301de807d2465659996cc12796807889c365b1c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00006d

Filesize
138KB

MD5
0b3b2dff5503cb032acd11d232a3af55

SHA1
6efc31c1d67f70cf77c319199ac39f70d5a7fa95

SHA256
ef878461a149024f3065121ff4e165731ecabef1b94b0b3ed2eda010ad39202b

SHA512
484014d65875e706f7e5e5f54c2045d620e5cce5979bf7f37b45c613e6d948719c0b8e466df5d8908706133ce4c4b71a11b804417831c9dbaf72b6854231ea17

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000071

Filesize
17KB

MD5
78576f38ba9610e1777d0b7fedbbff49

SHA1
6bf581d05d1c6e0cf1808dfe719e177c691699fe

SHA256
0f0dad0d1f6495598581f2a13065d61396a030b15b1c467b144f94a3a7870221

SHA512
7f5bc3c720f89b88e14297c12b96266cb8d85aa425d284d52d3af2996a532a9c127ff7d72bd427ad7cefbe04d77ce4ffbadf76d998a09dd7d7cdece7d2931365

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000076

Filesize
18KB

MD5
9e2fdb9532c9682cc7ecfed72a02691a

SHA1
26f9c29b3a423bb9e503564a282bcb3b6a3ef201

SHA256
74e2d712049720014831498a742ee1d1e107fce5f34c7ba2ca6df0d763a77418

SHA512
91dcdf8f21c732d69f1366ec29fed55d244ff2c7c625a6c05aa2538c59bc42e08b81cabd62d9f61cc38f30f25604c9fa011ca56623ccdb5b5b0c6dbc3c5d953c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00007d

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000083

Filesize
27KB

MD5
7820201f0db0c706a0ea5bb7ce018ef2

SHA1
6d116650afbb3b25bfd6226c7d5ee00dd1fe4515

SHA256
04f262a5cce0399379de17e5635f1e1acaf4371afe981edaaf792625a682c44a

SHA512
bfecb88d8852c413525e1e1bdb3eb69c97a10e4ff67ae3ca5eb97fff5a2ee369a1b80a0d314440a375d0f9e950e0e970a6de6afed09062d8523ca28ac878946f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000ad

Filesize
167KB

MD5
2f011c29a18bc417a2f7a65a4cb60f2c

SHA1
e18f5f32195c4da8e55f90c2adffa7a0b10d9d1d

SHA256
52f9d12c55d78af0cdd603ac47bc0e2b230c6519d78f69b7a016ae83743a6a30

SHA512
d44de353d726708ddf06a1fdd9100eef00d0335c5033a2e595aa608830e095f73d3f21dd5f171b81a438a3510b6f9bda2fd642c018adcaec1ac4680a49f35b1a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000b1

Filesize
17KB

MD5
b7d2f4f4a98e852de8aa169642f911cd

SHA1
0bc903d9b1368cfe96f55e214bf9e1b629f67a4e

SHA256
7a5a2af4a56eddd6377c93de2ce70f4c4e07570b6712f80282318883aa848a64

SHA512
7c2dc4b86d844ffa05301b2fba831a4c7da2b682ff8fd8ca4c80e6dc25408a338d0241ad1c09904d57b7c04bee60e317e3492f90f18c5ebef383b5490e1ba253

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000c6

Filesize
25KB

MD5
30514ac71bfd507d5c3a0c8263686caa

SHA1
82b105e3055aa1563a8de1323812025395aa1988

SHA256
568708dac26708072b855972f51fb6958730dca798a7365b0bf921251416e80b

SHA512
a21134b8cb6449371578fae977e240421fdb5075fb654583172fc6950d2bdd02d4d4cf7cf5810f6b37fc902308304711f3216ed6840a79724701efa9d6b16b89

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000e2

Filesize
65KB

MD5
13558ccf1710c1c2a62fc265d5a6506d

SHA1
97885ddaed317b544b5006c6d54d986751784ffa

SHA256
bdd3b8ea691270e38261571a1b9efff4b9b5e986dfb0b75c0f4cdc9f7099ffc4

SHA512
5153f155fa5c49e1a5619c13b5663ea64d12e5550eefb05c037fbe215ea1a6bfd74595eee6bedf58c3340974b958eee76daf4a4260071257f7c9bd322a95dd1e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000e8

Filesize
93KB

MD5
51ae200253c6a2a0d0a3e1e02c980cb4

SHA1
a0bf83264e2a11a1df2e250087169c03cc936995

SHA256
12ee3e4578063d1bfa45f2f3bce69f8f793ae7f2be65d83ac0d23d701568c4b9

SHA512
b0c7267fe6e27f334972ab76be869ec6104a7871919ed0006843cc610a5a801c1596ff7593841755480027713391c0913d12b282bd20c811a82c6b5ce5a665d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000e9

Filesize
18KB

MD5
ad4eac081793dfb93e0de9d336401bdc

SHA1
ba24136311f8397320997be46a9965b12abd26ce

SHA256
4df235c9ffb18cf91eb6e7db9b386b564523cdca8c8b5adb5655b208d2f3c483

SHA512
4d1007a9e692dd169600d03f36ec2de10d51466b8f351666ae2f11e2de9fcfe7bdc44ed2f146e434ded573b6fcdd23b020fe2c93131499aecc93c99fa4371807

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000ea

Filesize
18KB

MD5
160cfd8149309447183b4180640988c7

SHA1
81831df106198fca11a37c6aeb141cc974e73ae8

SHA256
a99736d9d272489e2f41a915e01a896bcae5ca29f176f6bfa4a69504541c7444

SHA512
e72f00df98a8b26084d0e9e0272a6cc030fa58203fc78406c86bfcf3f519b224ce91817dfce212dd53189fa06c5c2a848f79717659283d14ab46d7459d8b6a62

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000eb

Filesize
31KB

MD5
775f3463917a35f9ecc8e1ade55fbed5

SHA1
5cb474c0a184dad150b6245a1cd4556af2458b23

SHA256
d296e02c544d651a54c01fd25a3cc46a2d1228c8e2fc22b0ff622bd8d4fd5ada

SHA512
c6954d2b06d723d07227d212941412627b9510830adb4164a74b4cd01ccaa382ced76401d87e8c195d49e7a61cedea2787082303ec120460b401f6f435c7a433

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000ec

Filesize
38KB

MD5
632616ff15825f030aab3391a58ef042

SHA1
a9435e095b8a17b6058c9d1e0c8ea53805e20d39

SHA256
d0e12af8c4e560fe89643639e0c3ed4dc76125c62adeb2879b761d73dbaecf50

SHA512
ffcb6cb7713af0499229f6316f762fe119c313e2a3810d8eccda8c005ad664adfc640915970e8d479558e627c875e4fe9e9ccef1a9e2ef3788947657916d1c2b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000ed

Filesize
147KB

MD5
cc4338db837b0e3f30630842a320a796

SHA1
764cbccff0d132436f387596a8eb5ea71954bd0c

SHA256
e035df2cc7bb7ac4c4993f32eef9279020a55dd83c4efb92f5dbeb04c159e7fb

SHA512
2f55d1d6d5da4905b76ec30c5af2ea070fca2825f3acca38a244754e29c7da67d8b14a64912fd8bc2c173a6e0daf1303bfc60dba92d41cf86ea084b098fc982c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000ee

Filesize
18KB

MD5
7c7a3f407747d3d5d40b6e0460a4e3b6

SHA1
7bec927cdeb78e001daac960a403e996602f414f

SHA256
9650ab891443506622d4d5548806aabf0a9afaaaa0c6a9285bf6611d2130e1b9

SHA512
1ac046370424da04f219503c23e5d22d4b5b130e2f1502b82a06df6b8e07974e292cfec53cc4c697107b0ea6b968ecd82fa8d43984aa8f7c01800a66fc94b89c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000f0

Filesize
63KB

MD5
34d5015941e4901485c7974667b85162

SHA1
cf032e42cf197dcc3022001a0bde9d74eb11ac15

SHA256
5c166a5d40aeefd0679a14f95e47ff28824e66abba82adfa30be41803cc25632

SHA512
42cef1d6847f535a6e8afc0469b9f5ef79ce4ab21512ac7eeda8ef9667d5f24bb33b30aba9a29824b3d853d41d4addf6bdee2042cf4fbd0a033b61657c671f0c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000f1

Filesize
62KB

MD5
0800f316866f3b20e5443bf0b6c133a2

SHA1
0c26d720ec1078b683068d5586b3a204ec118bba

SHA256
8bf6fdda34cb70a0e5abb753af6440a64d37ed2fee81ab1d9c478f7d77aff84e

SHA512
84d9961ef0b3890094c0809750708d57ab23a9e21f76fbddae37fe04443b44c693dd087e51ed06e5ea2900f1fa7f2bda76f8991d3f8396dacfaf923438e48d75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000f3

Filesize
20KB

MD5
6931123c52bee278b00ee54ae99f0ead

SHA1
6907e9544cd8b24f602d0a623cfe32fe9426f81f

SHA256
c54a6c3031bf3472077c716fa942bd683119dc483b7e0181e8a608fa0b309935

SHA512
40221fe98816aa369c45f87dc62e6d91fcdb559d9756cb6a05819f1cde629e23a51803e71371f4e4f27112a09489d58ed45b2b901a5f2f00c69c082b3576057f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000f5

Filesize
20KB

MD5
767cecd9c0a8be53fefa5147dac3cd09

SHA1
5b9584deddbfd4a6ef9b5933017dc23b4074c895

SHA256
3b73bfa7b96578014990476db66fbbfd1a24d26f873f024d8e948d0384ceebdb

SHA512
f8bbbd1522b6ef3cf9866e1c6aef8ca457d54d37143b01b23b328fea3804fc59410825ad4f10b753c5fec52f956196f531355a49178b0b6ce31e22bc1bcc1b33

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000f6

Filesize
20KB

MD5
6959c9f88b6fb8554e6f425dde0672b4

SHA1
b7b9f19568b87b28475a84e85e4b21ce970a8dda

SHA256
4a1f68864b12b9dbb0d41320fbb3f6b96cae14ba4621e6b50f1de88a4ab21d15

SHA512
f91a0d3ce5764a291a0a718c4d5b94abff4f272d23586d1d46fc93807608c48e173088936833779b862b7ed661bdf03eae2185fa134dd9d4d52c4f7d82645734

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000f7

Filesize
30KB

MD5
7fc4052cd860d6392c6c219966ae3d6f

SHA1
e08dcd144138183c8dc96162169830b5a8eb56fb

SHA256
b633d52d577214ad2d7aab92b1bc94a3817f717ec0579557078c1daecf45e0d5

SHA512
a40b27724304021cd8bae97a478981f8fa4bd17e16bacd377a81aa034ed2c5f185b206c950c0ff96ee35af5cdbb3f5bae64ba61f99f3d988e52a5a193a7c92b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000f8

Filesize
26KB

MD5
df28dcb873eb738b541879d540c100c3

SHA1
10169e9a7162b7d13a065f2e3cfba407841fb01b

SHA256
0c76b8ae1c1677aa969cbf9551c32257023b7e6ae2077eefd3119c498b978d23

SHA512
7005641cfed488c194bf24452a3c9f52ecd0ed1b8b6784b27c21a1e06d47b36076913252510a3f5e886b44fd5d65952f775dc1de9fa8ada0a6246f572f3cc83f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\03eef0e77feb64d4_0

Filesize
6KB

MD5
e69953c89ebc495bcf08bfe3055a0636

SHA1
203f2feb0cc7362b6b9a190ded4550a417108ad1

SHA256
8390197eab84797e3b40f185cf905c32a07cb6a2313b3f051166cf5dc48b35bd

SHA512
0e6eaa71801be291db493bd3d1d4f932d3643c940c9089ed6f89d6a702f088a454b45e369fedda4b545c9b12d2d6451a430bde31aac69bf35b17be8cc2a1a1ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\159f4f2414e4165f_0

Filesize
371KB

MD5
38639f9e26baff8c8a7d5c5e9f2adc49

SHA1
723e6e18e44b580a9a8abcc81e37de27abb6e0e1

SHA256
df1b986306647fc61d9f1cd11ce689f57c8e8ff38685e8a4cc372f2c619d9a53

SHA512
3656283003d2d9346e122d598d2676c4673c74ca0e01ff2ae35ae40428039156a2ee6cdae3fc62704034652debfebd9022597cdfa048b73f83952dc5d18b842e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\336a68eaaf209f48_0

Filesize
309B

MD5
7aae29b6cc423cb1158f2403e40631c0

SHA1
a0f34a1902b74c62feb4e91c0059816a982cb232

SHA256
9a0c2af59f67433d24411fbfb318195eda9f8eb876c6b22f27bf2c22d23277d8

SHA512
5468276feb7e94e174e368f37eb1fcfe8dae01bd91920f3c7822a0a6c8a0aa926827fd4bc0bcf7daedafd914d94fbde5484c9d71522879ce322883827259b9ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3a19544dd8e5e4b2_0

Filesize
32KB

MD5
bb2330c4be41b823a1de57676b1c2b1d

SHA1
dd494a3f9e02ee52a2a2c71597e7ef95ddc9a486

SHA256
fe74a942f27b0130e75e49e205c2cee1ecdee09771f17135dbadf81693dae7f8

SHA512
9e79bc76ff70ca24ec083525c0f9c98eefc0deb5d48ead7a8cbd3d2c8de6a4d0c4a97255c4357b1fccbc4554e4eae9a6e77e59c7a11b3c02188897e42138e636

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5801d3329fb36c59_0

Filesize
2KB

MD5
8ba054bd82151acb74debfa43929f2b5

SHA1
586bfe8a1e5012f8efa13ea22e0f18e7fa40bc2a

SHA256
beb46ada3a5f03dae8ef8b7657e82a98e7f842d8a41950b588b82ee14fedb731

SHA512
24f8dedbdfbe90c3b9368e0cbc87fb9d6fded5b3301f6f80e31ea7815536214e75b43228ca99f2dd423d2026874d554549836b46c19e6d4c7cdfdbfed4fc8c07

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\59fc8adf66a76ab9_0

Filesize
10KB

MD5
bc513fcac53c28e291a6839b5d41f8e0

SHA1
74df61d86d4b91df5c9de2d1dc04707580f18e17

SHA256
7c762ff709367267b691a245ec810471c7300bdab71f3793d232c4af38504320

SHA512
3c73906eec1af1936efef5f76560eef5fbd333b86a33518c4ce532fa08b4222855f933701a9b2d84065be6b7fc79aed56107a316e39b19e7f75f6b1039f6f4ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\635e64b37935c888_0

Filesize
1KB

MD5
cf69f38b97fd2d562e714f98f25ee236

SHA1
094d01d69215bbc411cfb523fb9f3645ac2212dd

SHA256
065a7fcc591e053171e50d91e3a509ba75b075524d2a9736dfd1ad030362542e

SHA512
1c77313059d2c2aa29a4ea620a0e97bd868566694ae1ecf79b45942ad1b521d2b05077201f7030aeaa7a1a33c3c52e6f64a07f6d76d91fe4c9d16dce8b50ce40

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\718aba49c9504085_0

Filesize
2KB

MD5
440512b2587f8232342b52bd5ffda16b

SHA1
d49b71d15be7a3107351a07b28429a068e78de93

SHA256
911e839dc8cae17b2b9f03cf40805019b8837d6f14ba423b574a4e80518fcd1c

SHA512
c95b5e4bc48d9ae82fbf9e048a6ae832d5a0274bdf65f0e45299a21c04e4cf34523d5d38f330ce94bb6d3da9c856acb2beb58975da347efae4ed5f1341f41be2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7b508899820079f3_0

Filesize
54KB

MD5
99625a4e5abca19d1ed8dca6316c80aa

SHA1
e551b1629ec5f0eb055633b023652b193d292020

SHA256
5755b4c0472d0f737b734ebb9c9223bf8a74a3d976a44651d6c31fbd2bf915e8

SHA512
6f6d176ad22176a41ee7d491ed961f5a310afce99d98b6f66608cdb2eae9e3343931c2c131d09f8f70e0093f5d164813094911eeef544c0a683e7c53f62a746d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7cf9843337c39c04_0

Filesize
1KB

MD5
8b0be4e9c38b157ca357cf2907d62d58

SHA1
b633e15b5a8d3b12f5b01a1f1b36c2e00fd0ad9c

SHA256
85910384507186d88c11a9f5f0b7635486bf7d740eea3cf081be6254edce86ba

SHA512
422541588a6b9c40b5a73f8134693196c147cc71aa157b193339ad1e7916860db36b6923f66d9ab19cdc9ee614e9ce67ec2d445889c6682255fe2f6172a15c77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\87bfea9426cb2ef3_0

Filesize
2KB

MD5
e5c904552f1c3eda75c14db6cd127878

SHA1
ba833d6c0ac0bbf0ab9173194fd6f9b688a66206

SHA256
8442ca73559d3403ad4ea96a71d4968fc61220fc52af1bf2b98957e7909351a6

SHA512
e5d414529d57b3c65265e3f2e858915982229d8679d1782c1aaa2e74c185ebbcfec25d6b6b89f783038ac6140951f67e69dbd15671a899f04fb84e66541d48b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\94f93ada55bda7c3_0

Filesize
2KB

MD5
3063535e89cfbaee786a0b2a1bf945d6

SHA1
0cfac8d28b0f57301f4ce3011ea1a4ed12e50633

SHA256
69f07da35ca3330479214039740bab6fa8aabfbdff3074c6a080ea9437d3b535

SHA512
53c8bb4d0db60e7b76a331bab91eea63d856730ef0e04de8563e2c4137e0bf475b9eed8b589ab704a960ca2c36615488a20e17eb1672d9b8f26641029ba79157

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\960f838b42b585c9_0

Filesize
3KB

MD5
95f3c7651292d4433f984f93a2c88edd

SHA1
7ed93c55a5523332805912727f445bc692f8b7eb

SHA256
7f70b8f05cbde1ca022dadbc41a5e3a27cf336d242aa1d09f01a3d9d613904f7

SHA512
0cdc3c378c7efa37269934c96efb9481785f9f54b7315ac923eea94df7356b3fdc142f67234a49a05744069af66d54f7e9fa9de354891c3c9e28b2923faea517

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\99110e9a19c3c06d_0

Filesize
4KB

MD5
91af5db841968fcb094c41962f71a222

SHA1
27e8294f0f04978bd7622aa5883aa44c181c1580

SHA256
b96c4ac93ae4b2593afadc6b47df79b98f838aca18152bf904e5fd110297136e

SHA512
66436ea67c8c66cadaf01201f59e4a379ed1eb6e1d039801133e01124205f53575e9062b2557b0fdd613ea44c9afc382c6f2b88f5fe33f2e85f80aad759e4c16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ca5bb3c84b908d6e_0

Filesize
2KB

MD5
fcd631ad0a676339c6652b48c21caec5

SHA1
4dd5797414d541b4915fd8576a24fbfc71af7fdc

SHA256
04c8c459cbd396e07fe56fefced25a031b93895599f522f3332fa3e7542a03e7

SHA512
31cf1b6307f0b0aad1c9258576f6aaeeb61b294175578939ebe316cbeb1c18f3cf7805836f9d5f202398600bb799c5dbb7d30b0b3e18a05cacaf2c5c8f2e8844

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d5666b24e92933f3_0

Filesize
5KB

MD5
8714b80c056b19f013570f3842e48d8e

SHA1
d0ad5356275cb9394baefdab90907bf900eb3ebb

SHA256
17d9ae275297ac93d0d1306850df8c4d52bd745cd49a0a27330373f086e68133

SHA512
ffc11bf4cde20b608b926fda46d29aa04ad9a329392bc7d1dc7c4c38cc3865fcbd338f2fff615c64b645afb6d2a123d066004b248072ed23f428705e3f6b01d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e3d18be5d494e38e_0

Filesize
2KB

MD5
bb2c2fdb758862df99c78026d4cdf29e

SHA1
edd951e8c2d9f9a5837a2a92bfca0d765d0c0c2c

SHA256
6c6fce92ada723bf8a67fba090ed38875dcbeb39219b5705356774bd18e13c45

SHA512
d5376e965b99f8dcc175bc735a9faaafd058ff5383157a3edbce9f8a2e6ddaf3071c9d27cd7863dbcfe5ae98278594f43a0f780a46626f687ae3ed9cf9e67f07

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e3d4e045555bf6a5_0

Filesize
13KB

MD5
962875781b7d64d292e62bb361691a5d

SHA1
3f0210646f491db52f000264881dec8f76d1cfe9

SHA256
77f23825e251be038b1be9472201852b8e715d411ec6bb4767574dc54672a066

SHA512
8015cfbd040bf8c1c7f5a4533faf7e2089fa78d5f8ee5971a8d5ab880ecc6a4365aa6810dc42cf0330a8ec77cff77775d994d07a68e52e852a526e64f1f96cba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e5caca2d4f4087fa_0

Filesize
3KB

MD5
bfab0d2d289c4a1eed5102fea539e15b

SHA1
451adb0b9def8206e7225c148c7389182d718808

SHA256
83750981b402a69513135c90cf932450f1f97c292b55446251dbef8f40da034e

SHA512
ece69354d7f2a8e30da33161cb3806adcabceb4d91d9e2553e54bfa6dd1c45ee61e36451411060bdaa3d6b61e1b340b8afe6dcc8d1572b0ee2d957b5d1d159d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
0d1e44c062a7424917a3c7ce282bc276

SHA1
e222cddf0eb10fe20a2b0e64cc594d87439b8ae9

SHA256
ee87a58a8b9d2501fd1d20315884abd4187da61fdbbbf8649cda34b8d8d085c9

SHA512
dedb70b5e93b00ab141b9dcd017c771839a5c44b584bc9f7c13d94d03468117e5bcf5b4c8969098f4331ddf9f5021d2a129ba92abe1197ed9e361d17e911c8ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
a4c30e4016a2e5bdb4908b818e8e354d

SHA1
ecf7aa8ca8ae30c42cfd9662019573bba699b889

SHA256
c08ae6d9dac3c8fc501f870a588269ba9cea209a56496c135bbc37adcd47ac10

SHA512
276c1b7f50adce225d14b209c6d29c716926976d8b21ea013626292bd0e717ac90d718d0ff4aa71fa122a21c162ef7ac3edb9fa9abcb3bec484d615a710c7725

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
6KB

MD5
c7dddc72931cbc66735231ef7f012d50

SHA1
5212f0b21997bef8b423c158a48c1b76ed41e96b

SHA256
e6c5a3a42313688a2d1c49d4763f95936eec6b16abbbf36c78862f4d7c4a13fe

SHA512
2c29aa8a77187d2683ff2a2bbc23962212abc86a71803bc26e2d4f4bc3d1ffbb0daa3a2c45290be994d86812dc20ac439234f058478bff48f4c1461a21009945

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
956fba8a6fca1ad0c04da9f9fbdec734

SHA1
29c9488b51678fd985c489c5afe2223ca771b662

SHA256
34eba5674a36c45de8f0fb0c625fc5ac31ded1b588d7e4446e90671649699aff

SHA512
429683618fcc1a324fb13c77b932ecd3f7b2928a61473768c3a0a316a1891884cbdad0066c9933b50b35eb8591760a886cabe4973cc6548e1eb0ce944859b48e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
11KB

MD5
6ddbbba4bac096d8d81e9baa73ef941f

SHA1
e4e871cd41106eb156ec00e02feb73640593a7fc

SHA256
7dc4dead57ea6aec7cbaf74531fdc2f24fcca530c88fcf9f43711013025c4691

SHA512
f4b395dd1b1f32424d2e6f0f937eed12a8b91e7733c89c210ad78b156cf7fc96f3bdf75791704f705af2bbb7acd287fc5877fb1339b8df9154766d37ac53040c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
9KB

MD5
9ccfb35e656eed3f68638153cb2f3d20

SHA1
0085d2518e1c796f7ff06a8fe871c610ca170e54

SHA256
28ed45938b3e391f64b65c67237f94260273c396b95c42bb3f21bbd24b4a2afa

SHA512
ce7f11670a31b62b02ba2f1a5ac685d8016164c657e520247219f3452be6602b51b42c7826a7b02ececdaa1acfaca07844f3b30f4128147af5cd065a4a91108d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
8KB

MD5
156d9cf1070a90b5c8e61e10312ba7a8

SHA1
04dbab2c61a90dc175cbd7e2f6bf7564f9e7b8eb

SHA256
d49685098949e6b89ae21490409d96382dddf6961e1385d92a4971c3c2bf3b3c

SHA512
aebdca60b9c97fff2460adff401e01dffcfc71f936944e5faab208118f0588f9aa4ad6d1e66fc9189b023f93de724fc63afe0dc61a5ea88a62fc434d6633abab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
6KB

MD5
c6421840153bc1ee9ce044a1827b277b

SHA1
73b0fa45ff719d5771c30995235e16e51d9db4fd

SHA256
410af5f3a4fe50a593034086efccda2837cc414b520d4587a9de890c545270ae

SHA512
9ee616b08415b5c27c6c865fbf41c826d11d9264a4e28661451adb34fbf18f1d1689a6ea2311124a4b9b334a532978157c40954219dcf27476be6943bd817308

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_filehippo.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

Filesize
69KB

MD5
de0bc05cb6289049bf2ad227026657c2

SHA1
4340d452e586eb10317acfd75f0cdd5b6611886c

SHA256
a8f92b4e0bffd32ae307b762db49916f72c2e6f8f491262cd6524d8a0d97bbb0

SHA512
62d6911d7135e63a70bfdd64df738d98ebe629dee7f3b66abaf170b9d40a0e6606951149c35e7833760757f360e618af2062eb8df9bb70e2c3e8bd9a401b1325

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
4cf73d12a0552fb3e1b96bd7f0e2d2c9

SHA1
d07a646612781ec403514faf2f21968cefd90a7e

SHA256
13b530db7d6ce4fdcdf67c9df1fae0a61b45e44905f3f89a191381ef78963d7c

SHA512
6384414f023909541babb74fb4a4a8ab2cc1b5a3229439318734422fe65d4421210470836228631f1a06e77b3010193cdd4ba2f1d6dc480e44eff1ae91aa83c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
8fb480d65ad87e504cd8bc6bdbba631a

SHA1
b0822192be292a6b7e2fec894d85088383b4c26a

SHA256
3b4aa74cd928786f5f946459b6aab86d80df9cd3ebefefbbe3ffec8c69bd9d18

SHA512
fea87714dd41cff7d66d699037ebf1649d89f6f39ff656c8ee77efd79c7b296dfe32295cf5e25087a7145f5556f58ccbd4ab81c0559b0353a583d67541ab50a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
17KB

MD5
d4b172789870db596f665c0cd663fab2

SHA1
93beab99002e59f6439cd6a72b9325eb68e5088e

SHA256
8ee37069bed662f9a3313c674be5c6aa734f36d0dcc2ec85b77470f6c17d8fc8

SHA512
73ad3ff7d5d4425f06f26fadd8f6b1fbbc240b5adb4c9c647591a567c9ee9ba4ad00c926a5601a891ac053b5872f55d71e3c54ae3c6bdccd2f423ab665e60393

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
694bcf1c51f7a12efd858186c668de49

SHA1
023aeceb7293c8a775e0af6a9690411d80f23181

SHA256
6c022681f8c8b4aa17f9ec50dc0fb65a8e4600ca6c9eafce3da04e5b616c5bd0

SHA512
dd39e007bbd147001dd29d9baf0f7c66d5e0ea984ffe81caec3e78ce229fc507693866a7d301fd3c1bfb40f24164ed827cd20db6494edf7819f3a3ea39fb018e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
22KB

MD5
d3ab5e3c3c8dfcfc67e0831e3058a5f3

SHA1
c16d77761fa0816c0658e18d32f4fb1dbdd23380

SHA256
282203978751db8fe719d6cbfdc6e365b800e62044f12d49163e5042a18ec7db

SHA512
df017585eec784a9785881b44a3ae359d721dad3433a707bfa747775354bbaa6ed1fe174f50b8d174370f3920b5f9947ef55ee5cc651c2ab8e395c785d02c818

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
17KB

MD5
4ac13375fdf987433b627a6a6ccfe37f

SHA1
221a771e692e5d48bc03be30751525d6899ac925

SHA256
3cf37c75a82649e2b910475ef8a9d9db5a311bc2cf144731e7f7d1cf7e834b3a

SHA512
8ac899c63fa206226f8877c700fccd4312952d49582ae76c73fa440566cb01511918907678c8dd9eac2816ab54cc1f9ee89fac7abb144fd8d8d30f144112c451

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
879B

MD5
a5cb761107c9b735211425f236aaa7a4

SHA1
3fd9d7d6c7adbca9a8185d1bc50861ea5b64d7e5

SHA256
88d65b685a123254a2d56103127630db99a3f5f8cced19386b8819e6550d0b27

SHA512
5319360013014a5fdfedccca4160a0454469c57a729dd6a78e23fbe844f9477aa7681e76d3682cd58c65af10f94d45fab45f5d051e9608aec18a23a9603a749d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
9236386c179dd73de58e4fa10bbf8aa3

SHA1
20173636689b829e6bec0af8d07eac8c0b7881ca

SHA256
fe3f4a91baee01b2c138340009879ba5ed892aeb0151051d6cce84267b8e99e7

SHA512
be80c8baf6ae7b2b1509aa3b7e4af8160baf797ba117044227ebd3f0481b309c2710bef00ca8bdb7df77d2d0547b0259599ce1393ca6ceb53778d6d7c58888ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
18KB

MD5
8a4aeb5c7bc73e3544183176d9293ba3

SHA1
a55ca5fb153a3c11b7ac5d44c32b2392135cc5fb

SHA256
8aaf5aa57c02b0d0c6bb68a3be26cf7e38c3958f85ffceed8a9c26c3f10454e2

SHA512
64542155151a8ba6552ccb7018812b0a7aa207aa6d29cb0ceb7b85ed369cdc313aa3320b988b4c11f58b0a2b8d8d551c47b5fbd9911d90baca0eeb3d9de2252a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
18KB

MD5
f00c740d366f4f3dc6a8deee6a08e89d

SHA1
5cc5e866fe8d05aae7a438a4afa9cb7a858a10a4

SHA256
1a6d2f3aa9367a5ba58ae1e692c9b5ba9f55f452896e31d84c3f1ca8d2d87ae9

SHA512
e64d60245f32a1db933ac7e7a58cb35bf504422c1c6e55291420fa06a46541d4a80fc8a8bfdf06dfd4b9e24e0e07e4f9d6e802931deea0fb86d1d2e835da28d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
b09f0aaab318c6f53b10480229dd9e52

SHA1
453abf65f103a8dd3ad13a2122c7351070581d86

SHA256
79577db1264a735ea1a4f7d052c27736f48aa6a2c9ad42be6f5f2233b4155371

SHA512
035ec05b3da6b93ecf35fb55a8e3c6c5e48859f5341de84a11f85c880407b75de338fff0dc3db71df26c090e78a7609d276091295db367793f911e89f46b8958

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
b1f65f76902ef8ab533ca79c2f097a18

SHA1
6d75c8980735b9dfeabd2a99ec407eaf9bfbda0c

SHA256
46a680e80175e5a6c0e28c290c2bab475e8fd10b6f675af756dd5370dfbad933

SHA512
bd191c53c941abfeccf847aada58b552fd94296ab3060b6cf781961be7726012cc0e06101cac19b99ac23d707215ac0b5bebe7f12ed0b3d8abffc7ee772b4c5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
12722bb89fc710a5d29398c438e3ff86

SHA1
0d13538682aa82ee5498af09ef4945517253c53d

SHA256
886a61d62e3d1b20eb6da3d13dec01d7dd5a5828a159d980252b063adac96fc0

SHA512
79589e50240c0869116969f359310a802788d7c0858a8fa16c312fd649c0ec19773f66cad72f68a5f52a7066abc099775d70cdb333ff998060c122ef6b519a55

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
da8cf4e1151d03a76a6d6f313e29cfa7

SHA1
951e88a517d94624fc8523e09e959052e0af3f05

SHA256
a41ac8a62c56112a6a695273a395e02bc7c4083652cd148e00418e2059501583

SHA512
cf01bb7bba201616e6580e2cef9267ad149f3fbcc3422e6cee652b694cf5782f3b4413fdb3bc184df9c86eafdcc5d0e47ca216c33ddd34331ca9358e9e91fce8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
406a17a53760a2323b3347fc6333042a

SHA1
6b34d2c5c8a79cbe5afc5610ef0ef9ce8e0ba092

SHA256
242a64664fb62e32269641ea3e59337abadb5e46a644517f025faf82e44da6ba

SHA512
976a8c345756d65aa91c43998c343b9e66e66c9d9bacd6e15cb2c32b3990648584d12b99bb36e78f8fb69324f99d590375e7a9a6313014580b1236628405c2b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
2b9124b6a599581b7f792f95d42c9d64

SHA1
f67ef64403ac899f703dadf94f3af1d6da5c3108

SHA256
2b49775002b04ebfc23681ca8f7ec41a7acedbe7b27329d9d80a3867abb9ff66

SHA512
0613ef3df493a1c639112145fdc632d306366f9b0e6ed9ca7867b4ff3260fd09385362b9dc511ca945395e00cfeb9a5e998774f5021a075976901bd2a0a0d14d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
f868632dabe9de32538e75bc6a8ad519

SHA1
ac827b6c6c02b0f0801ba83a89e9f27b66697377

SHA256
56696894566cf662fb6e1b12ec1d8b4be41726d5b75cd3595f709d40f2d0eb7b

SHA512
e8feb6df65f9b4e464ff7976d12bc3097e96c0a3041bba9d4f9ecb492cc198c2370e66bb1107987ab9a3a4ed453fa33e6abb5fd0c9b34a203f0bd4b62cbe9dc8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
994e6174eafc1684c13770bfa0730037

SHA1
e55bb6122d7b09d484266e533a36c1de999acd46

SHA256
8bddba4287a943d4c35d5ca5419f874dd50a6f97fe4ac04c359fb7e8e4526a0b

SHA512
373e0c4a2aa8f766c256777c37ae2dde591a469e41ec2451ab7759239ed834247bb5b3f41591235aa1d255a1c82a809e6d347cf68e0beff6e38cdb22b721abba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
14KB

MD5
deb0beed94cd73e1423c72d9eeef9799

SHA1
ab80a97b116e87a2c08f6a8b34c7f69fc6cc6feb

SHA256
ccd31e7ac5236bd893e7f54da943244804bc449d126074aa3f4bf64ed47af3b7

SHA512
c8e44f654493bdaa1bb90b65e51bc05a5070b1b0287843f47f334230f9d0be1f47f80151dfce99c962bcbbd827ce9a8c47f60aae646e01531c1c03c80935b0af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
18KB

MD5
1a81cbb3f07e83ecbe3cb4dc11da4c2c

SHA1
e5c33c96ab2431bf397eca9e8c6d6f1ef03670ab

SHA256
0330c4f644639a5e66bffde00e37b33cf859771dff09a9e81850e899248e9ec2

SHA512
8529255d56902106ad1931c1ca3c6b1b1c7320be9cb551ea1273f2149dfacf9714cdaabc6a3c2842b9d600d30e96bf594c51a9f3dcef4e3a6545427b65714875

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
99d427863d8b69832692a8a49c89f349

SHA1
2f010b019cd22e6053a9c77cbab665956615ad3a

SHA256
e814c824da21f886f3a76fd858afb7ca8886ad4b91799c3bb0b413acb4cd530d

SHA512
ee4a2a7777e15fe5f30e197aa51d57212d261d9d0d078f5a14bfa4bdf1f2e4db49401b16960f391b83afcf3e92f788ab22462e8ab8f0a2ed63b15ed8dd1f18f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
12141409a7d38b6a56121d8335d41604

SHA1
2a1fc9c3a9e4fe8c25cc6c71873a4450993ac227

SHA256
a7ebfb93f5ebf639930ed82a39fee31fd77be6b5bf849ceb0520b8fcff4da38b

SHA512
6e67548c2d748a0e39aefa219a93cc7e2d2f34c28c001a37bbfdc654f5f8dd2ed251f4cc55cc6ba38645a9536843be49a8a9615ca37e93347e4e44e72c39864a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
274ff66e68e064d36b1975823cc912c4

SHA1
39ab8f723c5794497693482276530c6243b3c400

SHA256
0ef1f41f8c636326c50babb64dc1803ac7e6626caadfc8ef8a6c586a1f6d2667

SHA512
7faa79089eb422f1ba06ef27cd40dd757f04496aa5186c03e05ab894ee2d0dc1fe676f33c52737c1db4b608afefac31a95bd1806983b8900421d7cfbca0cd50b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
18KB

MD5
a63a162604970f799378823c42c888f3

SHA1
2df52ec8701681088d5dc4ec1ac5381d79648aab

SHA256
083788c4b5a6ea6a0060f73f1eb81b7aa7da6381587e2748a6b5bb5b3a2b5eb2

SHA512
c7d3b736f638d26bbdc6b7a956ab178d32f305f25a8a6e8395ca7cb41b0a7a185c6c9592f8d5ce434a951ddd011e15dbeb65b48d1e52deb27e04c921ac9f7c97

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3a8b6fb05391118bedc8f73b85047778

SHA1
5ac5ba25dbb2c01db7b7d90400a9faed614baebf

SHA256
b059bf61f01cc9bb6626f84b6fd7f209186e05dc5cb31eb274026b4ff6ec7f59

SHA512
16a6a2fe5783deaa4204cf1460532b20797b5e063dcdb0880e596b41f393005b83151ee12896c36b4429bd8ff7a12284366c44d80b8cdeb003d4ec5f5efec805

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
3010cd3e451cd4c26310ab78e363140a

SHA1
dbaab6d217499bbfde488615eb3e10a555c8c6ac

SHA256
59f7b87fdd55a357d09cf79cd36d294f8e92154237b3a3b02d0ee31994419bae

SHA512
a1487908ccfb52a2dd45852e796c414adaeb6609f96a98fb187ca00fb53f4dc85c0da5588339fb1a63ee7f3ab7c1e4b173f00dd9632952f2534280b9c5b8516e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
84abb572d7fb5bc468cbad252da0a8b3

SHA1
2686ef49e481b43451c95c9fe159fe459c40bfd1

SHA256
ee6d9aebd1fde8e0f78e0109e128d29b36bc9443cd840e49d4c57f9d25ffb53b

SHA512
fce4c7aa8c122a98ce8736412382663fe9f21b3bd9e8d7292912fd8ce4a1d000bb88d6e2944611425d5a2562c3960619fb29d5ecf9dd7cc9cecb1cb493b89c6d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
5851082d2dce0724c7daf14b9e49950a

SHA1
1f9c4c1ae3e532f2e1a845c2d981f451403c592b

SHA256
9f70c83dbe2d42897277c0a4a5b61ce1b81981957fc219c7c2ce3ddef0766bd9

SHA512
e5c459cddf82becf8d22b03138beed4edd7f3114ff513762c2df03f313b770f8280f4dce5e42325bcc3632d2aa459eb8a1db4b08384026fa445bbc3c463500e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
e48567dedd63e965d25a3e1d21a09ad0

SHA1
18e3c80560b39fdf75cb630d414fa528d664da4a

SHA256
ece405c92df758b6f7d267f82f5b3508a6e3fb1622f5d75c0972cbcffab44076

SHA512
83e39ca4d158293c955ff196f8696ccc78876ff070331741ef674830ba0c0dc8dcab87a055331327d56b47466ac77de22355595ef43797cf41fc626c79e6574f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
16KB

MD5
5b07137bbdaa6203b014220e9f9a304d

SHA1
b5023ecdd73deab93dd8d64d01ec60dd96eb5552

SHA256
f7845857ff2da2fb0589f36ae09bab1b9c8596076fae60666a9d1e780ee6257d

SHA512
7fd3d2bc622b96600d5e94fecb047dc25113cec3d6189b0bff571e0aa18f8b7eb9a8f86b684611997f5b7a2cad442664ae4165be4ef3e15d07dbae0bc1ad7eed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
16KB

MD5
55e0ac98f9ddc52abbd512f0cea425bc

SHA1
c0a356966bf578169a5b8a583801ec29be02a071

SHA256
240515a25e6d60406955ad05227d19c2d945b01dd873e57f22c68088a7beb339

SHA512
48a9058e9abad61028d45113514a6de6397d26f79f24ce6001c2364a4386242230ba0983037627b399776c1254cb9f13f8e28d98f2d24efb70dde2ea3e7a6617

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
16KB

MD5
d69fc2471ff55e4fc8da13f527620de1

SHA1
8b4b54d3e533fd13d507f62b6a48df40127f5a24

SHA256
8281b77db72a2f364ed03d94cfcf1e32b53ec1fb45c0cccbe1856b6cf48fd51d

SHA512
c386b976da2d0297add6f85d40ce3e516dd278a6b3c4b79b6c13746c1dfa7401f13031dab00e0f58f3c9685745ec7fa7467f0465573a40c3bd339eaf9cc114e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
568ec371be9dd5be1ccd975cfe4ddfd9

SHA1
956f3d18dddc3087bbbc98c23afc5288622de665

SHA256
1cd935e8a950f01bd4e16c86952a2324c7de8c2762829a3cb0e288416a68d4d0

SHA512
7fc05fe6cd58fa71c9ce849da303d77f7ddf658a1222ed0525c23a612cc86a769cc8d1c611af14ade89b97886279bfefba069cd31291740ae0fbed0817167140

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
16KB

MD5
d6f368bad9cf85960d75f922733b632f

SHA1
2dc79c61b7c7853c5e6182f1b96cdf92b4a7df82

SHA256
d518057bf5c1bbc5b18df6f48cd9ced51098050401eba59fcec883ba48c91b1b

SHA512
2cba17b7005b2cdf6cbdc0e30df19c5a5a3755bbabe9aa1b7299734422a69ed3d153becc3b0869d020f0da92e608d49ea3f563b93b0ae3dd7e19b1452403b93b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
5c6e9a90471ec4fbccaa3705a4fcd07f

SHA1
9fb0f944fc0ddae3f4570c8c460c2c8557a3f059

SHA256
1488ef5d60e8d57dadf098857d57923e1aa03bf945009ae9e2c06d62f57561b8

SHA512
f3fc8fcf51309f97f797ddb1beed8f8f5eb57875ef98f7e276249bbf380588cf4fbe6a1dfefd71734fd9dcd52e390ca70ce4ea78064716aca391129da1995964

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
16KB

MD5
6913e677fb574d758c54e3b6ec31b2bb

SHA1
22d07194c0e359e6a023807bda7e1bac70aeb9d6

SHA256
ffbde59e56c7ca2e96660bf02ad93f7cd97c39a61e34a59b8e120d3755c320c5

SHA512
4210b0bb3adb1ef40e2c6a248cbca22424f5408ee237dafa3c2af67aacc9cffdf2cc8a94a6012fc97f6d423ec94e19e784a027816a2b289956c443da88f5d530

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
16KB

MD5
c424896abbe4fb476849a53d4b9bff71

SHA1
aba2e6d8c578de9c08ebd21451f94077e50b8abc

SHA256
4c03b46076b102c73b9ced65a45f0ed5eb6a1d8ebc7200b046fe3e57e607c2d8

SHA512
38bc4026a74a30e0fd6b3872fe16fb1f9d2259a8e1762c8ceb6e8559abc65b4809933848a138dbe107f5aa3538c75e6b7319db08080e8e588c4c9e83c7156e7b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
68befd5e61707885558846a9c2af5de6

SHA1
bbed2cc3ef36675f31fdb2d7c05a916fa10da6d3

SHA256
c9f517d03153786c63da0ce0444a48115e884f76cbadd3e612e09c9a4bf686c6

SHA512
73cc06be9217330b36f11148f8e28a3b4c90df7bde0b5806b8f7a69224de4cfe16852beeb40ae0550dbd646912f649d600884475427d9ecc4ddad4b96f86e524

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
16KB

MD5
ee7a393b609e363510c32df6558887e2

SHA1
791b9490826e7239f94f48aaed72bf8289475958

SHA256
d8a9050ccb75a696e3b4525444a1588276d736b16312d535d48d375aaec553f1

SHA512
e7ccafba71d911f73b5dd34f52b37917ef8eae3601b33bc210bba900663785dd0335a9c1f26b3c1acbfa8d1695ff51afb8af18a1cf797e0bfd252d2eb59900b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
17KB

MD5
766bb2c73ecdd957b410b9a41004f31a

SHA1
29a573a67176a9c6fa29f186aaf47002e9495de8

SHA256
fd2dc66742a336e266a09f32e2b2acbce4c4b43170dd4935db70dc3e0f27ab4a

SHA512
f58d3d9f6c6df19cd61d8f0e95936abcc78f46f56232a463cf4a9603156f50ff559f922b394130f4f422eac1314b85768d9c101c143bf97fcae631fe711b017f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
17KB

MD5
e9b9401ca411cab3deedc2dc5de8d60c

SHA1
2a600feadbebabd261077e542d8db3b570fcb21d

SHA256
2254286831220b0c1ba2cb391a0d6933c84e1181c39fa88f9b129f9dfd700aa7

SHA512
330a350f6ce2522f8c3504a7111a55d940d66939e298a7e26d3c7ea6b207689ebb4e3624f72d7eec25e2d8d8a4f11bb4f1d97858725a4f8de98fd8203879ed31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
494eb59475804063cb921fff5eea7bfa

SHA1
bb37074d124fd9566594ff32bb128c075c273e2d

SHA256
940e1b23e7afa1dc7c7a06beb60f89deee53264ea2a5c1121c0b84893b897967

SHA512
8bb9aaf086eb14220f93b7c3cb444d611abca784ccea1a2fbc01d41e9537386d784a1364d5ee68630dfe63bb23c45ad363616bb15e89e75d631e185dc7c3e0ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
9202384d1c7a46299ee6facab04abeda

SHA1
85532f544e38c4cda2fefc80eeccfcb4e3ecad0c

SHA256
1f0805d1adcc3a3ae50652f7cb7cca62013eab22e2fe230b8455b9fcf9aa4b38

SHA512
d546cc2ba036a7882cb8574e701c8438d03152b84a7260a7f066f523dab97bc895ba343c19ec14f0a9202f93377828120e729913f1d1b017c041b357de1aa8be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
17KB

MD5
d4079270866a45e28570ab55cf855f77

SHA1
e0682f770c48e3f05980cfa3ba54b32cce151088

SHA256
321c76a5f1cf206a9c7f7dcc97da2dcf456974580bc3bd38e5246fcff183c524

SHA512
0ed8505022b840f955eafd276d18030a837a45ac0dca61bae008982e28045a23e2670d363ed52141e770d73578f8c7e1b8e5c6e269edb81c5ff4837c0ed913ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
17KB

MD5
c52dfb07aaf64d5666f0d90785249e45

SHA1
c96fcd05082283c95941d49d0cd0a3c47bf8db9b

SHA256
314d9917f5f375bc6a7918b5d0d46cfd5e94b07f23c530f9020a42d03aec58bd

SHA512
4c1abaa45ae65764b4ab18978b5bbce0ef2021b1e69a1beaee456aeb26e50012e1dbb18707806341e7f1f25cf03e4c85204e9a55b722d3a689981f9524aa8ed8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
78b755826648296f78d537e07560050a

SHA1
55f1db3d31d53c6391238113cfede8a88f073c4f

SHA256
c7f14285eea1ad8b96b11d7f2cd864d4746db08a86b7a5951e63151967048fdd

SHA512
ef9791d7797c3a343e8ccc8bd3e6c4a6a760fdf256341e45b78bcae910087f91c37cca99b867a913107219779856c95e2e9f52cc2a492a1b6d0ab366530424b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
120B

MD5
c3d2cf2d45c0720e52487f53bca63119

SHA1
7793c5f21f5a7eed23f8612db3e1adb1f6d926f0

SHA256
ce3430c7231668649630f89eae96c10935625bb4a9f0a180e21ae6c0a97e2d5a

SHA512
b87b30b8fb3396d1d4c8bbed022ebaa76559eb29215c6f8f648c0214658c2c8e302298f05f04a308305cab214e757483ebbf47bc9f6a84a2fffaa5ca7c586358

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5a1e38.TMP

Filesize
48B

MD5
1c068eae2ad9dc74fc46e700e191e573

SHA1
81884441357f4fd6853cb846081a536305ae089c

SHA256
e1caf1f896bda57937ec46c9cbb679cd4a7164d251cbf89aa008183bae8abe68

SHA512
7685bd47059ea5caf95267ccdba085cccf8c5ebe20b86d070efe3344adb48360c499dfe032517b0e103450005d7fb576d7e0add4c2dd17208b9e415c3cdf83e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
011a6edae1a547c2916cec222258ba1c

SHA1
0697cd0cce4f4b357f335158c3c13c773e3cd234

SHA256
728f3f9400a9b09ccfedc2c3f4b145728157db8858ef415d1d55e27a7fc28840

SHA512
c39892d7cab523ac5653f923d2403944c9e469dfbbfc28447cd93aafbc3b3bc96f9d4fa0c5b1d438ef10b7e11867e4881bdfdd35a4a631d979912b40133139d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
f53696c913c0cf99507d7aa01183bc2b

SHA1
d0018542ce84a4f92fe2e7de4c7432623620f104

SHA256
3cf243fe9d67469e57993f2d15ad2e5c27b8e6bc1c84b483e5ef498624398148

SHA512
8cd202c06981f2803736c3f0fb9a3e93af957c077ac5d1ae3443e37c10abdaa635ddf5db3ee3f4067c27d334bae4f71be94d6cff1a6eb8918aa7d97c711a0878

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
afe2bcc1d3b0fd355ee40581cfda9b03

SHA1
1f5f472d9ac3c588f3b565795868713a3d345e60

SHA256
f56c6d602a4ddb05e27cf6863f97c8ddb27bce4632a8d800915d3446a12cbe34

SHA512
cf4a786683ee23e2c31a8872c0faa5e3edd94fa4887d08b803b13924f9025738dd7f0a7ac3a0e207b63908d11ca7b9f0a08a881b2ed72875543d4bad13734c29

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
2edae964f78307db3ad507dfb192506e

SHA1
cb1d038fdf1f886a106323d0d344884c104a616b

SHA256
b8890fbcffd612e3dde3b904ead78436165578f139fb520f6f3762966fab4d42

SHA512
bf8178439387a8689c4f565dab7fa21962b827984eeb2cb68ab31964d71f40900b97f4f738ee8d55490a4f6f542de5bfd5f5d602fb6bc686ac71e85e0e49a48e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
0b71fa5f380cd4da69219c025dcb1ba8

SHA1
69d56a5dd6b5004724750b25477dacc085f2c55c

SHA256
0c0028820a3924d9b5c421d1888f626a6ab9340b2ba5acd3ea1202a1cc6150e7

SHA512
116e5adb0fa120c83a962b650a38d86cf4f2d176502e598e8a0ad6c21f3e7df4233163b93daf075cdf9a72f3e8ed8873f4676ffd248bcbcb8379e21b970a4528

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
18bb097ef5a1e797b5194c54d04b4fb4

SHA1
f6727f129ba0db30d88dd5fdc2cc4917d654b9d4

SHA256
8e4b9a156bac9b2fadab3550dab190486f657502c2589b12275c38dd7872d1f6

SHA512
6fdc5437cf26347953f27a1860ccf899fa65b0855b16428973e8e790bc4e9d99c805b304b431cea4523a49bac2d62d22c9c55ca1df78507839caab31a033a829

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
aa09a1e32276510d02077cdcf2e118fc

SHA1
9f936a6960fd8a497dc3b72c5b792f3f860355a4

SHA256
faba8f021b6eaca8fc90e2e28e6a912b43e4491cbaaea0aaf77d99efd95c3d3d

SHA512
a93225ba7ae4461800ec112169550aa357aca23d2a6c69a0d397c8543ce9ba4a8d5a11e36021e850b61c6d26b568e78f2dd11dddb7e41ac278ce7cb438153d52

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
fe26b99dee33102aee386c5fb7a005b6

SHA1
a44c14eb41a701bac05c438691d76740982ab277

SHA256
da7e7d7c12b47cf37ace3c8a342033cfef0ff5dea40fc2c2dc1456649c0c5bb4

SHA512
89628e529411008ce6516b3132d88f6acc4d7b623e8966f76d059182726dcf5b7f18570b4b2d94b7b5d8b5e77bfe1ca8a7e1231d092fe6550369983a71ca1749

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
96e7bde771b4b7a02a13d6bb085e1e62

SHA1
926e385e158ebbdbcbe00fa627569a4f4672e2fa

SHA256
ad66133edee08a93768e1ba4b2dbf1ef7ce8eba474d50f5754e7c3347819062b

SHA512
4c3d0b7edcacdb717865dad954800e564577282813a95a75a038b642b8585126606c2cf6400333ae765f99e1701a247fbf58d9e10424180e194ae5937fecb5ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a84ae2fa5f163a239eca1f03540e0480

SHA1
fd374798861c1912e6c3d7795aebea53dc90f9e4

SHA256
9ff472b205de28276f58bd5f29edea9c34e8910aa72efa70dcc334d261af57ec

SHA512
600667facfbbd5e55b7de656c4a9caa186868a83b81c0b075839b70244bb88823922222ca38d0137872eff8745410988c1015581f4b0d32db21d53d305242e42

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e9f353ebdb11e6ad955c0f84f672db93

SHA1
8367a1724f31e9f224e3c75a6850bb38568ebca0

SHA256
f4bd2b9ba41757441445bf3a1695d7078914a4cdc7be3197b7221f66a6401f72

SHA512
764465382aef2b9d7fd786dc5b66c88625e2b2c2e19dcc0ca9a8670bd3c091a3bd91f18e48e23e6e3a660253f706e5352d05961da36242a09f96849eef0e61b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
99739cbd3f21b9562a5aaee951b22a06

SHA1
dcb14c6efe9177a5c8b2057b5a7b65ffee198094

SHA256
b1fddc45a1dd6a2a28b0616319b2d79bab3d0644855cbfe33e29ceac338e5f15

SHA512
67e7338f66d5e2198f4e0f63af7cda1ce7762c576c22492071d2763aae9c070dbde42312cf21fbfd3a9474aafeec3b5dc50cffd47e759e8951ef31122cd4ccd2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
b186bcf8617d296b18499afdc098d8be

SHA1
c29c46caa0569f0e3e879e388ca2a5f0795aaea6

SHA256
783c7b9d996e786b2513efee7bd30eb20051cf67ecb5f8375b166bebd1a0669a

SHA512
f59255e99b735f12f986c46b5026d9223ec395d2699ca42af3308621e43246b401f31a2998951daf1795ac35b7f9dce59e5e196e386882b172f2dde02e0d66ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
bf0e77d779c92e6da41110cdc6cdddde

SHA1
aae2b2d7c6e256e9f0cbd1008a502b3999903332

SHA256
d79dec66e56d0eed0f880234185acc057a388c5dda8dc1570cf47bc689dfaa08

SHA512
13316ff37d1442b0aeb2d6347ddc26a79fd842619ca31f3363d702f365577154d501fb0f43d011cc83df1814bf497b56fad196a1d1bbebbe2286ae269b605264

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
a67d5db6c06c97b9ab7614d041c5106f

SHA1
b80eeb5d170a21e61eb1f684e31a3b3fce381a1c

SHA256
716bb8cc9cfec0358d0ce8886003571b239e2952895eb89e5de0f1e9e2d92846

SHA512
d33a898ab724203f33c219582252e384de9553862aeb817f102975986fc3cfbe64602f5861fdd2a48d11765e023a05ef0e74e068a4df4ff69b7210eedeb09329

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
78a8634e991166217d5bfeb665cc54ae

SHA1
12dcc442ce26980f27ec25af6072cc8e3b826b07

SHA256
8812b7ca3505af2f06db6aab81a44dac30df500b5c257c0466c212fdb8c66271

SHA512
0495b4525e8a5c5ec1413ceb1b7b93900971a02466da3736dd270d44427af149ba5d772e06c82dc8e2079c6dcb294b59178bc0ee3a53d5079941981f4984b7fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
e6238ed3fe2b1442ac2c981c249c10f5

SHA1
14d3cec2e2f9f408864a9bfe7910f50a91e388ad

SHA256
28009b67b1bab68ee09031a9e5f6d235b006ed561ee275a8eceba5466fc796c1

SHA512
057b62d5442186a4ec458482909f0dca69fef29abc55c415a25209f50c7a9b6d1e8ae72217573d2955e6d6b7d01b6718dad7573419b0725b5e4d72da243e4b8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
d7b3b88cdea2cdfa85cbb5a044f881b3

SHA1
67b762dd0de86273bfe5442784becd80cd26fcea

SHA256
165deb9765fe6d3f89c4bedbb6f08794fbc628310d95084ee97bc965cdd9a580

SHA512
8bae36fb6fd6379c3c96d1609d6516c7193b78af3b1c9ed30bb4427f1d1afe8a6c36883e720f21951d970b361520f8c437ab3719fc93b8b9f91dda48c294b4a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
85095bbe71e03b197e99db6a9d392067

SHA1
ad586257276e09aab4d257ae1c3c060ee728d99b

SHA256
e049713c183b941e6cc8a45539922632f13647a32171e57ad1a007b3ea315663

SHA512
619f6fd3dc0a60f2c310b0989678041484d6ea5d2a9f5605641717e729a8093889880834a0662c51ab19f2c6c52002de257590c4844e34132c235c541de1336d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
298983d46e8a6c8d1440cedcacaeca01

SHA1
a46129f9a56073e7edfdf736ce01ad9de5e9216c

SHA256
440abf5083147c4ab6f6ce6b834b6cd212179c56bedca2f4ba6208a955568f74

SHA512
8edfa64e410524afd6d2ec3593883c045741b0eaf29a3c8c82db2895c1afadec0ad481fffa02d070e02bfcf44cd5eca0dc18a9c6dc46b107939121f2cfd47854

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
a818a5cbf5e6be35bfc09d5de405c102

SHA1
adb0ebd5115e3f0409e4a3ca6e83712f0b76c9d4

SHA256
4493b356820fc8daad695ef602322d46c430abe9b70cb09a1654955c6268fbf0

SHA512
b1297625ff69858534b9c6ef22b7e8711a2d592807470467cc3965420f174727d8a4825f1d8744abfcf9212a48e665ffeeeffc9c012f0e8c89309b9922d1b31a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
46a7e6a917a4926dbbfe270283b26458

SHA1
0d961ff3cd9c60d3cc6cc15ae19e5bb330f089aa

SHA256
4942b1671caaf401cac831436e832ac963c253ba5294e5e5bf046c8743e8ba91

SHA512
baf9b1adcdc6d93442ade63b1addfc3a1df4fb6638832e8ffe1aa7d4d7e3a6c61a40d3b7389544a7cb4570cca608448d4a1c7e1a03ac915b29d06905e4cd5661

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
23a8723e5e0b0ad994ecc4b8c2d1dd5c

SHA1
26abffc8dc728f3b0f48f7a5700958ea7887bee4

SHA256
2c717dc92cc69a15ab59b6e2ec7df070c6cf2ea4a00099e8054c4729b5ed03ed

SHA512
9f64297ad25762edf5805091e842f6fc7916b8426a81b0cc1f38a2de844fee47d805c599bff68f27586be1d329e6993cf273ba18a7250da870785cc763870c87

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
035eaec2b3cb668cf7048f3822a6f753

SHA1
adab1c092e77ebb02aba9684b3315092972f2f9b

SHA256
352bcd567cde129f2d389fa1f0031a8838ca6228c22363e711ecc44b631a877e

SHA512
a8a253653b8cde806f44da830d227fadb5dd2e0e279aec56e2a9ebe8fc952838d81c1245c8d24c86261f4919675b56059c845f570ed4d9022fffb83d439bc7d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
30a36c03a30c9950243b10d34a840e78

SHA1
0f0c0598e4e8802f308f80df4e224f4eff964969

SHA256
2cc1769f0f0af8d1db172b2838af86a859e7d5bd4159565bf55180cfebdf1de6

SHA512
ed7f5b438a51dc7bcce4289d1e20264b2de50e01b639821a7a840456fddc108999f2e57691adf563d11d50caff69b1a857a4fad6673ac7afce148ff662e86939

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
0a257ca09f66871e33b81fc8d0b40e7c

SHA1
e6d1698637731d62423cf95de5b05d775af3390c

SHA256
c65afcddfc646c28b5bf68ba1d9bba91295e47263a62d0d773816d947e5a6cb5

SHA512
31501a97aec1b6a30a08b06f87ff2ce8b590699f27e8a107d258e6412b473f806879292a4471a9fb480ad83134f0f4eb6831c62f7996c82ac69ea554c00c2208

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
65e069499d0e7d5f56ab594aafada79b

SHA1
cfc179e9ccfaf113f9da0544dd04e4f9b47d2690

SHA256
cf06df435648ddff150b3a46ffd55a5b42125ad8c06c7ffb210f7e232a2c6e3d

SHA512
ea9e0dd1561eabd1ccd8a249e7a179b42fc7f35a79cdb89dc361a28ea824216dbfade07f61a1769ffc2d642e25e69c6578c6b107de8a0157165aef12d822f4a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
faa37da8cdddb1084ceeeabdfbd82c49

SHA1
51e3b748f69ee211d5a263c5ddb1d3d01b550631

SHA256
f5bb205942dcdaae36833b2c790ed24095994f6837f2a2f310907985cc3d7d37

SHA512
38056e04f1132e46574881df5dd32eba11274567db57b0f7ba150ab0916ba557436331cfd8b3295a18d8e81ff3ff6b1486f9fa976e9200d575a0c463325cfc1e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
ee90f42a71798157a9936e3fa7a8abf3

SHA1
7da4a74b7f04565ea50ba573346b9a19c1f6ee3d

SHA256
bcf410310b2dc52dd127caf350d3c30573a33c3f7388572fe11f8f4bebf58a04

SHA512
259e67ff5ea92eae301d0fcc7fde6bb269e08ae86416f8f53b1c184cd11bb2a204d3f9742a55e4e92622ebace36e6e1130ccb77cf99f8c342be196bf464f1189

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
0243c1fc0c427378e3d64d21d1353526

SHA1
df64942921a5ac34bd90b263b60b9365733ca634

SHA256
85da9f1ca01d3b34390625a2ee1cf2bf9b9ffaf49a3e6f1e163cd839528e079c

SHA512
2b896e527d2f084feb7aacc046021c782dd15f5f0b729fb7559033181e58003eec73ad33d31517d7a3c5d21fa28a1113201f7ecf0687d77115957b50067f1037

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
593eb5baa9c058e362f83ea84f39d287

SHA1
98f3d63535c697653efbb83f83bd4cd9e99eb96d

SHA256
e7ac957e876424ebcdc8bde3ab5947569e2ac7c72ff8d96f3703c02d092865b8

SHA512
16dbb1e859ba67e89aa8676ac96ffd3240014d1ed14ef31b3062ecba0e2c7f52378d3661de988982e66599b881c4d9995ecb879be8e7fe9c331d067278132841

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a78a1879de1cebee3292c3e1bcb929f2

SHA1
4a422bf73ba6de8dd46c81e3d2da96a0eef9822a

SHA256
e5c3079d06384e8e790b6f100e567fa21204cab44a6a92399ea397b8eb18cd69

SHA512
617150f4fbb2e77aa8328292059bd2a0da410daa9c144245eabbebe7ebb8fc4be64e32823c41caaa8729dfda2520b4784a7ea13e6eea1b03224f703392731609

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
36ab5cc5c0a5f45dea6b54e6467895d6

SHA1
187e48de9d04eadc9f799d04a643b2e3336ecaea

SHA256
afd866b89eea484a494027590c0a12bdf14f3e6c52171c7ca7442d2ee70cc6ff

SHA512
99e4891212def2b579a3bd41f4eb80665fcb16588205f64feb61354f30ea728b01a3cede46ab29678f7301c234c3479d440eecb9a1f93637506fc77e7ac6e4f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57f973.TMP

Filesize
874B

MD5
89e1897de1f7e7365e7ccc926225d7dd

SHA1
fc5e7e4bf7476fa94df433fa06b7c526ec183d90

SHA256
12aef54f9260549d1f684f83d462cef9989fc29260ce2460058afd99c51d48d0

SHA512
81122a5744123b8fe6e04ccf1bd0d1718b7907d4df457d10d6c6b3364d4c4d2aa0d8ca8f8649a1b3d5f248ab4686627f26882e594a7c5e34a01b28ab88e819e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\ca73c3f0-316a-4025-9dcd-14b17d89ea6c.tmp

Filesize
1KB

MD5
b4e05db3399079a68956c8e46c17810c

SHA1
583eb6f88fa78b78c9e6551bc0bf0770fe0e880e

SHA256
1ee2a1d0a50a3917e1c0bdbfb7a36a0945a829af985c180df53413f75dbfd8ae

SHA512
dbd619c9121068a1c7045e1c187746408306eafa332b90e695e216068b3dc77b646c4815ff12c6f786c9363fe04fa723ddd8aaa57cd862af0c0ade24416185f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
589c49f8a8e18ec6998a7a30b4958ebc

SHA1
cd4e0e2a5cb1fd5099ff88daf4f48bdba566332e

SHA256
26d067dbb5e448b16f93a1bb22a2541beb7134b1b3e39903346d10b96022b6b8

SHA512
e73566a037838d1f7db7e9b728eba07db08e079de471baca7c8f863c7af7beb36221e9ff77e0a898ce86d4ef4c36f83fb3af9c35e342061b7a5442ca3b9024d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
60e3f691077715586b918375dd23c6b0

SHA1
476d3eab15649c40c6aebfb6ac2366db50283d1b

SHA256
e91d13722e31f9b06c5df3582cad1ea5b73547ce3dc08b12ed461f095aad48ee

SHA512
d1c146d27bbf19362d6571e2865bb472ce4fe43dc535305615d92d6a2366f98533747a8a70a578d1f00199f716a61ce39fac5cab9dd67e9c044bc49e7343130e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\fd1566e2-435f-491d-8695-506cc3a6a7af.tmp

Filesize
19KB

MD5
b4ee68ca69611df5eab871873b5a946a

SHA1
a62e8b401f9ff537abf4563c05adcb2bb7559111

SHA256
be469ac1632227cd28bd4bde4f78a826f96fa4634083a3e6f32f1c175c6750ae

SHA512
aedebb918c43929f7b7e8ed40541e1e15acb8494a0a373244c07353df197dffbe47131c00d6318bb271b011fee2f4f3e0276a4c5b9ac8861648c3318d270b484

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\fe5cc7aa-b52f-45d2-b6d3-23f50f17ac86.tmp

Filesize
1KB

MD5
457d0b612a9b272af0a93922a289050a

SHA1
f7f38d69ffda72a5aa475dc068456eabf53c1124

SHA256
46a1b0209eedb31c8228098bc56f738af2ee3832b2af71bea8cc794bff51eef6

SHA512
b2fba72f92b378ab42c89398d8c2edb44804eb2b0e185805a997d309b957706818d35c1a549e691d384c1ba4ce89ffe3aa560a81d970235fef14f84000908080

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
b9c13d4eb300b14b228bcfe909b63ea7

SHA1
955dc15530cb28c47eb688b2cef33db35d61e3e3

SHA256
ba18f922cff305dbed6f6d4b696a49f22522145f607cd8edf6bbe59c66f8069b

SHA512
1b673a465f672ad71c7599417522ab895e8194cf6eef3935250eacd07af709ec840b75c6c689316328631e156a6ad49bf72c43887347d7198da3c169ce023936

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
269bddcb07c26dfecfd6b60d7c05f434

SHA1
0ac2d511c2ee9c7b46c4968f05abbb8f8c5a2392

SHA256
39ed090e689323fc9b95a73c6b570078374695784107386cb448758640c5d8c7

SHA512
246af0dbaf72f541a63eef17eb0c814f8d66df8e81ac94e79385513837a798a8789196401b108c8b574f6b0f8fd47f526b6509f918cd35ecebb24e91ae6bbe82

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
da91d9449aea114d7b981bfda10461c9

SHA1
8a8a30a1b561b59cf18e2d6590968768cfbe261d

SHA256
b50b0cf374b49271b8391b9bcb5d51a1e7fa47a94e23787ab90109acfeae0ae0

SHA512
497d1d53d1e77df6000e5000cbaa192892df4051d369aa1dc55dccede3f6c9378a6ff1ff4af464252ea95d49fdc6b691ad96c0cb11f6cce37cdda75fd090df6f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
205d5c7dabef21c9e33cd13d31aed1fc

SHA1
63abf6b21408fa1267f926289364aaa451e9897c

SHA256
1dcca91bcb8c291b3ef7b404ad1f871cf5517b676d52167995af6b560ead4044

SHA512
00b9728dcb5babfed9eff175e971501a6ad2f9481e2d849bbb1fafb043bb5e8e6a264de81215a343478a89cd5d7d6e756673e579e51b1fd9dc1ebfd2e68164a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
b50be03e71dde921c6de8bc854dfe2a5

SHA1
ab59366e67fd6b98db17b71b97a61f0c9d3fe45f

SHA256
df66ad018979a8cf83014d1f66c80745aee69f4b04208c41f81f61cbc910f88f

SHA512
cb1c39b702cf6a2bd6b6573c2959acc0fed5105a71cf76a25854054dd8120efc4568a4283fe7c6fa99d2c4e12c75ca5690f1854c4b392c55c074dd883c7d766a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
21503f08211b1c8cec9dd480bcbbd4a6

SHA1
4c013f52556c86c2e2d62b95ea673f3bd0f84f8d

SHA256
857c9f577ee8a78f0bb210ed748d7b4fad9cab39d955500130d29d8f8326def3

SHA512
6f0e47f48200fae1a0b9a14fa1151c1c9f202d169b895afac558fb7db4fae25016f2c144e2854f953c6b3cba64c73ca57c701b9bf3f66b6f990526e7850af6f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
455169dd5d0eadad9887c9ffebefb1de

SHA1
2e6333eefc2938a3a32b8aad221f24db8f6a4ed6

SHA256
b93f0aad6383f29579dcdaa65a8c29d09481bd932839eac7000c068b3dfed7dd

SHA512
ed920becd886a73525ac458c61245329e724a84dfe48ada3dd224e5d1b08e16f8b8c0d1da59d2b54e12d081464e54e91b933d5631def12d5785c64306dfed2a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
3c103e93811f20ab17c06e303b19b891

SHA1
55fd97ce9a86d5e944eb5c6bb55b2174d581ecc9

SHA256
b77c16529c52bb334db112c17ee4b4665b5d7c7b79fe4cfc02f05e1198d23939

SHA512
af63650b858768702381fc4a62ac00b349ee491ff05f408a3b6344d170eb67e7d24476acbe43a06061ceb5e0cfb5631b39bdcb74508fbbb765202ac3e9413300

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
6e1cb91b8856ee87e59bfac167bd0a63

SHA1
030b1d31c7f2b1aed7eddd4efbe2f1d8c9f37732

SHA256
8e335d0c9b3a1c5600e917e68b7c84650dbb5b1eda8d3a9ff35909883cc5ac7f

SHA512
5d5ed716e26bc524f36dee088d8bf21d39ac5779c830655541ebcc2f59de32cf5deff13e7e1607d0c9a53e336904b0307153fc1d4c4645c14eb8aff4046676fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
d15cca9bc30ac50d3113be4cbb9ac6d5

SHA1
d3b67c6270b5e552cc8460b8845a654520e54835

SHA256
c866c4e42fa1f9a84f9ad522846f535191bc1f0d4a163a5085de7b0e82e69273

SHA512
fcf15877cb56b9b045d45f048899f8e365059cd9ca5d128451a9af10c3310a9635b36d88a5ef5cfcd526d34a2ca9cc349634f9a0b883bff3875711100aab0c33

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
04a8896d3c4edc2b81774947a07b78d4

SHA1
05726054f1dcd78b69879eea80dc293673997d02

SHA256
eef273ee572a9a0240051da780233ea81731b12a4ec0d0c7ea4c5eccfc38ac4a

SHA512
d7a537a467f0a9c0f893cb47a578d151665dac78fc30b94214e45abfb7d1ded0190544b8264719e9ecb55904c1227f5ae189b00cc414a153aa168708740a2808

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
483b7634c7f66429d5fa2aaa45fad8d7

SHA1
7d9c364a0430a27b2b520d8e90281d2573134522

SHA256
5a969f6d91453dfc8bddf63c98c694e39d2105a8b847782273c2929e75767c46

SHA512
ff3305051ec8b1b5dcb47e58f40047919da28655617195117842deebc7ded4f55e06c9b8249eeb8a2874af13cdbc498abd249fd61e607fc7b3e8ab38ae3ea47c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
c70642e5fafa771d7647d2168eb13cc7

SHA1
0ad01f824423cd59f487ac8077f3e661fd0b728c

SHA256
38040dfd2ed84903d033aa2ccbf0abc0426433f7d065a4ae416b812ae646e219

SHA512
915025c816a11fe2aa0495b078cb95571359c630249ace995158b78535921c9c7e4eaf2c2db6c6d59fff5629a116fae89a030b0990dbdac9d4218fbd352310c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
97dcea3bdc8d8b69a735829233becd05

SHA1
128eca263221d9d8d94e18a00dac351e269f5b8a

SHA256
f6e3ee739b1fe84d81cec3023e265a8c0805bfc94d13bef924530611a6810f4f

SHA512
853e2053624029dd63cfe137fa3d04407e0f5bc0c19ef9496e43c4e65d6e75715238ec9b11442f6234ae95f974c68611dc458005f147bd54bb74d06530c70ced

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
dbbe4d4b7c66591653f683aa021fb7b5

SHA1
abeceb3c096afa7c4123fb1e93ca5a00c747b4a1

SHA256
97a8a7e54ccf702ee3be676e7203b7f9069eb66a44201150425ffc67fcd5e624

SHA512
9020164e2e2a98c22e60e2a67df6b4a283254797331c5fabcec78ece256d8126689eb1a08581364c6cf1be777024f22a72062d773c87f863208c53d1b89a6722

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb

Filesize
640KB

MD5
ab4fdea88a41f87cf6b028869c6c77ce

SHA1
effd9a8222f59aacb8546e8f3774f366822fa9ab

SHA256
ac6218faa6806424a5e2d38c041a2598a40fb0247bf91ff016887e18fd866f37

SHA512
235bc24dc9f26f91a80f6678446641b8d9ae32b540775be6f928fa656460764dc6c12e5034664dbb5e1329af0f18bf9cc7c997c9d5ba2f9c8dd24cc8d1312c8e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbres

Filesize
4KB

MD5
969fc5dd89f3f5c9f63906affd445537

SHA1
4c7771f7ac94e52cbb5f7f3c9dcc471febc5a7c2

SHA256
7c0b7750ec374e3e43fe3ab26aadd4438ed7c234920d5a3b7759cff5846949b7

SHA512
c29a8fe4e8207cbd7b58d6791e69ce57e4fb7bb9821375b21627526873a772e5f662e45431da21ad07483117614492250e0a6135025eab3af450e1f951fd2c93

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML

Filesize
9KB

MD5
7050d5ae8acfbe560fa11073fef8185d

SHA1
5bc38e77ff06785fe0aec5a345c4ccd15752560e

SHA256
cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b

SHA512
a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Office\Recent\index.dat

Filesize
333B

MD5
e000ad3d8389ab80e239430bc811e5ab

SHA1
48958dca924692eddfe20166ea1aca05ae6c94e4

SHA256
e56d8935277b55d349ead12a676c2fb415f8a7aac5d9b5a3d544745a5d0ba7c4

SHA512
99f589d714ebb34dc11f97dd0ec39b4fc9d2579d3ece356cf254671fe323b73eb003f6195d779d7eccb253a33643bd5a927af6451e11b161e497d65a0f650a7d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
3bca5f1bbb2b7102f06c15548dd6f886

SHA1
ebb2a231f97a8dce1dab2b39eac17e12dfe5fcda

SHA256
da54013b7ed6ef7c75b7d2fdf66d315e5c063406834f1f1da0b10493d3c99a35

SHA512
18294b404056fef8a45642048b7040726e74605ebc8ec4cdc88a7685f2155d911516adcc63d0f7378e2a407fa3a56499efb622a423b9a895761e22476da5b781

Download Submit
C:\Users\Admin\DOWNLO~1\DanaBot.dll

Filesize
2.4MB

MD5
7e76f7a5c55a5bc5f5e2d7a9e886782b

SHA1
fc500153dba682e53776bef53123086f00c0e041

SHA256
abd75572f897cdda88cec22922d15b509ee8c840fa5894b0aecbef6de23908a3

SHA512
0318e0040f4dbf954f27fb10a69bce2248e785a31d855615a1eaf303a772ad51d47906a113605d7bfd3c2b2265bf83c61538f78b071f85ee3c4948f5cde3fb24

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 122876.crdownload

Filesize
2.2MB

MD5
54daad58cce5003bee58b28a4f465f49

SHA1
162b08b0b11827cc024e6b2eed5887ec86339baa

SHA256
28042dd4a92a0033b8f1d419b9e989c5b8e32d1d2d881f5c8251d58ce35b9063

SHA512
8330de722c8800ff64c6b9ea16a4ff7416915cd883e128650c47e5cb446dd3aaa2a9ba5c4ecda781d243be7fb437b054bbcf942ea714479e6cc3cef932390829

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 373717.crdownload

Filesize
68KB

MD5
bc1e7d033a999c4fd006109c24599f4d

SHA1
b927f0fc4a4232a023312198b33272e1a6d79cec

SHA256
13adae722719839af8102f98730f3af1c5a56b58069bfce8995acd2123628401

SHA512
f5d9b8c1fd9239894ec9c075542bff0bcef79871f31038e627ae257b8c1db9070f4d124448a78e60ccc8bc12f138102a54825e9d7647cd34832984c7c24a6276

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 699144.crdownload

Filesize
1.1MB

MD5
f0a661d33aac3a3ce0c38c89bec52f89

SHA1
709d6465793675208f22f779f9e070ed31d81e61

SHA256
c20e78ce9028299d566684d35b1230d055e5ea0e9b94d0aff58f650e0468778a

SHA512
57cdb3c38f2e90d03e6dc1f9d8d1131d40d3919f390bb1783343c82465461319e70483dc3cd3efdbd9a62dfc88d74fc706f05d760ffd8506b16fd7686e414443

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 907522.crdownload

Filesize
248KB

MD5
20d2c71d6d9daf4499ffc4a5d164f1c3

SHA1
38e5dcd93f25386d05a34a5b26d3fba1bf02f7c8

SHA256
3ac8cc58dcbceaec3dab046aea050357e0e2248d30b0804c738c9a5b037c220d

SHA512
8ffd56fb3538eb60da2dde9e3d6eee0dac8419c61532e9127f47c4351b6e53e01143af92b2e26b521e23cdbbf15d7a358d3757431e572e37a1eede57c7d39704

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 915850.crdownload

Filesize
122KB

MD5
d043ba91e42e0d9a68c9866f002e8a21

SHA1
e9f177e1c57db0a15d1dc6b3e6c866d38d85b17c

SHA256
6820c71df417e434c5ad26438c901c780fc5a80b28a466821b47d20b8424ef08

SHA512
3e9783646e652e9482b3e7648fb0a5f7c8b6c386bbc373d5670d750f6f99f6137b5501e21332411609cbcc0c20f829ab8705c2835e2756455f6754c9975ac6bd

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 915850.crdownload:SmartScreen

Filesize
7B

MD5
4047530ecbc0170039e76fe1657bdb01

SHA1
32db7d5e662ebccdd1d71de285f907e3a1c68ac5

SHA256
82254025d1b98d60044d3aeb7c56eed7c61c07c3e30534d6e05dab9d6c326750

SHA512
8f002af3f4ed2b3dfb4ed8273318d160152da50ee4842c9f5d9915f50a3e643952494699c4258e6af993dc6e1695d0dc3db6d23f4d93c26b0bc6a20f4b4f336e

Download Submit
C:\Users\Admin\Downloads\Zloader.xlsm

Filesize
93KB

MD5
b36a0543b28f4ad61d0f64b729b2511b

SHA1
bf62dc338b1dd50a3f7410371bc3f2206350ebea

SHA256
90c03a8ca35c33aad5e77488625598da6deeb08794e6efc9f1ddbe486df33e0c

SHA512
cf691e088f9852a3850ee458ef56406ead4aea539a46f8f90eb8e300bc06612a66dfa6c9dee8dcb801e7edf7fb4ed35226a5684f4164eaad073b9511189af037

Download Submit
C:\Users\Admin\Downloads\chilledwindows.mp4

Filesize
3.6MB

MD5
698ddcaec1edcf1245807627884edf9c

SHA1
c7fcbeaa2aadffaf807c096c51fb14c47003ac20

SHA256
cde975f975d21edb2e5faa505205ab8a2c5a565ba1ff8585d1f0e372b2a1d78b

SHA512
a2c326f0c653edcd613a3cefc8d82006e843e69afc787c870aa1b9686a20d79e5ab4e9e60b04d1970f07d88318588c1305117810e73ac620afd1fb6511394155

Download Submit
\??\pipe\LOCAL\crashpad_4916_GYRQNLWECGUUAEMQ

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/736-1658-0x0000000020F50000-0x0000000020F58000-memory.dmp

Filesize
32KB

Download
memory/736-1646-0x0000000000240000-0x00000000006A4000-memory.dmp

Filesize
4.4MB

Download
memory/736-1660-0x0000000020FD0000-0x0000000020FDE000-memory.dmp

Filesize
56KB

Download
memory/736-1659-0x0000000021000000-0x0000000021038000-memory.dmp

Filesize
224KB

Download
memory/852-794-0x00007FFC81810000-0x00007FFC81820000-memory.dmp

Filesize
64KB

Download
memory/852-793-0x00007FFC81810000-0x00007FFC81820000-memory.dmp

Filesize
64KB

Download
memory/852-792-0x00007FFC81810000-0x00007FFC81820000-memory.dmp

Filesize
64KB

Download
memory/852-795-0x00007FFC81810000-0x00007FFC81820000-memory.dmp

Filesize
64KB

Download
memory/852-751-0x00007FFC7F7B0000-0x00007FFC7F7C0000-memory.dmp

Filesize
64KB

Download
memory/852-750-0x00007FFC7F7B0000-0x00007FFC7F7C0000-memory.dmp

Filesize
64KB

Download
memory/852-749-0x00007FFC81810000-0x00007FFC81820000-memory.dmp

Filesize
64KB

Download
memory/852-748-0x00007FFC81810000-0x00007FFC81820000-memory.dmp

Filesize
64KB

Download
memory/852-746-0x00007FFC81810000-0x00007FFC81820000-memory.dmp

Filesize
64KB

Download
memory/852-747-0x00007FFC81810000-0x00007FFC81820000-memory.dmp

Filesize
64KB

Download
memory/852-745-0x00007FFC81810000-0x00007FFC81820000-memory.dmp

Filesize
64KB

Download
memory/852-627-0x0000000000400000-0x0000000000AAD000-memory.dmp

Filesize
6.7MB

Download
memory/1460-1475-0x0000000000400000-0x00000000004A6000-memory.dmp

Filesize
664KB

Download
memory/1472-1452-0x00000220D11D0000-0x00000220D11D1000-memory.dmp

Filesize
4KB

Download
memory/1472-1455-0x00000220D11D0000-0x00000220D11D1000-memory.dmp

Filesize
4KB

Download
memory/1472-1451-0x00000220D11D0000-0x00000220D11D1000-memory.dmp

Filesize
4KB

Download
memory/1472-1446-0x00000220D11D0000-0x00000220D11D1000-memory.dmp

Filesize
4KB

Download
memory/1472-1445-0x00000220D11D0000-0x00000220D11D1000-memory.dmp

Filesize
4KB

Download
memory/1472-1453-0x00000220D11D0000-0x00000220D11D1000-memory.dmp

Filesize
4KB

Download
memory/1472-1444-0x00000220D11D0000-0x00000220D11D1000-memory.dmp

Filesize
4KB

Download
memory/1472-1454-0x00000220D11D0000-0x00000220D11D1000-memory.dmp

Filesize
4KB

Download
memory/1472-1456-0x00000220D11D0000-0x00000220D11D1000-memory.dmp

Filesize
4KB

Download
memory/1700-1473-0x0000000000400000-0x00000000004A6000-memory.dmp

Filesize
664KB

Download
memory/3356-647-0x0000000000400000-0x000000000066B000-memory.dmp

Filesize
2.4MB

Download
memory/3356-684-0x0000000000400000-0x000000000066B000-memory.dmp

Filesize
2.4MB

Download
memory/3480-630-0x0000000000400000-0x0000000000AAD000-memory.dmp

Filesize
6.7MB

Download
memory/3668-1458-0x0000000000400000-0x00000000004A6000-memory.dmp

Filesize
664KB

Download
memory/4304-641-0x00000261FA920000-0x00000261FA921000-memory.dmp

Filesize
4KB

Download
memory/4304-642-0x00000261FA920000-0x00000261FA921000-memory.dmp

Filesize
4KB

Download
memory/4304-635-0x00000261FA920000-0x00000261FA921000-memory.dmp

Filesize
4KB

Download
memory/4304-636-0x00000261FA920000-0x00000261FA921000-memory.dmp

Filesize
4KB

Download
memory/4304-634-0x00000261FA920000-0x00000261FA921000-memory.dmp

Filesize
4KB

Download
memory/4304-646-0x00000261FA920000-0x00000261FA921000-memory.dmp

Filesize
4KB

Download
memory/4304-645-0x00000261FA920000-0x00000261FA921000-memory.dmp

Filesize
4KB

Download
memory/4304-644-0x00000261FA920000-0x00000261FA921000-memory.dmp

Filesize
4KB

Download
memory/4304-643-0x00000261FA920000-0x00000261FA921000-memory.dmp

Filesize
4KB

Download
memory/4304-640-0x00000261FA920000-0x00000261FA921000-memory.dmp

Filesize
4KB

Download
memory/4332-1474-0x0000000000400000-0x00000000004A6000-memory.dmp

Filesize
664KB

Download
memory/4488-1460-0x0000000000400000-0x00000000004A6000-memory.dmp

Filesize
664KB

Download
memory/4508-1887-0x0000000001620000-0x0000000001628000-memory.dmp

Filesize
32KB

Download
memory/4508-1886-0x000000001C900000-0x000000001C99C000-memory.dmp

Filesize
624KB

Download
memory/4508-1888-0x000000001CB30000-0x000000001CB7C000-memory.dmp

Filesize
304KB

Download
memory/4508-1885-0x000000001C390000-0x000000001C85E000-memory.dmp

Filesize
4.8MB

Download
memory/4508-1884-0x000000001BDA0000-0x000000001BE46000-memory.dmp

Filesize
664KB

Download
memory/4784-821-0x0000000000400000-0x0000000000AAD000-memory.dmp

Filesize
6.7MB

Download