ea717e5576dbd3052c3429470ad4f3bc9bae374d4b9cc7d1c0e68055ec810543

Resubmissions

11-08-2024 18:50

240811-xg9eaasfln 8

11-08-2024 18:41

11-08-2024 18:41

11-08-2024 18:38

11-08-2024 18:17

11-08-2024 18:16

11-08-2024 18:15

11-08-2024 17:52

Analysis

max time kernel
1200s
max time network
1201s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
11-08-2024 18:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Screenshot 2024-08-06 212650.png
Size

302KB
MD5

8215cf98ee78db9c15eb03c1d565f6f9
SHA1

03020983659e6d6c61631de0bfdec9a965ec5155
SHA256

ea717e5576dbd3052c3429470ad4f3bc9bae374d4b9cc7d1c0e68055ec810543
SHA512

8e16cdb25bd785bf11608fb983125f71394da0091fa9769ee8504194d0626fca1b66e08245ba6d52af1e498bc16635fcdaedf1dd6b4a77cf9a53d4cd5278a28e
SSDEEP

6144:Rl53DXhOKICpEkz40IFGtwyYCzGpvgrUz9iYdwYIsQ1IxxeTMuG:RlxXgKI2xzdqG1ZTrURnuRsdxxe8

Score

6^/10

discovery execution

Malware Config

Signatures

Enumerates connected drives 3 TTPs 46 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\E:	wmplayer.exe
File opened (read-only)	\??\H:	wmplayer.exe
File opened (read-only)	\??\J:	unregmp2.exe
File opened (read-only)	\??\N:	unregmp2.exe
File opened (read-only)	\??\P:	unregmp2.exe
File opened (read-only)	\??\L:	unregmp2.exe
File opened (read-only)	\??\R:	unregmp2.exe
File opened (read-only)	\??\J:	wmplayer.exe
File opened (read-only)	\??\S:	wmplayer.exe
File opened (read-only)	\??\X:	wmplayer.exe
File opened (read-only)	\??\E:	unregmp2.exe
File opened (read-only)	\??\G:	unregmp2.exe
File opened (read-only)	\??\I:	unregmp2.exe
File opened (read-only)	\??\Y:	unregmp2.exe
File opened (read-only)	\??\Z:	wmplayer.exe
File opened (read-only)	\??\B:	wmplayer.exe
File opened (read-only)	\??\R:	wmplayer.exe
File opened (read-only)	\??\V:	wmplayer.exe
File opened (read-only)	\??\W:	wmplayer.exe
File opened (read-only)	\??\H:	unregmp2.exe
File opened (read-only)	\??\M:	unregmp2.exe
File opened (read-only)	\??\U:	unregmp2.exe
File opened (read-only)	\??\A:	wmplayer.exe
File opened (read-only)	\??\G:	wmplayer.exe
File opened (read-only)	\??\I:	wmplayer.exe
File opened (read-only)	\??\P:	wmplayer.exe
File opened (read-only)	\??\B:	unregmp2.exe
File opened (read-only)	\??\O:	unregmp2.exe
File opened (read-only)	\??\W:	unregmp2.exe
File opened (read-only)	\??\X:	unregmp2.exe
File opened (read-only)	\??\Z:	unregmp2.exe
File opened (read-only)	\??\L:	wmplayer.exe
File opened (read-only)	\??\M:	wmplayer.exe
File opened (read-only)	\??\U:	wmplayer.exe
File opened (read-only)	\??\A:	unregmp2.exe
File opened (read-only)	\??\S:	unregmp2.exe
File opened (read-only)	\??\V:	unregmp2.exe
File opened (read-only)	\??\K:	wmplayer.exe
File opened (read-only)	\??\Q:	wmplayer.exe
File opened (read-only)	\??\T:	wmplayer.exe
File opened (read-only)	\??\N:	wmplayer.exe
File opened (read-only)	\??\O:	wmplayer.exe
File opened (read-only)	\??\Y:	wmplayer.exe
File opened (read-only)	\??\K:	unregmp2.exe
File opened (read-only)	\??\Q:	unregmp2.exe
File opened (read-only)	\??\T:	unregmp2.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
33	raw.githubusercontent.com
33	camo.githubusercontent.com

Drops file in Windows directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\UPnP Device Host\upnphost\udhisapi.dll	svchost.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\UPnP Device Host\upnphost\udhisapi.dll	svchost.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Command and Scripting Interpreter: JavaScript 1 TTPs
execution

JavaScript
T1059.007
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2964	2136	WerFault.exe	135

System Location Discovery: System Language Discovery 1 TTPs 14 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	unregmp2.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	wmplayer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe

Checks processor information in registry 2 TTPs 31 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	Winword.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	Winword.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	Winword.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	Winword.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	Winword.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	Winword.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	POWERPNT.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	Winword.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	Winword.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	Winword.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	Winword.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	Winword.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	Winword.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	POWERPNT.EXE
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	POWERPNT.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe

Enumerates system info in registry 2 TTPs 18 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	Winword.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	Winword.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	Winword.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	Winword.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	POWERPNT.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	Winword.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	Winword.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	Winword.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	Winword.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	POWERPNT.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	Winword.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	Winword.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	Winword.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	Winword.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	POWERPNT.EXE

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe
Key created	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Modifies registry class 34 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\md_auto_file\shell\edit\command\ = "\"C:\\Program Files\\Microsoft Office\\root\\Office16\\Winword.exe\" /n \"%1\""	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe
Key created	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\.py	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\md_auto_file\shell\edit\ = "@C:\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\Office16\\oregres.dll,-1"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\py_auto_file\shell\Read\command	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\.md	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\md_auto_file\shell	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\md_auto_file\shell\edit\command	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\py_auto_file\shell	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\엉囚ᰀ谀耤\ = "py_auto_file"	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\py_auto_file\shell\Read\command\ = "\"C:\\Program Files (x86)\\Adobe\\Acrobat Reader DC\\Reader\\AcroRd32.exe\" \"%1\""	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3007475212-2160282277-2943627620-1000\{0E8D0200-5641-4F9E-ABD8-A406D0A32530}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\py_auto_file\shell\Read	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\md_auto_file	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\.md\ = "md_auto_file"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\ﳄꦒ⠀谀耙	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\.py\ = "py_auto_file"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\py_auto_file	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\엉囚ᰀ谀耤	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\md_auto_file\shell\edit	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\ﳄꦒ⠀谀耙\ = "md_auto_file"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings	firefox.exe

NTFS ADS 4 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\YouAreAnIdiot-main.zip:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\ransomware-master.zip:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\ZOD-master.zip:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\TheDestroyer-master.zip:Zone.Identifier	msedge.exe

Suspicious behavior: AddClipboardFormatListener 9 IoCs

pid	Process
3636	Winword.exe
3636	Winword.exe
4512	Winword.exe
4512	Winword.exe
5972	POWERPNT.EXE
3600	Winword.exe
3600	Winword.exe
728	Winword.exe
728	Winword.exe

Suspicious behavior: EnumeratesProcesses 42 IoCs

pid	Process
4748	msedge.exe
4748	msedge.exe
4252	msedge.exe
4252	msedge.exe
2808	msedge.exe
2808	msedge.exe
5088	identity_helper.exe
5088	identity_helper.exe
5052	msedge.exe
5052	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2848	msedge.exe
2880	msedge.exe
2880	msedge.exe
2796	msedge.exe
2796	msedge.exe
5432	AcroRd32.exe
5432	AcroRd32.exe
5432	AcroRd32.exe
5432	AcroRd32.exe
5432	AcroRd32.exe
5432	AcroRd32.exe
5432	AcroRd32.exe
5432	AcroRd32.exe
5432	AcroRd32.exe
5432	AcroRd32.exe
5432	AcroRd32.exe
5432	AcroRd32.exe
5432	AcroRd32.exe
5432	AcroRd32.exe
5432	AcroRd32.exe
5432	AcroRd32.exe
5432	AcroRd32.exe
5432	AcroRd32.exe
5432	AcroRd32.exe
5432	AcroRd32.exe
5428	msedge.exe
5428	msedge.exe
5236	msedge.exe
5236	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 6 IoCs

pid	Process
2228	OpenWith.exe
3792	OpenWith.exe
5972	POWERPNT.EXE
5312	OpenWith.exe
5208	OpenWith.exe
2624	OpenWith.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs

pid	Process
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2136	wmplayer.exe
Token: SeCreatePagefilePrivilege	2136	wmplayer.exe
Token: SeShutdownPrivilege	5040	unregmp2.exe
Token: SeCreatePagefilePrivilege	5040	unregmp2.exe
Token: SeDebugPrivilege	2688	firefox.exe
Token: SeDebugPrivilege	2688	firefox.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe

Suspicious use of SendNotifyMessage 14 IoCs

pid	Process
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
4188	OpenWith.exe
4188	OpenWith.exe
4188	OpenWith.exe
4188	OpenWith.exe
4188	OpenWith.exe
4188	OpenWith.exe
4188	OpenWith.exe
4188	OpenWith.exe
4188	OpenWith.exe
4188	OpenWith.exe
4188	OpenWith.exe
4188	OpenWith.exe
4188	OpenWith.exe
4188	OpenWith.exe
4188	OpenWith.exe
3636	Winword.exe
3636	Winword.exe
3636	Winword.exe
3636	Winword.exe
3636	Winword.exe
3636	Winword.exe
3636	Winword.exe
2228	OpenWith.exe
2228	OpenWith.exe
2228	OpenWith.exe
2228	OpenWith.exe
2228	OpenWith.exe
2228	OpenWith.exe
2228	OpenWith.exe
2228	OpenWith.exe
2228	OpenWith.exe
2228	OpenWith.exe
2228	OpenWith.exe
2228	OpenWith.exe
2228	OpenWith.exe
2228	OpenWith.exe
2228	OpenWith.exe
2228	OpenWith.exe
2228	OpenWith.exe
3776	MiniSearchHost.exe
3792	OpenWith.exe
3792	OpenWith.exe
3792	OpenWith.exe
3792	OpenWith.exe
3792	OpenWith.exe
3792	OpenWith.exe
3792	OpenWith.exe
3792	OpenWith.exe
3792	OpenWith.exe
3792	OpenWith.exe
3792	OpenWith.exe
3792	OpenWith.exe
3792	OpenWith.exe
3792	OpenWith.exe
3792	OpenWith.exe
3792	OpenWith.exe
3792	OpenWith.exe
3792	OpenWith.exe
3792	OpenWith.exe
3792	OpenWith.exe
3792	OpenWith.exe
3792	OpenWith.exe
3792	OpenWith.exe
3792	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4252 wrote to memory of 336	4252	msedge.exe	86
PID 4252 wrote to memory of 336	4252	msedge.exe	86
PID 4252 wrote to memory of 4684	4252	msedge.exe	87
PID 4252 wrote to memory of 4684	4252	msedge.exe	87
PID 4252 wrote to memory of 4684	4252	msedge.exe	87
PID 4252 wrote to memory of 4684	4252	msedge.exe	87
PID 4252 wrote to memory of 4684	4252	msedge.exe	87
PID 4252 wrote to memory of 4684	4252	msedge.exe	87
PID 4252 wrote to memory of 4684	4252	msedge.exe	87
PID 4252 wrote to memory of 4684	4252	msedge.exe	87
PID 4252 wrote to memory of 4684	4252	msedge.exe	87
PID 4252 wrote to memory of 4684	4252	msedge.exe	87
PID 4252 wrote to memory of 4684	4252	msedge.exe	87
PID 4252 wrote to memory of 4684	4252	msedge.exe	87
PID 4252 wrote to memory of 4684	4252	msedge.exe	87
PID 4252 wrote to memory of 4684	4252	msedge.exe	87
PID 4252 wrote to memory of 4684	4252	msedge.exe	87
PID 4252 wrote to memory of 4684	4252	msedge.exe	87
PID 4252 wrote to memory of 4684	4252	msedge.exe	87
PID 4252 wrote to memory of 4684	4252	msedge.exe	87
PID 4252 wrote to memory of 4684	4252	msedge.exe	87
PID 4252 wrote to memory of 4684	4252	msedge.exe	87
PID 4252 wrote to memory of 4684	4252	msedge.exe	87
PID 4252 wrote to memory of 4684	4252	msedge.exe	87
PID 4252 wrote to memory of 4684	4252	msedge.exe	87
PID 4252 wrote to memory of 4684	4252	msedge.exe	87
PID 4252 wrote to memory of 4684	4252	msedge.exe	87
PID 4252 wrote to memory of 4684	4252	msedge.exe	87
PID 4252 wrote to memory of 4684	4252	msedge.exe	87
PID 4252 wrote to memory of 4684	4252	msedge.exe	87
PID 4252 wrote to memory of 4684	4252	msedge.exe	87
PID 4252 wrote to memory of 4684	4252	msedge.exe	87
PID 4252 wrote to memory of 4684	4252	msedge.exe	87
PID 4252 wrote to memory of 4684	4252	msedge.exe	87
PID 4252 wrote to memory of 4684	4252	msedge.exe	87
PID 4252 wrote to memory of 4684	4252	msedge.exe	87
PID 4252 wrote to memory of 4684	4252	msedge.exe	87
PID 4252 wrote to memory of 4684	4252	msedge.exe	87
PID 4252 wrote to memory of 4684	4252	msedge.exe	87
PID 4252 wrote to memory of 4684	4252	msedge.exe	87
PID 4252 wrote to memory of 4684	4252	msedge.exe	87
PID 4252 wrote to memory of 4684	4252	msedge.exe	87
PID 4252 wrote to memory of 4748	4252	msedge.exe	88
PID 4252 wrote to memory of 4748	4252	msedge.exe	88
PID 4252 wrote to memory of 720	4252	msedge.exe	89
PID 4252 wrote to memory of 720	4252	msedge.exe	89
PID 4252 wrote to memory of 720	4252	msedge.exe	89
PID 4252 wrote to memory of 720	4252	msedge.exe	89
PID 4252 wrote to memory of 720	4252	msedge.exe	89
PID 4252 wrote to memory of 720	4252	msedge.exe	89
PID 4252 wrote to memory of 720	4252	msedge.exe	89
PID 4252 wrote to memory of 720	4252	msedge.exe	89
PID 4252 wrote to memory of 720	4252	msedge.exe	89
PID 4252 wrote to memory of 720	4252	msedge.exe	89
PID 4252 wrote to memory of 720	4252	msedge.exe	89
PID 4252 wrote to memory of 720	4252	msedge.exe	89
PID 4252 wrote to memory of 720	4252	msedge.exe	89
PID 4252 wrote to memory of 720	4252	msedge.exe	89
PID 4252 wrote to memory of 720	4252	msedge.exe	89
PID 4252 wrote to memory of 720	4252	msedge.exe	89
PID 4252 wrote to memory of 720	4252	msedge.exe	89
PID 4252 wrote to memory of 720	4252	msedge.exe	89
PID 4252 wrote to memory of 720	4252	msedge.exe	89
PID 4252 wrote to memory of 720	4252	msedge.exe	89

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\Screenshot 2024-08-06 212650.png"
1⤵
PID:400

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\Desktop\UnlockClose.xht
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffe965c3cb8,0x7ffe965c3cc8,0x7ffe965c3cd8
  2⤵
  PID:336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1860,7719825960061183525,13736194381045119886,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1912 /prefetch:2
  2⤵
  PID:4684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1860,7719825960061183525,13736194381045119886,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1860,7719825960061183525,13736194381045119886,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2508 /prefetch:8
  2⤵
  PID:720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,7719825960061183525,13736194381045119886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3196 /prefetch:1
  2⤵
  PID:2112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,7719825960061183525,13736194381045119886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
  2⤵
  PID:900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,7719825960061183525,13736194381045119886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4052 /prefetch:1
  2⤵
  PID:576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,7719825960061183525,13736194381045119886,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4020 /prefetch:1
  2⤵
  PID:496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1860,7719825960061183525,13736194381045119886,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1812 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,7719825960061183525,13736194381045119886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5296 /prefetch:1
  2⤵
  PID:1380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,7719825960061183525,13736194381045119886,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5156 /prefetch:1
  2⤵
  PID:468
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1860,7719825960061183525,13736194381045119886,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4936 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,7719825960061183525,13736194381045119886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:2396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,7719825960061183525,13736194381045119886,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5260 /prefetch:1
  2⤵
  PID:3420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,7719825960061183525,13736194381045119886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:3140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,7719825960061183525,13736194381045119886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4744 /prefetch:1
  2⤵
  PID:3496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,7719825960061183525,13736194381045119886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2876 /prefetch:1
  2⤵
  PID:2816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1860,7719825960061183525,13736194381045119886,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5376 /prefetch:8
  2⤵
  PID:2548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1860,7719825960061183525,13736194381045119886,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5348 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:5052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,7719825960061183525,13736194381045119886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5664 /prefetch:1
  2⤵
  PID:4336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,7719825960061183525,13736194381045119886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5348 /prefetch:1
  2⤵
  PID:1384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,7719825960061183525,13736194381045119886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4132 /prefetch:1
  2⤵
  PID:1960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1860,7719825960061183525,13736194381045119886,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1236 /prefetch:8
  2⤵
  PID:3356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1860,7719825960061183525,13736194381045119886,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6220 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,7719825960061183525,13736194381045119886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6624 /prefetch:1
  2⤵
  PID:3880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,7719825960061183525,13736194381045119886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4664 /prefetch:1
  2⤵
  PID:4448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1860,7719825960061183525,13736194381045119886,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7148 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:2880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1860,7719825960061183525,13736194381045119886,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7140 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:2796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1860,7719825960061183525,13736194381045119886,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6964 /prefetch:8
  2⤵
  PID:3672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,7719825960061183525,13736194381045119886,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6732 /prefetch:1
  2⤵
  PID:788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --field-trial-handle=1860,7719825960061183525,13736194381045119886,131072 --lang=en-US --service-sandbox-type=entity_extraction --mojo-platform-channel-handle=7076 /prefetch:8
  2⤵
  PID:4944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,7719825960061183525,13736194381045119886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6972 /prefetch:1
  2⤵
  PID:3356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,7719825960061183525,13736194381045119886,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:2884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,7719825960061183525,13736194381045119886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3588 /prefetch:1
  2⤵
  PID:1732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,7719825960061183525,13736194381045119886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6828 /prefetch:1
  2⤵
  PID:924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,7719825960061183525,13736194381045119886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6700 /prefetch:1
  2⤵
  PID:1788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,7719825960061183525,13736194381045119886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4088 /prefetch:1
  2⤵
  PID:5280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,7719825960061183525,13736194381045119886,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4600 /prefetch:1
  2⤵
  PID:1644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,7719825960061183525,13736194381045119886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4632 /prefetch:1
  2⤵
  PID:5796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,7719825960061183525,13736194381045119886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6824 /prefetch:1
  2⤵
  PID:5556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,7719825960061183525,13736194381045119886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:1180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,7719825960061183525,13736194381045119886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4712 /prefetch:1
  2⤵
  PID:4028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,7719825960061183525,13736194381045119886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5900 /prefetch:1
  2⤵
  PID:6028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,7719825960061183525,13736194381045119886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7312 /prefetch:1
  2⤵
  PID:6020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,7719825960061183525,13736194381045119886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7224 /prefetch:1
  2⤵
  PID:4512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,7719825960061183525,13736194381045119886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6812 /prefetch:1
  2⤵
  PID:3028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,7719825960061183525,13736194381045119886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7236 /prefetch:1
  2⤵
  PID:1696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,7719825960061183525,13736194381045119886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6236 /prefetch:1
  2⤵
  PID:3968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,7719825960061183525,13736194381045119886,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5620 /prefetch:1
  2⤵
  PID:5820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,7719825960061183525,13736194381045119886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7344 /prefetch:1
  2⤵
  PID:4544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,7719825960061183525,13736194381045119886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5908 /prefetch:1
  2⤵
  PID:2688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,7719825960061183525,13736194381045119886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7780 /prefetch:1
  2⤵
  PID:596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,7719825960061183525,13736194381045119886,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7584 /prefetch:1
  2⤵
  PID:3496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,7719825960061183525,13736194381045119886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7712 /prefetch:1
  2⤵
  PID:1360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,7719825960061183525,13736194381045119886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1344 /prefetch:1
  2⤵
  PID:5500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,7719825960061183525,13736194381045119886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7708 /prefetch:1
  2⤵
  PID:6064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,7719825960061183525,13736194381045119886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5188 /prefetch:1
  2⤵
  PID:5668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,7719825960061183525,13736194381045119886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7236 /prefetch:1
  2⤵
  PID:5108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,7719825960061183525,13736194381045119886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7880 /prefetch:1
  2⤵
  PID:1784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,7719825960061183525,13736194381045119886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5740 /prefetch:1
  2⤵
  PID:3364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1860,7719825960061183525,13736194381045119886,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6156 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:5428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,7719825960061183525,13736194381045119886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7568 /prefetch:1
  2⤵
  PID:488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1860,7719825960061183525,13736194381045119886,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7644 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:5236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,7719825960061183525,13736194381045119886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5628 /prefetch:1
  2⤵
  PID:5392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,7719825960061183525,13736194381045119886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7108 /prefetch:1
  2⤵
  PID:5096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,7719825960061183525,13736194381045119886,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5476 /prefetch:1
  2⤵
  PID:760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,7719825960061183525,13736194381045119886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7332 /prefetch:1
  2⤵
  PID:4028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,7719825960061183525,13736194381045119886,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7664 /prefetch:1
  2⤵
  PID:5592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,7719825960061183525,13736194381045119886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6988 /prefetch:1
  2⤵
  PID:2704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,7719825960061183525,13736194381045119886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6084 /prefetch:1
  2⤵
  PID:5996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,7719825960061183525,13736194381045119886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1712 /prefetch:1
  2⤵
  PID:3252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,7719825960061183525,13736194381045119886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6544 /prefetch:1
  2⤵
  PID:4728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,7719825960061183525,13736194381045119886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1664 /prefetch:1
  2⤵
  PID:5872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,7719825960061183525,13736194381045119886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6984 /prefetch:1
  2⤵
  PID:2212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,7719825960061183525,13736194381045119886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4052 /prefetch:1
  2⤵
  PID:1712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,7719825960061183525,13736194381045119886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6588 /prefetch:1
  2⤵
  PID:5840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,7719825960061183525,13736194381045119886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=81 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6456 /prefetch:1
  2⤵
  PID:3256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,7719825960061183525,13736194381045119886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=82 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8216 /prefetch:1
  2⤵
  PID:3496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,7719825960061183525,13736194381045119886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=83 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8220 /prefetch:1
  2⤵
  PID:5524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,7719825960061183525,13736194381045119886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=84 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8356 /prefetch:1
  2⤵
  PID:2532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,7719825960061183525,13736194381045119886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=85 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8488 /prefetch:1
  2⤵
  PID:5084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,7719825960061183525,13736194381045119886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=86 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8628 /prefetch:1
  2⤵
  PID:5396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,7719825960061183525,13736194381045119886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=87 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8764 /prefetch:1
  2⤵
  PID:872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,7719825960061183525,13736194381045119886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=88 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8892 /prefetch:1
  2⤵
  PID:1768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,7719825960061183525,13736194381045119886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=89 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4824 /prefetch:1
  2⤵
  PID:2060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,7719825960061183525,13736194381045119886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=90 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5668 /prefetch:1
  2⤵
  PID:2192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,7719825960061183525,13736194381045119886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=91 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9076 /prefetch:1
  2⤵
  PID:1384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,7719825960061183525,13736194381045119886,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=92 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7368 /prefetch:1
  2⤵
  PID:5528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,7719825960061183525,13736194381045119886,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=93 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5564 /prefetch:1
  2⤵
  PID:5924

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3672

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3740

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2016

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4188
- C:\Program Files\Microsoft Office\root\Office16\Winword.exe
  "C:\Program Files\Microsoft Office\root\Office16\Winword.exe" /n "C:\Users\Admin\Downloads\YouAreAnIdiot-main\YouAreAnIdiot-main\README.md"
  2⤵
  - Checks processor information in registry
  - Enumerates system info in registry
  - Suspicious behavior: AddClipboardFormatListener
  - Suspicious use of SetWindowsHookEx
  PID:3636

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\YouAreAnIdiot-main\YouAreAnIdiot-main\js\main.js"
1⤵
PID:4372

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\YouAreAnIdiot-main\YouAreAnIdiot-main\js\main.js"
1⤵
PID:5084

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2228
- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
  "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /Play "C:\Users\Admin\Downloads\YouAreAnIdiot-main\YouAreAnIdiot-main\js\main.js"
  2⤵
  - Enumerates connected drives
  - System Location Discovery: System Language Discovery
  - Suspicious use of AdjustPrivilegeToken
  PID:2136
- - C:\Windows\SysWOW64\unregmp2.exe
    "C:\Windows\System32\unregmp2.exe" /AsyncFirstLogon
    3⤵
    - System Location Discovery: System Language Discovery
    PID:920
  - - C:\Windows\system32\unregmp2.exe
      "C:\Windows\SysNative\unregmp2.exe" /AsyncFirstLogon /REENTRANT
      4⤵
      Enumerates connected drives
      Suspicious use of AdjustPrivilegeToken
      PID:5040
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2136 -s 1188
    3⤵
    - Program crash
    PID:2964

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation -p -s upnphost
1⤵
- Drops file in Windows directory
PID:4256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 2136 -ip 2136
1⤵
PID:5084

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\YouAreAnIdiot-main\YouAreAnIdiot-main\js\main.js"
1⤵
PID:2984

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\YouAreAnIdiot-main\YouAreAnIdiot-main\js\main.js"
1⤵
PID:712

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3776

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\ransomware-master\ransomware-master\requirements.txt
1⤵
PID:3716

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:3792
- C:\Program Files\Microsoft Office\root\Office16\Winword.exe
  "C:\Program Files\Microsoft Office\root\Office16\Winword.exe" /n "C:\Users\Admin\Downloads\ransomware-master\ransomware-master\발표자료\[컴퓨터보안_월요일_프로젝트_최종]개미는(뚠뚠) 보고서.hwp"
  2⤵
  - Checks processor information in registry
  - Enumerates system info in registry
  - Suspicious behavior: AddClipboardFormatListener
  PID:4512

C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE
"C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE" "C:\Users\Admin\Downloads\ransomware-master\ransomware-master\발표자료\[컴퓨터보안_월요일_프로젝트_최종]개미는(뚠뚠) ppt.pptx" /ou ""
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
PID:5972

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
PID:5312
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\Downloads\ransomware-master\ransomware-master\final.py"
  2⤵
  - System Location Discovery: System Language Discovery
  - Checks processor information in registry
  - Modifies Internet Explorer settings
  - Suspicious behavior: EnumeratesProcesses
  PID:5432
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5740
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=39EB7C0B22AC9C5933136A51EAC9C168 --mojo-platform-channel-handle=1776 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
      4⤵
      System Location Discovery: System Language Discovery
      PID:5860
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=5D85FA24058427584D9AFF143434680D --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=5D85FA24058427584D9AFF143434680D --renderer-client-id=2 --mojo-platform-channel-handle=1768 --allow-no-sandbox-job /prefetch:1
      4⤵
      System Location Discovery: System Language Discovery
      PID:5888
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=3BF7BB7DD9B1CE21B8B0670872660048 --mojo-platform-channel-handle=2312 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
      4⤵
      System Location Discovery: System Language Discovery
      PID:5956
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=ABEAB5D735A4D40D9A82F24EE69328AD --mojo-platform-channel-handle=1952 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
      4⤵
      System Location Discovery: System Language Discovery
      PID:1644
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=DA3BCE8ED1C6E10D5C6F98E2EB1CD438 --mojo-platform-channel-handle=1756 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
      4⤵
      System Location Discovery: System Language Discovery
      PID:4512
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=3186080FC530CB69641F7E6031FAF73F --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=3186080FC530CB69641F7E6031FAF73F --renderer-client-id=8 --mojo-platform-channel-handle=2040 --allow-no-sandbox-job /prefetch:1
      4⤵
      System Location Discovery: System Language Discovery
      PID:5236

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3076

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
PID:5304

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
PID:6128
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\Downloads\ransomware-master\ransomware-master\final.spec"
  2⤵
  PID:3236
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\Downloads\ransomware-master\ransomware-master\final.spec
    3⤵
    - Checks processor information in registry
    - Modifies registry class
    - Suspicious use of AdjustPrivilegeToken
    PID:2688
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1948 -parentBuildID 20240401114208 -prefsHandle 1884 -prefMapHandle 1876 -prefsLen 23678 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6c8c9640-e638-48fe-bb92-aefd5739f8e5} 2688 "\\.\pipe\gecko-crash-server-pipe.2688" gpu
      4⤵
      PID:5460
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2368 -parentBuildID 20240401114208 -prefsHandle 2360 -prefMapHandle 2348 -prefsLen 24598 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ff0dbd29-b2ab-4ca5-973b-aa73fe66995f} 2688 "\\.\pipe\gecko-crash-server-pipe.2688" socket
      4⤵
      Checks processor information in registry
      PID:5656
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3240 -childID 1 -isForBrowser -prefsHandle 2888 -prefMapHandle 2912 -prefsLen 24739 -prefMapSize 244658 -jsInitHandle 1228 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fc5bc941-75e2-4278-b76d-7491d257ef0f} 2688 "\\.\pipe\gecko-crash-server-pipe.2688" tab
      4⤵
      PID:4752
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3652 -childID 2 -isForBrowser -prefsHandle 3664 -prefMapHandle 3660 -prefsLen 29088 -prefMapSize 244658 -jsInitHandle 1228 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {156a131c-9d0b-46b0-81e7-e3702e718854} 2688 "\\.\pipe\gecko-crash-server-pipe.2688" tab
      4⤵
      PID:5224
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4540 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4532 -prefMapHandle 4452 -prefsLen 29088 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {087bb157-511e-429e-b98d-b8a38fe88fff} 2688 "\\.\pipe\gecko-crash-server-pipe.2688" utility
      4⤵
      Checks processor information in registry
      PID:2704
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5324 -childID 3 -isForBrowser -prefsHandle 5356 -prefMapHandle 5248 -prefsLen 26944 -prefMapSize 244658 -jsInitHandle 1228 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6ae763e1-de4b-4ffc-817b-95c56c6cabda} 2688 "\\.\pipe\gecko-crash-server-pipe.2688" tab
      4⤵
      PID:6056
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5568 -childID 4 -isForBrowser -prefsHandle 5488 -prefMapHandle 5492 -prefsLen 26944 -prefMapSize 244658 -jsInitHandle 1228 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cc1edce6-4abd-46a7-a7cf-ffe92ec319d4} 2688 "\\.\pipe\gecko-crash-server-pipe.2688" tab
      4⤵
      PID:3724
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5788 -childID 5 -isForBrowser -prefsHandle 5708 -prefMapHandle 5716 -prefsLen 26944 -prefMapSize 244658 -jsInitHandle 1228 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {05673c62-ec68-4a9d-8796-bbfebed25329} 2688 "\\.\pipe\gecko-crash-server-pipe.2688" tab
      4⤵
      PID:1492

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004D0 0x00000000000004D8
1⤵
PID:5940

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
PID:3900
- C:\Program Files\Microsoft Office\root\Office16\Winword.exe
  "C:\Program Files\Microsoft Office\root\Office16\Winword.exe" /n "C:\Users\Admin\Downloads\ZOD-master\ZOD-master\README.md"
  2⤵
  - Checks processor information in registry
  - Enumerates system info in registry
  - Suspicious behavior: AddClipboardFormatListener
  PID:3600

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
PID:2180

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Temp1_TheDestroyer-master.zip\TheDestroyer-master\core.py"
1⤵
- System Location Discovery: System Language Discovery
- Checks processor information in registry
- Modifies Internet Explorer settings
PID:5136
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
  2⤵
  - System Location Discovery: System Language Discovery
  PID:956
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=59523B946AE29CD17437ECE99E424372 --mojo-platform-channel-handle=1724 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2060
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=EBD7859DCFC51F65D55321F9EDB33A90 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=EBD7859DCFC51F65D55321F9EDB33A90 --renderer-client-id=2 --mojo-platform-channel-handle=1736 --allow-no-sandbox-job /prefetch:1
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3636

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
PID:5208

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
PID:5076

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
PID:2624
- C:\Program Files\Microsoft Office\root\Office16\Winword.exe
  "C:\Program Files\Microsoft Office\root\Office16\Winword.exe" /n "C:\Users\Admin\AppData\Local\Temp\Temp1_TheDestroyer-master.zip\TheDestroyer-master\README.md"
  2⤵
  - Checks processor information in registry
  - Enumerates system info in registry
  - Suspicious behavior: AddClipboardFormatListener
  PID:728

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_0FB9553B978E7F00C6B2309507DEB64A

Filesize
471B

MD5
eae1570bb68ad46764147a16759e5936

SHA1
cd91d08f969a232df5349d56a7b92c6bc9821232

SHA256
2c05b9b5055396d6717fa23e22a8e2655649c5832590e322dc14396ba401d779

SHA512
1d55715ceea44165910e29280a889416d4bd7c54cb8c4b4be1025fdd0d5c71055622431648464122830339c834780b7598749f9a8fb7d6146c4d8d557cd10fb8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_0FB9553B978E7F00C6B2309507DEB64A

Filesize
412B

MD5
0c039173e78a7b34278dc351f6c96cbe

SHA1
c1399dcf3c96ba1818d818db8f5108dcd67d0026

SHA256
d8c77b49b2c3e263cab327bfc4934232795857016dc0404015b12690b755f094

SHA512
f3f4420fb50d6c384ffa41d3e081aed9060226da448a70a9ab6b920797a40674a892a71347462772462d3a3217fa27cbee1b08adacc7f53bf4d510e0ade6ed02

Download Submit
C:\Users\Admin\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

Filesize
12KB

MD5
422fe3fe8021970abe3d78ec4e84fa34

SHA1
ae1574f4568e0238fe3f9abf7bb53c0aa37161df

SHA256
395487dbe1516d4d3b45e19c3e8291ab13c954e1c682564d4ac73b1d0b22d4b6

SHA512
44f3831615608112ad20aeee7498a4c69a9e2cb3fe787ca31600a43327cf92bf755f1ff284ff996702bfcbdc7ab5e2587155c595ba6e7220f4a5c534c23410b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b4ae6009e2df12ce252d03722e8f4288

SHA1
44de96f65d69cbae416767040f887f68f8035928

SHA256
7778069a1493fdb62e6326ba673f03d9a8f46bc0eea949aabbbbc00dcdaddf9d

SHA512
bb810721e52c77793993470692bb2aab0466f13ed4576e4f4cfa6bc5fcfc59c13552299feb6dfd9642ea07b19a5513d90d0698d09ca1d15e0598133929c05fe1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4bf4b59c3deb1688a480f8e56aab059d

SHA1
612c83e7027b3bfb0e9d2c9efad43c5318e731bb

SHA256
867ab488aa793057395e9c10f237603cfb180689298871cdf0511132f9628c82

SHA512
2ec6c89f9653f810e9f80f532abaff2a3c0276f6d299dce1b1eadf6a59e8072ed601a4f9835db25d4d2610482a00dd5a0852d0ef828678f5c5ed33fe64dddca9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
62KB

MD5
c3c0eb5e044497577bec91b5970f6d30

SHA1
d833f81cf21f68d43ba64a6c28892945adc317a6

SHA256
eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb

SHA512
83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
67KB

MD5
a074f116c725add93a8a828fbdbbd56c

SHA1
88ca00a085140baeae0fd3072635afe3f841d88f

SHA256
4cdcda7d8363be5bc824064259780779e7c046d56399c8a191106f55ce2ed8a6

SHA512
43ed55cda35bde93fc93c408908ab126e512c45611a994d7f4e5c85d4f2d90d573066082cb7b8dffce6a24a1f96cd534586646719b214ac7874132163faa5f28

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
41KB

MD5
a7ee007fb008c17e73216d0d69e254e8

SHA1
160d970e6a8271b0907c50268146a28b5918c05e

SHA256
414024b478738b35312a098bc7f911300b14396d34718f78886b5942d9afe346

SHA512
669bec67d3fc1932a921dd683e6acfdf462b9063e1726770bae8740d83503a799c2e30030f2aca7ec96df0bfd6d8b7f999f8296ee156533302161eb7c9747602

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
63KB

MD5
710d7637cc7e21b62fd3efe6aba1fd27

SHA1
8645d6b137064c7b38e10c736724e17787db6cf3

SHA256
c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b

SHA512
19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
88KB

MD5
b38fbbd0b5c8e8b4452b33d6f85df7dc

SHA1
386ba241790252df01a6a028b3238de2f995a559

SHA256
b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd

SHA512
546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
1.2MB

MD5
9f8f80ca4d9435d66dd761fbb0753642

SHA1
5f187d02303fd9044b9e7c74e0c02fe8e6a646b7

SHA256
ab481b8b19b3336deda1b9ad4680cce4958152c9f9daa60c7bd8eb6786887359

SHA512
9c0de8e5bf16f096bf781189d813eeb52c3c8ec73fc791de10a8781e9942de06ed30ff5021ab7385c98686330049e3e610adc3e484e12ef807eec58607cfae63

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
43KB

MD5
209af4da7e0c3b2a6471a968ba1fc992

SHA1
2240c2da3eba4f30b0c3ef2205ce7848ecff9e3f

SHA256
ecc145203f1c562cae7b733a807e9333c51d75726905a3af898154f3cefc9403

SHA512
09201e377e80a3d03616ff394d836c85712f39b65a3138924d62a1f3ede3eac192f1345761c012b0045393c501d48b5a774aeda7ab5d687e1d7971440dc1fc35

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
73KB

MD5
cf604c923aae437f0acb62820b25d0fd

SHA1
84db753fe8494a397246ccd18b3bb47a6830bc98

SHA256
e2b4325bb9a706cbfba8f39cca5bde9dae935cbb1d6c8a562c62e740f2208ab4

SHA512
754219b05f2d81d11f0b54e5c7dd687bd82aa59a357a3074bca60fefd3a88102577db8ae60a11eb25cc9538af1da39d25fa6f38997bdc8184924d0c5920e89c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
27KB

MD5
c3bd38af3c74a1efb0a240bf69a7c700

SHA1
7e4b80264179518c362bef5aa3d3a0eab00edccd

SHA256
1151160e75f88cbc8fe3ada9125cc2822abc1386c0eab7a1d5465cfd004522c8

SHA512
41a2852c8a38700cf4b38697f3a6cde3216c50b7ed23d80e16dea7f5700e074f08a52a10ba48d17111bb164c0a613732548fe65648658b52db882cacb87b9e8e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

Filesize
21KB

MD5
a6d2a865e9f16ea305950181afef4fcf

SHA1
082145d33593f3a47d29c552276c88cf51beae8e

SHA256
2e5d94863281987de0afa1cfd58c86fde38fd3677c695268585161bc2d0448a2

SHA512
6aa871d6b2b0d1af0bda0297d164e2d685bc53f09983e5a4e1205f4eb972a2017323c99c3cc627c3fb01381b66816e570f61d013d3775cddad285ac1b604cdc9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

Filesize
37KB

MD5
a2ade5db01e80467e87b512193e46838

SHA1
40b35ee60d5d0388a097f53a1d39261e4e94616d

SHA256
154a7cfc19fb8827601d1f8eda3788b74e2018c96779884b13da73f6b1853a15

SHA512
1c728558e68ed5c0a7d19d8f264ad3e3c83b173b3e3cd5f53f5f3b216ed243a16944dbe6b2159cfe40ee4a3813ca95a834f162073a296b72bbdedc15546be8f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

Filesize
37KB

MD5
93acf02790e375a1148c9490557b3a1d

SHA1
78a367c8a8b672dd66a19eb823631e8990f78b48

SHA256
4f2513f353c2cdd3177e3890f216ea666e4eb99477a56a97ff490f69a9833423

SHA512
e6354f4e4d35e9b936a7ddaebdd6527c37e6248c3f2d450c428903a32d77439cab78020a45834379cf814a79149c3dddf4e1280b9d06a7f972e5f8e61c463d6e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a

Filesize
18KB

MD5
2e23d6e099f830cf0b14356b3c3443ce

SHA1
027db4ff48118566db039d6b5f574a8ac73002bc

SHA256
7238196a5bf79e1b83cacb9ed4a82bf40b32cd789c30ef790e4eac0bbf438885

SHA512
165b1de091bfe0dd9deff0f8a3968268113d95edc9fd7a8081b525e0910f4442cfb3b4f5ac58ecfa41991d9dcabe5aa8b69f7f1c77e202cd17dd774931662717

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001b

Filesize
40KB

MD5
3051c1e179d84292d3f84a1a0a112c80

SHA1
c11a63236373abfe574f2935a0e7024688b71ccb

SHA256
992cbdc768319cbd64c1ec740134deccbb990d29d7dccd5ecd5c49672fa98ea3

SHA512
df64e0f8c59b50bcffb523b6eab8fabf5f0c5c3d1abbfc6aa4831b4f6ce008320c66121dcedd124533867a9d5de83c424c5e9390bf0a95c8e641af6de74dabff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001c

Filesize
53KB

MD5
68f0a51fa86985999964ee43de12cdd5

SHA1
bbfc7666be00c560b7394fa0b82b864237a99d8c

SHA256
f230c691e1525fac0191e2f4a1db36046306eb7d19808b7bf8227b7ed75e5a0f

SHA512
3049b9bd4160bfa702f2e2b6c1714c960d2c422e3481d3b6dd7006e65aa5075eed1dc9b8a2337e0501e9a7780a38718d298b2415cf30ec9e115a9360df5fa2a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023

Filesize
23KB

MD5
bc715e42e60059c3ea36cd32bfb6ebc9

SHA1
b8961b23c29b9769100116ba0da44f13a24a3dd4

SHA256
110ccd760150c6ac29c987ee2b8f7c56772036f6fe74ff2fb56c094849912745

SHA512
5c0edd336a6d892f0163aa183e5482313dd86f9f5b2d624b3c4529692d70720f4823808f10ee7870fd9368b24de752b343570419fd244c33ad2d9cc86007bedc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000027

Filesize
46KB

MD5
a5cda1ca6ed78e38398938703b191ce0

SHA1
2dac760eb17e091bf6434ff79959b7b94fba8f95

SHA256
8f6b5d11b11524dc54f79a058a73711b181465687fff6a9dc05959bda7faec05

SHA512
3b383a08181f426c1bdf06cd14fbbdadbb70f81c29e2710bc8eddae14d122db795f22205a108f4405a150b07b5670a8660055d9f1e089963c4975d539e88dd91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000029

Filesize
17KB

MD5
109a8cceba33695698297e575e56bfad

SHA1
2b8c6dce1ccd21a6eea2dd9aef2a8a6bde389053

SHA256
dd82d9ac034f0a06524fc1d5ef884c29a7e4d586a1e7db66e339dc54fac3636d

SHA512
6d51ed30c45560838df921212370a0044640a8e3c0433922106225cb6fec8cc115ac6191c753da13def21c4e0db4deb5782fb7a75ada822ced1db7c7d13beaf3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002a

Filesize
19KB

MD5
f5b631335f170065edf1b148e10b34d4

SHA1
ca34f82af577fec763ed38f0436d20f1cf766f62

SHA256
99be964ed51ca453ccfaa264a1ea9490da11e32b53765919172b6d3749a9f846

SHA512
c66791cbdc7c0d12e7295eb26eb583b26e03692c8986ab7d5dac0e6a561b8b68a8a9e33814121efc700ff6b472aa4f685162b0c75439b144f12286c9e28c7cc7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002b

Filesize
23KB

MD5
de8c6574e9057e4b6ea7b9437db4b9d5

SHA1
265d520b6a04b434f5c3fc8c28debac183898db2

SHA256
51f281fe367854904b3db4b6f4cd70ccf90414335716482aceef382c536ae746

SHA512
cc8791772d03ee3f4b13654d2bd3354ab1ec28322ae3522187603bde00b1a5d940e99e62dda0fd3a7faf0ba9c3cd42425d0e64196f954bdb93c979f5e990e7dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000041

Filesize
9.8MB

MD5
5908d21de5384d8636d528e1a25be6a5

SHA1
9050747ccbee3e809d02831521b07032167a80b4

SHA256
079f8eb09b795c1b6b8aea5d6873657c33373d3c55a8481dd9c7090e421be5d0

SHA512
c51e996259debec818426b5ca6904d8d42a621b7931f486effc14e35072cd17778cbe17af492752bf7ecab1d5e12ec67cd6a4b9d64150e5df9b11440fd224f85

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000044

Filesize
61KB

MD5
707d9e317670b59563e4427af1c62ecd

SHA1
5b7e2ed8c380b7188f4e897bcacc3c846b268da7

SHA256
d41f99700efad62451e02d458d97c27678975334bb93b3033c671dd96cdb7022

SHA512
9a5471910b1a59f2278bfc15353a87894875ab9f27417ee778b268d1e9525080f2857b3bcde277365677edc285d20731be1024859ce72e397bb3dcd6875a7ed3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000073

Filesize
18KB

MD5
f4046e5958360baf675a15eed9ec62a5

SHA1
a3add9fc6ea0cdae9ae6e54486b0304c4664b29d

SHA256
0dec7faf1a1e5a5db8b216ec37a49a1940aaacdc39a09a50bc72118b2bb94b56

SHA512
a3df04dca32da0077afd01a2b960e1d951a611042d925eee0756da0b2eecfa0284d50caebaebf0610bd235289af12ea97d919cfd536f68b6c03e3e540bd83f79

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\115807c81f46d2fa_0

Filesize
4KB

MD5
c0ebefaf0299af822aab9c7edbc11f9e

SHA1
d12db9d0cc80be97b1850c0d6266d6a97c7f6f0d

SHA256
34b83664c54d22ade3dc89252b148e04f304270bcb2ba68617dd5211c1f6958d

SHA512
4ddf4122db62695bbeba44d0de6bdb72f2447154d7a48d4b621728368165989fb5c6d8c52bd97000398b5585c93ffe06844a2d5a4a151d7ee0da62fdafa54d7b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\1f0ad62f4f64626e_0

Filesize
3KB

MD5
945e6c4b70fa80d0cd89cbdf23255142

SHA1
ee4c47a0a89364d82a756750c48c9d22162837ac

SHA256
c67c36c0b2bc138385f72793a9236f7053c4d232f0519043e6bddebc99ef3070

SHA512
1323a30f12e2db0ac3bf1b4cd4dd2c7ae5dde4f186ba5d34d6eb2914e9f4a40d5af496cd116d4f69a97584a45611cff6571d79fde59a774edeeff29d67c102b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\2ced246d98cd3678_0

Filesize
366B

MD5
6ab39940b1d45e6c45b31823a0bc5a27

SHA1
d9951cde8ff9e1ca0ef8332680fd7afe62a43be7

SHA256
43ed15518ad9461907eed64d3eab11b9292ea8232bab8ecbf7da9fe65a7aa083

SHA512
16f64242dd997f841f3ec348d751df76c3515ad98fcc6c0fc3e23648a22f87313c4fdaa8b24ac2c865a0d8b4c5827a1376b07e9ede34040667c0d02eb64472e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\2d9c813a0dcdf108_0

Filesize
5KB

MD5
03e4b55c7151269ae006b60a1369df11

SHA1
4d31d0ba06efb765d6d06a2f7c5f96320f06317c

SHA256
8cf543e663f3b0c86761b7e88c2a4617276fff8b6a9e3079313ad449b0527a51

SHA512
293cacd4a36f796460993152b6589391b5d519486c64a27425277a23aaec4e2b420e75c60dce4707e79451ea1d71f4f024ed6ade41204ef1fe7239544699d214

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\311f97ecf058f007_0

Filesize
9KB

MD5
6a27e09c2908d52713311ee19f3b59f1

SHA1
2238c2b3faf9ddd0f9c42dfb3bdd087749fe38fc

SHA256
9f648ab912f1f1199b62c10dd4679e2e58d2092655e09de1a390e4ad7d7eb3a1

SHA512
e3dbf8c9570cb2eba0f1a458a44438c05a8ce545a1a212345e396204f9cde328eaa2a5f52e84c95c110b9248946da457c6927e17b9d3c5f7ef26b7f552123876

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\34464b43cd03bbff_0

Filesize
20KB

MD5
5359344243c43f55a1546d8edb0a70ce

SHA1
6eb56d39813dcd4104037764e72505913d149584

SHA256
e30c061b949fcdcd0e32e2cc5eac86dc5697f455cb6d82eeb5c8cba6ab4922c3

SHA512
8c4afad75baad59a4577d58c14ebeadb281cb3cc2cd67c6625049231a9491ab2dc3467b2b9e0b40bb097c1c294dce79680124c95ed4e3fc162d90d38d3b7db98

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3f8b23cc82f2b2e7_0

Filesize
8KB

MD5
dfce72a01abc359cc214ab8317dc5014

SHA1
95b33cb35361bc65f8efd1352173d93263d5869c

SHA256
926bf1e1f1d4123aceb0b6b84636dae4afc20a42cb5e6f7308f5b7d006fcc2ce

SHA512
26dfc306235aa9d56495f8662cc3cd36658ebf8b9037b44eba367c1f25e6dc67e949f09c6de699f160c175e911c720bd57a621bb9feee634d1e36b52e6cdce59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3fce2772ba8b623b_0

Filesize
5KB

MD5
004cd5b75eea85f68da161c946e04a64

SHA1
ed459c53f3b99b96572f55cd301acbf94aa11832

SHA256
1f4311aa37bd08b6f2ba7105c45a0bdb019eff6359c1580fb2bf0d8e441d1a63

SHA512
afd607c72ee146d444bb15c0196cf5a6320a012fb2a9213194d5437ea44b34559d4f4e2856725dbd5da17d05a6aaef9f138289334e33e3001d23215312d25f09

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\427075385d94c9da_0

Filesize
3KB

MD5
c16c51efc2ba50b0c257429ccf67f721

SHA1
a73c0bb0e6e01f846454909073ddddba4f8ac2a0

SHA256
2132939a6e944970216b39c33b24e83c66cea502915195fd6c454c32e25f8497

SHA512
36c1c9f2a0e061ab0fceb96420aaabda014f502db5e00e037488b13533b31a089186ebf0bd653bf39057ea52d4cd897a896ea68d8a801e1fd108a2746a7b4ce4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\499970c64aac6bd9_0

Filesize
20KB

MD5
3e85ca5b7e838eb2c908a8824eee85f4

SHA1
b5be2b68d0199053a97afb5880c7905159bc9a47

SHA256
a5dcd5fd36dd50c885b31822d8dfc501b546cda76855c37ce5675c68fe567108

SHA512
5524d5f9657a62656a3da62bd1dc620169e2e0cd70be32689757a5c2200c2355fb66324ce2de40410d4b254a5b1810753e76be412d712f9b24eebc32c8ef6b8b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\500ffe1035a53dfd_0

Filesize
35KB

MD5
9fffac6e39849f3e4e52415dd8d1054f

SHA1
51415c9d277661a93d945b2465825260f2b9024e

SHA256
2201d9f03ed68e4abee4a217776e6b7fa992eb1cfe399d0fa9bdb3fa81fdb9db

SHA512
ce8c9bff1e45f4aaf8a35d90e4f4bcbbea21680d644d22d47f43733aad06f8502950dbd773c55748281f230225b4104896e51cfe7ac260db314862c789309a7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5096bd761e7a735a_0

Filesize
3KB

MD5
dd0382ec9e23bbb083840b925a929d5c

SHA1
7d74ef565f011927ee0f870a0d68aa27f9f91e0e

SHA256
4aa60f2bedcc4b16532a457aa82e2f82d269f6fb849d8f4b0b8abe373d1b6814

SHA512
c53aa426d3d104003e4a460becb30c73a5851c8e605f6c4864fa02e0a91a05bb1fff182cb81b41506515c4dc2dd476437b1aab5e7bd0ee844198eccd74a0dde9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\51b3cd7345d9e3fb_0

Filesize
17KB

MD5
2248bada88a0411bb4b14d41544106f1

SHA1
86b1f92df83067f0de65dcbfc6761bc3033b80e8

SHA256
3e6a1d276272b8c644755dc871c6ff24f3f4e0f8f2ecab81688e3478adb7d808

SHA512
b356efaf53e0256c848fd929d897e2e07cf632eeb2f9784e48e78f083467ac5e78c9bffc887d8c554bb9b00230ade7f785a4986a5e23ec5992d0babcf39669bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\57fea5bbba039920_0

Filesize
5KB

MD5
0cac1f96238c40e4ec1a834c1e41f132

SHA1
ecc040e7921cfa8421022a932d3071d8d1410a65

SHA256
aef76af207f8a8f8814a6979ccca0b0bc80a7373d22f3dbe26bbdb9e62562d8e

SHA512
91cfcaffc154d0118bc77deec9ae52b5c647169f49610eeed0fac20c2316f6bf40eafdcb34758fcedd510499087a60af58fda39872955a441d283b78e721ec4d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\69e2fe0a78cb50ac_0

Filesize
26KB

MD5
ab3dcf9238223262f9241223449682fe

SHA1
7c987ece835bbfe7bc59e552d6a128edfd51a64c

SHA256
5cb6359ffd29bc70fb72f793e3c1b0f0d2de869fc490a34cacfb1abd7516270d

SHA512
311556fc41bab9abb9c7f4421c54bbf7dc997b409e58b07bfb185e468861ea1dc3b03c46cfe8cc1ce6018a967f2ac648e59aa4eca4f7388ab0650dcf27902fa2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6b9f09f12238ba0d_0

Filesize
7KB

MD5
dbde09ee7791a14acef6489aa29a471d

SHA1
3f1e04c4e3f279d0cb55fc93b8d422bcc93e6cf7

SHA256
7b42d1f69095ddf1a7e2cddbe6fb050087453e671ea67ab1b2bfbba82b8d5f4e

SHA512
7476d851bccb5b961acc95b82201d008481d41ee19d51107217515dbb44bf9f1bad3f8c2de09dfa9680146b216b9257f04d09abc7c5a10cc972a5cfe55adab47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\734ea16c8a79e2f1_0

Filesize
3KB

MD5
e1de5cbb77e66953961892f625a09a2d

SHA1
b362267afe1338039ad47eb60d3a14ac5764417c

SHA256
f36a10a59726a5a214a59a58145b2da12ccca2ac03cec026538826ece082a132

SHA512
c52c77b8c46323cba09491da21c4a134892e2241d8746dfc504092cf285a4cd6d78d1a7466ebfddeddaccd2c39245f9938363668b087d131813d744f70b2d0e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\794b4df9888a1693_0

Filesize
6KB

MD5
bb3d3a836cab3fbef135631c8c8ecee7

SHA1
6ca7a834d4701abfa050486b9a0b2c2a7e732ba5

SHA256
f80df95bbd812bc90ea296312ecb37a1247364f852406d8d2cc7360ac36d2a36

SHA512
e09d6e9e7c40aa9c33777d3175bba7476614cc5919614b039e52d67688f93d7de81ac0658f7539ab7133d4a136a34c6bc61a44fe0f83141835ea159b9c5bae56

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7c3094013c730abf_0

Filesize
1KB

MD5
29f02137c4c787b4369dac696d7a42be

SHA1
64433a6fb10d89e681bcba8241e61fe7eee214a0

SHA256
3e2e6c569f860e34032be7cbe1f7defa5c1c4b468a410bebeed3b8d27f4ab48e

SHA512
6fa2710100ba1e38e3e81ee80fd9cbddb2548ebebd4be07e796a700708239ae501aa62dc577eefcb5dcd38c73250e6d9471da3ba1f50a36bded578f35f35abb6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7e23bcf4dbf5c221_0

Filesize
43KB

MD5
33147a129c9c3363116a742d8c361e8c

SHA1
f97ccc5a74ff6f19aacf8ffb52fc41dfc30927dc

SHA256
234cfec70ef7f932aa1bbad7055e184fe096b444dbd1d2136d09600f76853a1b

SHA512
47fe4f838799c924dfa06c8ae3e40b595478a5e7252593faa4e692f3511180444fd5b7904ca8b4469379a1029afe123e90c3a491124861f7b1b1b39da84e9d5f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8ee73a31bd0cce7d_0

Filesize
22KB

MD5
58a18744b1a7a3bd59e71f021d76cd43

SHA1
9400e51d284972c953e78817a546a58c07cbca07

SHA256
d3c637d8a2ee233b0ca7fc3fb0b2dc332bbce7b5e843635dc4942fb0858564e6

SHA512
6698e2cf4fdd849e066a3278298fd2285ea86e67485b87940a0792d77c7cab757ce2eb584b704810633334bd9b43846e49f2be7fea46a3175655f5658b7282c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\90f61163682f5561_0

Filesize
26KB

MD5
fb3faee0179f49984c1a20d0e3e5be03

SHA1
3004e6d94964fb54703d0cc3d451430f1d4e56d6

SHA256
2b158dada59442f9e5f00b2ee7a4575ff37726d61c46c52306e0fd264e1b823a

SHA512
7bc623965e65bf199ca407c3cf2efc365ffe11e0f62d5084e266998b2b9f19791d16a56c059f7f751e559521c9fdf7b5ab0bdf16e3acf5558256f1c308a18f2b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9412c8b664751f90_0

Filesize
2KB

MD5
1e38d767b4f2d733c0c173f9b38fb762

SHA1
f3de1d2ec53a6eb826c9b0d9a75d82e58ca33515

SHA256
d6945ef6ad1734e488e36b352ec664f6bf6b2422d8144a37a6006c1bd9787975

SHA512
cc35f8d00d804bf83adfd694eef0ed27d2cbc731cad4a5751def1114c13f162f04eaaef3ca827d8249220f95495bb814302a8099189e686448c0289dc1f40dc7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a05b0db8f454e7dc_0

Filesize
11KB

MD5
e4ddf47e1cb40b0e5bea649e0cb04498

SHA1
280b7cad28a0f16e211180af8cdcdf7bcbae93de

SHA256
9ab668285e01fb8c5835b7642a2047737d697ff01db11d966bc2aa5f39fbfa17

SHA512
d2c771c784ce5d39ad15c5b8ce239bf635a45da63c1bdd8d2ed0d721e423a7d7e5adb442f62776c5da18cd6246aa26ea9958db37e8f18522b3db0be0c7d3e703

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a71226624c1d78be_0

Filesize
14KB

MD5
fc81bfce97004a002bdd67c37586ab2f

SHA1
0703de65fff178b04aae7f5cbed42ff2a376ee0c

SHA256
7721107ed41c24c8bdb5234294e26738aa1a674d2e1c3f07bc878b3849aa59cb

SHA512
9015cf87ceffa02bc13337448ec418973ccd67367a1cbaab3f95227e06c2d6bf3e10cec785e48888806b903953b5df68e7c8c1f51402ce267b21e247415de8dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a7e7921c6642f313_0

Filesize
9KB

MD5
661066d45aedecb1aed25ea6be43cf7e

SHA1
38f0c01598fbe4a7dab66169b051ecac83f49dfb

SHA256
9a01e91ddeea2cb549d96993412f5d025fbf68ce84618fe6f44bf836ce1dbc61

SHA512
616b5b73ca2ab90016b8f71749d6593369988a0b5a753d7756d0b4ac5f33d4f6a0fd36d87a0d4350199aec4c1c51941787255d4d076b0f87f02b552abcb2dfab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\aa61758ad53dced9_0

Filesize
1KB

MD5
1cc028b36578268db6bb3c32684e56d2

SHA1
8171041d6f066a4a886167c6da71870a75db0289

SHA256
25b29b34fe5875e39774d1f8921b8fcc3c976a094f4f55e6cad7e75c2abe296b

SHA512
0cc30f6162d9dc0e39572cc97f42e24eb915d4e07cfd418848bb9fccefa889f870bb4308aea1b7c65b4a4a0a176d4b59dc36fa3d51f5bcccb67eb25cf01c1d6e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\aceb13070c3e26fd_0

Filesize
67KB

MD5
85e2161fccb407a3579fda1961e007a1

SHA1
6b060c99a08bf98845d1879ab0870e3d6bd63506

SHA256
b9a4fac7ba3be6ce44d45d2fbf5f238ba244f205ddcec2b60ae8619f333908a3

SHA512
8469a7650264d76395382578e5d35b7b4de2f4fb4493e88056e133674fd398d392b7627adb42c6e6ffdcd05a866900c91d3ca2925bd0323f25f2ceb3d9889fce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ba7773c5b11c73d9_0

Filesize
15KB

MD5
c3d2038bf03c93e342b1a1c3301607e4

SHA1
21f1a0d33f1f02f7e6ad097fc996ce20db68d126

SHA256
4a0d833abb7ab54bbf17640c8bb6b37a954f6b11927eb82da8fc18e3ebc394b7

SHA512
21105f92e7859bdf5171278e274a2b6d5e0159239720c704c339835063c82ac3848c3e356b9d09e62175578c916f25a7fe359a97a333b6879bede53dbe6f6383

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ba79fbe352be6476_0

Filesize
20KB

MD5
2d083b4098054d75b947125faf5c9df3

SHA1
49c44e316794436e6c4ae06ab76c6c0ffec39de0

SHA256
862861e1f4f411d21368bd56218326101f54eb1067f4c01d82268b7753142a58

SHA512
0ce4ac4b6e5a28952e5fb95c5b3bc675c4799f8099fd794769b698ffa39aa92e40d03a71a88e8943ca7837a74e9a13a32caab2cbd66518e04a130d6544327ec2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\bcb7cdf264481a2a_0

Filesize
60KB

MD5
5389e85a73050d8fec61b11b2c30263f

SHA1
d543bbe781119c18e78ce00d7053a7c6d04aba00

SHA256
2a21b769f686b722a039f82893315e5b7c3a6c469b9fccf5a773b1b55bdfaafa

SHA512
d777985c89887ab8702b43bacf3515180c102b90c334a42b11de6578fa1c7a7016846d6054f7ced29624e4951843481b80eed5f590ea33da4366f0722c46fa13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c4f2da4e4b4dba36_0

Filesize
35KB

MD5
f1a0945a047a46729aff39c4eb3eef04

SHA1
dc73b3f61e315e111596ef413aad72d2d33759ba

SHA256
4572c38e77100d166a643a9798249efb3f13b5a213402335b9ec152ecc1e28ba

SHA512
df5e05a1ae323f0ea79ebc01587c3230cd002e670062c20e8645213059da5f74bde6909be22d587e01e2c9806d22492a492f2739520078d2f198bac997bdb1d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\cb307b4160083434_0

Filesize
2KB

MD5
617f0573ce307e3d05e6fd8e8538bc99

SHA1
f5d44f965c90db6503189678d1bad82dfc514c18

SHA256
e5b7f9aaad7e55ceda0c2b899ba2f2a4707ede69b1ea96a486bdd3ca3123a624

SHA512
076e95d21d7a54ac2e501b1dbacd95a522fac323c2048b22a37158860e69bbcd02efbb8c87cdb0400faf62a2884738f10dc4f1d8ca14f3c789e86a6d53aa9b73

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d045034f9a97babd_0

Filesize
274B

MD5
c6d1b6b13e8796e873e0c20b62f625eb

SHA1
4be424054f868cb428f959e04b340d7a504c2379

SHA256
12a3a677ba43b2f8476ba2cd4a67b273953786fbd730b37d92d8d2b00ba066d1

SHA512
d2420f44deb8e4407c6ed8f9cea6eacc8bda1c45c1d90c8a5780b6e699f1ffb947bb67cc57229061a825587a7226897d08af848e28e43a11ddedccde74fe6773

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d17095a3784ffa55_0

Filesize
111KB

MD5
6d3e90aafab11fa59e87c7cf9fb59bb5

SHA1
e06a7890291b33d7e174e71856b0c1919af77164

SHA256
0d0da9deb7bba916251bbc4fd7d257d705966dcb155812395e470a5e3c53f250

SHA512
4f5cdeaaa174cce04e0efa888ce1b42c911f5033cfd410c2675602355e68626b19eef5987e616ab9a5b88748e15fcb6673038783f4e2ad7a625dc8d819f85659

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d5667bf87cc6b1b8_0

Filesize
1KB

MD5
19a45742e525992dbcde3dbe9e410ee0

SHA1
3c665a4b07d3dd15b5ed9f47c710c9494a9485bc

SHA256
68d77a2ad9d6eddae966a03d0c960fa3f09cebfc54273c550f9511b811e8b51d

SHA512
31350df2c5ba91e99087b89d7f6b396893888d7d835c02adc79cdacc9dbcbc9e19c4b17f4ffe648051b89e785c1d72726f3f205dad467ebbf551b0dcd6120a89

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d6ee81079c1cbac4_0

Filesize
2KB

MD5
a84bf5db87ee6705c8cc7900e1246c10

SHA1
bbe99fb1fcc80b492ab26e657cc90ce38cfe74d4

SHA256
63dcddff8bf235615e1b1d6ae916d4f79fc10d8da06544470c60deb7cbd81f27

SHA512
d273245206840aa863d65726cb82586ab2a5cb3f5433a25c02895abf7d08601b922c989157e5668863f60c5e6668de2fab8217ed107b4790e6c11d59f7317b6f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e88c26082cc48958_0

Filesize
41KB

MD5
8f1b35a2988f7634893bbe1ee1462ac6

SHA1
d0a83d2234ab8f23ba3e46047f8600519206de4b

SHA256
eb5dfa8c405ec8f0bd654bd4e513a05638f5aa4e546a5d6e049f5910ca39d44f

SHA512
55a1ec21353c843e88bbde4896058587fe0fe2d17c4599b4c54c613018517d074264a1d026efe3a662e2e27e332dce21d852799c45884719b023e7400943c549

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\fda2b6f73e6fef7b_0

Filesize
19KB

MD5
9a569eab89d67df1c16dc180c9e0ae1c

SHA1
279ef0221b2e0125b052e6c0ca41d91af752f00b

SHA256
b76bea6581d4ea759395ee6c66dac70c990638dba4ee7ec3508ef3296624da97

SHA512
b04f2004f9c9e402f24d42a9d8dda72a8c1dc75224b4187bf4e42d0a048bcb273706b7895a6f294922ba49bfa2a6b75859fab49372066f5e22ed52b1af0eed8b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
89273b285607432b3e15246a491eed61

SHA1
c4965754a36ff821f2a2f7a894cd69aec5476f67

SHA256
5b0c24120779415aeeefef5af372a5c80f6fe932e506bf3cd81ca01b650ebd3b

SHA512
3f7f0f022b84da4114b477805c28de4c542bf40fe96cda37b14304d2e044f0845e579ac8dd809488173755286b2b72d1d44a9d8ea1f2701a73d5935b1605a43f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
9KB

MD5
9f0f5324eb4f2682e3540efb670f4707

SHA1
b240691562d2273d5ee44de22a0dd4d4b44bdc3b

SHA256
ae9f6e9bf9d4a3ffdb48e6f58598529d0572feac333dccc36613a4dc143d3a3d

SHA512
05a03d83bf9a1de74e257d1fb1f88a3a3173b29d3ddb082504517fbd76317dd0de898df1b2faac3c83e63c0a784c7009225d7df5baf3a47b325a7c932ed88e1e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
9KB

MD5
a14a815f9bb2bda55663dfce8de9e163

SHA1
3f7e3b2c4adc57958d738bce470a24a0bf0b1002

SHA256
68d7e17cd6c769e1ee653aff435d8080ff4354ec26d9729f65db8de7cff6e1ba

SHA512
144eda4e214286affb883d8a0142d635988bc4c6fc0fce9d9b9adb464d22c9c7297a64c91d5fc9c7001d36f3c15d20c464aee4c0b3c90aaf5c08c839a97e7cdc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
9KB

MD5
c7cfe7ceada64115f2221d9409b64ff0

SHA1
2bb2c0e6a370c444c209e927e8f0835aeb840653

SHA256
7fed2b2f1d201cd7d037dbd5e58ae284f3c137bef7b2df342ed3f269fcb4d9c8

SHA512
559c90594ae41b9493612ac1327105b6b7dfbf3add85ee99a41eb3515a7628ad2c3fc51f815a6d091e4630bb6410fa6a543fadc0a0fe3f23551c3373ee62c454

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
9KB

MD5
489aec2b8771b15d5fb1929044c18820

SHA1
e9365f1e9e37bbe0a57b5f4d94c9326c9dccde79

SHA256
6b1a064d84cde5247b0a173d5f4722bfdfb5832f3322c33c3bbb813f86943a0e

SHA512
9f8152996c814ed6c3c8899b94f75eb80b0d5dca81a9fa2fc64bc0a00e9759d474929738a57d0a541435fcefe258331b6abc3954207605c91c147dd42b60f7d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
7e7c1242261bdd8331d7372494b88f28

SHA1
96d24424e37454a44f7d1465b0075a6da97bef90

SHA256
265cf10b99af59a5320b21cf17428ddf8b7e097103726fedcdcb26d2030e5ca8

SHA512
e370066ae3f970ce0424b5d997594097fb359701571c4483385ac3e4d680207cf121120a3a01865a9ae4523a5dfa7da33696e1fe8ad813d8ec2266cd13976e87

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
9adea3b0be8afa3d1d744b95c502dd4f

SHA1
9280f18d634c4c404e6a0c61c01d43de74458847

SHA256
e11251bc3202d5706ea97b205ea4f6e679fe330100a72d1c14fa2e87838d3fe9

SHA512
cd2b56aa8b6910463485242dc1777b3c082941365c8011d2bb8879335d44a2b3f1f128b969ddc0f2b38fc0ffb8c16624b005c33b9ea8e47885633dd1caec225b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
10KB

MD5
921bfcd60be3a95351cfea0f79468e75

SHA1
8159a4591169ac03a112e9346330e4355dfcdf50

SHA256
de5e3ec4306579d8606ac9737cf6c50906af7ccddff9dc98aa0d8199b1ac17ff

SHA512
c96d9d68f3b2370ec5ffac7447dcd55d2d748cad209e20a450b658e7db12a4da3e8281d4b373a56becc1dce39f8dbb08d5122aa794ab5b9ebfa9ad66d61aa3a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
9KB

MD5
6975e8c973aefc549bba9624d61813fb

SHA1
30498c75f2b744d47366e523a9b3d07e63dc6f9c

SHA256
5a084361eb7fa9ae232fe1913a79401fe8a6626fd6b4ddbb791bb06720396aa5

SHA512
8f29e66259807191560216f39009212a2feec0d209845ad0adff5975d9d80cf019b2cab626b2efada3bbbef40eb85de8049daf27f82ecd76c401231241f6460a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
8KB

MD5
67ac1e480081fb0b1eff7b211afd9d8e

SHA1
1dd290b7bf789914f5ec441d9028326e490bf88e

SHA256
9342f2e1079007b920017d6354f0e8e305b3de8e56c46cbb09226b96bad6b978

SHA512
2bfe07a4139e8530eaf7e54acba9b24b15f3ba3c5fa7bc6625127921ac06dd4ae737a50602a0f43e31834ad5d8ea3f4eea38f521e69b8eecc5867d434adf8352

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
8KB

MD5
0fdda51c86cce66dc745f8c9efee2ab8

SHA1
0175b93a8fdba1bf4902839181842b7b456ac478

SHA256
daf9dfb9f8b5cfa3e4ef5c394f38311c95d8fa8f80af15e398cb5229745416d6

SHA512
e75f99d25d4344a4e58dce000283f58bd12dfe0d7d9aac817ec2cda9d6ead702db2520de5cf99d29aa1f0d8476f9c0d2a349b532441dbde988109043ba9e44b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
1f095429809d9d685aee4f7616975831

SHA1
2298fc4d98c968fe8d5a1d32e0e06623ce50d59d

SHA256
684b067b6164524bada27f1177c33919492b8dea8ab95e19c043d77682c196a9

SHA512
ad608cde6f7797c9f26db561958ff9bb747ac1f95d6f9aa16c88dee758a1ff189315176c3776c75d63b03d346b7706aa6f71ec4d92ef363eec2914ad3fd27be7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
f79e95ef0b87aa1bff701e3332702fd8

SHA1
6fe9bbc09dc6711695eed839bd332c9e571becf9

SHA256
97a1fa4c0bd291a755222f17746caa04db72f1159b20d21976cfa5191e15a42d

SHA512
9b9174323a0915546c351c712b9d9b813ed398cac8de0d46ce87f9cdee4b84336592c5fb5f7604506ad138603e394cd9b088bb9f5c8af723c146fb28a96ac1eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
f89f49a51e727f95cd9594e6c84ba211

SHA1
919d020d0faacb877855f3782f73b694905f67d1

SHA256
50fb403ef1ce843286dd21cfa825cf26242e10a3a251b1931d6b7c2b86afb4ed

SHA512
7a7469535ee03a39df4ce8499fcb1ab976488b93048412903501461ebb4acc61a5cf26981e6830d6eac87d1fe6955a11e38818e51524c298e432c73e8c341e8b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
71df35cc03e49c6824ebd9e0eed5f62d

SHA1
c7f78b492d802bf865af57f34a58d895f9fef102

SHA256
264078c4d48e4e63023a94753fe25bbe154fd993e7fb22bef6fceae796e1300d

SHA512
64328b87baf4f068aa72903576a5eb23b8e7de1034f8e470c8a9e17cc16cd097440c8cc46a2b6644f1ed01bfac62c2c51b5b213715586a3d640542164b596817

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
782B

MD5
b7c1549c6b0ccfe8c1e902bae435213e

SHA1
26904d53a794842f26b8110d8f98b77da868e38e

SHA256
79c6b5d053b4a308ea2a30503d9864baea0c0a600b10a8cb4bf6da0b3d53b72c

SHA512
3f666087649b0821d4bb944ab545f8aacc810cb630289f312105218dd9b1e9ca35aaaa8b9118a73da001572ea6ad00d4f6e5c0a70f496a99e867184ff0dfd2a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
7KB

MD5
1982c249aa008c1278e5b040d22b31eb

SHA1
8b45f7ac1d2d4c35631adcbe091a5e8970635eb8

SHA256
a4441ece248bfc9a6a6debe4a24083882cd636719e132ec615a15f310fa7409a

SHA512
7da00789e51241af16dadca9f9d30400241a4e737bc3c5725f0c663c44debb0c7dcb124e246016258f5e87609c80b3e5b8d319fa9b2762e0604c5ae7c27d0fa6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
8KB

MD5
e057d26366c366c91aaa6a09541da958

SHA1
477913f2c08dea06e694dc4dcdaff2c3d7438fd8

SHA256
bb34db8f99aeb5775b48889a0d921bb33d13dd8991db23bcbc9e94ed7d513830

SHA512
b47057e694b6832b11b905a37acea412f2b0438be1b42f53fbe0a093d2e8a01028abb188ac32a3424337b9f7e3910b5f19bf68de774d814b2444a6d9c192df60

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
13KB

MD5
a504bec91fef80104dd114aaad10655b

SHA1
f91ecc4765db8f043c120f440aca74813b467a06

SHA256
1be5015b9c5a1bf9ec5c72cd7fc1c5fe9991251d0002bad44dab3854620bf36c

SHA512
38fa6b4ef139287063b1fa066e7aede6ab3c0037d972564c398bebf9358e72847c99f4a489fb7b29096691fc186210c581ac411ee1171d5f47709f67b5456dea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
391671577431ac56a2f3aa94836045f5

SHA1
e0fd4fd7c52bcfd161f0612dd47bdf23c382daa5

SHA256
36533e2b714f0a9597e3f1c0fda419ffc4de23b27b27579eeb50ee4e22650440

SHA512
c9d3c5f73f3fbb0453f00090cff6c269bc8dc9d6956e0d01ceef8d87834fe20ce76788813fa7e8aa7fd224d9dee4a9a4b0967c9631d5e7f10f3a438303bb9855

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
fad4e310f313476ef5b3a68d0f2b2c53

SHA1
d7b5c99a33ae6f7b07ccf78a0164f3bf23735408

SHA256
e29ecd183debe9e1d188a55e73be198bc6b3b2b36b71e673af29b8787ba3fcd4

SHA512
73d0d35fd1e707d1353bcf278041d6da40c5fdab685d6978a2c5b069b0f563ff8aa8c13bcd52d6be6109f2f4362d1cae37b69a4fa0b608c55701f45cd5a3bf17

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e17dd2491e078e10aabfa156f293e835

SHA1
4769025e944415c84591510d6f0d8615d9f2cead

SHA256
6bed76f5a862183c6828803cf9a0e1d0d905b6c9a53ee5b78af8396f81cf71be

SHA512
54633d8b7491dbca7e8b0b5b3e344dad0f0601aee32abae9ebf5ac87ff959ac63176887d3c685acb360940efcb5aaaa24b02a6ea21e40762daad9f8efc56cd0b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
e17da9e09500b5f69c8d34e61a70a819

SHA1
b04b3a98bd9fa8683d539452c00c346754c37ddc

SHA256
c346c14ca5f2810230a9b293c1dd0a1ed1056511aad88f9c52fd8b8ab88b4ccf

SHA512
b54e26a7a35818551834c5bbd6d60f538c65be437c7e56deef33558f741c6a15e3632997f2ad980db20a560666830cd0b43079b29f65760fe08a33496939d98b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
2522678511248f2053da8320a7f2d5e1

SHA1
def6791319887ff52f15af8eb6489852b7dce2ef

SHA256
08221fd9dbf06ece631d8d2db3b70ea07273d78da0a30d06eb8f3acb42c3b025

SHA512
798a09317a1fc82d64aa93dfeeb0bf4fc1cd83a1ef53ce9da33e17d90c9138b0524e772ba6e779a39a0a1d50f7e345cee7e8df7c498e6b05e0ffb391a591a541

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
fbeddaaff52e5e7681c2cabea678df5b

SHA1
00de6df8165a636bfe45ab7a917e937e6fad89e7

SHA256
c53d1d8dd97fc5423e92169ae1945ea691cfc8310e25d81bd432d500be96157b

SHA512
6ba8bf79ba6e6dea26b0107f71712873be4e0a55f65fca1c979f4ae8ee5527fb753252fa2a45bbbb1ccad91e929335a060a8323485309f972f13b8eea168636f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
026d2e04a38dd8618ffc1705e72988f5

SHA1
e2f58682fd4356654a9fb8c2ee6f45fb8635509b

SHA256
25f509e25b2a4e50cf37fefb26accdbbfda834de5e6631bdc4eadac22ad16bb8

SHA512
153ad7e0333602a5879dad3869005fe14d1a1c03eb718d7d293f0847ac313aa28151fd68259d008ef93f70464f677ffa54113a7b319de9f7a5aebc0c462f1e9e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
549b62860559813f4b1e2faca007934e

SHA1
2475fe46337907143be964b7e1be40325d96dae7

SHA256
82ab338fe886eaa83b78e23a11b80f15f6a5e2efbcc76b1103c19b2689232af2

SHA512
550bf3549cdb9a00aecedde74ad5c10b5053e314b585cc6b4e74fe0905f32ba421b4b5780886a8d25407d53bfc8150e1a2ec40ece562fc80e5355d08e9a04dc5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
b7d9ba10c22543ab46465ca1e55b7882

SHA1
74e75741503402b2467cc82006baf298c69cdb64

SHA256
85c442181f3b950342ea7e140bd6339bc69deb9f924e4727f956108576632858

SHA512
11aee6d606f7d494fbe98ddbaebe4f6ede6782d732df4180749b0e459658af5766ae71054d3b997f21965628bccd907a8da72835ab77a964ce9e1a1574985f2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
bcaee9afa097e31fee4fee6db86338eb

SHA1
c43b66b8dad925f6fec6e73e7a65cf592b888965

SHA256
b5ed775eef80f3c3fe7220a00aeda817ba2c3cc2300702b79961f7170b99e12e

SHA512
ec6681a591a1703f135bc8cc80824bb9671736d4974ac66991625a95f5a03ea4756c8d3e23d264e16ec95d5aeb6c391af11f8b4229b2bdef8ec4ead9a7802cc7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
6dbd0d0f440b4ce8248c5ef5d8ac9d9c

SHA1
c52ba98486c54d0bc981855367cb032a97fb90dd

SHA256
633f290fedf469917c23b8723f9323d1836566a2a7f7fe937c05bedac38b25fe

SHA512
9ac517aace6c7e121a2fe226589b098954625a958ac8692d10e8eff7cc118bacf2581e1d87338028bc3e097fbdcddf56a1a62855bd1474e41dc74e1556194277

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
3f18094227aa99b500e1b45432eacfa5

SHA1
d4575e0fec0016da4b413e58dfc88f094361e061

SHA256
03a4f22eb0a0ee1500b1e7125d32e102f74a0542f495a68fe071e40b9664f290

SHA512
91aecea4c7fa8082ed83c65eedae93c440c2cc151dd417e37c72c838b916fae8d75b248030de4a8c90a99c817c0da1e51e2493e198fabc380d569228a0709803

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
787f77afd656279ee6fb79316fd0d8bd

SHA1
9c504ee884b86dc8a37572af03859f9c33c6f962

SHA256
f8fdcfcf25a4d01879977938573c3eaa290106d3f1094e0a3a223855786aef4f

SHA512
607efae42ffbda765d0a2eeecb00d58d962a21786b737d3e564c9085219e2a698413407ffb7e7a8466aa029f76af71fb29aec07878def2948acdd0d1f295e3fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
e5afe84f49766eddf4d12fc40cd9a4d3

SHA1
7512be114ee4c024c1fba039038e371eaea76e3a

SHA256
e7a8b2f83912e1b85a206f19b8e5e07f53f79336a6c220faca9ce355f2d7232f

SHA512
3b7d70ec8374af41abdc22a57a55e7de79bb21a5717b8015a4dd05b8231dee53b3df7f9abbf137c72093069734ca2e2edcf019cf8e1cf4c4b83918356ddc6713

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
14KB

MD5
63aa8b0441a88d14b98c458bf4704138

SHA1
334347636ea35bb5a4c84a3d47fde0213c6f6997

SHA256
ede06ec0545780566f877e23e82482d9aa962d961544fe627d72bbc23cf59563

SHA512
2c1fc71c77b39b9b3df407ea80d9ef3c34d50adeed21fabf35874ad881c14ed6bfd70bf23ab32de8e7323975967bf32c2d689b6974389d7377a140e42e5081a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
e9fbb5f74dfbe3cd2135576dda3d8a4f

SHA1
d01e17b082390190c29ddf6d89e0e5ef7032211f

SHA256
c307733c2618eb952e5e3f2d86df0ee7a77132216549b76082eec1918715bc67

SHA512
c8e907489da41b5746c9f0116b1f2aeb3433ea89ffb7c7017da97eaa8b67ce06d3799ddd0f840e2c3d0d7fd1bc2a17ca86a486546d2e953fb02096b84c91edd1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
c21ed369b2ba790c0dba8d55a75a8b80

SHA1
6fb7bf6b0c3f37c5458a4f5056e905a67f5162d4

SHA256
9fc966621c5f33b1bff2a36d0fb1ab95bec84bd11b6846fefd21a3b5df9a4a41

SHA512
f6fbb8509e5f9bb33c6533fa8477bc69ca44aa9e265153dd2923ec1ac7c86fb6268290fee0a6e6b6a33698583bb76dc0781d4202211cedde05eee0c7ff572308

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
17KB

MD5
8d67773e880463bc1fbc30cbbd3239c0

SHA1
a1755ff79ba88a153d1479c0ed324f46e1ba2963

SHA256
133c9cee9eb97387efd21024f2f3cba7dbb101e48d2dd133330afd1152b1198d

SHA512
e6e515ebd9ebd7835c8722a32a895e2a60c142b8a99c739ac3c147a239527b3f15de72fd582f7193c49367431612a4c548aab22b48941a753f5ce016c12e9629

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
6744cd3bc312cb77947b92b35148dceb

SHA1
704aa40f216712baa62d946a73c6d1ada08733ac

SHA256
34bbc395a46872ea12ffc4d8387a29ac71ca69b3c02d91961cd5f54a1990f6cc

SHA512
35305b7860ffff31a167d104c0233d5ab812408a90395c41a732872f4852577cce05ffea64d621baa48d645d26edde0e74cbfb63b7e630fe8dcd0a3937aa18e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
747b1e873a858f4d7bec9790ca710fc4

SHA1
5b46d9d015ed74fb509c507b8d2d881ac5fd0734

SHA256
43423b84351dac41b9996a4d5426536b244bf264a47fbbfc94a61378f4efa2b8

SHA512
196ae6f52c14a9bfd3cc27a1e29c8834b843df3731c8752a78b5e17be96b42ebd1ba0799bd91d55d90e918501582e9caae32e7c01b4bab7411376be1304baa74

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
cca1573260a55c0ea6218f2da6d37933

SHA1
20c180af9915c0852c547ae631a66411cc93e067

SHA256
4cb4d446be55f2ccce913fc6d0ab63680233ff4b2d4ee2176cf37b82ef6b0df7

SHA512
3d5921baeda4ddb1318e281836bd7861d47fc8d22886cab8d7fb580ed4677705542b899ee608f25331e194eb0cdd25e6120830399ef3ced1b91bf035f6693188

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b91f29783121af0569576f1382c5c228

SHA1
971d1a94b61b8b345247cd33821b91dbc21f48e1

SHA256
fed680c1b3f5d03f1aa64986f57dd4deb7954baeac6fbb3ccf259524935af62b

SHA512
d8ba44bf84500b4b1c4ca2fb80d351dfcdf051b6b669ab94c97bcfa80cb3c882100deb0cb97ffeab681cdb062b7e97b50426fd747bfd2c3385db22be101f5183

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b1708b5c600712cbc550c3eb913161ee

SHA1
3cfc269184202f9c43670e1ba2f284449bcc0fab

SHA256
67844dca17c865545b69f0c28741674284c28511393567f6fff70db1bbda28bd

SHA512
0c10caed67a412171d286d63ea5f9f6bea44cdff6cd2656b72982103b5419eb63a044526cbb468d37c1e0dd48566623023a6d97e59ca428f5c14306ed776ae47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a9084c41fbdbce932a5d1b11146d494c

SHA1
3ad9dc7922cf5ec0e4303f8eeb4ee6eda5592973

SHA256
283900de41b7136f708e1a06cc744900e660e2c0cff881094f42dc8204fa3953

SHA512
c6a690ef99e72ea71cbb999e61f51d647055e8119a8c7f5a090b4691e2f296a58cfad7b423e39c466fd3d458c6a1b076acab75b82abe6d22028dd28c65c37624

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
3ae9f39488e24ea4daf7d6c704f866e1

SHA1
4c2a8498c22dfbe64cee6b8f25fc7264e44bfd75

SHA256
3799b2997642e9a8fe29f3fb5419a5a4feec486f4db80e8ab3a93d4fce5baf77

SHA512
b6cac5d0411a2883fa8b33983cf87513b0579e7da5e3ba2af24beddbb5fbce21ab42a145d737fb4d32c99082f95dc35142a343712ce4c05c6e709df018dc709e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
31e8ec51caeafda1081d3fe595ee131a

SHA1
4a17dac40bb47fdf1b02f74286775c2877935562

SHA256
964c2cac5277626e37d243ca1b9ef1cbf40b008eeb64afef73ccf7ea43c61825

SHA512
b887eec65d8bf3afc28c04192307bef42b3f2ce3890b27b0689b4feca40eef61c41bcbdc5f8add2b309ee9d3b21955570a05163b215cdb1c4d4343c79f803d78

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
362673cf72e40dc447b911230068ef98

SHA1
48eb2ce8a4b99e7603f8e81e2d50bbd24ad4f1be

SHA256
f57ba06b5a08d757e27c0c233fffe5d99ffca06614d970748d1e76bf47a7daad

SHA512
b886687cd3faa2d9a4065e278ef4e22ee5f68540cc1e995af96ef7572db763472cca06c91beac3b249e34c0b908f73c743c10633fa921dd4acff5b3b4e4e7a65

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
1c8b2f39c0d4a91abfa6b1ef0dd16618

SHA1
e489079d7cf10cb16c9f17c39fdee6fc96955514

SHA256
45a790556053d734c8917ebdb9be033a77d9c2015cebc0f80115f3256b88bd89

SHA512
dec3fbf521b05d48f57a36d78f078709807b57e7111665df5bf65322d117fe121f3cc74ef340f5f7ec8a335a62442968b9be66d7604c642b35d5cb85ff44ae4d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
08d5c717575604633b22aaddee54737d

SHA1
9afb9e9d6e6c80383235edb45e90bd41d1c4de67

SHA256
86714389ef8b0023bb92665e9e9ecee9dd275451a1a78d614387b3de70df7f1f

SHA512
ccc1195edc38c750da56aed706b7e19d9cb17b316be59bc9cc78ef5cf2dbc3ac418dc42e7d9398bd3ab2ce28ce33ca3a4289d69c6a23132e535372e93638edc1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
6c05e19aefc2ce3a51c7858e4a3a637c

SHA1
58b77e0c609d2bee89128a9326bb9626fef0c4a7

SHA256
f80f47592cd2f649da3b5da86f8cafa3ba64599bc7f9b9b3fcddcd76b3a12e83

SHA512
7726183e419fdcabab4ba7f1d0741bfe94b06461fd29c06adfcecb3a7f59ff36ce686566d77a2716fde6df65010817bdf9eef15560e86bf249a8442aefc6291a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
553b9c9c68cc4cac0183769c512774c5

SHA1
929c30c32d4d559cffcf010e96c1e7d4318b4c42

SHA256
d9a61f1de46db439ec9a766295dcff2cf4b1eb29e85fec4a9dd81f6a52f2910d

SHA512
713dedd74a0f0ab6c4fab96ed919797d47ab89110a38fd6c9eaa897af713c2af50cca87a619d36593ca7e8b72c287b953b0fb27df53647152822f2d9065956f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
93b027ec65b35cdb25d66f288fa980d9

SHA1
e7d1cfebafb36a3cab3c83e095167c438111c0b1

SHA256
3e43d75157ab4f1d4eadf55375216921e881e6de064a147a6d523767a2d64093

SHA512
95cf35a5c82d7f0bb352f8a8c99f1ed2aaead41ac2037d97963e38143a986c1c87dcc9dfd02a99a5e03058436a5a5404c658d11a7b1a31a74c4db214f1cb61b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
2912ed7f6108b3f373bb161051afeae1

SHA1
b691a6f23dc748657c13e7113e094f355cb3e5b0

SHA256
36310a8443915af28c0df34117ff5ffcb4291e3a6d8fedb1e6ee00aee2ac4ab2

SHA512
fbedfd6321b571b160b4132c38ba56988b8cf5c58de518feb36c641ed2cdec117b9a2b60196ed05829b18b3662b3773eecb36e7af687c2ebd6b2e407b7925645

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
d898ffe5c743f7cb84cf8eddd227704c

SHA1
6382cf081a516223efd1af7483244a0932707e7c

SHA256
1448b1616709f2eb63874746749e77543eba26449c1760f93d3f5d255ca9a73b

SHA512
68178d8045eb1e9aad3d4493d37f255aa81b8897356854e3e90b60f7452d2b3fa921bd953f8fbd9677aab6d416427de9514ad96286dd6cab3adf6bab981f8399

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
2ef9f4e20b58cb6177c884facedeff28

SHA1
034dce535d9622c87872263309981e537c4b7453

SHA256
4e44390be5e9d316296758158821767503e4b9df6b69814d03701e437af14086

SHA512
8b02fd391feff70792380c44684971c3cf4366d6e4118be664e6b37a7979c6823e88843bc65bf43e96a1d78a71f9081093521ec873490d2878975f404883f013

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
14fe824c789e02d7a3257f0ec2941122

SHA1
82f5dc9fbfbbd6982ef4aad6aeeb2fc8e6a1127e

SHA256
d7184ec11fafb9faddcb32e46a49d0abc61312e41025f260f4ced733cae051f5

SHA512
cdd404f9567f363e0a560d114772de4d6b76d2be6054079eedbaf1d4e8a0874b40e855efd2592df9394812d41d88d767f70348f6fd82979bff697c4665b06410

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
3faada4c5a4315edce440f96af3d04b7

SHA1
ca76db41e71818a16917b32639ddaf1c4863243c

SHA256
633cbf715fb6b067df331777a80660ee39ebafe5b4dbeb986c2900bc92260842

SHA512
4eec443762bb10419543a89977f749887107e59473720d31896624125f95253c2ecca65c5a996ba025e3228845bab010bde38cfaadb9083544e2ea83ab4fa121

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
873B

MD5
48bc30eb2ad94b7ac1e8ce0c54b1f820

SHA1
8410a113c88f4382903c37e8971f778ae2c1c05d

SHA256
1188c719656640bd83614b0e41a2d9e6afb64b057a68295157fa4e54520c7d9b

SHA512
3068646f4781509306d4bfd1d5380faa4a93b52a8e0f191cebf7e0577a05f2e3f243bc136ec4a9539f959a649de9d274e21327a6009c0844db18f6edaf518139

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
000019706d6b521f39e60ee1c6a1e594

SHA1
bbdbe2c0496b7b706a53f9d37b3be22076208e12

SHA256
ada90e496d335677c491355ecea2908cfba867e7de9c689338c4f1387c5f292d

SHA512
90106a6745323b1345982eafa68732102219973c95dda66151c1a47c45aab7ef97510172612d8fb115506ca2d2ebf050b809a2f0383723ba7e96ced1ba144ba7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
3b98f9da62117bacaa580cd2fa7ceae0

SHA1
423e318b6aba56ee784ef18d31ef5eb89bcceac8

SHA256
f1f6eedab042302b014401b1d5f6fe36aa2b3b5812d097ef6e35879603e9f3f6

SHA512
b8be9e08369e9bccef8b5252918c76c70b733c0fcd9fc6d0c7cba68f545a8448275d8a91556381483a82712dc479a16e6882ee54fa4d7ce99ab9c4c62ca74366

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
6e35768ff7772fc93dd9dd6354595a27

SHA1
e7bf19dccabc1fe8a0b56ef28d6497ac8fcf8e5d

SHA256
93ed1d73d39b30108f41981ce823c76652e24e2a2547830f933256f81e6e61c0

SHA512
aa22788306dfaa6e808f78bb99eb8b79aaad6339d5f466b752910c5304e80e8be5386584ab228ab2dca40380b8986650deea190cceb0ea4d5b2bc686d9a9d3ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
69b3640316cd3fd96d081a860af1ca37

SHA1
e949be413b6ff67bd70b4dffdbffe8fa36463527

SHA256
b3bbb16f93579f63c23f593726cafb674a8102955623790828ea39361ec39706

SHA512
41867ae973692abac0c3c64c352b671f0e3597576e3fe006a5539011eb6449afe44ff09a4cc70e34ada5137bc78c0a512701465354bd3daf2c97df654c11df29

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
f352c2bb0cbe651f2deb42ae320d37ce

SHA1
eced678a8df868663e5a80e26cb98a29b5a240e8

SHA256
ae7904ac84db18fa1c8624482f82ddd3b1a7aab875a59d6db6e2ae5a30714575

SHA512
c7e2c202159dcb0b8b02fd4f0ee2041aacdd287e48520d29f74cff6adf10c984c516af2964f243b09b806d7b6d8c130fdb67570e048ddbaa42c3505014b882d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
5379dd65b2624e3b812a0cc56a3fd999

SHA1
62bb1d7f79a125ea849f87aaed8cfd25cf5882c8

SHA256
ca445cd716204e9a696bd846a7953691cebb40a242d3ca8b6cbd263ec81df283

SHA512
7caa6536fa778408a18a591dbd20f5c3adf2489ce2f03a1f6b39bc14d003f9c7f8be0fd2f32bddde15817a81311a55b1490a80ab94d15506ab27c27e32e50e7b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a28d6cb566e627f11e5c1185c49144f3

SHA1
0fee6045c66e99e04b93dc9777107eb1ca15e22d

SHA256
e7bb6628b21d1c9a52eb6740dd21673c5a28601a06ef9a132cde3e09254bc70d

SHA512
e9d25c5be628343a72fe3c73985c19ac06605fc221d4fa3943c8598e50bf8b1056973753014d1121379eed51514f7706a8f5c36383c45e7e4d4017a1821f62b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
44eecb98da25e11c2a84a01c6f8d07f7

SHA1
aba8a8a1278675d374fca6402e091ad9642a422f

SHA256
cc12d9c0e44761538264adb48425ae7e9627f96aaca895ae947224575522bc7d

SHA512
fe7001e5a79207d4b6f2d925b805c076206ab92bd9ee4e207e9a4e0d613e2eefa630fa1d7b9662ee35965fcd553c2a30638442a6d78bbb1d7b44b97640b8e029

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
58f041f881e3ec380ed3ad3c49df2f28

SHA1
7fc6e3a13e6a3089a325955a07fb9cd097ad96c7

SHA256
ce65ddbc533e70e77391a92323fc3dd403527efdfce47b147aba0208c1f0eaf1

SHA512
9f2d592126a3d7d92eb0d454931e84cc5ec33bf735dfeb38fbb4565ac40a73f226ed4e5820c839dfffe658ab4264986b52622df0f6794a3e708b793598658f1a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
62ea009199b474d74f5d277bbcd301e1

SHA1
d87783cc0067f990431d0f150198d4c232bf176b

SHA256
3720f195d52d69c3c8fb2b13e3feeb42b978ebbac38e13bfc3b365d99f95249d

SHA512
6410f57c4a68a46107e4f6adda46b6a029234f201e41bc57edd3d0a3dd70a42ab03c87192ab71aab82b71707d0f6eefcea377470d975d7248b8464080b49f84c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
037dd9d49bb07d11d709226e031ddadb

SHA1
8436e0534367e04539861bdd9c6b329b5ca41c8c

SHA256
36143a3ea8b24c397d33970035a3cf9d0c863a4323165162caef39119475ccc5

SHA512
1b71ebe8762ff5360eeb3393d0b328ca6da3f5559816aa4c9e02b7958cbdf21281b3538599b5454fb25ea06f89576a43726160d720585813de411d9285c69b3f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
0a348e3f83e5eeabc62f7eec7019f1ac

SHA1
24c0fb4b6c3660f5805f45a5efce9955e482ba40

SHA256
00718e776659871f9440b29b3173747a85864298a3a8cf53c0a3b4714c2d8147

SHA512
1ab32bb95e8608d39281b6d70885e9371f18e5d5524093fefb4d02586dc1f736bcd9b4c69facdddf3131c71372a2a5e7d8bf0f5dfcaf8c97e008ea6e22b4b742

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
fa22024b83abbe618771072ae2c3daa2

SHA1
e7af87ff67d62344c4e507af6df10b57fab0789e

SHA256
5e44b78da1dfae329d2657eb053363a3b0ff5578ee866cfc49d411ea04ce7c25

SHA512
211bef46647678c20febce84fbc3ed4b002884056ecfa4bc9c140c22427b79d973aab5ed3eb398080dfc38b9c2cc8b8ebf306c86db1b06d894009cb8f62f7a7a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
32b145dd5cc0d11a7c33119914db9f31

SHA1
22dcf8f8e8d418360b7309e6ecfb7bf0b955490d

SHA256
8d1cf8420c3d9540a22c9c5ec7d8d7ecea43f7fa063d0208f307e9b5345550d7

SHA512
c08e47ba6ccefe9101c8aedcfafb567bbe0a8b0fc8d330321ef207fcf778b1ac0617a86d73d95f84c9d559fed8badcdff07e83619fb86c5cc05d3176fad20976

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
50c1ee047476aa07474d2bea64e1cc09

SHA1
0f9701138566724c9a3b58176ee52d88ede6319a

SHA256
84fb93a4ccd99ee1e784c4a47487009f64069bc1c434ecac31b2430c6f07c684

SHA512
10e89fd10289553bc5fd53da840b09c653bd026c852d6bd5fbbd5d7c57b69fcff45c9396b9f3defb2c07f1ee449deb61e185a46512caeb4588aea16e6d4caab7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
ad37682e9474acbad613312f53fdd328

SHA1
5c8d768d0c36afd6741ccda983e6ce120d16fe13

SHA256
5135e41eafcbd0fc1f12794688d3d9b789c2f5352365fe1a83bf7d30a7ce3316

SHA512
7d7c87b4c662dc7c2f3ca459503b95dd74a6807c0ba39d93762a35af8d203e5192876ece0f4fb0133fbe9c40e590c567096ddf8dca7a7f431a3eebc30524234d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
a0a4ec2c657e1118d75216aefd3bb5e5

SHA1
0f7829229b240238478bade4577df8169cf085e4

SHA256
adf870082ca2d5ed5b07e17461535dff3803403fba1237700ce6233c81368795

SHA512
00b2bd6a42300a19a23b48106b51dd4bae41eb246b1381e55e376c2fb0d7dc6efbf075a7b0c3c2c23fc7fefe2bfc0be1005a9d07969b835e0ac924609b78172b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58a69b.TMP

Filesize
538B

MD5
67b87799f930e886921727ddba02ec98

SHA1
5bcdf30e223f04fffa326fac86b7b8d95b219b6e

SHA256
56c89e21dc32d8d0222c25e5ad18dea3e15c524b7d55fd54202018758feb3f49

SHA512
378c8bc6f4dc16c8a96d7997b6a21547a47563dbc0e8345839d19a9b02039b36970fabe7543c27a81b445a1b797a3c4986f1007954d66c8c5f5112145aa439e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
37357b0e42c2f9775c6d26c38ab9a792

SHA1
044334675dc4b286f3239067a04db527e82a4aa3

SHA256
06c0ce46d0f0d2cd0081945c6579acd7647b3b76e35bbfff623ea8b921b86bfd

SHA512
31b0c347025d6a359e5a5aafc938fa4c9db0894f78796feb5e5cebba946a8c04c830b11c75c629e85678ba810146c9cda59b333f5caa86f9541a5d10ba07eaf5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
45058b3bf9d063a6c66c45c6c90d2927

SHA1
2ad78c8a44853e4bd71b48a78e7eca3f187c5054

SHA256
b2801a7388b5579ce895c6b2187b778ced975f7bc756768b39fb7d3ad6d06155

SHA512
937f848bebee43a49e5a318045b2e75b46d448ab65ed5d694ab9470cb6e98313aa57276651ec3861a4ae738a10d7254fd4ccd74ba00169498911af0446890dd5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
e47dae606d664a06629218bdad7c8ffb

SHA1
97bbce32fa3e1bd22ceb45f5765c3c9fa780a5cc

SHA256
1728adbb6a5ba9b9446265cb9609cd1b86769482233744983df80b2514775af1

SHA512
a9da37aebca5c8226b6e7249f47ae4ddcc080986a65f1d9ef6e11ae59a2cacd9a742e0cf561ced11e298f33f0963a6eb2150f21638b0b6f24d1b1bedf6c8cf54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
504ae716cce6d98e9d720c65393845da

SHA1
9e0192b78356fe95c0bd25532ab5c5c7f275ad01

SHA256
855470656d10df7cae2dcbb9778d740bc89d65be47e8c279b051ada98f9cd13e

SHA512
c97b099f983913f26fc4b0ca4b16ff4d85e0db9d1cc783485438be7b6edd3d3c422672836b5a66a9aec5037f42f1fea2f2f71d871a6ec7978128f942e5fd0d52

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
7d952272054161b82c65b85f489b052c

SHA1
e386ae573181239ddf98c37543fd0b20ef0be3b5

SHA256
62fee538ce7f383e3e566e01be0433908e29d1dd7be361d36f2ad9ebeddf293a

SHA512
725828e31819d40fb6a326e15fc5bc1dbe52b4461022f108f1cca3e91261446f65918ecca5f5d491ad73adc8d23ca228ebb327b02b3852c66a0560bc99338e2e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
59dfb57b6c79f2e03a641ba449f6999f

SHA1
022d9c2c1ac53158cfcd78adfd10ab4dd61b8b23

SHA256
5f38e55c803ff41d74a9c1f1aa7027c0d3ec6d449a0b1d332240e62041154c94

SHA512
4fa9b004f4c2acf26c2739a3a37dd3ae8e3ed4433b6430e55a1f8bf4716508c94e6898f9e25ad4cb40fcd8e01f4fe33b2900b6e042ecbb75f09df984c28023dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
0e4f7b569e4c8a57743be8afbfb41b38

SHA1
b494a097421f0570104e01f3e224589af5044875

SHA256
c1f195dd94dff9acde30081c4f716e8ba2ac1ca1cc2b9d2c2e7fa3ad9f9b82ba

SHA512
6e15f3e20f92021392e59a57e1b7e23cf8dee13c75f7c3fd5b4c23fd5ae9b80fc1daf7524003e0a65a4a8033480b51c7a9e143c293857e7fe10bff8cfd743c6d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
e9daa4e8802e5afa457e26edddead85f

SHA1
5d0ab9d8c03e6656d8538fccc7e0b94e08a58dc6

SHA256
f015c319bdc69efb981675f6ae3b75b99431f9fe647b26b80a4af74911062853

SHA512
f82fddbe8cfff3a12099fb5fe019671c443e372c921aaa74a13efb380cddd4a316c135aa6e1b90430b540a4dd1c711f1a9698fd148a2edb3f85ba7c8646e06d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb

Filesize
256KB

MD5
bbb416e94d91b0dfbb49e250efb4e183

SHA1
bbf9700fd646ed2de62e7efc230b578e7cb5d414

SHA256
82302657180df4c8f2f81df34d3150f263b1a51773fc168b0b639906163d0dd5

SHA512
13d07ae391a9429f508a052aa7c6fa39fdc1d18963e2697f7918229dbebcaf937c65fa4209099178a9ca66e8ccb48544f24a073ca24837e65983f1517b054d3f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb

Filesize
1024KB

MD5
950968f8a91c45c3d15c6c393c4de6a8

SHA1
61c1a38060e2d4f13961830040f21ee803285c6b

SHA256
36ffc3c0e7db05deaff26016c4bb4b82c40d76eb6de44858bacf7073b54fcdd2

SHA512
ca045ad52f82810ff8d9dca0d6be24ca12150e26e7a17734720ce8e7ed7d61a39699c376f834bc9cb681f13a6977ad786ae12e627a403368e145ae5f23d58566

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\Floodgate\Word.CampaignStates.json

Filesize
21B

MD5
f1b59332b953b3c99b3c95a44249c0d2

SHA1
1b16a2ca32bf8481e18ff8b7365229b598908991

SHA256
138e49660d259061d8152137abd8829acdfb78b69179890beb489fe3ffe23e0c

SHA512
3c1f99ecc394df3741be875fbe8d95e249d1d9ac220805794a22caf81620d5fdd3cce19260d94c0829b3160b28a2b4042e46b56398e60f72134e49254e9679a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\Floodgate\Word.GovernedChannelStates.json

Filesize
417B

MD5
c56ff60fbd601e84edd5a0ff1010d584

SHA1
342abb130dabeacde1d8ced806d67a3aef00a749

SHA256
200e8cc8dd12e22c9720be73092eafb620435d4569dbdcdba9404ace2aa4343c

SHA512
acd2054fddb33b55b58b870edd4eb6a3cdd3131dfe6139cb3d27054ac2b2a460694c9be9c2a1da0f85606e95e7f393cf16868b6c654e78a664799bc3418da86e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\Floodgate\Word.Settings.json

Filesize
87B

MD5
e4e83f8123e9740b8aa3c3dfa77c1c04

SHA1
5281eae96efde7b0e16a1d977f005f0d3bd7aad0

SHA256
6034f27b0823b2a6a76fe296e851939fd05324d0af9d55f249c79af118b0eb31

SHA512
bd6b33fd2bbce4a46991bc0d877695d16f7e60b1959a0defc79b627e569e5c6cac7b4ad4e3e1d8389a08584602a51cf84d44cf247f03beb95f7d307fbba12bb9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\Floodgate\Word.SurveyHistoryStats.json

Filesize
14B

MD5
6ca4960355e4951c72aa5f6364e459d5

SHA1
2fd90b4ec32804dff7a41b6e63c8b0a40b592113

SHA256
88301f0b7e96132a2699a8bce47d120855c7f0a37054540019e3204d6bcbaba3

SHA512
8544cd778717788b7484faf2001f463320a357db63cb72715c1395ef19d32eec4278bab07f15de3f4fed6af7e4f96c41908a0c45be94d5cdd8121877eccf310d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\C20FBA47-EB72-4168-A5DC-69688CF0A65A

Filesize
170KB

MD5
ab39641f3a28ba306212dc751946c444

SHA1
a4e9576351f75ceaf1dca31007f67cf5766013ce

SHA256
11c2ccd29569109266dc35bf1e7163cb03b638a25ff905327ebdab2c9bcb9a4a

SHA512
38536f0b0af23c69a3994a16fb51ca6c456914046954274cd76021ce872b5e0b137f1750c09caecdba248c1baeef5bed57d9db6a394d75821f66d1da9dc419d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\DLP\mip\logs\mip_sdk.miplog

Filesize
12KB

MD5
de2c5c2441bd8901365f40bf68996209

SHA1
2d7404db79ae430120b5505220eef35f2a1016d1

SHA256
2e7cf4d61b40b5adb7c986bccfd930175918dd81b007c34fc689b81906987f93

SHA512
4fb71dc895faef435b7281ba70151d1ecd6a2035c550a3255f00f10ce887785ce8ba1deb5371964326b9fa400530112e79b5ec7120861588dec3a876c07a2aca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\DLP\mip\logs\mip_sdk.miplog

Filesize
12KB

MD5
653ffc574e832d999396fb225a25cc07

SHA1
c6ec37cfe0a07f2855b1bc7f00ee5e16e0c280d0

SHA256
aa11c14ff469c795edac76ba6f1943b8a2398f8069cf1f26d7a02e1cb8fb7ffa

SHA512
83cf13c20b733cecafb5b859fc43b64dbf9b9f8f15a7b005689043a4f6095e81dc918f7a5968e89bfe2e778732e5132ad2bb59ba4062150c364de52bbb3c0782

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\OTele\winword.exe.db

Filesize
24KB

MD5
8665de22b67e46648a5a147c1ed296ca

SHA1
b289a96fee9fa77dd8e045ae8fd161debd376f48

SHA256
b5cbae5c48721295a51896f05abd4c9566be7941cda7b8c2aecb762e6e94425f

SHA512
bb03ea9347d302abf3b6fece055cdae0ad2d7c074e8517f230a90233f628e5803928b9ba7ba79c343e58dacb3e7a6fc16b94690a5ab0c71303959654a18bb5da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.DTD

Filesize
498B

MD5
90be2701c8112bebc6bd58a7de19846e

SHA1
a95be407036982392e2e684fb9ff6602ecad6f1e

SHA256
644fbcdc20086e16d57f31c5bad98be68d02b1c061938d2f5f91cbe88c871fbf

SHA512
d618b473b68b48d746c912ac5fc06c73b047bd35a44a6efc7a859fe1162d68015cf69da41a5db504dcbc4928e360c095b32a3b7792fcc6a38072e1ebd12e7cbe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML

Filesize
9KB

MD5
7050d5ae8acfbe560fa11073fef8185d

SHA1
5bc38e77ff06785fe0aec5a345c4ccd15752560e

SHA256
cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b

SHA512
a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6o52671h.default-release\activity-stream.discovery_stream.json

Filesize
45KB

MD5
824229d4c53c3017ce5ce18dceb96062

SHA1
b2f6a8d22275e9e6b87f0e8a06cff07b05826bec

SHA256
2750f677e9b2a6f57598e84d3f8087d0e287eb9c96736624d5e4d4d470252688

SHA512
a3c5d9fff0fca9a501117d7bb6a778bd6e87f406dcb2aa1db00cdeb90f28fe09199c8923374c261daf07099e21f09dded41d8049df10bbac5e2ac5bbabb6f837

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
c3e08121cabb9380e3d50cadde97d53a

SHA1
0e666954e83e97e3883e52092fe2be88a520e8f8

SHA256
76e1d3ab7320c4b863adb091b5b77205d81e13eafb539a18ebe3d8ea46b29433

SHA512
9a6ef7710781d2f3a1f873129b21990548c1b275720080d87fe4051b464b0aef4ad8625656c388a65163563c6fb2086c29c01ba5f518c5b9679e7227fcc7941f

Download Submit
C:\Users\Admin\AppData\Local\Temp\TCD5A63.tmp\gb.xsl

Filesize
262KB

MD5
51d32ee5bc7ab811041f799652d26e04

SHA1
412193006aa3ef19e0a57e16acf86b830993024a

SHA256
6230814bf5b2d554397580613e20681752240ab87fd354ececf188c1eabe0e97

SHA512
5fc5d889b0c8e5ef464b76f0c4c9e61bda59b2d1205ac9417cc74d6e9f989fb73d78b4eb3044a1a1e1f2c00ce1ca1bd6d4d07eeadc4108c7b124867711c31810

Download Submit
C:\Users\Admin\AppData\Local\Temp\wmsetup.log

Filesize
1KB

MD5
71ee95fdab4e0d31477ed3fc240676aa

SHA1
0a1306a3dc44fbd6b70baebdf936d48c5c2a4a95

SHA256
20147e7798daa3ea957aeda31ce628e66b43355c98b684ad4c463bfabe44f271

SHA512
b42908a6eeb4ad5d1dba0539bbc0937717da7b9edc2715af45486b1641564b47f66cb718186785e2db4a3c6457e9d2b06a713daf9c495ee6f769d772222cbc7f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Office\Recent\index.dat

Filesize
360B

MD5
63d6420d4d28cb482436888de3c824b0

SHA1
bfc2fce21c14bae06987b39d3f09421b2bd22fd2

SHA256
05ab1e058677b2ee7e83ea76cc29d9652b4508f4d3ff3933c5ca92b21862fcf0

SHA512
b2f528a0dcdbcaab33cb55c91d0b6c4f81041e082f068e1f3721749227130ffba524caf3fae310ca7a4245af1f8847133ca3480221094511f1a5c561817ba894

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Office\Recent\index.dat

Filesize
444B

MD5
1cdff92f06723a034842a785149a7079

SHA1
7803dc0c1299718824f1679ec6807aae95c9f1f6

SHA256
051b3ef78728302bcd0a35185cf841c2e9d60d688e199c7a1a69dc5801c74815

SHA512
5913d24dd8890845ba803b0a3194e92eba1108f64acf392660ace8ca2691f2f7cfb6c56d0762887a6de8d58e476f8b9b32db2e496c6aa7ff5169cc86bbd7b689

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Office\Recent\index.dat

Filesize
530B

MD5
a1aa9c6987eaf07c2e352429c566a44b

SHA1
32b29a6e184fcbfaff48d73fd5222823643f4334

SHA256
abebe9886aaba4bb2aa5fdefb6d80282fad20fa80e4b0ab5e06e90356964d52d

SHA512
3a24451c60b53c701e7ebfdee2691e9e30d66868590991a04cb60d899e5d19db4f3f243a01a2c6e6c3b25f300f3d61bfcedd43114c43e2eb0978f88be4a5b35d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
12KB

MD5
bc18836e3cc274df39bd5f0cd3153405

SHA1
da8633c9d9dd36c9d72e67cceffdb9ec7fb0255a

SHA256
33c31acb006a7807435a36cf70f41dfc6397cbc153227044b6304190e0f52066

SHA512
e0fa12b3a9954a30fae8b9f529e06505219bcdfbdd1a9173acf4bfd6a29cec322cd7df0c64142cd93e332e9918bbba78db9cb25e841a73c3a0324a7e77b0ce60

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
15KB

MD5
f5f7f15249b21ddb022cf8381eac2104

SHA1
e72a41ebd0f369c250b9d45bf28d8fb2588cb107

SHA256
69d1961a3459d9424e388f81125253d7f0dcb9fd9e460c40cf4f0596fa89f0d5

SHA512
d36f03347339a36588b980ae785b2f67de02fd760a45cd4428105ad841c3d74bb06af8b2b67681274fe51f41ca42a3676b69b877dce429fa1d58b250dca15787

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
15KB

MD5
d99f46e1213400b6641103ab19d36f76

SHA1
7aec769efb1e55b13c3953a4b6c3a1a70710b5f7

SHA256
f71e7e25a6c129b7ca63a59035d72c72c6f51cf027f1c6fd2f62624b5439c8b4

SHA512
e6f9c4dc1b6faa1f1f3b13e188cca922ae4600c4a2b1cb9f8f673dc911acb335f3201f2d990cfabd4380705fb33e5a6035eda6c9ca518dba082d3ecc21d67b7b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
15KB

MD5
be865651d8d327cbf98ad2a55a47c659

SHA1
516c1c21b852b593fc9755713c34f776ff51bc4f

SHA256
96ca48fe31a30d2351f7744fad723cdc6179cb449a1add738dc484e3d5e93377

SHA512
ca833f7f2ad627a509ba34267cf823125d53ed5b6a4eef3b1783f41557d2af8da84a088fc7a2e59514a6cabbc6aba07874b1637362d23bb01187fdf33467ba28

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
15KB

MD5
01c3de79441067f0bff1fe4510ea5f48

SHA1
a0763f0390c77b7717171b9cc04353b0dd7ada76

SHA256
f41ce081599d01cc52f2afb0c1ea2a1056b7f0d8fe28cb6d08b2d75c4a5a1d53

SHA512
43d8b8bfc5c61095e51cd106859e36cb9bd9a4491ea63cd6c2e6335ca5c495eafe61bb7b8322e7c7135286c0b51c70d555edaa75c92ce705243385b4a37ed727

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
17KB

MD5
fbb4e36363bda4191355988c8be1ff67

SHA1
94a49e0d1e9e7051cb02ced989f466a6021c7181

SHA256
e20e3fb53dde25ffe08ed71087e951fb86c512889460f1b0462e217b17bd8004

SHA512
f9c2e870a76fb4a2eb05e75066b1bc962aaa2f49cf5c51b160fc2c6d808e57b7c84713d34b524b5e9af1c8dd5448cdb14242e4f645e5b3492f2505a8fd7597eb

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d00655d2aa12ff6d.customDestinations-ms

Filesize
24B

MD5
4fcb2a3ee025e4a10d21e1b154873fe2

SHA1
57658e2fa594b7d0b99d02e041d0f3418e58856b

SHA256
90bf6baa6f968a285f88620fbf91e1f5aa3e66e2bad50fd16f37913280ad8228

SHA512
4e85d48db8c0ee5c4dd4149ab01d33e4224456c3f3e3b0101544a5ca87a0d74b3ccd8c0509650008e2abed65efd1e140b1e65ae5215ab32de6f6a49c9d3ec3ff

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d00655d2aa12ff6d.customDestinations-ms

Filesize
1KB

MD5
26be1b0005c70d36251c495de724d597

SHA1
7bd4a4c33bc558fbfd2cf445b656c48f9751bdfc

SHA256
3d84d6bd76b66270fd7c892638fa5a16ee924a4c54266e42ee05e3762b6d718c

SHA512
e7cbdb50f8a420adb0795de753a5b54411e88405184e8a31a9eee0fc1979709f94b5952d47ac910428c181140402b6c24ed9c3addd7a5aa219bef6562851aacd

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms

Filesize
2KB

MD5
3d80f4ca73006a92924e9df35f028cc6

SHA1
b6cabbbc89a868a463cfaa98c50f6b9e1622eed1

SHA256
d29bf082a6b4cf693319d922d25b69d32b45f3454501d34dc8027119a3d2c596

SHA512
79e3001e8486c4e9e5e05bb3428ed75d9ec5e1a9d55fb02253211cd3ca48fd7eba659c87ed2d3fca64b6a20998cc74cd14f6e319a3f8df75152e1ae4596e86ab

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6o52671h.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
abe59ff0a3be2c5734c85138e31c5293

SHA1
bbe858752ed013fd2e985e1d1336e84c70fbf42e

SHA256
d43e27938152c9c2dfec3642924553ed2d33e82f4c85600b8074b63cd101a1d9

SHA512
ccb89573834192ab5bdd7f75237970ac06e674409106e8d5d85063a639c4bdc57bc386db7852b865d301463a896991328cb0da6f65cfedfbc7779588437b6909

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6o52671h.default-release\datareporting\glean\db\data.safe.tmp

Filesize
23KB

MD5
4cc490a6f761bb93381ba2e57d9e7d3e

SHA1
188338f2360900da57c41690454cc72bd46484a5

SHA256
7aff2992c422a227ae5b698db3802d410be32618c88ea216d9391c8688183b5c

SHA512
fcd06fd783c07b5b06ac311bd67138eb04468dd5ae15a3bd196e7e1c3de149bac16c2f0e4ad978986f40f4e73da2061640cfca67f6075db7ee36ea81435aab71

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6o52671h.default-release\datareporting\glean\db\data.safe.tmp

Filesize
14KB

MD5
878b6ca601662df56d797aa60beae7ca

SHA1
ae8fcb1d73777f742ad28025ce141c4d2f6515c6

SHA256
ef718a242131c85ddb396ab417e3e03c27a2acf536ba8f9185bd5570088836f6

SHA512
652669cd57826bced89c85908f6a7bb4b586720f07d0b6e522c3bbd3a21f4d38fd22277b6126a3d0a2e45488e168031b3a9ea1eb8b8149caf6081548b88504a1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6o52671h.default-release\datareporting\glean\pending_pings\54cb2b25-8c8e-4bd4-8357-f4d874c4cd31

Filesize
27KB

MD5
173d62ddfbc031d628f853c9466dbb3d

SHA1
50b0a8597b7ed363f5cce738de732e3daf91b5ba

SHA256
88f1e820fac44f626ecea6f31a1e8d4afe4ffde024f56b1f2e1603c49f3730ac

SHA512
10b9823b25c3ab7c6e26a1171fe6f7c0fb56b1845cf74aadb2507442813a14839c3ce987176473c82bbb51512ae688b1859ff73d845cd6654f225978f2c49819

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6o52671h.default-release\datareporting\glean\pending_pings\69d10a3d-aa57-4fed-8fd2-5e401b148fa4

Filesize
671B

MD5
54c19bebd7b5ff23953c8ac4ad8c9438

SHA1
304b98a19112c942d9fa8df6b12daefa6287e90e

SHA256
57e1d1f7554a9d24dace8b6dbdbaecee6f610a2bddad447e36a6786aaaabf783

SHA512
8ab0cf37ac52d962be3e0b9be65e0c1e7378a4f01be50533622b855a951cf5e75856a1401e9e68d023c3cc8a5bdbe267eeefc710c7885c4fa27754663ee904d1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6o52671h.default-release\datareporting\glean\pending_pings\f7f7bb54-dc0e-4e53-a80d-16c8fe934a24

Filesize
982B

MD5
20ad79f95e8b9737084b1d33d72524f0

SHA1
5333755472aa415b980de3698a0330e105b1a9c2

SHA256
a7884e45da109d6bbc734582a555f92267b0985ce9c43a157323ffa106b33582

SHA512
3dafe9807ccc0ba11789adccd33ea85abbef610a3819a84366633580ecef1f151ef64adee046536b22068b304794790c9699bd53b4b808f0a0f016af5bc54bdc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6o52671h.default-release\prefs-1.js

Filesize
11KB

MD5
da1f698c7704f5aef3b30443155450b7

SHA1
37d6bc413608f3ec8a685e80a8ec34f7f6508258

SHA256
439be0018c50870dace049dd212018d3fc743de4edccf2308fc005f148c5a60a

SHA512
aeb9939d3dec0fea7b7e590e5dfac8f243b9309050654eb7e84600c957cded9198fc6d1297de63e4ef0f0206999735f10ea5a31f78385b226d7b193226ad4265

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6o52671h.default-release\sessionCheckpoints.json.tmp

Filesize
259B

MD5
700fe59d2eb10b8cd28525fcc46bc0cc

SHA1
339badf0e1eba5332bff317d7cf8a41d5860390d

SHA256
4f5d849bdf4a5eeeb5da8836589e064e31c8e94129d4e55b1c69a6f98fb9f9ea

SHA512
3fa1b3fd4277d5900140e013b1035cb4c72065afcc6b6a8595b43101cfe7d09e75554a877e4a01bb80b0d7a58cdcfe553c4a9ef308c5695c5e77cb0ea99bada4

Download Submit
C:\Users\Admin\Downloads\YouAreAnIdiot-main.zip:Zone.Identifier

Filesize
139B

MD5
83a3af1ae5f6184ff2ce943233552bb8

SHA1
4880e761c788dd8fff3113459bec3e53dab5d7e0

SHA256
60b5509fca3eb1cb3c2a50978936362f44410d282e45e835abb361b69c9df0d1

SHA512
785ab514377167b3f4feab12a85a10e881ee9b9f9cc9c50527bd22aaddef30d686cb350cf9d23ea400f878b852bdf81b3d95ec3b9caa46bf67328f31bc972b95

Download Submit
C:\Users\Admin\Downloads\ZOD-master.zip

Filesize
41KB

MD5
ae6438a5a41352e5b7b37918259bea69

SHA1
684f4e642980875422c1e666ee349d9aee5c337f

SHA256
d53a7858a392b314ef7e63d5d8d2f7fa8b6067dc0b9cc926adf219c0c4c0b768

SHA512
28b14be2cadcc3d37afd2a501e553bb5d8df42cb376609c587348a2bfd3eab35e81b76ff2f61b1951a606739834eda607f9dc4334ea60f00bb806edb269c9784

Download Submit
C:\Users\Admin\Downloads\ransomware-master.zip:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
memory/728-4488-0x00007FFE684C0000-0x00007FFE684D0000-memory.dmp

Filesize
64KB

Download
memory/728-4487-0x00007FFE684C0000-0x00007FFE684D0000-memory.dmp

Filesize
64KB

Download
memory/2136-2145-0x00000000095A0000-0x00000000095B0000-memory.dmp

Filesize
64KB

Download
memory/2136-2150-0x00000000095A0000-0x00000000095B0000-memory.dmp

Filesize
64KB

Download
memory/2136-2151-0x00000000095A0000-0x00000000095B0000-memory.dmp

Filesize
64KB

Download
memory/2136-2146-0x00000000095A0000-0x00000000095B0000-memory.dmp

Filesize
64KB

Download
memory/2136-2148-0x00000000095A0000-0x00000000095B0000-memory.dmp

Filesize
64KB

Download
memory/2136-2149-0x00000000095A0000-0x00000000095B0000-memory.dmp

Filesize
64KB

Download
memory/2136-2147-0x00000000095A0000-0x00000000095B0000-memory.dmp

Filesize
64KB

Download
memory/2136-2144-0x00000000095A0000-0x00000000095B0000-memory.dmp

Filesize
64KB

Download
memory/2136-2143-0x0000000006E90000-0x0000000006EA0000-memory.dmp

Filesize
64KB

Download
memory/3600-4332-0x00007FFE6A7D0000-0x00007FFE6A7E0000-memory.dmp

Filesize
64KB

Download
memory/3600-4331-0x00007FFE6A7D0000-0x00007FFE6A7E0000-memory.dmp

Filesize
64KB

Download
memory/3600-4334-0x00007FFE6A7D0000-0x00007FFE6A7E0000-memory.dmp

Filesize
64KB

Download
memory/3600-4293-0x00007FFE6A7D0000-0x00007FFE6A7E0000-memory.dmp

Filesize
64KB

Download
memory/3600-4291-0x00007FFE6A7D0000-0x00007FFE6A7E0000-memory.dmp

Filesize
64KB

Download
memory/3600-4290-0x00007FFE6A7D0000-0x00007FFE6A7E0000-memory.dmp

Filesize
64KB

Download
memory/3600-4289-0x00007FFE6A7D0000-0x00007FFE6A7E0000-memory.dmp

Filesize
64KB

Download
memory/3600-4292-0x00007FFE6A7D0000-0x00007FFE6A7E0000-memory.dmp

Filesize
64KB

Download
memory/3600-4294-0x00007FFE684C0000-0x00007FFE684D0000-memory.dmp

Filesize
64KB

Download
memory/3600-4295-0x00007FFE684C0000-0x00007FFE684D0000-memory.dmp

Filesize
64KB

Download
memory/3600-4333-0x00007FFE6A7D0000-0x00007FFE6A7E0000-memory.dmp

Filesize
64KB

Download
memory/3636-1572-0x00007FFE6A7D0000-0x00007FFE6A7E0000-memory.dmp

Filesize
64KB

Download
memory/3636-1570-0x00007FFE6A7D0000-0x00007FFE6A7E0000-memory.dmp

Filesize
64KB

Download
memory/3636-1622-0x00007FFE6A7D0000-0x00007FFE6A7E0000-memory.dmp

Filesize
64KB

Download
memory/3636-1619-0x00007FFE6A7D0000-0x00007FFE6A7E0000-memory.dmp

Filesize
64KB

Download
memory/3636-1621-0x00007FFE6A7D0000-0x00007FFE6A7E0000-memory.dmp

Filesize
64KB

Download
memory/3636-1620-0x00007FFE6A7D0000-0x00007FFE6A7E0000-memory.dmp

Filesize
64KB

Download
memory/3636-1576-0x00007FFE684C0000-0x00007FFE684D0000-memory.dmp

Filesize
64KB

Download
memory/3636-1575-0x00007FFE684C0000-0x00007FFE684D0000-memory.dmp

Filesize
64KB

Download
memory/3636-1574-0x00007FFE6A7D0000-0x00007FFE6A7E0000-memory.dmp

Filesize
64KB

Download
memory/3636-1571-0x00007FFE6A7D0000-0x00007FFE6A7E0000-memory.dmp

Filesize
64KB

Download
memory/3636-1573-0x00007FFE6A7D0000-0x00007FFE6A7E0000-memory.dmp

Filesize
64KB

Download
memory/4512-2207-0x00007FFE684C0000-0x00007FFE684D0000-memory.dmp

Filesize
64KB

Download
memory/4512-2198-0x00007FFE6A7D0000-0x00007FFE6A7E0000-memory.dmp

Filesize
64KB

Download
memory/4512-2728-0x00007FFE6A7D0000-0x00007FFE6A7E0000-memory.dmp

Filesize
64KB

Download
memory/4512-2730-0x00007FFE6A7D0000-0x00007FFE6A7E0000-memory.dmp

Filesize
64KB

Download
memory/4512-2727-0x00007FFE6A7D0000-0x00007FFE6A7E0000-memory.dmp

Filesize
64KB

Download
memory/4512-2729-0x00007FFE6A7D0000-0x00007FFE6A7E0000-memory.dmp

Filesize
64KB

Download
memory/4512-2199-0x00007FFE6A7D0000-0x00007FFE6A7E0000-memory.dmp

Filesize
64KB

Download
memory/4512-2200-0x00007FFE6A7D0000-0x00007FFE6A7E0000-memory.dmp

Filesize
64KB

Download
memory/4512-2201-0x00007FFE684C0000-0x00007FFE684D0000-memory.dmp

Filesize
64KB

Download
memory/4512-2196-0x00007FFE6A7D0000-0x00007FFE6A7E0000-memory.dmp

Filesize
64KB

Download
memory/4512-2197-0x00007FFE6A7D0000-0x00007FFE6A7E0000-memory.dmp

Filesize
64KB

Download
memory/5972-2737-0x00007FFE684C0000-0x00007FFE684D0000-memory.dmp

Filesize
64KB

Download
memory/5972-2736-0x00007FFE684C0000-0x00007FFE684D0000-memory.dmp

Filesize
64KB

Download