hxxp://exitlag

Analysis

max time kernel
137s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
21-08-2024 10:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://exitlag

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 4 IoCs

pid	Process
2612	SetupExitLag-5.7.4-x64.exe
6068	SetupExitLag-5.7.4-x64.tmp
5832	DriverCacheCleaner.exe
692	snetcfg.exe

Drops file in System32 directory 26 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\ndextlag_lwf.inf_amd64_17444b81168ee7c2\ndextlag_lwf.PNF	snetcfg.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{7d2fa873-57db-2545-a0f6-a6eb2f4eabb8}\SET9B5C.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\ndextlag_lwf.inf_amd64_17444b81168ee7c2\ndextlag.sys	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\ndextlag_lwf.inf_amd64_17444b81168ee7c2\ndextlag.cat	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{7d2fa873-57db-2545-a0f6-a6eb2f4eabb8}\SET9B6D.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{7d2fa873-57db-2545-a0f6-a6eb2f4eabb8}\ndextlag.sys	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{7d2fa873-57db-2545-a0f6-a6eb2f4eabb8}	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{7d2fa873-57db-2545-a0f6-a6eb2f4eabb8}\SET9B6D.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\FileRepository\ndiscap.inf_amd64_a009d240f9b4a192\ndiscap.PNF	snetcfg.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netpacer.inf_amd64_7d294c7fa012d315\netpacer.PNF	snetcfg.exe
File opened for modification	C:\Windows\System32\CatRoot2\dberr.txt	DrvInst.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netnb.inf_amd64_0dc913ad00b14824\netnb.PNF	snetcfg.exe
File created	C:\Windows\System32\DriverStore\FileRepository\wfpcapture.inf_amd64_54cf91ab0e4c9ac2\wfpcapture.PNF	snetcfg.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{7d2fa873-57db-2545-a0f6-a6eb2f4eabb8}\ndextlag_lwf.inf	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{7d2fa873-57db-2545-a0f6-a6eb2f4eabb8}\SET9B6C.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netserv.inf_amd64_73adce5afe861093\netserv.PNF	snetcfg.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netrass.inf_amd64_7f701cb29b5389d3\netrass.PNF	snetcfg.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netnwifi.inf_amd64_a2bfd066656fe297\netnwifi.PNF	snetcfg.exe
File created	C:\Windows\System32\DriverStore\Temp\{7d2fa873-57db-2545-a0f6-a6eb2f4eabb8}\SET9B5C.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{7d2fa873-57db-2545-a0f6-a6eb2f4eabb8}\ndextlag.cat	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\ndextlag_lwf.inf_amd64_17444b81168ee7c2\ndextlag_lwf.inf	DrvInst.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netvwififlt.inf_amd64_c5e19aab2305f37f\netvwififlt.PNF	snetcfg.exe
File created	C:\Windows\System32\DriverStore\FileRepository\c_netservice.inf_amd64_9ab9cf10857f7349\c_netservice.PNF	snetcfg.exe
File created	C:\Windows\System32\DriverStore\Temp\{7d2fa873-57db-2545-a0f6-a6eb2f4eabb8}\SET9B6C.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\drvstore.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\FileRepository\netbrdg.inf_amd64_8a737d38f201aeb1\netbrdg.PNF	snetcfg.exe

Probable phishing domain 1 TTPs 1 IoCs

Phishing

T1566

description	flow	ioc	stream
HTTP URL	55	https://www.exitlag.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=8b69e0487bd1beb9	3

Drops file in Windows directory 5 IoCs

description	ioc	Process
File opened for modification	C:\Windows\INF\setupapi.dev.log	snetcfg.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	svchost.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	DrvInst.exe
File opened for modification	C:\Windows\inf\oem3.inf	DrvInst.exe
File created	C:\Windows\inf\oem3.inf	DrvInst.exe

Launches sc.exe 1 IoCs

Sc.exe is a Windows utlilty to control services on the system.

pid	Process
1096	sc.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SetupExitLag-5.7.4-x64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SetupExitLag-5.7.4-x64.tmp

Checks SCSI registry key(s) 3 TTPs 26 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\CompatibleIDs	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Phantom	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Phantom	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	DrvInst.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies data under HKEY_USERS 41 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	DrvInst.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-656926755-4116854191-210765258-1000\{A57C490A-DE21-4658-9530-3D327CEFEC6C}	msedge.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 55572.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 16 IoCs

pid	Process
3612	msedge.exe
3612	msedge.exe
3752	msedge.exe
3752	msedge.exe
4768	msedge.exe
4768	msedge.exe
4224	identity_helper.exe
4224	identity_helper.exe
5892	msedge.exe
5892	msedge.exe
4980	msedge.exe
4980	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 35 IoCs

pid	Process
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe

Suspicious use of AdjustPrivilegeToken 8 IoCs

description	pid	Process
Token: 33	4128	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4128	AUDIODG.EXE
Token: SeRestorePrivilege	1900	7zG.exe
Token: 35	1900	7zG.exe
Token: SeSecurityPrivilege	1900	7zG.exe
Token: SeSecurityPrivilege	1900	7zG.exe
Token: SeAuditPrivilege	6132	svchost.exe
Token: SeSecurityPrivilege	6132	svchost.exe

Suspicious use of FindShellTrayWindow 58 IoCs

pid	Process
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
1900	7zG.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe
3752	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3752 wrote to memory of 804	3752	msedge.exe	84
PID 3752 wrote to memory of 804	3752	msedge.exe	84
PID 3752 wrote to memory of 4060	3752	msedge.exe	86
PID 3752 wrote to memory of 4060	3752	msedge.exe	86
PID 3752 wrote to memory of 4060	3752	msedge.exe	86
PID 3752 wrote to memory of 4060	3752	msedge.exe	86
PID 3752 wrote to memory of 4060	3752	msedge.exe	86
PID 3752 wrote to memory of 4060	3752	msedge.exe	86
PID 3752 wrote to memory of 4060	3752	msedge.exe	86
PID 3752 wrote to memory of 4060	3752	msedge.exe	86
PID 3752 wrote to memory of 4060	3752	msedge.exe	86
PID 3752 wrote to memory of 4060	3752	msedge.exe	86
PID 3752 wrote to memory of 4060	3752	msedge.exe	86
PID 3752 wrote to memory of 4060	3752	msedge.exe	86
PID 3752 wrote to memory of 4060	3752	msedge.exe	86
PID 3752 wrote to memory of 4060	3752	msedge.exe	86
PID 3752 wrote to memory of 4060	3752	msedge.exe	86
PID 3752 wrote to memory of 4060	3752	msedge.exe	86
PID 3752 wrote to memory of 4060	3752	msedge.exe	86
PID 3752 wrote to memory of 4060	3752	msedge.exe	86
PID 3752 wrote to memory of 4060	3752	msedge.exe	86
PID 3752 wrote to memory of 4060	3752	msedge.exe	86
PID 3752 wrote to memory of 4060	3752	msedge.exe	86
PID 3752 wrote to memory of 4060	3752	msedge.exe	86
PID 3752 wrote to memory of 4060	3752	msedge.exe	86
PID 3752 wrote to memory of 4060	3752	msedge.exe	86
PID 3752 wrote to memory of 4060	3752	msedge.exe	86
PID 3752 wrote to memory of 4060	3752	msedge.exe	86
PID 3752 wrote to memory of 4060	3752	msedge.exe	86
PID 3752 wrote to memory of 4060	3752	msedge.exe	86
PID 3752 wrote to memory of 4060	3752	msedge.exe	86
PID 3752 wrote to memory of 4060	3752	msedge.exe	86
PID 3752 wrote to memory of 4060	3752	msedge.exe	86
PID 3752 wrote to memory of 4060	3752	msedge.exe	86
PID 3752 wrote to memory of 4060	3752	msedge.exe	86
PID 3752 wrote to memory of 4060	3752	msedge.exe	86
PID 3752 wrote to memory of 4060	3752	msedge.exe	86
PID 3752 wrote to memory of 4060	3752	msedge.exe	86
PID 3752 wrote to memory of 4060	3752	msedge.exe	86
PID 3752 wrote to memory of 4060	3752	msedge.exe	86
PID 3752 wrote to memory of 4060	3752	msedge.exe	86
PID 3752 wrote to memory of 4060	3752	msedge.exe	86
PID 3752 wrote to memory of 3612	3752	msedge.exe	87
PID 3752 wrote to memory of 3612	3752	msedge.exe	87
PID 3752 wrote to memory of 3092	3752	msedge.exe	88
PID 3752 wrote to memory of 3092	3752	msedge.exe	88
PID 3752 wrote to memory of 3092	3752	msedge.exe	88
PID 3752 wrote to memory of 3092	3752	msedge.exe	88
PID 3752 wrote to memory of 3092	3752	msedge.exe	88
PID 3752 wrote to memory of 3092	3752	msedge.exe	88
PID 3752 wrote to memory of 3092	3752	msedge.exe	88
PID 3752 wrote to memory of 3092	3752	msedge.exe	88
PID 3752 wrote to memory of 3092	3752	msedge.exe	88
PID 3752 wrote to memory of 3092	3752	msedge.exe	88
PID 3752 wrote to memory of 3092	3752	msedge.exe	88
PID 3752 wrote to memory of 3092	3752	msedge.exe	88
PID 3752 wrote to memory of 3092	3752	msedge.exe	88
PID 3752 wrote to memory of 3092	3752	msedge.exe	88
PID 3752 wrote to memory of 3092	3752	msedge.exe	88
PID 3752 wrote to memory of 3092	3752	msedge.exe	88
PID 3752 wrote to memory of 3092	3752	msedge.exe	88
PID 3752 wrote to memory of 3092	3752	msedge.exe	88
PID 3752 wrote to memory of 3092	3752	msedge.exe	88
PID 3752 wrote to memory of 3092	3752	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://exitlag
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8540646f8,0x7ff854064708,0x7ff854064718
  2⤵
  PID:804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,591145967496495721,5246232684976070278,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
  2⤵
  PID:4060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,591145967496495721,5246232684976070278,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2052,591145967496495721,5246232684976070278,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2900 /prefetch:8
  2⤵
  PID:3092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,591145967496495721,5246232684976070278,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
  2⤵
  PID:4300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,591145967496495721,5246232684976070278,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
  2⤵
  PID:2612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,591145967496495721,5246232684976070278,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4152 /prefetch:1
  2⤵
  PID:4476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,591145967496495721,5246232684976070278,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4768 /prefetch:1
  2⤵
  PID:3688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,591145967496495721,5246232684976070278,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3600 /prefetch:1
  2⤵
  PID:628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,591145967496495721,5246232684976070278,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4748 /prefetch:1
  2⤵
  PID:2892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,591145967496495721,5246232684976070278,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:3748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,591145967496495721,5246232684976070278,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5304 /prefetch:1
  2⤵
  PID:4496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,591145967496495721,5246232684976070278,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5276 /prefetch:1
  2⤵
  PID:4572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,591145967496495721,5246232684976070278,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3580 /prefetch:1
  2⤵
  PID:4216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,591145967496495721,5246232684976070278,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5716 /prefetch:1
  2⤵
  PID:3456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2052,591145967496495721,5246232684976070278,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5028 /prefetch:8
  2⤵
  PID:4588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2052,591145967496495721,5246232684976070278,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5588 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:4768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,591145967496495721,5246232684976070278,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3444 /prefetch:1
  2⤵
  PID:1124
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,591145967496495721,5246232684976070278,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5312 /prefetch:8
  2⤵
  PID:2320
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,591145967496495721,5246232684976070278,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5312 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,591145967496495721,5246232684976070278,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5772 /prefetch:1
  2⤵
  PID:5488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,591145967496495721,5246232684976070278,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3972 /prefetch:1
  2⤵
  PID:6056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,591145967496495721,5246232684976070278,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6100 /prefetch:1
  2⤵
  PID:5252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,591145967496495721,5246232684976070278,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6188 /prefetch:1
  2⤵
  PID:5256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,591145967496495721,5246232684976070278,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3580 /prefetch:1
  2⤵
  PID:5852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,591145967496495721,5246232684976070278,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6088 /prefetch:1
  2⤵
  PID:2560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,591145967496495721,5246232684976070278,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
  2⤵
  PID:6080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,591145967496495721,5246232684976070278,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6804 /prefetch:1
  2⤵
  PID:2740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,591145967496495721,5246232684976070278,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1788 /prefetch:1
  2⤵
  PID:1616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,591145967496495721,5246232684976070278,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6280 /prefetch:1
  2⤵
  PID:5776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,591145967496495721,5246232684976070278,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4668 /prefetch:1
  2⤵
  PID:4216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,591145967496495721,5246232684976070278,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7008 /prefetch:1
  2⤵
  PID:2140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,591145967496495721,5246232684976070278,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6712 /prefetch:1
  2⤵
  PID:6100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,591145967496495721,5246232684976070278,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6224 /prefetch:1
  2⤵
  PID:5656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,591145967496495721,5246232684976070278,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6984 /prefetch:1
  2⤵
  PID:5800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,591145967496495721,5246232684976070278,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5020 /prefetch:1
  2⤵
  PID:3028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,591145967496495721,5246232684976070278,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6896 /prefetch:1
  2⤵
  PID:5536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,591145967496495721,5246232684976070278,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1704 /prefetch:1
  2⤵
  PID:3628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2052,591145967496495721,5246232684976070278,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5392 /prefetch:8
  2⤵
  PID:1928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,591145967496495721,5246232684976070278,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6092 /prefetch:1
  2⤵
  PID:5288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2052,591145967496495721,5246232684976070278,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4152 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2052,591145967496495721,5246232684976070278,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5520 /prefetch:8
  2⤵
  PID:3968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2052,591145967496495721,5246232684976070278,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5564 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4980
- C:\Users\Admin\Downloads\SetupExitLag-5.7.4-x64.exe
  "C:\Users\Admin\Downloads\SetupExitLag-5.7.4-x64.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:2612
- - C:\Users\Admin\AppData\Local\Temp\is-CMI3F.tmp\SetupExitLag-5.7.4-x64.tmp
    "C:\Users\Admin\AppData\Local\Temp\is-CMI3F.tmp\SetupExitLag-5.7.4-x64.tmp" /SL5="$1201D2,75552511,799744,C:\Users\Admin\Downloads\SetupExitLag-5.7.4-x64.exe"
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:6068
  - - C:\Windows\SYSTEM32\sc.exe
      "sc.exe" query ExitLagPmService
      4⤵
      Launches sc.exe
      PID:1096
  - - C:\Users\Admin\AppData\Local\Temp\is-CG62S.tmp\DriverCacheCleaner.exe
      "C:\Users\Admin\AppData\Local\Temp\is-CG62S.tmp\DriverCacheCleaner.exe"
      4⤵
      Executes dropped EXE
      PID:5832
  - - C:\Users\Admin\AppData\Local\Temp\is-CG62S.tmp\WinpkFilter\lwf\win10\amd64\snetcfg.exe
      "C:\Users\Admin\AppData\Local\Temp\is-CG62S.tmp\WinpkFilter\lwf\win10\amd64\snetcfg.exe" -v -l ndextlag_lwf.inf -c s -i nt_ndextlag
      4⤵
      Executes dropped EXE
      Drops file in System32 directory
      Drops file in Windows directory
      PID:692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,591145967496495721,5246232684976070278,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5416 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,591145967496495721,5246232684976070278,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6960 /prefetch:1
  2⤵
  PID:5616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,591145967496495721,5246232684976070278,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1940 /prefetch:1
  2⤵
  PID:2524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,591145967496495721,5246232684976070278,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5796 /prefetch:1
  2⤵
  PID:4504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,591145967496495721,5246232684976070278,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6340 /prefetch:1
  2⤵
  PID:5676

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2560

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4464

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4fc 0x338
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4128

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3424

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\release\" -ad -an -ai#7zMap23878:76:7zEvent27113
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:1900

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\release\release\run.bat" "
1⤵
PID:4948
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c ver
  2⤵
  PID:5868
- C:\Windows\System32\reg.exe
  reg query "HKCU\Console" /v ForceV2
  2⤵
  PID:5908
- C:\Windows\System32\find.exe
  find /i "0x0"
  2⤵
  PID:5916
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /S /D /c" echo "C:\Users\Admin\Downloads\release\release\run.bat" "
  2⤵
  PID:4424
- C:\Windows\System32\find.exe
  find /i "C:\Users\Admin\AppData\Local\Temp"
  2⤵
  PID:1384
- C:\Windows\System32\reg.exe
  reg query HKU\S-1-5-19
  2⤵
  PID:3512
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c reg query "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders" /v Desktop
  2⤵
  PID:6068
- - C:\Windows\System32\reg.exe
    reg query "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders" /v Desktop
    3⤵
    PID:2648
- C:\Windows\System32\mode.com
  mode 76, 30
  2⤵
  PID:628
- C:\Windows\System32\choice.exe
  choice /C:123456 /N
  2⤵
  PID:1276

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch -p -s DeviceInstall
1⤵
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Suspicious use of AdjustPrivilegeToken
PID:6132
- C:\Windows\system32\DrvInst.exe
  DrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{70ffb179-77a9-1b4a-856f-55f3ffac8101}\ndextlag_lwf.inf" "9" "40bceb5f7" "0000000000000138" "WinSta0\Default" "0000000000000150" "208" "C:\Users\Admin\AppData\Local\Temp\is-CG62S.tmp\WinpkFilter\lwf\win10\amd64"
  2⤵
  - Drops file in System32 directory
  - Drops file in Windows directory
  - Checks SCSI registry key(s)
  - Modifies data under HKEY_USERS
  PID:5768

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Phishing

T1566

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9e3fc58a8fb86c93d19e1500b873ef6f

SHA1
c6aae5f4e26f5570db5e14bba8d5061867a33b56

SHA256
828f4eacac1c40b790fd70dbb6fa6ba03dcc681171d9b2a6579626d27837b1c4

SHA512
e5e245b56fa82075e060f468a3224cf2ef43f1b6d87f0351a2102d85c7c897e559be4caeaecfdc4059af29fdc674681b61229319dda95cb2ee649b2eb98d313e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
27304926d60324abe74d7a4b571c35ea

SHA1
78b8f92fcaf4a09eaa786bbe33fd1b0222ef29c1

SHA256
7039ad5c2b40f4d97c8c2269f4942be13436d739b2e1f8feb7a0c9f9fdb931de

SHA512
f5b6181d3f432238c7365f64fc8a373299e23ba8178bcc419471916ef8b23e909787c7c0617ab22e4eb90909c02bd7b84f1386fbc61e2bdb5a0eb474175da4bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\283b1c40-bbcf-473f-a91b-dbfed7779213.tmp

Filesize
6KB

MD5
c4374578975511335226050779aaeb43

SHA1
63caa94a03c9eec23b8af3ddb91da4f5e63cdddd

SHA256
866ed17716e4a3a9822dce19434cfa2ee19ca993ca8f93b7a770e554d5332363

SHA512
be4653c51cf2b2e55e4b61b2e6736a926a23f1426681266ed015ea4354e9a63c1c7aaad19862ffde9aca9878823c873a08c30997cec5c58209c19b5fcb8893ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
67KB

MD5
4bb360ae7e6ad48f41e6e661dc509bc9

SHA1
e6b8d6b2466d7c701dd2a651d7336a41c079d998

SHA256
39d340184c17611060bc98bdb9e79f805a4ac94299a957850e25a709c50236b3

SHA512
adce176f426c1e1908bb707d3a608bbaa40fbbf69bf0d104bf3f0db0b2f567cc4e5ecb274459023b1918d93df6a4a78198308f3de609c73b006ced2e280ee56b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
43KB

MD5
e352d970a4f70796e375f56686933101

SHA1
20638161142277687374c446440c3239840362b4

SHA256
8a346ccc26d3ae6ded2665b27b443d6f17580650d3fdd44ef1bb6305bee37d52

SHA512
b2c95bc6a7bd4cc5ef1d7ea17d839219a1aa5eba6baeb5eab6a57ec0a7adbc341eb7c4d328bcc03476d73fd4d70f3a4bdec471a22f9eb3e42eb2cae94eeb1ccc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
19KB

MD5
76a3f1e9a452564e0f8dce6c0ee111e8

SHA1
11c3d925cbc1a52d53584fd8606f8f713aa59114

SHA256
381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c

SHA512
a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
88KB

MD5
b38fbbd0b5c8e8b4452b33d6f85df7dc

SHA1
386ba241790252df01a6a028b3238de2f995a559

SHA256
b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd

SHA512
546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
1.2MB

MD5
ae79a3e945e45f571fdf9ab94bcab4ee

SHA1
eac343e9f3660f78ea5e2f1bd634c8123f207642

SHA256
039c61c90725ad5a7422c5f00cc6d85ff2c57e3f7697b75ec57668e62fc209f7

SHA512
0bfd27261eae0cc6462b71fce73461639fd1b6071797b29e047b16940ce25e79bb50032c289401fef4a10d22f0b1afd801dc9d29e0dbc085486d5fdeb88cb814

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
43KB

MD5
d9b427d32109a7367b92e57dae471874

SHA1
ce04c8aeb6d89d0961f65b28a6f4a03381fc9c39

SHA256
9b02f8fe6810cacb76fbbcefdb708f590e22b1014dcae2732b43896a7ac060f3

SHA512
dcabc4223745b69039ea6a634b2c5922f0a603e5eeb339f42160adc41c33b74911bb5a3daa169cd01c197aeaca09c5e4a34e759b64f552d15f7a45816105fb07

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
73KB

MD5
cf604c923aae437f0acb62820b25d0fd

SHA1
84db753fe8494a397246ccd18b3bb47a6830bc98

SHA256
e2b4325bb9a706cbfba8f39cca5bde9dae935cbb1d6c8a562c62e740f2208ab4

SHA512
754219b05f2d81d11f0b54e5c7dd687bd82aa59a357a3074bca60fefd3a88102577db8ae60a11eb25cc9538af1da39d25fa6f38997bdc8184924d0c5920e89c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
27KB

MD5
c3bd38af3c74a1efb0a240bf69a7c700

SHA1
7e4b80264179518c362bef5aa3d3a0eab00edccd

SHA256
1151160e75f88cbc8fe3ada9125cc2822abc1386c0eab7a1d5465cfd004522c8

SHA512
41a2852c8a38700cf4b38697f3a6cde3216c50b7ed23d80e16dea7f5700e074f08a52a10ba48d17111bb164c0a613732548fe65648658b52db882cacb87b9e8e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

Filesize
37KB

MD5
25c164c17e9d2475837bd5b9d822aeeb

SHA1
0b5fc6247afc76aaef44cf13418754221a8bc70b

SHA256
51351d1af0a1f2c2249a0c958364f8637ce8c74bc9dd45990c55667423cfd6e2

SHA512
5d0d08caa9c715001b56cf40f800c9db0d39ec8d27357a68773666d93a929c6d46783b435af8476015de619af5c3d7e40a15c1c46a7f5ce8553944e0db115935

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

Filesize
37KB

MD5
48f925eefce06701a10bb34743596ef6

SHA1
3271af5587fb44878f2355cb99cc2a5a915706fd

SHA256
85712a77e89fff00123155170da85c01b812e5b68de05a05f59c71fcba597a17

SHA512
76993db32748cf3f3295318b153ab6fd85d18a624f5b75d85d2e8c7b39f5d19003cb10c659173dee6a87aec02ce30f3f3219ca9bfae0996e37db64fd6b446d6e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

Filesize
21KB

MD5
7715176f600ed5d40eaa0ca90f7c5cd7

SHA1
00fdb1d5b1421ea03d2d33542a4eaf7ac543d3d0

SHA256
154632629a0698587e95c608e6ed5f232e2ba1a33d7c07fea862a25293a9926e

SHA512
799cfee1969b6137813c98b83b90052c04527b273156f577841b64828c07c4e6a3913a6ddd49ae5021ed54a367ddbc5ab2193226960b0ffe9a618c663c8d8a1c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

Filesize
20KB

MD5
2f0cb4a501c76993f5ab360291384aea

SHA1
cca34788d5ad38c56868e3cb046f79e0c38e3102

SHA256
0f765c5719d516d59250896d5aa283527ebc7e6779504c6562f4f2c04246af2a

SHA512
dbfab771c875d04b3db32574bad4429d58f16eb194034c201746f7cda29174dce73f6513dae0e45a919cda6dff1d6e79aebc1576ec231310d8d910c7354804cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019

Filesize
18KB

MD5
2e23d6e099f830cf0b14356b3c3443ce

SHA1
027db4ff48118566db039d6b5f574a8ac73002bc

SHA256
7238196a5bf79e1b83cacb9ed4a82bf40b32cd789c30ef790e4eac0bbf438885

SHA512
165b1de091bfe0dd9deff0f8a3968268113d95edc9fd7a8081b525e0910f4442cfb3b4f5ac58ecfa41991d9dcabe5aa8b69f7f1c77e202cd17dd774931662717

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a

Filesize
57KB

MD5
7e21b212cb697ee8dc11eb5d6318af30

SHA1
019139f1d160a7923d20dab67fb286a1e453285f

SHA256
c7bc66711c2ec323863307b2cb6d6b0175082f35d34c40c33befe11b86051baf

SHA512
9b8f1f8d9c5e1c39644b327b273850c5b2b403742b13222fcffa7ae074fe7040d0d0e05bc8f5986772f9106297dcf487c4f8367f249cf091300209b17459a697

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001b

Filesize
53KB

MD5
cfff8fc00d16fc868cf319409948c243

SHA1
b7e2e2a6656c77a19d9819a7d782a981d9e16d44

SHA256
51266cbe2741a46507d1bb758669d6de3c2246f650829774f7433bc734688a5a

SHA512
9d127abfdf3850998fd0d2fb6bd106b5a40506398eb9c5474933ff5309cdc18c07052592281dbe1f15ea9d6cb245d08ff09873b374777d71bbbc6e0594bde39b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001c

Filesize
137KB

MD5
a336ad7a2818eb9c1d9b7d0f4cc7d456

SHA1
d5280cb38af2010e0860b7884a23de0484d18f62

SHA256
83bdfb7d266fd8436312f6145c1707ddf0fb060825527acfe364c5db859887a3

SHA512
fa69455b3bfc162ab86a12332fe13322dfd8749be456779c93a6ab93e1d628e246a31a0a55cdba0c45adb3085acd62ba0a094b2115529d70cb9f693f3b1da327

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d

Filesize
28KB

MD5
de4a351d06bde1b5d7e51567ab35e701

SHA1
4705e9e363ad3fbe880840a2a4b74b578ede6360

SHA256
0eaf10f098db5c9857d9f130a29ad76f4eb4cfede74ca154f01793bebe6edc4e

SHA512
750953888c281e3de9d5fb829aaafa911ee550415c4c06d74ab842a989041cc19db34b55d6b32d64a062d5963a86fc106cbd5bc173813c41b35ac447a607ac6a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000027

Filesize
34KB

MD5
d85228f488a2de9fa77236c11d00d269

SHA1
572e44f6df0a7c838af4dcca71ed801d768e2c4c

SHA256
6bd9e29532bb993a8cc7b919cd17f5f0b0c43b4bf4fe61d7978d9196a7aa5025

SHA512
3d0b8919c1b6afd062a2bc8493ade35b01463a9d3eaf9eff12eca121e66db6f9168a8197e8261afbe2f3533de840bdbb81be16ba1426f6e87014e323c9215581

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000029

Filesize
29KB

MD5
172e106fa0bea424dbbe5d4135ed068c

SHA1
1581908525bd10094d82bbef7a9c7246c0eb1827

SHA256
6ef5e16c128b7ad19d553cd889bb66c72c6ba52bde55c086576fee7506420a69

SHA512
f21a7fb9838bb25abe6bbf94d709043649be8283de9883ffaac24f1a67308e039e550f3e2ed1510fb56c9ab812ec72f43e719bd8f10c7d19f6c15e7c6a1b8423

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002f

Filesize
16KB

MD5
9148604f45c79d0647780dcde7080ed2

SHA1
cee3c969d936e06019ab44a9eebd549b9e25c0af

SHA256
332fb8271e3e531a2064f4638d531a1b6c7aab5c4496d62edb753dac0fcb2c4c

SHA512
2316515ed943c5cc1d799e664b90e8b201a8ea4de2268a43d27dab52c858f8797926e3d0ab8d6a2c38b088bf6a24a3b6c33a66cbaffb8741020831b64d883c60

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000040

Filesize
23KB

MD5
bc715e42e60059c3ea36cd32bfb6ebc9

SHA1
b8961b23c29b9769100116ba0da44f13a24a3dd4

SHA256
110ccd760150c6ac29c987ee2b8f7c56772036f6fe74ff2fb56c094849912745

SHA512
5c0edd336a6d892f0163aa183e5482313dd86f9f5b2d624b3c4529692d70720f4823808f10ee7870fd9368b24de752b343570419fd244c33ad2d9cc86007bedc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000045

Filesize
34KB

MD5
82768eeea14eeb44db3787b39f20a05d

SHA1
50ed1420ef48fe83d9f98d132c6d2b726d17124b

SHA256
65af0ef66ac2ec552e561cf6df9f1ad53796c552250089ed196eec4968d776b3

SHA512
8dd841942107ebb0b0193146960d9862555b226b710bb3f0e947a58475ac82dc1e49a44917733f0b33f751ea18d14394cdb37ab5fdb50be029cb2992a567e6fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000046

Filesize
26KB

MD5
fa276409f512c2a62b1757109b86a97c

SHA1
f36157aec16a6bb625eeec957864b7c9536da89b

SHA256
874a010ef626e7db23a55a40a0fe2eb9f831e1e3925140753bc819e5582f76e2

SHA512
e35ba9365c0779042dcf5edb0bea1197f6bb0f787c456dddb41a58c7426db6ed98d2d256a50384899b1bf060cd67571e59d152b4d75f8ee31179a6563227699c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000047

Filesize
55KB

MD5
0728625a147ca79276a1790b9cf3175d

SHA1
60d4d776f49c7e1627a935314230dce18fb3b382

SHA256
a9a1ce7d77f651dd85dbbbda3c151024e47c5c85569801c994cca98c52e3da71

SHA512
647fa86e7a24bad9b8e4664dfdde280fb2df9c0b58cda936a1671d4bc3a4cc314f0ae231bd26fcacffad0a428b9891cd04df63c6631e2aa6d18d8cbde5b654b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000048

Filesize
44KB

MD5
e534142e9e56ad53e2fa94d10e8090dc

SHA1
c6ce941576981701365c8294fbbcb022cb2dba5b

SHA256
4b6290e442034fb106f167d83cca5ab38d78e12cc0075a2d39aa9c5c7c7fb534

SHA512
31d8e9a9c3b27ee8ca6e4521a91f81505b7ed9171316ed4d4e439ef0761c348ab7daefd5b228d092599bf53f73ea1717a9b883c500ab218306ae685a6cb44192

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000049

Filesize
20KB

MD5
4764088e04d1778d162e17e839de84d3

SHA1
c8983054cb94b08fe3e09e9cbc1a422fd5660834

SHA256
8bbce434214a394d407c05d50ec12b676b75127194c1c4540222134e739db62a

SHA512
a92dc3cd9a7c44b7e810e256376cdc870cf702cf925324b4da164980f17564619eb89392580f6a9a1c3f572daf53f13ea6ad915e0b78467754ba9eb70e81b355

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004a

Filesize
91KB

MD5
a8d5e62c26cb685634ad182cfc879051

SHA1
c088e73fe34cd65052a101060b8cfbd60c315548

SHA256
99301c262b30bea71d9764d694104e167eaae792f048f3f40942031365b06e35

SHA512
6fbbb728a42210c70dff3f1e781a356271a49491d8100c4293bdef6904978a78236c6329cd5d0a9dec2a2540d0f5eb3abb42db0bae6484606fcb54492a95421b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004b

Filesize
18KB

MD5
895e776fb8b214423e82fca709cead36

SHA1
42a640d54f378c084af5d02b5d8caac36d323783

SHA256
4160d856c65dbb3610d3021f31db3cad27ebdb5f4ad032dbb7344233ea4281c7

SHA512
a371bfe133b28f29901efda21494deef277ccd36bcb8338ef79c50f38ecc5795854d3e1416163dc679ab87bceadcd57da44338eb5ae0d9f4f8886b0fb926ed0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004c

Filesize
108KB

MD5
090352301032a30a5730e0267444aa2a

SHA1
87fb86875bcf39806b9fa3f1bd6f1d80916597c7

SHA256
410ce82caf168176a0c41908a090068999eebc04b62892061053cd76e653118a

SHA512
d789587dfed754ef845831464c7e3322f4dbff4cac1b907196ccecd2e1a93c49203c43130026a0d8da753001bad43bcb31c9beee9c489f44783ed3fd8db84cb8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004d

Filesize
48KB

MD5
95d781fe99ae6d5a586193679fbe501e

SHA1
1109fa0db284313316ba08ef8476a386c3833070

SHA256
8503b6c9ea5c919debb7781a2e63c7de4f269fba88da502127f72aa11aa70728

SHA512
463747d39fdb31888a9139ae8529c94f6fe69f3807a5cbac13e8a029f1b742a3bd0dcc7d2a1e7ce11101d4897deda0b84335e80fc8da8b5ba8fb7a07253cb5a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004e

Filesize
43KB

MD5
c707b4b7968375c7de70d064e93f1d01

SHA1
cec5ab48fc3231a483818b9889e8882cf42e7340

SHA256
34c0c3e70096b0c8d73b17e3a6942d33cf24bfb4355b59b50333d6d10269d89e

SHA512
39ab15a27808804741622f4bf0956fec210bb140ab3cbdc8226e31fa7ba0ecce53886ecc04ecb26f3f20f14b88afdac5b15c26ffcfef88e3115e1751e3fe0983

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004f

Filesize
106KB

MD5
be177072d64406c68eb63f289469eb1b

SHA1
e6c6492c81e7a7d63bf45923b5019c62970af177

SHA256
641db59ede80ef6a4c16e8ced93920cfa57f3cb0328745c7016ea2944e0abbf0

SHA512
ee8adfe8988644fecbfd951805bdfe67fbfa630f4df73b14d752e3cdeb7b7ae1b668134cea5c8b5ab5e1c7c13f3a0958fcbad42679b62ed1579e50c453be789a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000050

Filesize
69KB

MD5
f4c240e0a6b2cc36eae9b64e7942f6e0

SHA1
28a12dc42a0cbe673b8bb9cf9da07bcecde846c2

SHA256
96c075323b5f3ce0201dd3d6c17ae13c1cd55a10ea6d3b4a9ee2ec19aa9624a4

SHA512
db0fcd2e367af14811a33c08fea2fd8f6ba0a2882cdf4a32db96818156d9255f82f58275aa955a27e6dfe1840507400ab55ab01af2b090b3f23ea5fa9a9f72de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000051

Filesize
57KB

MD5
c7499ca185afb8a4b149196d729b7d1a

SHA1
515a63fde84030ddad31b84390f9ab655637705a

SHA256
517f12733d8c3f36f4acf51221bba37f77af472a283b7e65e9c6fa6ec8615ead

SHA512
4737416dae70e637999ec218c38d176ce2571cfe892b704bcb3a68cfe4c0a8a2deea50f9e1cfc2f70da05126d748df73747e19d72f983eb335ddd350068e23e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000052

Filesize
21KB

MD5
d86e0c601bfc056dc702489b357b4fcb

SHA1
7102b068df37d6d765b822aa1d37ea19f0e03e1e

SHA256
f8cdf487527eb6ab165bca4371fdf7615662c524ac97be5eb69ec0f07cf7e635

SHA512
4975ab352c5e907ac4e124b50ddb6c51c59361e5321874edb716cef8009fcf785bc270c1eb8224c190b5855e171c33b32c7fdc015e34bbf9bc39e64ce6d5c385

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000053

Filesize
26KB

MD5
790bc527aa7cc08b417e0fdd6d9232bb

SHA1
bf0356d4b8f2b626a788b91969dcdf5dfeaf7fc8

SHA256
f4961015ac8f30cc0db2bc2f5a7d17edd2d99374aa70c2186479927b24a1eec6

SHA512
513a92ea6063bcff86c9ecf1df95f04bfdc6972ea9260b327db4e1f83983dfd71f491295f30302332c2622d4d4e252713a525123f7045070214292f369b0f232

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00006a

Filesize
209KB

MD5
3e552d017d45f8fd93b94cfc86f842f2

SHA1
dbeebe83854328e2575ff67259e3fb6704b17a47

SHA256
27d9c4613df7a3c04da0b79c13217aa69992b441acb7e44bf2a7578ca87d97d6

SHA512
e616436f2f15615429c7c5c37de3990c3e86c5e1da7d75a0f524fc458b75d44a5be1a3648a628d63e1cf8aa062e08b538f2f2bc9c6a0b42157beb24f82c571d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\06450eb6a7b09545_0

Filesize
2KB

MD5
d3bc1e49eae2c10e027786c63569377b

SHA1
8bd30c37f92f1b1f604c671ee94b6899ee93744d

SHA256
b6059db1cb1294a276fbd6cb1eefcab51dae6b5fd465e216ce20325489bd94fb

SHA512
74c43578a12e90df668fef0a461bab8b9909b11a22e7a0a1eda51aefcc31c2e575fe03e704e6c8e98805d8a04cf6d8c9c3255ec0db453f72d7a08cec46920c8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0bbe00d9bf7b798e_0

Filesize
5KB

MD5
d4a40ff890e4997772791973631e576d

SHA1
93f10123dc7e0313f5fc1773856b246140170c36

SHA256
dc138a330e3d6ed1098dbf55712f689162c9d8a3045e1067d73b8caf7c489282

SHA512
ac2febab1ccf43c68789a6a433139b0b01f57c5dd50ba6077ee11e8ed569d82c6608427291bd5bd8a0277e8dcbd962c9a9b18db1f46e57ba979e9e4d9c092138

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\14ff8116b518ca2d_0

Filesize
2KB

MD5
2e8c24a326528e4b366e58b644218691

SHA1
69ed5b20a20c3e106f4fc19bde726712380d3bcb

SHA256
04745d8a18171c093aab48142ad74a59c0b78be19f4e8aba42ed985a8513e7b4

SHA512
af073f6733821faee353dfaee6bf76bf49690a48e79b2fc85d6a55ca71d31233951300098989e71d7bb2c421aa8a9ff73e90a73b266e3c8e26de70754899292f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\25c90b4fb1c6ef85_0

Filesize
3KB

MD5
76e2e80c32d572ceef7beb6a4c5724e4

SHA1
e037ec9e62208be2b45d36f8af0cb2224e533185

SHA256
da1136e7ca74d88c6d3be5726370662eebd7d0caae468c3dd136f9c18f83988e

SHA512
af4280c652f4cf1ba928606195ab5ec400ea8ca2fcada8408de6c739b028e0d8feece8079b04bf773fa8ed61aed67a472f652ba04c978746fa3f0f1b2b5425fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5a994fe24b451732_0

Filesize
14KB

MD5
2d9831bbd37fdc7a7b168d2b391ecac9

SHA1
f091362fb9737bc6ba941d87594e93000967cb7a

SHA256
a73257e0969150373c5aa2cd6b01a0fdbaa4b5d5a646d90b67fceda90e4a88d0

SHA512
a924f45aa04e3c5429cfde19c993268aa66704650f8a6cc1a9876247e1bb82eb73f2d2d9c8b714007eccaa63fbad58fa13528019bcc25ea1105a9cd301792424

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\74b88724f60b0383_0

Filesize
2KB

MD5
f42db5197cd993668cb83120f63605d9

SHA1
d091228ddd845f4d5f942609df5de631def0d0bb

SHA256
87e0acff73a99e1003c0787d93355002d249dad0e976d509372a756d076dbb1f

SHA512
21007d6dac91bbfbda455b121dc0aee55ee91f98b1434bda325e38c0d54f165e55ec4a0fc6a8a8766732a0418a2a7303df75b1b03f31093ba65a7a8e74eb7afc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7e23bcf4dbf5c221_0

Filesize
42KB

MD5
84519b49bfb08697d6a3facf86798f7b

SHA1
62aef616875b88882173ee173e797916a75a756c

SHA256
b58046544eb57cdbafeac9c0f5b1c5c6cb1f325eb7f90c2ab96904adda926885

SHA512
7d235cc5c97e637827d47535112fd46658eecbd1f454a2020ed0f16307a682af731787a0af4d8cfd2f029244ac5b5141f0d8270b972f810c66e82d578d168632

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8ee73a31bd0cce7d_0

Filesize
22KB

MD5
db18d1832592fb5240b88054cdc26329

SHA1
260a0813b95e846109aace8ebb604dc31c8b3e41

SHA256
1d4feece64fd37e9562a5f749f117cbe9e88db2de3a1af9311c85e2f04eada82

SHA512
2693bcfe4f802728e1b08a86495658b8cfb029418492ef8901839b9e91ab2e0f2efd20ed4dfe10a4c00ef6b39845d21702cb2d457240f0edd2ca7276a9390092

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9412c8b664751f90_0

Filesize
2KB

MD5
5e23574d16fbebc3b7cda6d62fc333f8

SHA1
5d91b40a9041a77cd5e60e7d37c45b64b794b6ad

SHA256
5607697801ec57ce0047e290d6ff2e1b931fe3de433d0446bed871618810ccb0

SHA512
3d57b6519d01835a74d6e4c1321c4da9b1d203fec3f4b0d2d4e436b5e4235024f426e61b4b4d54757fb819a71af2513efb0d69d75c56bb29106fccb8cb97745b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a267b7c21d8b8c9c_0

Filesize
19KB

MD5
dd9a15e8a01adae2175155ec3c16e1c9

SHA1
97efce3d4d7dcbd057e860b6c2b969f73b3db747

SHA256
bb1a74598bf058d74fd32d4233d3a842c6bad9b86cf7eea01ed0ee36382ea568

SHA512
14c1dacde9ffa29856789788f80c353582d6923577fc8bce1af4e35606858b8220545380d47a4a7ea9a8d6d18dbb3bd26af34c0324cd6a48bb89d48b9d8d92dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b1d7d09e2437e8ee_0

Filesize
5KB

MD5
0edeb94b728e4b02b88c6ed51fc19a67

SHA1
969e78412991b21dd3d2a5f792509af39a83efdd

SHA256
ecec85a937edef3459c7c2cc6300b55c48e0782fe55bf0a76adfbf6548f45eb6

SHA512
b668f7bd550a23b7218954cb68636144246cce5b9842635db219682c7b1903352ef2fa11a42283124aff95ddc4cd77429356d83d376dd1d7c1c86c69408d22eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\bfd9b5c29c5c8524_0

Filesize
1KB

MD5
9562d19e1ceb52e2e576963f6497eca8

SHA1
a4b887adc08692b49602dd7124d4ca85ee7529ae

SHA256
ca508d02dd51a32e92e6d47e4e4efff5353039470345c0bdf2267c497762d258

SHA512
46e0cb8b8883340b38ca6af8457e0c7d8ff12d178908c6216ad3657319cc5534485e726bd7556799145ad65fb09f63b3f38b024a592541624d0bbadb5f17e753

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e504183595893c5c_0

Filesize
4KB

MD5
09442bb203546317bceb5a4925802abb

SHA1
38ff5501be99569b5887a3f9222f82d80def0de8

SHA256
1bd8049ab8ad54efb63e72e1f03d48b6ee8b440aaf36cb79ee8e86922744c987

SHA512
109564942504da68979dc54b3bb125d9abf306408ede7258bf0054d4899fb055ccd5c587c3567935696f605df1719d9d6422c2def60671130d81cba2ce9c66ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f89251fac2b69325_0

Filesize
3KB

MD5
aa3ce43f275548800f5736f770eb7144

SHA1
51b5b1b8ccbf0ca71637c5695ed2c69014e4c883

SHA256
e1d3b277a05d0bb94d7db022dac3182fc7ea43c2f2234a5351889512025eef53

SHA512
df7f5ecf9d4f4b2c66e5087b04d827c57a27a4cbf9242d79e431820a5bfd27c0c337385cb3965783287672cf297f5d31932b8e193e61f2d6f8687eba01a3c02f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
6KB

MD5
256512ddfdb96183701202726ad4e8ad

SHA1
5f96572856295a231bef195ef82f694b98bd6402

SHA256
5fdf1a1c1296420de5d71015670fe873baa7e36c8aa7c1386ce3e60ad48260ce

SHA512
065ca41b95fde4caf896aeeefc012dc73b70517dfe796ab203e1f9e76331d3828b5b441c92c5aef55e4aae174717e613a52051b3797d24c1075ed3eee6ed6262

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\Paths\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
c3d5e263c55361557f544fc99de863d7

SHA1
9c2adc753c77aa54ab11490427b80c8ae7ae659b

SHA256
47401c89baa555ab33297859de26867a6cc9973286760ac81221d73353395cd4

SHA512
dc79070e912430b0360a85f467af2e0926ed464de1fe708ee1ad1db3ecdbb722c9478d7ed056ff6d68026bae74a549b1efc2b73fd1bc75e0af7089a923f31093

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
e078feaa8a6218f6a4273c563e519e0d

SHA1
f0d9b3ba45b1142a6f601f8cbf841bc96651291a

SHA256
72e6f60330266fe6e60ce0825a68ec21c818d17251f07056d6923a71e22481fc

SHA512
839072fb5b9edb9c3dc0b37167b2d9cbb468f18160681dde5e2e82db49b9fc52f3cc6d6833ecbc5f6a56056fdab77bc18f8c6500d0ebc74db95ce3aa556de677

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
e8eef5245bfb8def8a60a5c1a726fc09

SHA1
e7f9a04dafbed418ee89059bd8331bf565144167

SHA256
e2ff63ee4436177bb0be34128e477acb98007a0f018403cd707f86fe0a31ba4a

SHA512
09bdbbb7f1883ce514fe94a7aa4adfebc5019189f9347ded2ad4ebcd7fe8f5231c443258231f23c0935ceb43a95b577681c1c4e0e424e90b4eaec34ef05dbb3d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
1a622cc33394a4593aa7defdb90c84bc

SHA1
5208fd385915889c9ee67da49d2320e7a517a565

SHA256
b8af8a8bb99bb50ff0bb957c971406941ce084ceae6c900403e7680619817498

SHA512
dd05a6d89576dfac21833615ed2c34766c2489ef948d154f6e4882112071457c5d206486a16fe1894326a7c964d102b4561ff9da26c1681781caea0771b9877b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
9545235801fa69199bd7839bb9f51e8a

SHA1
4f2b9c2486296b2a89df192cbab470192496ff98

SHA256
1ff53fc356dc8d018e4b6a0838d2f215b3ae93ba7481a49cb9221649e8ba47b8

SHA512
227de109db5f96d3e1cd0bd25e3020ea3a75bb2efb8c4f08b9eb12646c32465137aed785fb6a2546ce71931035a85bf234c2613bf1ebdfc30d99522c5e04fff3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
c27cdb58552e8baeec1b67a40984e2d7

SHA1
13493387579cfbc358da0e43b0b785cce964c33c

SHA256
3bfc1919422010d4b4e02a78ec9466ff40567b61b904ff99935903f8bde66af3

SHA512
0954a85678c308ebd6c1333b77dd768697705ba1de43043972e552ff53a12c3285c7f179147ca8477817baee4a9d34cd47113010f7827b9a2207183283971d02

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
11b76b667d206c3120f5182272e69532

SHA1
f18886edc97ff069aacebce80d4563a8b96a18bc

SHA256
f9d52dbd07438713b558c37d1dbca8298fe163af02cc59debd8a29b33eb3b090

SHA512
b2ea3e5e6011c8e7ec03d6e10f9537d3d478d15c71fc3d366b00b4c41f6e9e36cca8122cf5e1a819c26c1fad2d26fef64e9931b82c0d07207fdd87bce5c07c0f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
0bc8d716156e12b00ff0ad4db796e225

SHA1
c0a782de4539f2c6a0b7b0d683f0fecb9396953c

SHA256
3f06d3864c50eba63df2924b8689677c1336fe1b9b46f62c0a2419eeb85e9624

SHA512
f0cb1f83575d9bc4baf150ea0b430a6d719aacb7d723c055fa8a4090254cedf9027f4e247f6b9b3fa3370a3831b318df47a2edddc38880c2e31d458cc906359a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
89a442eceaba276090ae08ce778ee9bf

SHA1
2fc05c01ec06bb2f687812bc00ebbfe3c0d956d9

SHA256
90510bf5f70a7cd5cfc2f597fdee614f837c5f705e2d725ddfdb49ba3d6ce81a

SHA512
03d35636555bc275a1d6db20d899790bf37f7585b85823aefa1591d26c04878d60c660263522e79cd34d0d4dded1af46a58110756f83419e883606f9fc099d20

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
5f82cf7cd80d99e653dcd1a20c5fa62a

SHA1
15d33a5cb6de9b2a3c5defdab44d6c1da1555e67

SHA256
8513325cc62b6545777deac439d5369bd292713bc721b7d64336213a24d76015

SHA512
03d50afddf0eee0a2ab3a22c802644af5a3a2dc4d59fec2906689c2eecb452052a98b96ac445be4dfd40695940e30a38a42a91a622e67994ac3201ce1f04b9b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
d2d7f72d3c0ada9e4e0c2715c2df40fb

SHA1
d7cf70c3e496581b92c8668134fa065a2a11df69

SHA256
c682ff6d9c1c09a818018bc5e9a58383ec2f8d503069e76f5ef6acfe5cae1842

SHA512
f9264be306ebe95c7fa92789d9474c2065a96aae3bb8b357621070f3ba13bf7171d809747a0f201448f2fe3023ef672892e3e2fb49a71f39813acad498ab83f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
d5e2c45d50f2c206f08f2b45fe40196e

SHA1
6ade81186b060b3054d83ec7d05f92841af3aeda

SHA256
cfab9cc2915f9176702fbf8cfbb2d3eba42d4d2ebe7e7b9ac91f360e0f684fc1

SHA512
2bdd874c060d16505f273418e87bd2e39417d254aaa746e9bd8eaa3110ff816b5955856cc90414da792e0f1187301137be1d646fd29c4f643cff57b30d4973b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
b2e87fea354e7e3bbaa016de7e35a272

SHA1
ae150647384526b94a37b30ae68ff61accd796f7

SHA256
2925d362a908b0165a80b8bf41f6b0dd14348d55b24d27b64eaea95ae11fb83c

SHA512
6db6339c44c13248004362040d211a46316560241289cc36a2199faf7ede0af4a17feb96bf5450187edd355db004bf857ae312b4343cfcf316ac5bc42a780e0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
1fc13c5e53a668fee5f9976330d69e11

SHA1
762fd87e74de6af8b479d8d3e8c0838dd5608306

SHA256
4c413dd188c65022e95e75b91c376944af11447424c746371a456fec2205e27c

SHA512
a34a09b265bdd01425901963f0fa0076e367d2223cc3bbf72cf60d467c81819daeeba2a0ee7578015ba02c695897edb2c8930b027a8192cfc85b925ce6cdcd32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
9e17029ecea4a397a10601db559823f0

SHA1
ba981729df7a1461cca80e1731e18f965fb93ab7

SHA256
8335c7fe0d692e2b13f4dae1c1b02b3a3dcb08f9fac66c3d32be4825d3cae3e0

SHA512
f7f2c49b1b2917ece24c67260ded7cb2e3478c6299a95baa4a40f7d4d1b9a57ba66107944497048fbdacd52b549f60fc559eec406a527d0fa5c876917d232ece

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
27140e5b0cefcdf60288b3415e790386

SHA1
e5b0a50ea107b2cd6b484a108e1f9e178248080a

SHA256
5c3e719344e2fa59ddd24eb87195432e1516cc4bed554d2c123791aaeef8b9a3

SHA512
67ee943115924ff026bfabe6e46ded590b4f0eefa4517813ca156faca18171c3f0e641b8aa6bae7d477fde47a3e1b46ddafbe26a9920bc8e06378de69a71d756

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
59e16766a1ec103e63bddf64681ecdca

SHA1
c5caa19256095a6ea068118a6144e66f6d353b28

SHA256
69968f202d5eb7b36808438dfc5ed411b398cd0eb606bf0614f7d854763c137f

SHA512
e22c923d0c2b83efec22ab2a12d8c67dd07fec35f357ab7cad02e17b7c6d01fea013a63431c3e0f4c0169385a40b0a7d8b4a450139fe0a968274cf76f2488891

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
498a054cee8acca1219f7884491707a1

SHA1
3c67d7e4927133130bedf4e55dfebdad3d60bf4f

SHA256
16f8490777c298db4eb1fc577bb4e6934133caaaf432f986837eee34837565e7

SHA512
046bec534a2a8e7fa0ecb71ff0e1842ff0cc5a931b02c371f796ffa0774c7637a409aab16d4b0b24d46947c97c3457f8273e886ac8675d099cca226f644071da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
5a5c884e82e0a1857502e9e3e50e7e59

SHA1
4e0c57896f571d8c6ca97b3c8cd5cb48658768d3

SHA256
ef91258a993a900128bee358078fa42788427543e6eb904cd3c3272f2c88ae41

SHA512
1db0babf6a6ad2796e534f936aa567cb3c3c280da5689e2e3ba32af4aeafdeeed14812ee587cfdb37797161577d5f8c6a2a950f4ed24fe9d71d9d50221f5c27a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
cb56be07c430a5a6a6dd6a3591f27eaf

SHA1
673ac2416070aa89437d0e58a63f73c8e1bde3f9

SHA256
2e228c1a91d2f2d973e24c27915456a67490be05defbdecd3fd23394eecaeb8e

SHA512
e74276e11b7d835004d58678bcd40c37ca1a0a351c48488040d485036e341bbd70ca35036d81c999a8fc0dcb29e259d60f0cdde298be3f85c865bec51bef2b2d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
e4b0747627ce41b8ba780954fe2d8b75

SHA1
4428a6537ae2943961c3e069c0eaa35022dc1788

SHA256
dd28b68359cc95dacc28f8a61a9c3d8a07e9d709e398ce0a3b614aad45ccd447

SHA512
b1e42bd54076767391312df3a08be9431f60bb03f7ba9d69697e89aeaa5a0186c11f4f82c0612ba698567e17e55fa4f500b85a01372b82a5c1061a1a40eb274b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
dc6f570b827c85009b09a97586d04442

SHA1
b04b0e34f4cdf0a8eed9abd27601eed0aa057d42

SHA256
028f74ea37ab84f185cf1dbd9822c13e7503a5582fc0cf4982376e04cdc50dd4

SHA512
d52dd557e31c33b148fafedafd796aabdf87cec746221f896127f80487a4a4493c5ceabc5bb389587cf584671e16e0258bd566fd56d4c4fb31e598966e4116c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
4b577a12a7ed68080decc6986cc37249

SHA1
8661498544dafce4639b7514307edec5dcdecd5b

SHA256
154011c6878047bf6c82b12341b6e1923ecc5f09217d006fcce27667f3c67a62

SHA512
c5ba0b826aaf544606d5fd01a7686adea79aed292e3290bbe824db849fc7568e549896a1e3925072e36af9181e9e3d2ccefca4546cf5ebaf2f3f9462beb9a796

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-CG62S.tmp\DriverCacheCleaner.exe

Filesize
240KB

MD5
907d4a9e5556a0b4fff5e94221cb8746

SHA1
0bf9d4e34a181141ceca059d2a2c4f68ab0a580f

SHA256
56458d743cd8eb53f903ff3de41e4ea025ded1f7b7b01820a8a18c7e557815c4

SHA512
7c2131dfaf587d953fc9ddd58f022e83f379994aaa1284a5d04e0d5a50b9655e89dc45bea14820ba557508840fbd5bdc8263faba756ecf55fff72ae73a13b7b8

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-CG62S.tmp\WINPKF~1\lwf\win10\amd64\ndextlag.cat

Filesize
11KB

MD5
41ce1b9d8fb8432898d8b086753139a9

SHA1
88fa6a06942242d3f05ff316e444efa4734bcb47

SHA256
476005d1e2be816c06cf62fa18715dd50d9a09bc7984d0ae33cf917288174917

SHA512
73bb5d2893cea2f421cf32245a822728f7bd42924bb0f78099c0893fd67d6be868932848d77c1edb0e1f9992a6ea3703788e9ceeccbbe9152b6137d7d3e1ffc6

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-CG62S.tmp\WINPKF~1\lwf\win10\amd64\ndextlag.sys

Filesize
58KB

MD5
4bbbac5d7cb5e2e65ac400f01bf267fd

SHA1
318a2b1dfb4871c72ec27fffafe8488b7f0453a5

SHA256
70013fcd32f4745347cbd45c1cc911c0d6939048727f1c8dbcc1da36edf20fa9

SHA512
86aa1a9ff8f0df4feec57f4d2d1572a4e0fbea0de5cafc88c728a5737c77d80ad98926ab9d3c5cd5817dbf9f49e63179895fd1d6199a72996783b65505f1b6b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-CG62S.tmp\WinpkFilter\lwf\win7\i386\ndextlag_lwf.inf

Filesize
2KB

MD5
f37e8cc0eabac5e065277ba82818bd44

SHA1
4b0d23da6f357406ed21187a99462fde36e36b40

SHA256
b75793dc1c6665778a2371e2c5ee57052d61a94ce6163103fb3867b710f9b12a

SHA512
c31a5c2c4bae9e07fbf4de18c94196c1f81969d4e46dd03a35db948fad2f287ae4528f051a3f1ab1639093076e983795ace8a19475d65cb049706bf8aa4c7467

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-CG62S.tmp\WinpkFilter\tools\amd64\snetcfg.exe

Filesize
15KB

MD5
58266a610bbc7c7eb924c6918edea151

SHA1
d247099c5f3c9ad0b16f6ecbebcd8b1e54bcdd5f

SHA256
516c5643cf378bdbc28191db75f85aed6988f21fe176c6d198ec21e76540c944

SHA512
99bfe3856e27afe1c966342ec05fb4f59941207fb6c3235d95095cf340fd31f9fc8f9999585c512f2afa1c6cf57a9416d2b835dc121b5dd44001d465a26a216c

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-CMI3F.tmp\SetupExitLag-5.7.4-x64.tmp

Filesize
3.0MB

MD5
4c8bed9ac667b64fa434ccd16a3a0828

SHA1
26ab6e26ef108dd25844b8d523dab36aa8046634

SHA256
864fb02a9635476c8a31e3e57fdfe01380b9cce006fb07f4e7f438455178e4c2

SHA512
0bdbfc49dcf18ae91f3caf9b65f1e870d2a0f1d4d34b80a3238e530d400f74e67c45b9ddb8fa1bf3eb0640da4f62113b5388ee3f47e11ea16d8bfb45524a92a5

Download Submit
C:\Users\Admin\Downloads\release.rar

Filesize
97KB

MD5
132c4a0a1efe997bbc33d3cf4ab1134d

SHA1
ead2f657eb32316f91a98f9891e530fa230583b1

SHA256
b16048a37c4e5e7cbe23a02ae21ac8140cbbb7575edfcd7de23b11664b9a507d

SHA512
c6a49295317a1a3be480fa0d8045095039caea9b01f13bc894e778579aff37cea18fd48f7a65e8d82f2a9b4ed0df8d76790faa0961f863fd9c684fa7c67da48f

Download Submit
C:\Users\Admin\Downloads\release\release\run.bat

Filesize
10KB

MD5
8939639a847e160b2d3572be50533abc

SHA1
611cc2606a159fa7bd96b2a1eddd9dade4fed729

SHA256
6fdd1e8b0effaf4dcc91556eb8dd0408b487b9a5e53388d5cea3c766f2e1a8e0

SHA512
90c682377f460873854f57ee8cecb40d236a02a90e4523753a96968dfda2eb889ccfe422274ed4a8daa1555c205d66be14936c16abb4399ef7c1859d9928fb10

Download Submit
memory/2612-1881-0x0000000000400000-0x00000000004D0000-memory.dmp

Filesize
832KB

Download
memory/2612-1854-0x0000000000400000-0x00000000004D0000-memory.dmp

Filesize
832KB

Download
memory/6068-1924-0x0000000000400000-0x000000000070C000-memory.dmp

Filesize
3.0MB

Download
memory/6068-1882-0x0000000000400000-0x000000000070C000-memory.dmp

Filesize
3.0MB

Download