rhadamanthys | hxxps://mega[.]nz/file/0zcHiZCI#0EaOlcOfcgQyXTT4Y0B2GGhRiZimZgbjfH30mBV-PH8

Analysis

max time kernel
1799s
max time network
1737s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
24-09-2024 19:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://mega.nz/file/0zcHiZCI#0EaOlcOfcgQyXTT4Y0B2GGhRiZimZgbjfH30mBV-PH8

Score

10^/10

rhadamanthys discovery stealer

Malware Config

Extracted

Family

rhadamanthys

https://135.181.4.162:2423/97e9fc994198e76/6tst7rbp.97pue

Signatures

Rhadamanthys
Rhadamanthys is an info stealer written in C++ first seen in August 2022.
stealer rhadamanthys
Suspicious use of NtCreateUserProcessOtherParentProcess 1 IoCs

Processes:

RegAsm.exe

description pid process target process

PID 5004 created 2608 5004 RegAsm.exe sihost.exe
Suspicious use of SetThreadContext 1 IoCs

Processes:

NewSetup.exe

description pid process target process

PID 5136 set thread context of 5004 5136 NewSetup.exe RegAsm.exe
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Program crash 2 IoCs

Processes:

WerFault.exeWerFault.exe

pid pid_target process target process

5788 5004 WerFault.exe RegAsm.exe
2356 5004 WerFault.exe RegAsm.exe

description	pid	process	target process
PID 5004 created 2608	5004	RegAsm.exe	sihost.exe

description	pid	process	target process
PID 5136 set thread context of 5004	5136	NewSetup.exe	RegAsm.exe

pid	pid_target	process	target process
5788	5004	WerFault.exe	RegAsm.exe
2356	5004	WerFault.exe	RegAsm.exe

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

NewSetup.exeRegAsm.exeopenwith.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	NewSetup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	openwith.exe

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

taskmgr.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 2 IoCs

Processes:

msedge.exemsedge.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-523280732-2327480845-3730041215-1000\{776688F8-2461-478C-88E4-17A09E6BF369}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings	msedge.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exemsedge.exeRegAsm.exeopenwith.exetaskmgr.exe

pid	process
2184	msedge.exe
2184	msedge.exe
4060	msedge.exe
4060	msedge.exe
3460	identity_helper.exe
3460	identity_helper.exe
1956	msedge.exe
1956	msedge.exe
4992	msedge.exe
4992	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
5004	RegAsm.exe
5004	RegAsm.exe
4720	openwith.exe
4720	openwith.exe
4720	openwith.exe
4720	openwith.exe
4472	taskmgr.exe
4472	taskmgr.exe
4472	taskmgr.exe
4472	taskmgr.exe
4472	taskmgr.exe
4472	taskmgr.exe
4472	taskmgr.exe
4472	taskmgr.exe
4472	taskmgr.exe
4472	taskmgr.exe
4472	taskmgr.exe
4472	taskmgr.exe
4472	taskmgr.exe
4472	taskmgr.exe
4472	taskmgr.exe
4472	taskmgr.exe
4472	taskmgr.exe
4472	taskmgr.exe
4472	taskmgr.exe
4472	taskmgr.exe
4472	taskmgr.exe
4472	taskmgr.exe
4472	taskmgr.exe
4472	taskmgr.exe
4472	taskmgr.exe
4472	taskmgr.exe
4472	taskmgr.exe
4472	taskmgr.exe
4472	taskmgr.exe
4472	taskmgr.exe
4472	taskmgr.exe
4472	taskmgr.exe
4472	taskmgr.exe
4472	taskmgr.exe
4472	taskmgr.exe
4472	taskmgr.exe
4472	taskmgr.exe
4472	taskmgr.exe
4472	taskmgr.exe
4472	taskmgr.exe
4472	taskmgr.exe
4472	taskmgr.exe
4472	taskmgr.exe
4472	taskmgr.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

taskmgr.exe

pid process

4472 taskmgr.exe
Suspicious behavior: LoadsDriver 18 IoCs

Processes:

pid

4
4
4
4
4
664
4
4
4
4
4
4
4
4
4
4
4
4

pid	process
4472	taskmgr.exe

pid
4
4
4
4
4
664
4
4
4
4
4
4
4
4
4
4
4
4

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 42 IoCs

Processes:

msedge.exe

pid	process
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

Processes:

AUDIODG.EXEtaskmgr.exe

description	pid	process
Token: 33	2812	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2812	AUDIODG.EXE
Token: SeDebugPrivilege	4472	taskmgr.exe
Token: SeSystemProfilePrivilege	4472	taskmgr.exe
Token: SeCreateGlobalPrivilege	4472	taskmgr.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

msedge.exetaskmgr.exe

pid	process
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4472	taskmgr.exe
4472	taskmgr.exe
4472	taskmgr.exe
4472	taskmgr.exe
4472	taskmgr.exe
4472	taskmgr.exe
4472	taskmgr.exe
4472	taskmgr.exe
4472	taskmgr.exe
4472	taskmgr.exe
4472	taskmgr.exe
4472	taskmgr.exe
4472	taskmgr.exe
4472	taskmgr.exe
4472	taskmgr.exe
4472	taskmgr.exe
4472	taskmgr.exe
4472	taskmgr.exe
4472	taskmgr.exe
4472	taskmgr.exe
4472	taskmgr.exe
4472	taskmgr.exe
4472	taskmgr.exe
4472	taskmgr.exe
4472	taskmgr.exe
4472	taskmgr.exe
4472	taskmgr.exe
4472	taskmgr.exe
4472	taskmgr.exe
4472	taskmgr.exe
4472	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

Processes:

msedge.exetaskmgr.exe

pid	process
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4472	taskmgr.exe
4472	taskmgr.exe
4472	taskmgr.exe
4472	taskmgr.exe
4472	taskmgr.exe
4472	taskmgr.exe
4472	taskmgr.exe
4472	taskmgr.exe
4472	taskmgr.exe
4472	taskmgr.exe
4472	taskmgr.exe
4472	taskmgr.exe
4472	taskmgr.exe
4472	taskmgr.exe
4472	taskmgr.exe
4472	taskmgr.exe
4472	taskmgr.exe
4472	taskmgr.exe
4472	taskmgr.exe
4472	taskmgr.exe
4472	taskmgr.exe
4472	taskmgr.exe
4472	taskmgr.exe
4472	taskmgr.exe
4472	taskmgr.exe
4472	taskmgr.exe
4472	taskmgr.exe
4472	taskmgr.exe
4472	taskmgr.exe
4472	taskmgr.exe
4472	taskmgr.exe
4472	taskmgr.exe
4472	taskmgr.exe
4472	taskmgr.exe
4472	taskmgr.exe
4472	taskmgr.exe
4472	taskmgr.exe
4472	taskmgr.exe
4472	taskmgr.exe
4472	taskmgr.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 4060 wrote to memory of 4456	4060	msedge.exe	msedge.exe
PID 4060 wrote to memory of 4456	4060	msedge.exe	msedge.exe
PID 4060 wrote to memory of 3200	4060	msedge.exe	msedge.exe
PID 4060 wrote to memory of 3200	4060	msedge.exe	msedge.exe
PID 4060 wrote to memory of 3200	4060	msedge.exe	msedge.exe
PID 4060 wrote to memory of 3200	4060	msedge.exe	msedge.exe
PID 4060 wrote to memory of 3200	4060	msedge.exe	msedge.exe
PID 4060 wrote to memory of 3200	4060	msedge.exe	msedge.exe
PID 4060 wrote to memory of 3200	4060	msedge.exe	msedge.exe
PID 4060 wrote to memory of 3200	4060	msedge.exe	msedge.exe
PID 4060 wrote to memory of 3200	4060	msedge.exe	msedge.exe
PID 4060 wrote to memory of 3200	4060	msedge.exe	msedge.exe
PID 4060 wrote to memory of 3200	4060	msedge.exe	msedge.exe
PID 4060 wrote to memory of 3200	4060	msedge.exe	msedge.exe
PID 4060 wrote to memory of 3200	4060	msedge.exe	msedge.exe
PID 4060 wrote to memory of 3200	4060	msedge.exe	msedge.exe
PID 4060 wrote to memory of 3200	4060	msedge.exe	msedge.exe
PID 4060 wrote to memory of 3200	4060	msedge.exe	msedge.exe
PID 4060 wrote to memory of 3200	4060	msedge.exe	msedge.exe
PID 4060 wrote to memory of 3200	4060	msedge.exe	msedge.exe
PID 4060 wrote to memory of 3200	4060	msedge.exe	msedge.exe
PID 4060 wrote to memory of 3200	4060	msedge.exe	msedge.exe
PID 4060 wrote to memory of 3200	4060	msedge.exe	msedge.exe
PID 4060 wrote to memory of 3200	4060	msedge.exe	msedge.exe
PID 4060 wrote to memory of 3200	4060	msedge.exe	msedge.exe
PID 4060 wrote to memory of 3200	4060	msedge.exe	msedge.exe
PID 4060 wrote to memory of 3200	4060	msedge.exe	msedge.exe
PID 4060 wrote to memory of 3200	4060	msedge.exe	msedge.exe
PID 4060 wrote to memory of 3200	4060	msedge.exe	msedge.exe
PID 4060 wrote to memory of 3200	4060	msedge.exe	msedge.exe
PID 4060 wrote to memory of 3200	4060	msedge.exe	msedge.exe
PID 4060 wrote to memory of 3200	4060	msedge.exe	msedge.exe
PID 4060 wrote to memory of 3200	4060	msedge.exe	msedge.exe
PID 4060 wrote to memory of 3200	4060	msedge.exe	msedge.exe
PID 4060 wrote to memory of 3200	4060	msedge.exe	msedge.exe
PID 4060 wrote to memory of 3200	4060	msedge.exe	msedge.exe
PID 4060 wrote to memory of 3200	4060	msedge.exe	msedge.exe
PID 4060 wrote to memory of 3200	4060	msedge.exe	msedge.exe
PID 4060 wrote to memory of 3200	4060	msedge.exe	msedge.exe
PID 4060 wrote to memory of 3200	4060	msedge.exe	msedge.exe
PID 4060 wrote to memory of 3200	4060	msedge.exe	msedge.exe
PID 4060 wrote to memory of 3200	4060	msedge.exe	msedge.exe
PID 4060 wrote to memory of 2184	4060	msedge.exe	msedge.exe
PID 4060 wrote to memory of 2184	4060	msedge.exe	msedge.exe
PID 4060 wrote to memory of 5012	4060	msedge.exe	msedge.exe
PID 4060 wrote to memory of 5012	4060	msedge.exe	msedge.exe
PID 4060 wrote to memory of 5012	4060	msedge.exe	msedge.exe
PID 4060 wrote to memory of 5012	4060	msedge.exe	msedge.exe
PID 4060 wrote to memory of 5012	4060	msedge.exe	msedge.exe
PID 4060 wrote to memory of 5012	4060	msedge.exe	msedge.exe
PID 4060 wrote to memory of 5012	4060	msedge.exe	msedge.exe
PID 4060 wrote to memory of 5012	4060	msedge.exe	msedge.exe
PID 4060 wrote to memory of 5012	4060	msedge.exe	msedge.exe
PID 4060 wrote to memory of 5012	4060	msedge.exe	msedge.exe
PID 4060 wrote to memory of 5012	4060	msedge.exe	msedge.exe
PID 4060 wrote to memory of 5012	4060	msedge.exe	msedge.exe
PID 4060 wrote to memory of 5012	4060	msedge.exe	msedge.exe
PID 4060 wrote to memory of 5012	4060	msedge.exe	msedge.exe
PID 4060 wrote to memory of 5012	4060	msedge.exe	msedge.exe
PID 4060 wrote to memory of 5012	4060	msedge.exe	msedge.exe
PID 4060 wrote to memory of 5012	4060	msedge.exe	msedge.exe
PID 4060 wrote to memory of 5012	4060	msedge.exe	msedge.exe
PID 4060 wrote to memory of 5012	4060	msedge.exe	msedge.exe
PID 4060 wrote to memory of 5012	4060	msedge.exe	msedge.exe

C:\Windows\system32\sihost.exe
sihost.exe
1⤵
PID:2608
- C:\Windows\SysWOW64\openwith.exe
  "C:\Windows\system32\openwith.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  PID:4720

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://mega.nz/file/0zcHiZCI#0EaOlcOfcgQyXTT4Y0B2GGhRiZimZgbjfH30mBV-PH8
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffba3ef46f8,0x7ffba3ef4708,0x7ffba3ef4718
  2⤵
  PID:4456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,12019655333959164426,15231529622565223333,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2216 /prefetch:2
  2⤵
  PID:3200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2164,12019655333959164426,15231529622565223333,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2164,12019655333959164426,15231529622565223333,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2732 /prefetch:8
  2⤵
  PID:5012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,12019655333959164426,15231529622565223333,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:1452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,12019655333959164426,15231529622565223333,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:2636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2164,12019655333959164426,15231529622565223333,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4756 /prefetch:8
  2⤵
  PID:2980
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2164,12019655333959164426,15231529622565223333,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5464 /prefetch:8
  2⤵
  PID:2356
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2164,12019655333959164426,15231529622565223333,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5464 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,12019655333959164426,15231529622565223333,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5100 /prefetch:1
  2⤵
  PID:3384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,12019655333959164426,15231529622565223333,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4792 /prefetch:1
  2⤵
  PID:3604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,12019655333959164426,15231529622565223333,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6136 /prefetch:1
  2⤵
  PID:5044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,12019655333959164426,15231529622565223333,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3484 /prefetch:1
  2⤵
  PID:5112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2164,12019655333959164426,15231529622565223333,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5600 /prefetch:8
  2⤵
  PID:1640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,12019655333959164426,15231529622565223333,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5832 /prefetch:1
  2⤵
  PID:860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2164,12019655333959164426,15231529622565223333,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6168 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,12019655333959164426,15231529622565223333,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6212 /prefetch:1
  2⤵
  PID:1748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,12019655333959164426,15231529622565223333,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6664 /prefetch:1
  2⤵
  PID:444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,12019655333959164426,15231529622565223333,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6708 /prefetch:1
  2⤵
  PID:4356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,12019655333959164426,15231529622565223333,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6720 /prefetch:1
  2⤵
  PID:1864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2164,12019655333959164426,15231529622565223333,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6704 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:4992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,12019655333959164426,15231529622565223333,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6828 /prefetch:1
  2⤵
  PID:2580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,12019655333959164426,15231529622565223333,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6672 /prefetch:1
  2⤵
  PID:4720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,12019655333959164426,15231529622565223333,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5772 /prefetch:1
  2⤵
  PID:456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,12019655333959164426,15231529622565223333,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5728 /prefetch:1
  2⤵
  PID:5244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,12019655333959164426,15231529622565223333,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5812 /prefetch:1
  2⤵
  PID:5544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,12019655333959164426,15231529622565223333,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5768 /prefetch:1
  2⤵
  PID:5552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,12019655333959164426,15231529622565223333,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5784 /prefetch:1
  2⤵
  PID:5560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,12019655333959164426,15231529622565223333,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1300 /prefetch:1
  2⤵
  PID:5992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,12019655333959164426,15231529622565223333,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6104 /prefetch:1
  2⤵
  PID:5272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,12019655333959164426,15231529622565223333,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7036 /prefetch:1
  2⤵
  PID:5388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,12019655333959164426,15231529622565223333,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6984 /prefetch:1
  2⤵
  PID:5072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,12019655333959164426,15231529622565223333,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3696 /prefetch:1
  2⤵
  PID:5808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,12019655333959164426,15231529622565223333,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3504 /prefetch:1
  2⤵
  PID:3608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,12019655333959164426,15231529622565223333,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6460 /prefetch:1
  2⤵
  PID:5112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,12019655333959164426,15231529622565223333,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5560 /prefetch:1
  2⤵
  PID:5492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,12019655333959164426,15231529622565223333,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6924 /prefetch:1
  2⤵
  PID:4420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,12019655333959164426,15231529622565223333,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6392 /prefetch:1
  2⤵
  PID:6000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,12019655333959164426,15231529622565223333,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6932 /prefetch:1
  2⤵
  PID:2556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,12019655333959164426,15231529622565223333,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7308 /prefetch:1
  2⤵
  PID:5236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,12019655333959164426,15231529622565223333,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5788 /prefetch:1
  2⤵
  PID:5608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,12019655333959164426,15231529622565223333,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6356 /prefetch:1
  2⤵
  PID:3164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,12019655333959164426,15231529622565223333,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2520 /prefetch:1
  2⤵
  PID:1576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,12019655333959164426,15231529622565223333,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7828 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,12019655333959164426,15231529622565223333,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6612 /prefetch:1
  2⤵
  PID:1140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,12019655333959164426,15231529622565223333,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7712 /prefetch:1
  2⤵
  PID:1176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,12019655333959164426,15231529622565223333,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6392 /prefetch:1
  2⤵
  PID:1676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,12019655333959164426,15231529622565223333,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7320 /prefetch:1
  2⤵
  PID:968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,12019655333959164426,15231529622565223333,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7388 /prefetch:1
  2⤵
  PID:5176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,12019655333959164426,15231529622565223333,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6664 /prefetch:1
  2⤵
  PID:3876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,12019655333959164426,15231529622565223333,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5764 /prefetch:1
  2⤵
  PID:2884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,12019655333959164426,15231529622565223333,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7188 /prefetch:1
  2⤵
  PID:3460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,12019655333959164426,15231529622565223333,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7920 /prefetch:1
  2⤵
  PID:2324

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1028

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4508

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x304 0x498
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2812

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2840

C:\Users\Admin\Downloads\Setup\Setup\NewSetup.exe
"C:\Users\Admin\Downloads\Setup\Setup\NewSetup.exe"
1⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:5136
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
  2⤵
  - Suspicious use of NtCreateUserProcessOtherParentProcess
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  PID:5004
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 5004 -s 632
    3⤵
    - Program crash
    PID:5788
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 5004 -s 640
    3⤵
    - Program crash
    PID:2356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 5004 -ip 5004
1⤵
PID:5780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 504 -p 5004 -ip 5004
1⤵
PID:1864

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /7
1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4472

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
53bc70ecb115bdbabe67620c416fe9b3

SHA1
af66ec51a13a59639eaf54d62ff3b4f092bb2fc1

SHA256
b36cad5c1f7bc7d07c7eaa2f3cad2959ddb5447d4d3adcb46eb6a99808e22771

SHA512
cad44933b94e17908c0eb8ac5feeb53d03a7720d97e7ccc8724a1ed3021a5bece09e1f9f3cec56ce0739176ebbbeb20729e650f8bca04e5060c986b75d8e4921

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e765f3d75e6b0e4a7119c8b14d47d8da

SHA1
cc9f7c7826c2e1a129e7d98884926076c3714fc0

SHA256
986443556d3878258b710d9d9efbf4f25f0d764c3f83dc54217f2b12a6eccd89

SHA512
a1872a849f27da78ebe9adb9beb260cb49ed5f4ca2d403f23379112bdfcd2482446a6708188100496e45db1517cdb43aba8bb93a75e605713c3f97cd716b1079

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000024

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000025

Filesize
67KB

MD5
929b1f88aa0b766609e4ca5b9770dc24

SHA1
c1f16f77e4f4aecc80dadd25ea15ed10936cc901

SHA256
965eaf004d31e79f7849b404d0b8827323f9fe75b05fe73b1226ccc4deea4074

SHA512
fe8d6b94d537ee9cae30de946886bf7893d3755c37dd1662baf1f61e04f47fa66e070210c990c4a956bde70380b7ce11c05ad39f9cbd3ea55b129bb1f573fa07

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000026

Filesize
41KB

MD5
3fa3fda65e1e29312e0a0eb8a939d0e8

SHA1
8d98d28790074ad68d2715d0c323e985b9f3240e

SHA256
ee5d25df51e5903841b499f56845b2860e848f9551bb1e9499d71b2719312c1b

SHA512
4e63a0659d891b55952b427444c243cb2cb6339de91e60eb133ca783499261e333eaf3d04fb24886c718b1a15b79e52f50ef9e3920d6cfa0b9e6185693372cac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000027

Filesize
63KB

MD5
710d7637cc7e21b62fd3efe6aba1fd27

SHA1
8645d6b137064c7b38e10c736724e17787db6cf3

SHA256
c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b

SHA512
19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000028

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002a

Filesize
88KB

MD5
b38fbbd0b5c8e8b4452b33d6f85df7dc

SHA1
386ba241790252df01a6a028b3238de2f995a559

SHA256
b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd

SHA512
546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002b

Filesize
1.2MB

MD5
e5c0848bec1c488b12fe59118f5154b4

SHA1
6fd5569f8b40ce3b2d1d72f188a445ebef2c6fc6

SHA256
93f7cf5f232f61f219cca4822f49c0ce8dbcdbe6d354f3803447a190b219a62c

SHA512
11b819f6a01b965186f5995448d39b50f218ef76b72b54da79b8e2316e4f07ed36903911e17444db696780cb026a9026fb6200e114d098d279d85a34637e9da3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000032

Filesize
42KB

MD5
7afad668e927299e10a33c553bfdc03b

SHA1
2354613c23fa2a2a2c688b08bf7ac81d89a46067

SHA256
c7d40c1539d75d1a5db9c067bc929b094ed1779299969b9c4c56d2d24cb0ab53

SHA512
227941bc6c230d34fbfb7fd4c569f9c72ecc4272633788aaa199233fcf767099c48eabd833bfe51b6db1dee98e94b8748250791ba054af6976b92475614e816e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000033

Filesize
30KB

MD5
47080027520da0dd5e563f2f1c58f918

SHA1
61ba9f6814d4527ea3ca8226f1acdcab4e1dae8e

SHA256
f7fbc91998267a0a54f8689f12237b4d8940d8f7179075e850ded31ba269887a

SHA512
21de873d98cd8d675c96db5e3928964b16aa8c06866b9f4d0d1890d837f72fffc4878f1057b11dba7ee789b4c9760113936c71cd73f98f74b7ec5128e3d818ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000034

Filesize
65KB

MD5
52e38a68c05fe254f215c8215a7d6a2f

SHA1
00f64d78de2374c3c246b87da2a92626ea71f44a

SHA256
bde3bdf4a0eef56f3c96123f5641a3d4805ec28693874ef68047c11113653857

SHA512
03ffbac5e58901e04cc54b8617e71e59f42db13755190ffc53a4cc50cefe8a74109f675244e3642df5c61278fd6afe075d1adcec50e3ec5b98a29df8cf7b871a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000035

Filesize
30KB

MD5
5aeb3890e1a5f612cefcc9928d3557f3

SHA1
a3876b96d829ed13d07ff784682a85027644287b

SHA256
13f0c33cfdfde899749d95fa7d3c427bb94b9ebfd5362c8eb2446c466d63afdd

SHA512
b67642538ebc7c01f03226c67db9687698cec19079cacd5493aab833e1a08496f31293178b1cca62a27aadf01ccfd4a971078a28d83dc4dbf3c41b828b342f25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000036

Filesize
111KB

MD5
7e6d312b8424250a62a95c1c6c8de950

SHA1
2d6ef022da92fcfa7c1b0274e822060d953deda8

SHA256
1ff2d0e2a8b953be6322433753f31a25773c742e413cbcee45efea127798d9c5

SHA512
fd5ba1eaefe120ec102b982aa0ac1d387ffbafee910225dbb3ca8dd21f444ebe31767362f7f9b041c42d0040c32ec19db5f9fadd3950b9c207e5d712b7ebf982

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000037

Filesize
200KB

MD5
3c795ce971eac4171a243f56a51621e5

SHA1
778e00b7042358ca7d0523892933e400d3543bbb

SHA256
5713ef3b7dcb7ce30fbe7d22eafda017a57da9dad25bca4c0bc04993afdc1244

SHA512
7954d2323503c14df2636562e7292e0edc744515a21cfb7a1275b03ff0b90ac026bb857c1ba9b6af6b55b0a446dc32ab1185fa2cf102de037c72460cd83db25e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000038

Filesize
1024KB

MD5
760bcc93333b6af3800503030dc46fa0

SHA1
04315aaaf38046a528ce788df7019a1c2bd1ee6c

SHA256
4c43686909a4bed301e6c53ba6043376b827a89625f875f895f4e1259f215611

SHA512
23a4cf95193e04560ab21f8fd5f7fb61a99395fb0a6db50dc8aba6f9e4ae588a1c8c3dd2141dee10a50c15c19eb170c7c8386ccbdfaec422c6e68a95fd0be28b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000039

Filesize
1024KB

MD5
ec446cff69585f5d58baa0e39d6ac404

SHA1
b53e2810271914ab48f6bf578cefcc5809d26aa3

SHA256
760a7b263154ac879f8b87f8b0fdb2679ae79f1546b5d5d68c41ec2e81b9989d

SHA512
f4695ea0dcc31aff7713d621988389d09730a1e632a91462294d772ffec1d6c90f15f5ab2f60ccde59af4a1fa617c95250119a35f47c94969b263b1d21c355a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003a

Filesize
502KB

MD5
8c90891dfa79fcd1471cd787eaf61d75

SHA1
360f76ac6658b4a5b4dbd7e7be4e10b50ee3ef43

SHA256
12d877bac435a562f2fc08a202e9dc64dbce6ee63c562c1faac12b025cae7cc4

SHA512
2dbd43f28f093e87c2d8a71ded92cadae8fc7f52d3996f38dc1f98f8e472ef298976392771643ee8b4a90d9b56e5efd455a9fa95d273cfa7a18331b85e076d35

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003b

Filesize
17KB

MD5
645dd701b817837ec5ee1a8e7df02c71

SHA1
afa08b59771f8054d4c0874e734d2d6c3d98b551

SHA256
d184f59402ae9b05de4bd8cfa60c1a89a6fdcbe382899486e8db84e75e376932

SHA512
f5d061c38f7aee04604270e294d6ddc49797eca4938b0ad304b5c9b45f59633e7bd9b5d78b06406b803897403572c9b0be4bce11bfee12934b462aa3191b3b18

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003c

Filesize
433KB

MD5
f8fa0953c7252e62843ca9e002bf719b

SHA1
d8dc525d3b8655e061f5f38926f59cd928d5b38e

SHA256
e2526fe84d2acc97823832df82b17cd4a114cbee2c2be50304b1549baf884b8f

SHA512
6defea43900dd925a17412d67e9dbe8ebc3e3fd57c95243d7799c8e510a4b4a9ae6e30285531baf98910cc6a9786215fe068231643c40b71de93f0678280f3e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003d

Filesize
40KB

MD5
4418bd1dbea205cff348482533bb9070

SHA1
e842bb6fbea2c099c57f839f0e729dbb926003b9

SHA256
1d5bd403953287433c1c28681d3664a51f4c034b2b879ae8b2e5273977e924ab

SHA512
b4369cbcc55323641722114a1eebafb8140fa1819e88c864a08f64f6c8e83517af2b323f4db3d1fc36514572585e0beafeb71460379797e868128419a4b77815

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003e

Filesize
48KB

MD5
875ce85899f42e9ec6eb746e12941a36

SHA1
3dea50b88956403abfe2d825f0b11a477aeacb0b

SHA256
be47b0de34a09bb926b752ab9162f31a6a26e8bba6501914e529414f01bb6644

SHA512
735296642c7cd1687d87c8e5e8397a5d4fb28f4ebf06c66cd19fcc25afc706e6ec14bc663595c0cb34d44ca565daa9abb2a5a41a6a6f89fc4249a0704357e586

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003f

Filesize
26KB

MD5
962e668fa8244d91b72a0f3ee5a7e142

SHA1
5795546978310ac7746f5bcf973380154bbc2868

SHA256
850a20559cb200003b7d6cc520e8c8580da1275e938a2ec565bb8ba51556aa96

SHA512
e3b50261dd59b76885d9e0ebe27dc4a2cfdee3145381fec42cfcd0ff04327df93a9074768d95e7a329d820e297771c6aa891e55b2e628eb59da9d8edeffc03ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000040

Filesize
27KB

MD5
c711ca2b628926b9e2ce16fbc97cc176

SHA1
55b80c157eb21b7cf5f434998928a9c0db8a0579

SHA256
b01838efd9948f89ba1bf4baad82e6e0f81ac6bc5cfbfbaf09fa41b3f7b8ba8a

SHA512
09aa3303fbe7235bc963b7ecf9893ce371e0cce351216d90ff854707f9466996c08433dae0780ffb0378296d4fc8e24477dc12f12dfc30c2b9e134e814d7a8af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000041

Filesize
101KB

MD5
b4baa7f66aa0b4372e2572b04df16618

SHA1
1350ad624b8aeaa1ad12a3ab8bf27f5869fa04cc

SHA256
af66730143f938fe19786e37da18d49827ff9a4b44275bf764689b82c8ebdc58

SHA512
8de423c037bdb39d060378d2b0b97ebde4d8a8610c6d1991c79f3bcc23e89f8b512632269ddb26761115f521fed6da982671c967e21f4210ef6b09ee98626b0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000042

Filesize
45KB

MD5
27565030df2115123ddb2ece0094b645

SHA1
ebf93442de2d95a95aed4ccbeab1d2539d0d36f9

SHA256
e9f67539f90ad21409e79e8efb1fe57a472b76e8b88db82762a59c00cf8bdcbe

SHA512
4dd7a44c139d69d8e4816048b6ef1b939e5b76074a4d1cf5c921df1cdf56e25ad1e38f56424573b25fbbdafe7deb93dceb7e7d289348e3dfd2a4eda56e6f905a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000043

Filesize
51KB

MD5
d7a11128a0b0f2dbe6b957bb678592a5

SHA1
3482e902081e3736f833a78781d9450acfc3e742

SHA256
55a0138d9a655bc7c8e7449a218f5d434a80d1987781bde35f2380faa7ae3a70

SHA512
d42691261a7b3fe74af2b4b0e60e77dc59e41193ea582de644ca5cf91a9645c6458f55eed6792ff45c2c4b8ec84be7b643e587eed2707d1e8d77df96b3b0bec1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000044

Filesize
39KB

MD5
a55c0688d765a6f6a92f8b06dbd29822

SHA1
baa1dc096d0aed1a8a58206e4bae07996b2b892a

SHA256
23c14e8b8ab4c08a6b7214dc077692a9fecf6132a60ab01d5d52a868f1ed3589

SHA512
c1f433073d16c3f8ce20a5376bc2c23343bbc9d0cad680fa0e47d936d5a3942c9381f9273d847335874a022512a4f4a25de1d44cea1cc49d1cce951c62bda0b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0357369729b7fd49_0

Filesize
272B

MD5
1616a85d7277b1b40b3098a736acf73b

SHA1
8e93f270e5995f31cbb93c2d8c1cd7c6f75fe465

SHA256
9b7bdcaf21b07415d3c4b9910f40eef1cdab64df7ac4f4b4764e20aab27abf9b

SHA512
007d093fdb286d3ec47eae532f5ac0444e1a057cf071b9daa2c304b1fcea831261d37759c60bafe867cbd778fd5b62216b1a86bb3b9d6cae86525d9fa9bff230

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3bdde5b74189f4b9_0

Filesize
265B

MD5
f56eae4f0aa56b3b329d7eb473c02c75

SHA1
38860112b5cb1189d767ad5b234e8f4a587151fd

SHA256
e381502168d39e5b1f12d0deb5d5510f74ab94d9dda538b9ddd81c66f6cab703

SHA512
a0445a1c3763d08575a6dcd77141e78769729db581315a0f17922fec2a4094ce63d02b80b6f8b4d8b416b62923b3df86e6cd6fe8e6c2444c716ee744556d8ae0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3e47c0b04ac9b8f8_0

Filesize
2KB

MD5
26e2443c9ed751b43204b5f03dd8b6ee

SHA1
62359be440fec30bd183d6818bb364c083beb3af

SHA256
8ff2dbc226fdffecde4bdb97b39c016c8670c7861e79fd726a9039053d9758b0

SHA512
e1f3550e49651911c45f9ddf234ab9bcc87301ab13491758aa35d7d17d7a23bcf26f3a039f13ae8e52399e9c4ccf0ed6be9c176e82cacf28a5465c8598372815

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\54969d7f7153cb43_0

Filesize
186KB

MD5
d767c0df2338c2e6fc953ddf71ef7b8b

SHA1
c48dd53eb91ddf0ed9914135001717290bd19aef

SHA256
18fa43f0ec0d60169a1c89c304e1e2f77fdfa721ebf4f9e0c2ceb4e72138c008

SHA512
4d7415c382c914da3391c6b04b286748ca4c736680dc51b84a40a1f9952fe7b31f1da6507d7a675f783c6d1cc3354ac1d8ca4c285a9380e190d35b39506d30c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\69daf5f633ad5701_0

Filesize
284B

MD5
2d6b6bb77a94d8be0825365492c3dc5b

SHA1
90dc170fe90b13dc216a858bb8ae54a18c62f43f

SHA256
6a828478fdfd2d2cef58eaec62f713b67f47124ab3f86ec649036d881eba2b69

SHA512
69caac7da3a61ee8d5c1afed959435190226d46530f5acf03b3d4650cfd5e3fb538c6bcc96d52235be8c614b359b15a9a4bb796be5ef583a80977b8626c85b41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7686d75a640dbc27_0

Filesize
319KB

MD5
17e06f660daba053581ebde64f18a08b

SHA1
50ad5f342a6292e93b6c97984dc1945b0cbf3160

SHA256
3cbdb2c1cf5907cc8bf60782a921146d3e2673ae4df56016212ba2ac9cbc2dc3

SHA512
daeaed1b18c2578296b8c75475a85385f7e90d925f4a0f331f63ae69d23dc83b77eb61d5e8fef74a0422310c521cd94e6637ceed078cfce9fdc1b3831830a705

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8175f318bbe986d1_0

Filesize
285B

MD5
99c79c577ba5da4082f350bfb353fc58

SHA1
38fa5458bfe1cf180307fbec02395017fd8ef109

SHA256
3dc77cdc617172cc421f7619e25a580e7fbd1463f8a7ca5caeb59d4b9f4c817b

SHA512
d82a715a850a59758a316ca8044728c689b971950a644c70c7716f2b3f631ad4a42c0ab3636f63dc7815b941855eba54332c51f0e866c2f2964a88633af4b8f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8e864c483ddac5f3_0

Filesize
8KB

MD5
340627af1f9d7ee6c5feadccfaf6d124

SHA1
644b4924a53d649375b870716563d127b7a62872

SHA256
040c6f117b4042d0e8e861237e7fef9de0594f7aac9fec1ac1e77abe36b2b78e

SHA512
a178fbd4bc2c6bdcbd3202064b43ab9099130be8db06e2f20792ccdc113441a5815b3dbbdae208e90001dfc03fb3261ac4b8ea8bbeb92a45ead6ef7dcc45f219

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9d209829e564ca92_0

Filesize
478KB

MD5
bebc098fa5dafc2e7ed9cb91634121b1

SHA1
9bd480e7a3c9a8d7f949061b127dc5d18e54e1c9

SHA256
bc379629b57c586e56f2264d1a7ffe719a8d63522ad05da6df9ee176f80fc621

SHA512
596f843a01f667ee8e9c8493c2ee1bd962075f70b1409382b564409a8db2f1b6f9b9849f1d0ca83680c3b4876373adbd8e7c39222e4a2cf29fa3cde076029fe7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ac781a6ba48ceaa2_0

Filesize
8KB

MD5
32a921374b46dfeca21d838acda709f3

SHA1
6b69369982a3e1fe157d2eec66e93ee7ed617f5a

SHA256
3a9085c96df676aeead0e48a347e296ba5393d487dbde4d6cccf8bab85410d22

SHA512
c86a5cdb0785f5863ed78c61d8f01dbebcaf19598033d843e42e0a70bc571b596dcab928d5b6f50dd9f8c95aba380d916dc97fd95602afc2f67564a8e073e8c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c9c5982f27be5cd8_0

Filesize
515KB

MD5
8dce20f95ec8881bf71a7cb1ae68ad43

SHA1
cb0cf92c04a728ef1a2d6e738509dd7e17ebf088

SHA256
2a4e108305328a82c124b5233d16f2a32d7659e8b6abc2689194debbce2c6563

SHA512
c13b364fa938a20ab582ef6e52d268c70d6d713a9215c98210a3cc6a03bdfff03aa1eac8fb5d15dd2b342700088924de549f00e52b6fcaad57d5c1ed69c34be2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
2KB

MD5
54bf57b596dff734a6b3b3b0af7135f4

SHA1
266cec73b80f17ddd9bfce299b799ebf46c72c39

SHA256
931c68e602f1ad18fa1618833b870a5fdb47ff4cfd8921debe013b800d7962b6

SHA512
4042cf71b383f43ff9dba0099107be71d985dd39f79dc76397054f6ac27571943dbdc5ba6f7d152e3bc38a87431ec2a5a50ac5d0f7b2ad2c5aed8936564170ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
e17609ad9f91a3e940c044d828471bdb

SHA1
e1eb5202ecd5d19bb5da60a78a031bcf7bc5fd75

SHA256
09b51329aa026f9d562b58525a222aca070c81a46bf7e962bca855b0c458b5a0

SHA512
20731c767f944ce87c52f4e9403fbf6541ef4edb598cc1baa65126ce2af019e5fe94ca40830607ab3545ffac4a6c51dbd183a02a107bf4d8b50bd3777bff60e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
202e4c32597769d69f99f8c638be4aae

SHA1
05d40a80f70dfc8590f16196c507e484bb711ce8

SHA256
5da577053a619d689f55db9457d49e182af0189010ff9292398d6cea7aa5f722

SHA512
8a24e6f35f3db1ca290b9d7fe8571ea360fa20062f752262f2f261e6669115209261e0c3afee457dd35e02fe424f75eb7f377e5f1290c32b06f3ed3f50387e38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
3ae3514de61a6bb921ab0d2d3c3e0e05

SHA1
8205a196b3d2d5632b986b06888d318a662110c5

SHA256
a4154f863124ee02bbc16b3aa8e689d741cbcaad3dd8a2bc7d358c895f2c7353

SHA512
edbb227b97c22fe508d8717caea327593f335502460ed5274df47f9d456d2d8bb673d0b7b0178ff4bcceae7f4222ba763c8db9651e49c369a5d333f36bc9a9f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
c10415ad7241d7230b0c45374367183a

SHA1
01592e5f6373ba75a5f76df3bd7bac7c39a6f8b6

SHA256
4f8038dae50280d03fea0e430edaa7aaf5c5b448ae3319f3b8dd354f45eccea3

SHA512
caa5ddae54409dba53daf363090821957995a22f37f3aa8776862d70a4e06f125614e0ae3a56d4f9bae32bf7572b4c55bbbc0f9e29d3fedea0d560c2f499b6c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
2c13c3996681d66a249ef8b474b64e9b

SHA1
978327abb11ee11a145482be09ae76f6bf1d3c64

SHA256
a695bd07e44e34da0f8d2dc68294afa5ff8cbc275afa1ae759b649b882ff5f7a

SHA512
4fc52c5f1b8d9af8bce4b03fdd6bddb360a49541c4a008ce30c0c3bd073caea65a756d8065598492662226cbadae3c923df00e3780eb6cf016d2ec898b1618f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
d033fd4b0180ea24e004408be836eae0

SHA1
80a34cd11db759910aa72c445cd4478aade6b476

SHA256
ae682b45c289d91cb06b37f2dc6c2d53bc2ea4c47086d611aeb6888659e40109

SHA512
398c3f229764e663525794a19eb0ec16a4b3d202bc24a03584ae5a2ae18ec6edbc87afcb7e26c63a091c411d7924c9187789252f7e5b3b6add0d9f7ffe951959

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
d42cd2ead21bc524fa7d09b7b239b163

SHA1
f4cf9d04d236069c40a6199a1b5b81e5fb26ddd7

SHA256
cd57114e8ef40074f4aad46a61ad1dd9e150e9ac4f28efb4f75970ed97c84c01

SHA512
9800bb794c2385098842f21ef8e4c661f6601a53e579c0d17940236ee7a45226982018093b771927a38444697756974cd84d3a0fb6bb8a74f0c35eafe587a630

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
db185410e237027c4126998abc2adef4

SHA1
e3d0063ade71acc3a283a59fed3f389c7c573fe1

SHA256
ce1d97091479cb10fd3259ac726d430b3b183c07773397a9a42c4938c97f246c

SHA512
f278f63e1a824133f328f3a699730a4af8d22c09117eaa118da9560c82647b870ed09c2e0c2c583106913dd65e87b3572f4adcd67d4180148576f212ff8f86ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
ff3015c446cab1cbcbfbc048443bcb48

SHA1
6f8412438f880a0fbd433cdd18850c9301195334

SHA256
2ac2bc30cdaa0024c33dc55bd6fc5104809d26396980316decdc7306ec32f4a5

SHA512
3a5d58830a7019b8861dd3009252660a49d615223abdac8c056b4b731059d7a578e35d969ac72d61a4a0a4cfe85d735cc3ea5a42688bb5e54d1f1d7e6dc2a34a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
2936b77446f401de5cdf3f64e1067599

SHA1
be09ccd3cda71361a1e8b098f32b3757bcdaa05b

SHA256
de054d7e3fad54044bc7ae07c61ee38fd7b47c7c71538402b378fb93d69a568d

SHA512
105f02633b7b11637ded3be73e2d41c54f95240cdb5ee5cb5406a7a75b91fd83ccced1cd62d9e35786f87549d7e283bcfe8fcb477de31c18b5982805ae4c3baa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
4c669fca25d7e85e552103b3a3abd7c2

SHA1
d9c3156872d8f1322845bee5812c825c64cde0f7

SHA256
2d6dc37652fb7574c6b8dee0b382f08ae7af0436af70b2a198402bb5c39d82ad

SHA512
cc28158f6dd4aadfced6cdedd870a58cbc30528c5980149cd4bcaecf6d032f45d6ef6e3575330e245c529505ff859195aec4fd12f19aa1e91646104e68d6b091

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
173bc49286a747489c14ebd324e54e1b

SHA1
777ae5d57613a5cd040d165bad144872fd231084

SHA256
68106c8dd874c92bbe9b89b6f4e6cd9693a36cde707abbd8a1c770f38c62996e

SHA512
c1b45186ca423789f92ddc49a8692d89681e5c9d61b686197b0fb7d4526f74ad23902f89e519f3467c407e8e76ec1315aa335bd2abb54ad5d99583039372c48b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
1fddb265873b9ec648a5a902c1ca04cc

SHA1
756699c59858ba25c4e426b3189b27ef050a3b47

SHA256
cac804b3a74a696e769ea0398c45fff16c7efa1657870104eb7dd0bfb364b680

SHA512
05a3735190421ae51b1dcee2cda218373804da961d8470bf85d3c53121530dc40cb8b5f9ee7a1debad6a145e6dbee920d43398686004bc93d407126ff49260b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
56aa35db1de0ebc15c2cd000906a4197

SHA1
d57c3f2dc4de14be3be7dfac9af34d2e9865910d

SHA256
9075da27999d3cae157a8ffcaf71ab8ea233d563bb19a18230c1000a86b69dc0

SHA512
8acb38a3310786085b95b39da629bb51f31e79d02b8b3c2e54dfe6a6120be22e4cb26c2d92b43f54071f9f368621baa8b75b3734e5f6ebcd7cfd5a5fc6763f92

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6f05a154303a38d49387d4d5ff09a108

SHA1
3a0a4a2b1189df150dd6871b0497f1310b420648

SHA256
f234e5e7ed813f198a8e922f214a463aeb6c0c2c308296ac5ef66ac65c6a6e35

SHA512
82b94f2408f0c1aad737c7048e12fb7b36976bb8e43a38abfce18d03bb37f6e55601ac18a32a4656729e4cf7bc00336df13284a620c7a6a62645fa9d903d6428

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
74ace52a7acf5b875f84f2058c300049

SHA1
78e3d20507c0f224282f8e2839c6c540686271de

SHA256
1c239d0c1592740e07141ecc8ead68479718ab16b1fef4ccc3cfacbecaa481a4

SHA512
1ee8e10755c4c689972f9ab5d241aff66d27439e80acf71f5092e8b646d459c9860137f7e73b81f116c31760cb7828c4eac8f950ae090752ff95ec28cd9822c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
75847ba886fca627a34623f08c47c5e6

SHA1
cbf5534a9b0e09b1744efc71dfcdded10b4a32d4

SHA256
2c636968af455da7cd23a1c21fb8f326792aef0232682c1262d0e82b9716ce6a

SHA512
b0225216a72c371cd1576d8f56fcaa532d69366a10e9ad197b546f34e5a0b0188da92428746fa10a8c8a72f8350f06a42845a9657f90dec30717e8c3ae8d5159

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
d8967cdd0201f53ebd514b3cb5479576

SHA1
8cfcd8b1256505d879ea0e0d28844dbdf6468881

SHA256
5dc066bae828dc7a5a44094a26c41e5edeb62e9c48df336a67cfb8d035e99211

SHA512
8fac6861fa640546556dd5d7004a18809940c06e3cd7d129689515c27074946169c7e625755fdf67db83f05ffce82eb284a9241adc79bdc5c2cd65e3f5827c08

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
56d006ae9604c6dd7d3b90244c721d5e

SHA1
d7d0361ae28d73b5b804fdb516fe1e6366551fa0

SHA256
9c6c14921f3c9aca9752fc6dfd39a28dee157d4b28b6185bf2b8e98d13fcd63d

SHA512
661c35110ff235ad34988056f1d87ba37e5a126c0a0d0d9efd8c51a896ee135fbbfa421323e2f4d7adde825365f365fc14471b7aeb019f15e2c89079b40bb9ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
a4fa2d14bce11ec1734f3ba67fa12ef6

SHA1
cfa7bc6113bde0ba202643878a46f2b7844c2be1

SHA256
734188fde7da6cd60bfeacc92c16e44c8de49a67370a7d4ed6605ce3b2442f3e

SHA512
8f53ae0981e1c87c36ef31713b3c5f1d473b9d675c20956dc7889f2b7234b78e2303d7ed325ff1321e18471c128313e74fd45a68d412e215754ebef0da2fda09

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57d745.TMP

Filesize
48B

MD5
0d08b17227100510f229aff972777449

SHA1
3da5331698932ceb58a1a8052047923fd22cf113

SHA256
39d367601de9424f765287550800794f96b97470621a629a39026977f5cc46bb

SHA512
0f8898b5940c57b648776dca5f16cfcf741f3144b452309be537fe75c2249a7dfd7fad7da14c25a2820f82b59b53851c6fef18f997084d411374b861a8b85c97

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
76d36ae60b1562a021d8b5fea0eeff5b

SHA1
3a4368dbc15f4c2640e01c0ec5605ea79528e24a

SHA256
75d465d2cf2e431f8a7b69bc973fc18ba7094cc7470830cbdd9a7d4590b9ec96

SHA512
cfed9fcd7008268e83c8b8e8f5acb0cbf80c9e49d38e76f3ce95dd9c9880ab8ed98248e9a607229e21d2552eccdfa75e4e8576eea50d6bbae499b3b1617fcab2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
8b88b32a93db3fba33db0e49a0304f2c

SHA1
ec54999e7f54721e8a5f984f824daac3524ffae8

SHA256
c86b0c5bbd750400b93a08734a870b7e143cdf1ed2347661e83d6dedb339d377

SHA512
57dd32a4162e2060b1d7f4842128490c2b81d2d12db57115eaffaa487e539ba3173ce4365045ff02163ad55d2d0784d3d6f3e811d9f1a210460ade1b11f0f96d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
48f17d2130a7feb18c968d0a80efdb4f

SHA1
e7fa9d8192f1abea70ac9470fc24f805721882cd

SHA256
c77e7c9768b399deaf34ee37c047fa00da10feabd3ef60714a957fc1c7a6703e

SHA512
fe8f816dc93f0b8a2f944f85be83508b372c989e3dee2e11ed2d3df09c7173b909b56a15d1ca19730d9fb4af33d1a93b11db8147ba70102d3d0453629c36920d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
1b5b6fdf82fcee71b1d64979fe53707b

SHA1
d21d20ba207f74006356131d885040edc951ac5f

SHA256
e0e85b20f103375fc22dd0048c2599229c99449a82481add9e0588817a92e8b3

SHA512
c1ae51c939ea55114d9ebfc6070ca5962e67c7ce01ffbf67acd388a26bbbc3293bdd5219d375c9b230524b7c9968aafa4e90b96e0dd6224516526af228a2cee3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
8a54583876fc0411ad61e5efd9bdd47d

SHA1
8c6d7b5ba9359065801ce27f74a8964a9160c2dd

SHA256
513ce2c07a5dd358637d87fd5a4e33297626dfd584b2b1b7743307dcf79a943a

SHA512
2fc66b27959e158b544f1530916064bab15a47d48451011e87311acba43d4e3ef65515f66fe5a129fe976d47bd2c4b6593f9ab9b9c1a4a68a4e09cbeb66a3a66

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
7ffd44fb96663e64d3b60b7e43099c01

SHA1
a949c6d45d894f6c8c1c672cd3c8a34c16d00f04

SHA256
d3e13625bc740d2925d0b0444cfb442a1dbf32943f8a2f0136ea0a892fe406a7

SHA512
9992277d235e32847d498d8727ab79318a8abc049ed90927ca73eada0e0c3bfdf4322d0e861730449abe9ff76465326dc62ed11deecc0bbf26fe8ed451ab6ef1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e0b4742e0ef769e8046d1df756af0c7f

SHA1
2b911902e379e7a9649eb788a7c15e48f6c54765

SHA256
c0f9e7a59c7b4d2463564495a9cf8cb6b84c42804e3b82d5eff47bffd4482e20

SHA512
cd69c377595d4e1a9c686719833f12e335a430a6b38bcee48691226640c8ab119c273aaf22f4f01be3f5c30e6652a68d9ba400b4968d81fa2295700f569efd5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
6bd18183b368ee15d34327df0b6c310e

SHA1
19e04dac8793c9e69c0a92709e6f4a1cf2788085

SHA256
49b4982609ae0a7780b530129e7e0a328b2775ae605575d63ef3f2e961608d88

SHA512
505e40ea7b611a180354024363734cd63b175d22ad7dbcbcb529b47d7d33b0a3816658f49d14291ed10a1d5d8a18dfd40cbbd08904f3e1dd750e5c15e47dbe10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
cf6390aa6a20915eac1dd21739b3d6a3

SHA1
fe6de9bbf73220b1dc0c889b4a9d8925b7f8fbcb

SHA256
13dbde37213e463663e0ddbe838a35e8a14c912f1c4f735d3f6649d898386934

SHA512
b1c7dc851869c28bb1342702b3c9d60356bf3657c0925ccab2aa2b38f661b15f3e11824751445b257308da024be47673ce65422c271d4898c63743af594fe0f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
ad77a003f4b83b5eb5e81e68811fddd3

SHA1
4ab222d793c72a237f5978a5b923b8e0dc86fe1d

SHA256
d03c1d8684ed840a38d5b0bcdae5e2ad0ae0e3fef38eae73b4ad21a48e107314

SHA512
841ade19d9391805b255571a4a7d0c0d3b8a91a2a26f53278efb02546d326a35c1cfe423be72f3794ca27e8108277ca891a42f444894e8743c17e1221a2569a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
3ff87beefedd9d2c57a72518b3465ae6

SHA1
0c2e5c86b864071b53b877c91b886f3f4c29e841

SHA256
782a67e6eca65084bfb5a418f3e69a53af9e3b0136a0b02c8b6b011a9f8ef8b7

SHA512
5d4e9a201c48be24cc8094ae8d029a6de9c9afab12a96ea1ff4a22e03e5831638af7d0c7399026c8df751d044b5888162e2d17c19b0ea746d42afb9b06b3b0a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
6fb6a68e8c8ea268830a04023629548c

SHA1
0ed9502cf08703299d51a8319606d4746e6f7c78

SHA256
94f106b70bb019f46bb2d1acff3879632cb2e920190fb97058ebcac858b2739b

SHA512
58ad5afde8f77d957272282b59f1ed6c60a4a3992535ea3436e3ea2f45607c3eb15353c18c126bcf93e1af41fbbeec151b12e69fc676ba6e175e0ce7f592a04c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
950cdaa585599a4e5bba5e3027b609f8

SHA1
26944a5b41c33916b6aa6f47036d7a8ddb0da08e

SHA256
c860a6e5b75668ac412d69fa7b63e1aa5ef9cc69d8e488b18195975dbc85ea44

SHA512
2f82fa4ae2a10c418dbe42327b8dd93d9bff77719b1adb458713f51c3b205a2522ac89e0aab61938ab29e8e0d7e357d20efec1fb8e2f8bc15c65be0f1384a7fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
17c6f1df3c2c1075d96451ea84bb766c

SHA1
8987859d5ca70edcf1dd39480039d549b8d7c602

SHA256
412d12c58da1825b0f53d9b2c8af9da3a2e7432593f86dbe86efc2a4d3db03fd

SHA512
d65f1f37592edbf79211e0382d8ffa3a79b1cb6c3e11ccf8ad5aab492e09bfd7df5c2e092ca220e3e06935023026f5485d893c29ee4e49af3aaf90929e08cb96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e41d4f784f90bcafa139d9df8523c1bf

SHA1
39d03c66a43b0fe2fab7a3a2b0c81467197739da

SHA256
6afdf98b246bba3ad31380edeb0237fd470907e57f2928749dfbb29827165f14

SHA512
1a2701aa93c706e762ec44836f678e3238214641c8377b087b26d8eb3e87e9b2a9bc8ffb194878bb40644bbb811d888ec3e9560c2eec4c2aa3be2c6e5dd85758

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
0404756d35b786d406cf7c818a88600b

SHA1
6805b80010ffd065fea87379f5583153990ae508

SHA256
d33cbb6ffaa9f7524beb57be745822f5dec5adcde2ec433ec3f7e5068220bb71

SHA512
5f7327d18f1f2fc8cd5b71f9b6fbf7b372309ff62bfbef949fdafa59fb5c3fd2ba5ce07431460c815e827f843d823c5428a00f266a43a2ffb2b3941b6aa5e064

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
4ebf0490b75a36feff2b465f42fcfafe

SHA1
0f6f32d05100405a9d7877eac334872ed0b11f37

SHA256
647b46e6b3c32db1551cb1bfb5132a9bd43eb194f801262e98aa7ebb89a51a8b

SHA512
3d995e6144f8f832156e499303edbed73a951ea82841d9700df55200fb18437611437d2e6b56b93a0d6741eb721bcbc0b06136c9b43f12b664b2567dee5dacbf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
d87b24997012bc2d5528362bd3a240b3

SHA1
cb2b5fad51440d90161ef9e7e822644ce3c39163

SHA256
25d88a6de00c079d996cf7c50182bce0ad0343b0dfe04cbbd5bc445743023b6d

SHA512
6b6ed75cf1c9ed91e7ff7cacbf65e508e21cc27b1fe45311e994ba5dc0dc80ebefa05fd1f775249017272b87669e9e66d773fe0fe2b631d5cf3ee5149ae40d4b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
2da95f3805b9c82e770a56d5fed4dd93

SHA1
a5c53ca5f002714fd086f27140f7b49acfafc666

SHA256
1845cfd97f57d4819453e3db634458d9fe3a5062820a161d720de5b7eb156078

SHA512
0e840ed1a882680f0723f837408e6c92336213de868dcb8ef7145803770d33cdfe9461605fdd308a36bd03b596cf97c41d5f5f69b6334bad332e2110968fa99c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
3eaf75f0a1cfef019a47351c2900e960

SHA1
68a2dfd567b52cc43738b068bd8ca79c3c4bcdf0

SHA256
66aa416735bcd898993fd7f99dcb907c066653c3ad90025b6848d3f8cbcab452

SHA512
67758d85f901d53554358ebbdc529c7982a47f900776c2161a0b44ae33c97caef9682c3ff4a6c261e189a26df09ee6b0188abde6803eb538a92576f3ebaf32ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
0f5398498e6cfcc60aeb314314d3a55f

SHA1
59c446e398afd7f9e8655c46cb979088fd993b3e

SHA256
8595d18b128eddf0969d37867e151d43ba9458ade3d1483fccfdbdf1216f14d5

SHA512
2a246f39f02d4bc7609b2475a59f3addd4513c1566122733c353291fea8ccf3e78841fc03921974a331c0f744e5c11cc67045f5625aa51d016cbaf5e7288a1fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
6c37dbecd3c62bc528c42c8b07ec8f6f

SHA1
559ad97dcbd1668e83f80b9c2b2bd7445d4ac1fd

SHA256
628e8edacb1c8190644655de80796f8ac77b2871de7215623dc040dcf24b8edb

SHA512
2228462d23b114f18b92f61010ea6180aeb708b9a6fa00d614e65d9f5edb242831c5c0709168647aa38936e5553184822d3846c845b2144086aca5dafe41f28d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
44f0223394f54fe02eebf9e66740eefc

SHA1
4316e54693eb1d6db31a73641729b27e3e1de055

SHA256
f878e567ae9572be927d2df83bc1204da91c5a8e88f9c447c9f59a71f36d4c9c

SHA512
3ef0bfe7f81055f5e6ca7e536d91664ff930c0e0244b9d30959dd8d6096bd4ed1ffc9357ee541f678981ebea3fd3c9291376297db193b53e49aa4f3f96fb5423

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57f211.TMP

Filesize
203B

MD5
4391c0698c3ebb53e2c1ccf24ebc765c

SHA1
6d1676a8198229bb29a5c9abad0cd575daedab5f

SHA256
dfa9e5ad28cf3406027914b829b046cffb143c3f5b844a226b22438b01703443

SHA512
62514cb88ee57c8bfdd762c0dded269ce61f7ea66c61d294937921ff09aca148164bdf84a75e6c01672a3e0d19a9bd6c63ca4a572540a5fac1c5a3cd10062bbd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
226a924190ee2aa873f2919d9d43c0a6

SHA1
26a99f0b98419dcf3561adc85a034c268fc6a7e8

SHA256
5e14fb0ca6512e6b46e57e6230a8ff40d2436e3d4f67699f3a61e03c32155302

SHA512
2b64813b288d01a7e6c0f5d5f5dd3cb4a7f89cb612ac247a9a76dbf1e311a9d5f04ceefc8d583975d7f36844e8341335101fc64a41a2325a3cccab00517e000f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
3242cb7d2de78498ff11096318cd6feb

SHA1
c178977c9c57c9b102896eeeec4c77f79f1036d0

SHA256
baa8789ff49af5172350a756b346bec8bb8f482c3ed39507a214731dac4b333a

SHA512
217eb77348a9111605ccdaaab5c7eca30deef2fd8e8b5380342c2e6982de8db1f00485d88fc1f22fb98e5b956a8ad8c85a9bc39d3a0d537d28453b72aacf4c52

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
1b918275aad56c508bce1f37043df5ad

SHA1
2d15f35000b42bd4491a6f8978d0403578be8211

SHA256
b77e1a3db4e7d7d1cc6a40ffb6b1a72f9c530cb0bd93c8b199f853bad475168a

SHA512
4a99b6d126ae534699a92af842eb0ce46511053b4b1406ea5c735af34ea3d5a864c54282aa8a135000afc9740751524460dabd4ebcb8ca8263c25cefdbcc0d1c

Download Submit
\??\pipe\LOCAL\crashpad_4060_AHKXMGKPSGWOHLDJ

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/4472-995-0x0000020288660000-0x0000020288661000-memory.dmp

Filesize
4KB

Download
memory/4472-994-0x0000020288660000-0x0000020288661000-memory.dmp

Filesize
4KB

Download
memory/4472-988-0x0000020288660000-0x0000020288661000-memory.dmp

Filesize
4KB

Download
memory/4472-990-0x0000020288660000-0x0000020288661000-memory.dmp

Filesize
4KB

Download
memory/4472-989-0x0000020288660000-0x0000020288661000-memory.dmp

Filesize
4KB

Download
memory/4472-1000-0x0000020288660000-0x0000020288661000-memory.dmp

Filesize
4KB

Download
memory/4472-999-0x0000020288660000-0x0000020288661000-memory.dmp

Filesize
4KB

Download
memory/4472-998-0x0000020288660000-0x0000020288661000-memory.dmp

Filesize
4KB

Download
memory/4472-997-0x0000020288660000-0x0000020288661000-memory.dmp

Filesize
4KB

Download
memory/4472-996-0x0000020288660000-0x0000020288661000-memory.dmp

Filesize
4KB

Download
memory/4720-960-0x00000000761F0000-0x0000000076405000-memory.dmp

Filesize
2.1MB

Download
memory/4720-955-0x0000000000BC0000-0x0000000000BC9000-memory.dmp

Filesize
36KB

Download
memory/4720-957-0x0000000002B10000-0x0000000002F10000-memory.dmp

Filesize
4.0MB

Download
memory/4720-958-0x00007FFBB29D0000-0x00007FFBB2BC5000-memory.dmp

Filesize
2.0MB

Download
memory/5004-954-0x00000000761F0000-0x0000000076405000-memory.dmp

Filesize
2.1MB

Download
memory/5004-951-0x00000000040B0000-0x00000000044B0000-memory.dmp

Filesize
4.0MB

Download
memory/5004-952-0x00007FFBB29D0000-0x00007FFBB2BC5000-memory.dmp

Filesize
2.0MB

Download
memory/5004-950-0x00000000040B0000-0x00000000044B0000-memory.dmp

Filesize
4.0MB

Download
memory/5004-949-0x0000000000400000-0x000000000047E000-memory.dmp

Filesize
504KB

Download
memory/5004-947-0x0000000000400000-0x000000000047E000-memory.dmp

Filesize
504KB

Download
memory/5004-945-0x0000000000400000-0x000000000047E000-memory.dmp

Filesize
504KB

Download
memory/5136-943-0x0000000000B60000-0x0000000000BD2000-memory.dmp

Filesize
456KB

Download