hxxps://github[.]com/szajjch/Lua-Bytecode-Deobfuscator

Analysis

max time kernel
1771s
max time network
1685s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
03-10-2024 05:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/szajjch/Lua-Bytecode-Deobfuscator

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
6	pastebin.com
79	pastebin.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Program crash 6 IoCs

pid	pid_target	Process	procid_target
1200	4348	WerFault.exe	136
11724	10152	WerFault.exe	175
2720	10100	WerFault.exe	185
12440	12980	WerFault.exe	190
8916	3396	WerFault.exe	194
12632	1228	WerFault.exe	198

System Location Discovery: System Language Discovery 1 TTPs 14 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Lua_Byte_Deobfuscator.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Lua_Byte_Deobfuscator.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Lua_Byte_Deobfuscator.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Lua_Byte_Deobfuscator.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Lua_Byte_Deobfuscator.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Lua_Byte_Deobfuscator.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Lua_Byte_Deobfuscator.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Lua_Byte_Deobfuscator.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Lua_Byte_Deobfuscator.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Lua_Byte_Deobfuscator.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Lua_Byte_Deobfuscator.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Lua_Byte_Deobfuscator.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Lua_Byte_Deobfuscator.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Lua_Byte_Deobfuscator.exe

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	Winword.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	Winword.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	Winword.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	Winword.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	Winword.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	Winword.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202020202020202020202020202	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\18	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\3	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\18\Shell	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\18\ComDlg	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\17\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\LogicalViewMode = "3"	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Downloads"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\3\MRUListEx = ffffffff	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\MRUListEx = ffffffff	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\18\Shell\SniffedFolderType = "Documents"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\18\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Mode = "4"	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\18\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\17\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupView = "0"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\17\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1 = 14002e80922b16d365937a46956b92703aca08af0000	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\3\NodeSlot = "17"	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\17\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe
Key created	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\17\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\IconSize = "48"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\NodeSlot = "18"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\18\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\18\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\18\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\17\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Mode = "1"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\17\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByDirection = "1"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202020202020202020202020202020202	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\18\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\18\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\LogicalViewMode = "1"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\18\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupView = "0"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 000000000200000001000000ffffffff	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0100000000000000ffffffff	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\18\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\IconSize = "16"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	msedge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\17\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\17\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a000000a000000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\17\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:PID = "0"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000030000000200000001000000ffffffff	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\18\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByDirection = "1"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\3 = 3a001f44471a0359723fa74489c55595fe6b30ee260001002600efbe100000004ba13ecbede4da01bca2d019f1e4da01fc5631395b15db0114000000	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 03000000000000000200000001000000ffffffff	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\17	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202020202020202020202020202	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1"	msedge.exe

NTFS ADS 3 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Lua-Bytecode-Deobfuscator-master.zip:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\PlaneSystem.txt:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\WeaponsScript.lua:Zone.Identifier	msedge.exe

Suspicious behavior: AddClipboardFormatListener 2 IoCs

pid	Process
9160	Winword.exe
9160	Winword.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

pid	Process
4192	msedge.exe
4192	msedge.exe
1976	msedge.exe
1976	msedge.exe
4744	msedge.exe
4744	msedge.exe
4408	identity_helper.exe
4408	identity_helper.exe
2192	msedge.exe
2192	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
1512	msedge.exe
1512	msedge.exe
12548	msedge.exe
12548	msedge.exe
10308	msedge.exe
10308	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 3 IoCs

pid	Process
4864	OpenWith.exe
12548	msedge.exe
9736	OpenWith.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 46 IoCs

pid	Process
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe

Suspicious use of AdjustPrivilegeToken 7 IoCs

description	pid	Process
Token: SeDebugPrivilege	4888	Lua_Byte_Deobfuscator.exe
Token: SeDebugPrivilege	5452	Lua_Byte_Deobfuscator.exe
Token: SeDebugPrivilege	12468	Lua_Byte_Deobfuscator.exe
Token: SeDebugPrivilege	10892	Lua_Byte_Deobfuscator.exe
Token: SeDebugPrivilege	5304	Lua_Byte_Deobfuscator.exe
Token: SeDebugPrivilege	6524	Lua_Byte_Deobfuscator.exe
Token: SeDebugPrivilege	4080	Lua_Byte_Deobfuscator.exe

Suspicious use of FindShellTrayWindow 56 IoCs

pid	Process
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe

Suspicious use of SendNotifyMessage 16 IoCs

pid	Process
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe

Suspicious use of SetWindowsHookEx 22 IoCs

pid	Process
4864	OpenWith.exe
3248	MiniSearchHost.exe
12548	msedge.exe
9736	OpenWith.exe
9736	OpenWith.exe
9736	OpenWith.exe
9736	OpenWith.exe
9736	OpenWith.exe
9736	OpenWith.exe
9736	OpenWith.exe
9736	OpenWith.exe
9736	OpenWith.exe
9736	OpenWith.exe
9736	OpenWith.exe
9160	Winword.exe
9160	Winword.exe
9160	Winword.exe
9160	Winword.exe
9160	Winword.exe
9160	Winword.exe
9160	Winword.exe
9160	Winword.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1976 wrote to memory of 2756	1976	msedge.exe	78
PID 1976 wrote to memory of 2756	1976	msedge.exe	78
PID 1976 wrote to memory of 3652	1976	msedge.exe	79
PID 1976 wrote to memory of 3652	1976	msedge.exe	79
PID 1976 wrote to memory of 3652	1976	msedge.exe	79
PID 1976 wrote to memory of 3652	1976	msedge.exe	79
PID 1976 wrote to memory of 3652	1976	msedge.exe	79
PID 1976 wrote to memory of 3652	1976	msedge.exe	79
PID 1976 wrote to memory of 3652	1976	msedge.exe	79
PID 1976 wrote to memory of 3652	1976	msedge.exe	79
PID 1976 wrote to memory of 3652	1976	msedge.exe	79
PID 1976 wrote to memory of 3652	1976	msedge.exe	79
PID 1976 wrote to memory of 3652	1976	msedge.exe	79
PID 1976 wrote to memory of 3652	1976	msedge.exe	79
PID 1976 wrote to memory of 3652	1976	msedge.exe	79
PID 1976 wrote to memory of 3652	1976	msedge.exe	79
PID 1976 wrote to memory of 3652	1976	msedge.exe	79
PID 1976 wrote to memory of 3652	1976	msedge.exe	79
PID 1976 wrote to memory of 3652	1976	msedge.exe	79
PID 1976 wrote to memory of 3652	1976	msedge.exe	79
PID 1976 wrote to memory of 3652	1976	msedge.exe	79
PID 1976 wrote to memory of 3652	1976	msedge.exe	79
PID 1976 wrote to memory of 3652	1976	msedge.exe	79
PID 1976 wrote to memory of 3652	1976	msedge.exe	79
PID 1976 wrote to memory of 3652	1976	msedge.exe	79
PID 1976 wrote to memory of 3652	1976	msedge.exe	79
PID 1976 wrote to memory of 3652	1976	msedge.exe	79
PID 1976 wrote to memory of 3652	1976	msedge.exe	79
PID 1976 wrote to memory of 3652	1976	msedge.exe	79
PID 1976 wrote to memory of 3652	1976	msedge.exe	79
PID 1976 wrote to memory of 3652	1976	msedge.exe	79
PID 1976 wrote to memory of 3652	1976	msedge.exe	79
PID 1976 wrote to memory of 3652	1976	msedge.exe	79
PID 1976 wrote to memory of 3652	1976	msedge.exe	79
PID 1976 wrote to memory of 3652	1976	msedge.exe	79
PID 1976 wrote to memory of 3652	1976	msedge.exe	79
PID 1976 wrote to memory of 3652	1976	msedge.exe	79
PID 1976 wrote to memory of 3652	1976	msedge.exe	79
PID 1976 wrote to memory of 3652	1976	msedge.exe	79
PID 1976 wrote to memory of 3652	1976	msedge.exe	79
PID 1976 wrote to memory of 3652	1976	msedge.exe	79
PID 1976 wrote to memory of 3652	1976	msedge.exe	79
PID 1976 wrote to memory of 4192	1976	msedge.exe	80
PID 1976 wrote to memory of 4192	1976	msedge.exe	80
PID 1976 wrote to memory of 1724	1976	msedge.exe	81
PID 1976 wrote to memory of 1724	1976	msedge.exe	81
PID 1976 wrote to memory of 1724	1976	msedge.exe	81
PID 1976 wrote to memory of 1724	1976	msedge.exe	81
PID 1976 wrote to memory of 1724	1976	msedge.exe	81
PID 1976 wrote to memory of 1724	1976	msedge.exe	81
PID 1976 wrote to memory of 1724	1976	msedge.exe	81
PID 1976 wrote to memory of 1724	1976	msedge.exe	81
PID 1976 wrote to memory of 1724	1976	msedge.exe	81
PID 1976 wrote to memory of 1724	1976	msedge.exe	81
PID 1976 wrote to memory of 1724	1976	msedge.exe	81
PID 1976 wrote to memory of 1724	1976	msedge.exe	81
PID 1976 wrote to memory of 1724	1976	msedge.exe	81
PID 1976 wrote to memory of 1724	1976	msedge.exe	81
PID 1976 wrote to memory of 1724	1976	msedge.exe	81
PID 1976 wrote to memory of 1724	1976	msedge.exe	81
PID 1976 wrote to memory of 1724	1976	msedge.exe	81
PID 1976 wrote to memory of 1724	1976	msedge.exe	81
PID 1976 wrote to memory of 1724	1976	msedge.exe	81
PID 1976 wrote to memory of 1724	1976	msedge.exe	81

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/szajjch/Lua-Bytecode-Deobfuscator
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffb50193cb8,0x7ffb50193cc8,0x7ffb50193cd8
  2⤵
  PID:2756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1908,5099298479356689893,13334877208396996474,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1920 /prefetch:2
  2⤵
  PID:3652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1908,5099298479356689893,13334877208396996474,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2360 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1908,5099298479356689893,13334877208396996474,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2776 /prefetch:8
  2⤵
  PID:1724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,5099298479356689893,13334877208396996474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:4692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,5099298479356689893,13334877208396996474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
  2⤵
  PID:4344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1908,5099298479356689893,13334877208396996474,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5600 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4744
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1908,5099298479356689893,13334877208396996474,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5948 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,5099298479356689893,13334877208396996474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5524 /prefetch:1
  2⤵
  PID:808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1908,5099298479356689893,13334877208396996474,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5416 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:2192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,5099298479356689893,13334877208396996474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5160 /prefetch:1
  2⤵
  PID:1412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,5099298479356689893,13334877208396996474,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5352 /prefetch:1
  2⤵
  PID:1440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,5099298479356689893,13334877208396996474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5484 /prefetch:1
  2⤵
  PID:2284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,5099298479356689893,13334877208396996474,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6268 /prefetch:1
  2⤵
  PID:1156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1908,5099298479356689893,13334877208396996474,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6556 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,5099298479356689893,13334877208396996474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5544 /prefetch:1
  2⤵
  PID:2464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,5099298479356689893,13334877208396996474,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4572 /prefetch:1
  2⤵
  PID:3040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,5099298479356689893,13334877208396996474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6424 /prefetch:1
  2⤵
  PID:4696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,5099298479356689893,13334877208396996474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4876 /prefetch:1
  2⤵
  PID:972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,5099298479356689893,13334877208396996474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6160 /prefetch:1
  2⤵
  PID:128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,5099298479356689893,13334877208396996474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4564 /prefetch:1
  2⤵
  PID:3908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,5099298479356689893,13334877208396996474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6456 /prefetch:1
  2⤵
  PID:1880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,5099298479356689893,13334877208396996474,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1976 /prefetch:1
  2⤵
  PID:872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,5099298479356689893,13334877208396996474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6840 /prefetch:1
  2⤵
  PID:3552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,5099298479356689893,13334877208396996474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6300 /prefetch:1
  2⤵
  PID:1416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,5099298479356689893,13334877208396996474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3012 /prefetch:1
  2⤵
  PID:1228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,5099298479356689893,13334877208396996474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6504 /prefetch:1
  2⤵
  PID:2880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,5099298479356689893,13334877208396996474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6448 /prefetch:1
  2⤵
  PID:2592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,5099298479356689893,13334877208396996474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7160 /prefetch:1
  2⤵
  PID:4556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,5099298479356689893,13334877208396996474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5460 /prefetch:1
  2⤵
  PID:5036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,5099298479356689893,13334877208396996474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5280 /prefetch:1
  2⤵
  PID:3332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,5099298479356689893,13334877208396996474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6856 /prefetch:1
  2⤵
  PID:2588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,5099298479356689893,13334877208396996474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6560 /prefetch:1
  2⤵
  PID:4564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,5099298479356689893,13334877208396996474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6176 /prefetch:1
  2⤵
  PID:3800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,5099298479356689893,13334877208396996474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7596 /prefetch:1
  2⤵
  PID:2880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,5099298479356689893,13334877208396996474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8196 /prefetch:1
  2⤵
  PID:2348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1908,5099298479356689893,13334877208396996474,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7340 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:1512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,5099298479356689893,13334877208396996474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7448 /prefetch:1
  2⤵
  PID:4268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,5099298479356689893,13334877208396996474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6488 /prefetch:1
  2⤵
  PID:6576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,5099298479356689893,13334877208396996474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7056 /prefetch:1
  2⤵
  PID:1508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,5099298479356689893,13334877208396996474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7296 /prefetch:1
  2⤵
  PID:12480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,5099298479356689893,13334877208396996474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3984 /prefetch:1
  2⤵
  PID:1292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1908,5099298479356689893,13334877208396996474,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5932 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:12548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,5099298479356689893,13334877208396996474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6580 /prefetch:1
  2⤵
  PID:9652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,5099298479356689893,13334877208396996474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6904 /prefetch:1
  2⤵
  PID:9676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,5099298479356689893,13334877208396996474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7504 /prefetch:1
  2⤵
  PID:6772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,5099298479356689893,13334877208396996474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7476 /prefetch:1
  2⤵
  PID:11228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,5099298479356689893,13334877208396996474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3112 /prefetch:1
  2⤵
  PID:11416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,5099298479356689893,13334877208396996474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7568 /prefetch:1
  2⤵
  PID:12076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1908,5099298479356689893,13334877208396996474,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3616 /prefetch:8
  2⤵
  PID:11616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,5099298479356689893,13334877208396996474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5500 /prefetch:1
  2⤵
  PID:368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,5099298479356689893,13334877208396996474,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6540 /prefetch:1
  2⤵
  PID:9444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,5099298479356689893,13334877208396996474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7724 /prefetch:1
  2⤵
  PID:10416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,5099298479356689893,13334877208396996474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6560 /prefetch:1
  2⤵
  PID:5492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,5099298479356689893,13334877208396996474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6404 /prefetch:1
  2⤵
  PID:12316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,5099298479356689893,13334877208396996474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3688 /prefetch:1
  2⤵
  PID:13292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,5099298479356689893,13334877208396996474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6972 /prefetch:1
  2⤵
  PID:10088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1908,5099298479356689893,13334877208396996474,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7352 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:10308

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3356

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2468

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:492

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:4864

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3248

C:\Users\Admin\Downloads\Lua-Bytecode-Deobfuscator-master\Lua-Bytecode-Deobfuscator-master\packages\ILMerge.3.0.29\tools\net452\ILMerge.exe
"C:\Users\Admin\Downloads\Lua-Bytecode-Deobfuscator-master\Lua-Bytecode-Deobfuscator-master\packages\ILMerge.3.0.29\tools\net452\ILMerge.exe"
1⤵
PID:3744

C:\Users\Admin\Downloads\Lua-Bytecode-Deobfuscator-master\Lua-Bytecode-Deobfuscator-master\packages\ILMerge.3.0.29\tools\net452\ILMerge.exe
"C:\Users\Admin\Downloads\Lua-Bytecode-Deobfuscator-master\Lua-Bytecode-Deobfuscator-master\packages\ILMerge.3.0.29\tools\net452\ILMerge.exe"
1⤵
PID:3196

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {c82192ee-6cb5-4bc0-9ef0-fb818773790a} -Embedding
1⤵
PID:1352

C:\Users\Admin\Downloads\Lua-Bytecode-Deobfuscator-master\Lua-Bytecode-Deobfuscator-master\Lua_Byte_Deobfuscator\bin\Release\Lua_Byte_Deobfuscator.exe
"C:\Users\Admin\Downloads\Lua-Bytecode-Deobfuscator-master\Lua-Bytecode-Deobfuscator-master\Lua_Byte_Deobfuscator\bin\Release\Lua_Byte_Deobfuscator.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:4348
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4348 -s 924
  2⤵
  - Program crash
  PID:1200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 4348 -ip 4348
1⤵
PID:1416

C:\Users\Admin\Downloads\Lua-Bytecode-Deobfuscator-master\Lua-Bytecode-Deobfuscator-master\Lua_Byte_Deobfuscator\bin\Release\Lua_Byte_Deobfuscator_Secure\Lua_Byte_Deobfuscator.exe
"C:\Users\Admin\Downloads\Lua-Bytecode-Deobfuscator-master\Lua-Bytecode-Deobfuscator-master\Lua_Byte_Deobfuscator\bin\Release\Lua_Byte_Deobfuscator_Secure\Lua_Byte_Deobfuscator.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:4888

C:\Users\Admin\Downloads\Lua-Bytecode-Deobfuscator-master\Lua-Bytecode-Deobfuscator-master\Lua_Byte_Deobfuscator\bin\Release\Lua_Byte_Deobfuscator_Secure\Lua_Byte_Deobfuscator.exe
"C:\Users\Admin\Downloads\Lua-Bytecode-Deobfuscator-master\Lua-Bytecode-Deobfuscator-master\Lua_Byte_Deobfuscator\bin\Release\Lua_Byte_Deobfuscator_Secure\Lua_Byte_Deobfuscator.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:5452

C:\Users\Admin\Downloads\Lua-Bytecode-Deobfuscator-master\Lua-Bytecode-Deobfuscator-master\Lua_Byte_Deobfuscator\bin\Release\Lua_Byte_Deobfuscator_Secure\Lua_Byte_Deobfuscator.exe
"C:\Users\Admin\Downloads\Lua-Bytecode-Deobfuscator-master\Lua-Bytecode-Deobfuscator-master\Lua_Byte_Deobfuscator\bin\Release\Lua_Byte_Deobfuscator_Secure\Lua_Byte_Deobfuscator.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:12468

C:\Users\Admin\Downloads\Lua-Bytecode-Deobfuscator-master\Lua-Bytecode-Deobfuscator-master\Lua_Byte_Deobfuscator\bin\Release\Lua_Byte_Deobfuscator_Secure\Lua_Byte_Deobfuscator.exe
"C:\Users\Admin\Downloads\Lua-Bytecode-Deobfuscator-master\Lua-Bytecode-Deobfuscator-master\Lua_Byte_Deobfuscator\bin\Release\Lua_Byte_Deobfuscator_Secure\Lua_Byte_Deobfuscator.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:10892

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004E4 0x00000000000004CC
1⤵
PID:4764

C:\Users\Admin\Downloads\Lua-Bytecode-Deobfuscator-master\Lua-Bytecode-Deobfuscator-master\Lua_Byte_Deobfuscator\bin\Release\Lua_Byte_Deobfuscator_Secure\Lua_Byte_Deobfuscator.exe
"C:\Users\Admin\Downloads\Lua-Bytecode-Deobfuscator-master\Lua-Bytecode-Deobfuscator-master\Lua_Byte_Deobfuscator\bin\Release\Lua_Byte_Deobfuscator_Secure\Lua_Byte_Deobfuscator.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:5304

C:\Users\Admin\Downloads\Lua-Bytecode-Deobfuscator-master\Lua-Bytecode-Deobfuscator-master\Lua_Byte_Deobfuscator\bin\Release\Lua_Byte_Deobfuscator.exe
"C:\Users\Admin\Downloads\Lua-Bytecode-Deobfuscator-master\Lua-Bytecode-Deobfuscator-master\Lua_Byte_Deobfuscator\bin\Release\Lua_Byte_Deobfuscator.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:10152
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 10152 -s 868
  2⤵
  - Program crash
  PID:11724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 10152 -ip 10152
1⤵
PID:1104

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:9736
- C:\Program Files\Microsoft Office\root\Office16\Winword.exe
  "C:\Program Files\Microsoft Office\root\Office16\Winword.exe" /n "C:\Users\Admin\Downloads\Lua-Bytecode-Deobfuscator-master\Lua-Bytecode-Deobfuscator-master\Lua_Byte_Deobfuscator\bin\Release\Lua_Byte_Deobfuscator.exe.config"
  2⤵
  - Checks processor information in registry
  - Enumerates system info in registry
  - Suspicious behavior: AddClipboardFormatListener
  - Suspicious use of SetWindowsHookEx
  PID:9160

C:\Users\Admin\Documents\obs\Lua_Byte_Deobfuscator.exe
"C:\Users\Admin\Documents\obs\Lua_Byte_Deobfuscator.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:10100
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 10100 -s 892
  2⤵
  - Program crash
  PID:2720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 368 -p 10100 -ip 10100
1⤵
PID:4196

C:\Users\Admin\Documents\obs\Lua_Byte_Deobfuscator.exe
"C:\Users\Admin\Documents\obs\Lua_Byte_Deobfuscator.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:12980
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 12980 -s 864
  2⤵
  - Program crash
  PID:12440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 196 -p 12980 -ip 12980
1⤵
PID:7720

C:\Users\Admin\Documents\obs\Lua_Byte_Deobfuscator.exe
"C:\Users\Admin\Documents\obs\Lua_Byte_Deobfuscator.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:3396
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3396 -s 884
  2⤵
  - Program crash
  PID:8916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 3396 -ip 3396
1⤵
PID:7156

C:\Users\Admin\Documents\obs\Lua_Byte_Deobfuscator.exe
"C:\Users\Admin\Documents\obs\Lua_Byte_Deobfuscator.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:1228
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1228 -s 880
  2⤵
  - Program crash
  PID:12632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 1228 -ip 1228
1⤵
PID:1712

C:\Users\Admin\Documents\obs\Lua_Byte_Deobfuscator.exe
"C:\Users\Admin\Documents\obs\Lua_Byte_Deobfuscator.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:6524

C:\Users\Admin\Documents\obs\Lua_Byte_Deobfuscator.exe
"C:\Users\Admin\Documents\obs\Lua_Byte_Deobfuscator.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:2616

C:\Users\Admin\Documents\obs\Lua_Byte_Deobfuscator.exe
"C:\Users\Admin\Documents\obs\Lua_Byte_Deobfuscator.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:4080

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\ILMerge.exe.log

Filesize
42B

MD5
84cfdb4b995b1dbf543b26b86c863adc

SHA1
d2f47764908bf30036cf8248b9ff5541e2711fa2

SHA256
d8988d672d6915b46946b28c06ad8066c50041f6152a91d37ffa5cf129cc146b

SHA512
485f0ed45e13f00a93762cbf15b4b8f996553baa021152fae5aba051e3736bcd3ca8f4328f0e6d9e3e1f910c96c4a9ae055331123ee08e3c2ce3a99ac2e177ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Lua_Byte_Deobfuscator.exe.log

Filesize
410B

MD5
8204cbfa4d618b8ad65341ae96ae3c42

SHA1
6745a674b5850509410c22f4572edee31b56276c

SHA256
220bb31ef0011c1c13e3784ae3c8e6093cf651fc56e59d429bd82b81f20240b1

SHA512
f498ac162d6c1e15d7bba49f47e7b581cc059ff2a0341b49f089b19741bf027e46740b5b3ef1ec553569ec0e7bbb51a7218c3047af4eca4b7914e51d5f31916f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
026e0c65239e15ba609a874aeac2dc33

SHA1
a75e1622bc647ab73ab3bb2809872c2730dcf2df

SHA256
593f20dfb73d2b81a17bfcc1f246848080dfc96898a1a62c5ddca62105ed1292

SHA512
9fb7644c87bdd3430700f42137154069badbf2b7a67e5ac6c364382bca8cba95136d460f49279b346703d4b4fd81087e884822a01a2a38901568a3c3e3387569

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
228fefc98d7fb5b4e27c6abab1de7207

SHA1
ada493791316e154a906ec2c83c412adf3a7061a

SHA256
448d09169319374935a249b1fc76bcf2430b4e1436611f3c2f3331b6eafe55a2

SHA512
fa74f1cc5da8db978a7a5b8c9ebff3cd433660db7e91ce03c44a1d543dd667a51659ba79270d3d783d52b9e45d76d0f9467458df1482ded72ea79c873b2a5e56

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\6b48e3b2-9e5f-4ffc-b90e-c4c1446a4a64.tmp

Filesize
1KB

MD5
4958fe03d92e9a04f0f79dffc305c8d6

SHA1
87412c0d2de3d78a9f62641ace47a73b9b94f69f

SHA256
d3759553d90a0cc47e38afa8df5551f8c2d9c0c0afe7661c310adc167046fc3d

SHA512
26b870106b843050e68a7e8b227ed5901efa283efcfdfecb58aab78e9f3e13afe7fc6e5fc285ec43024b597b57d60a53153e33b34d884796c61a1e532c50d0fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
22KB

MD5
47edefe61b20751d8a4627be8bc0497a

SHA1
eea6ffd2e1f1b6e87fbbab83f5b2fd5cc81b79ba

SHA256
6bcaa27876393730459362c0f92a79075ee80c40d33d6353eca96aa63f5ebfef

SHA512
f011bed709b4be284a21ffbb4f9e294aa394492176d06c5d1cd95a67e9e43e88dc35382148dce01814a73cf295af54ddc647dde2d566f2aad675a4a4e8fb2cf0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
23KB

MD5
e569b5f6f14852ff50ff8b6020799f68

SHA1
17cdeb1d710c8011cfe932c31bfe0913373f39ff

SHA256
9ffec84a0d845309dd4c4b19fc797375f97ecf0773729cd12c7eaafae877e384

SHA512
2a41d1f2af7c1fd30e9370f37d1807bece58d11d3e33b9325e13062f9a3bc3b73ff47729a0a09936d40fc91f8af09f37447a20cffb3ff4b144eb7b42f63cd820

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

Filesize
98KB

MD5
8071fcffc92e460d5f9d75be48707475

SHA1
ed72dd6fbeda74e3427c18fbbc7c5acf14d5fa46

SHA256
eb6727892bb3a3a62b35a2cc189e752571ce86ad0d82933d97b4cd08b3f1f466

SHA512
d16fb960c13f000981028a27648b7b1d5fa4ac0b6f4addb9bc438ff6f83b06c9f184743d6c159f3983a99cde404317963ae49ed58dfb1fadaa8574e8c89ed774

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a

Filesize
62KB

MD5
c3c0eb5e044497577bec91b5970f6d30

SHA1
d833f81cf21f68d43ba64a6c28892945adc317a6

SHA256
eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb

SHA512
83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001b

Filesize
70KB

MD5
4308671e9d218f479c8810d2c04ea6c6

SHA1
dd3686818bc62f93c6ab0190ed611031f97fdfcf

SHA256
5addbdd4fe74ff8afc4ca92f35eb60778af623e4f8b5911323ab58a9beed6a9a

SHA512
5936b6465140968acb7ad7f7486c50980081482766002c35d493f0bdd1cc648712eebf30225b6b7e29f6f3123458451d71e62d9328f7e0d9889028bff66e2ad2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001c

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d

Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001f

Filesize
27KB

MD5
4aa91eccee3d15287b8f2a01e4254255

SHA1
d89f8203934a66b5741256aee086c04f966cc6d7

SHA256
79c601189597c9c5691b763f0ec6fdc9ec8339eea80e49713f76e9fe9199a7d7

SHA512
46424f50d444aebf1dc3a93607b3a374d3e7e988137e291cd8ec28211d05a687d0b6214b45d6dbfd27608728df6b34138504e3343e6bbfd6e1c0af98199179e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000020

Filesize
26KB

MD5
e1fd846710aa5e77add9800906d17ed0

SHA1
2d778c0601d18e7fd3930cbb4b0068b6eb3a05ec

SHA256
00b8d8ad266c164444fb240a4b07d4316020c74c087e95d37547b54ea1051772

SHA512
a00333708ea6f9efe940e8e5ee6ecb9b74063279238beb9cebf4847023a3f94cce34aa497f8a9ed99570a5407eca3adc9f469afd3553c71e6e8a05be83026341

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\02735674612cbc52_0

Filesize
1KB

MD5
c0500d2c7e2dae1b874b84cfadaae6d4

SHA1
e56248c1031fd0a5b49a71cafbc76206f0b850ee

SHA256
b1ac92c89f80fc8f3c284d52b260657743529865c07e1654a3464d992b41d4ce

SHA512
c2bb925498c0648e65f1b243a268d587b88d580103232f192d7cbc94ce5a90371a894b3014a55fcb025cf0249945ff94850203540c40de208de701d5e7d3c854

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0bbe00d9bf7b798e_0

Filesize
2KB

MD5
e472cf473a217bdc80aaf7a028fa6358

SHA1
ff6788f8257a503875dcb68246d033f76e6ea3c6

SHA256
23854b0d288e4adec226381abb6f6fffe40a6443e43e2cb6de7332fd5b697474

SHA512
626fc48de6e20fd44e3a2054860345f5a7e90514b0b8de24b10a28d35550a360d20ad72485928ccaadc91042aa06e160c1e8e5ce01fffb8a9926e43855e8dad9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\10aec79dd90fdee1_0

Filesize
91KB

MD5
f984cf95b85c4edf4697742c9b00eee7

SHA1
75dda57f8701aaa359091edbec761334d2f146c6

SHA256
436bb28107f2a89af917d1266575a6a9afe6a069516b62555929bd314fb706d4

SHA512
688959f110fc2894f54af0c2dca9fe2b3d53c5a7e01d0b1452f0a4f0d560a951e7b82eba6c454297e71b19de4ccfe5d473660db8dc4db7e2774a17816925dc50

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\14ff8116b518ca2d_0

Filesize
2KB

MD5
75a702cd968fb93860569d18ff3c4248

SHA1
e9b8bbc48daab04a6bde3c442a4de8684fcbf0f0

SHA256
405c8995a8857107bb18c0e82cda1ede15bcd3b2cc7d25a018474582e5df3797

SHA512
7655c372718c6718943b29738010ed38cff5592ad93c9b2d0e05392f7819cd2ec141ec50a54c8aabc6aa873cf09031a9628c8533237a5bbe8d734fb6f9b0ef3d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\1927a26afb9a8b4a_0

Filesize
1KB

MD5
45dc05ed440efada14bb72801a86f8aa

SHA1
af33955cb501f8bc1dd71a5df79d30d736d210fd

SHA256
aed9fa9d0c6a2cceb4941f31a98cdc1c9f8bc012af498ce9e58eb324f252fdd3

SHA512
7a865b7c70bfe1acf9a80fe1742d196c83eda5da83b36e657ad5bc6e944f53613d9e2f02284b3e51cc512992386f65b655a2d45a5275591b7eaaac41a5a59a10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\25c90b4fb1c6ef85_0

Filesize
1KB

MD5
753ad584eb2389d960da0e203c77d6d1

SHA1
e846ef3b6fa40e248826e90061d1c28b724a2fc5

SHA256
a761480d117b30b1db2748b27839d7cacee88a3dda417eaaa10a96f53122d83b

SHA512
af2a350ee59e9715ab59ce0c273792314eac8fb072887977300ee5e37f43dab63ebc4f19c989523b376949792c6012748ef4bd83f86ed71cbb7b003790965d56

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\448abf5e90f8602d_0

Filesize
17KB

MD5
7ba802f53ea516647efe8df1a2503414

SHA1
b8ee1f89b866a71a7738f46f20371b5d0cbe01de

SHA256
16c90890c31967d26ee927eebd1af5a3f89db8c512a48b5e9ead921749d7e51a

SHA512
0c05df084b767f555d08cbaf9c2e3318bb4af8c77e5e2c97821f8de1304ee5aa6f96ad11ee42a827e771e3c99fab2ff7aed524acd7113167698bddceb76660e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\456292904f33c859_0

Filesize
175KB

MD5
6a806cd80247d7a175fba32a0c0842a5

SHA1
1c7c7437d1575a6ab216336fcb51346a5c150b86

SHA256
dd7863c15c43f6bae36d651322c0c12fd1ae7cc831c540c632e5a3ee3d56914f

SHA512
c3fe7a15667fa41288fb65a31dba29668e62751242c7c1d47e5ac4a65ef710d8224b198d61244439b65b7949d23979b4bfd3630d2822ac55e801d9a91ddda498

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\45a16ff6d0d9ab5f_0

Filesize
1KB

MD5
919f441435aad8226ca44a31f8338fb6

SHA1
18ee89e6e015619f076aa7ae930a4a351cd7d874

SHA256
b1775599868ef8beb090b85821e65bfc9cc17ecfa0e3a3818357b05417ced269

SHA512
bfdcbc8df6b5bc8ecf1cd3e5e533dc4817f8fd7636131762c462d72429d9e97bd4d03488bec6ceb339bb990d09395fc903673a15b0a07890037b124ee0a6eb6d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\48b1105b4c2874b5_0

Filesize
1KB

MD5
99368ddf3a80a337fa6cdc6591cf2d80

SHA1
396cef14a179af0eb6fcfb5d34b394db3b3ef2c7

SHA256
b099b45456b3cdec36e2ff14df1ce548e6e2a14a0b2880558230aaeac596a094

SHA512
6fd8fc59652ada8cbe7a2e982a3f3c17ad90477f9de789b7b090c1bb0a0585b7d610e18388dc8aa22e3b8030b737483e7de3fdd68966f46982df72ec70cd6ba6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\534ab76442c26020_0

Filesize
21KB

MD5
14ccdd21cf628fb4eaa720ffa5c695fa

SHA1
ce67ad37de1cdeec94e9e4ccd0a8fd9fcf2539bc

SHA256
c62ab4bb25b9ffb55e72e6746fa1685d8efff7c49715aeeaffb21413200bac43

SHA512
540d791189d42775338817a20e67eb6f18586fedb6e40710e00f951028380bec05e1598788dc6370219caa95bd30683ea633088248cbdb5bb52e53a8bfde4bab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\53ac5abc87e80789_0

Filesize
2KB

MD5
620a4af481ea6c56638398689cd80364

SHA1
43af239977ca9552b8823519a348d4f952d82cf5

SHA256
8547f4a6ed4e0c1323abe221ee4b28248e003b051bf14e6d5abdef8c91409196

SHA512
669e684da1de6a330717bb63b8e09fd96c256cfae4db6a469089c1a66f6ae53ac0bbbcc9c53f95379dd9c621ef4309505db1dc3ac1b58b49aca0452d6d2a7548

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\54c70e8d154012bd_0

Filesize
27KB

MD5
727c12749f7d4b722ee8a152af616752

SHA1
98138f1daebcf10cc567f03547d41812783f9e3b

SHA256
088401c1220b5dec30a50045a325bcf1045ea4d2ccc9e0387a284fc8915acbc7

SHA512
c888fb8faa43c79d572c06ae3dc6c89c15668fdc57765bb4763cc2456126f3df1e9999d8cfde0668349d293eda49091930ef00ce05561cf88eec4995f14f0862

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\580fd9376c2d4a3e_0

Filesize
5KB

MD5
f00521a5a1bd8d55092fa178cc7624cf

SHA1
e8e4688d1ca1c7f5d19673ff0b167bb6d6ad4683

SHA256
d3acac2e82cf50b171c53b9847ebb50b9c1303e8928120bd21101d3af3164766

SHA512
09262cb54ce00d13f87eb9933e0672b89697bae44b48277edae8f86ab206cc0a72906785499ead0857fc41000bc8ac06942f4743c92f7002028a47202f60a1ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\59d041e9eff2a691_0

Filesize
2KB

MD5
e6e4c46a95b9b7cd3dfe8d5c14746226

SHA1
360a56e4c1926b0dff74e84f3719fbd5ee7ecde9

SHA256
15cdc2df3dacbd1eb1a5c2d7ca08f5dced85c231f1408801f45f46371fc48012

SHA512
8e1256dde523740f04ef5aad56a3e9bc09ee934dc29ea2a4d363684526dabfcdc9bb72dc19cd03a2ecb37694c04a9001815ff1bf2959348b6d0826dc704951af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5a994fe24b451732_0

Filesize
4KB

MD5
410c5d2dbb1d82e565aa308831fe16b3

SHA1
a881a5ef26f080ddc4b3375ed29e5dece11aef2b

SHA256
ec7b10a95c6997de602426c94b2c69d0e52f4c255c7f8c6573754bd68f992d00

SHA512
8ac4f3ec442312ff9acedc82d4951841957151bdee7ea68bd61f36bf8d53f495d7b8f473702b3173b42d6ee1e89280c1c91a771bb2ed57c79f2d6bbdb81bd29b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5d0c04f9998369cd_0

Filesize
3KB

MD5
759126ad28aa279eee22dde719ccc1d3

SHA1
57922de4510a7f23ed01338ad9f58a7f436625cd

SHA256
a78364ac79c8d45666dd8af275becfd95ead0535eeded331a5e7f9a09a2fed48

SHA512
bf6d33f58ab9007034e5041838e28903ee85ec97ce2712252a4be1857819de38395d71d467ec1a2eb2ba6c4809d1ad772f5afdd62db7037c065ecf3b52aa5d70

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5dd1e579c9681f95_0

Filesize
2KB

MD5
ebf1dd33ee6139d555d3273d0b2bcd9b

SHA1
c7b3f6bc4c457576d857917f800a75130dded002

SHA256
8641da8c1b4be1ca18e1d12a46bb3f61aecd7c89fa68524d34d71fce3065d177

SHA512
f8c431baf7bf2eb84569b1a3bbf75fcbcec21dbc888b67bafe81a40828cd2187cfe0c902bfddb89282e5b95e279a869ef876e300240d6748d6332798f69ce54c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\63bab61298dfac24_0

Filesize
26KB

MD5
e7b186236f78f7f90a6aff8317eb2cef

SHA1
191dc82208c73f500589443bdbcf1062955d53b6

SHA256
b4208aa26c27d84de10c7aa657b7dfbf62375ac8a6fbacce09983e26fb5c1564

SHA512
137f45e7fe1156387e407b37919db359c093546c46473ef392d3a5db46f6d76aac88c321c984eed82e0bcf43c4b9bf0b2dc4417eb920c845f6e667f3bb99f362

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6d3b0ad57bdf7db9_0

Filesize
1KB

MD5
69b8db4b8c3239ed81a7897d550ff7a3

SHA1
96713c5591df0213a24f3d1829585e96cbd92222

SHA256
75357fc396c4c1424e416cd41ba90d08ec83714a338b13c16580f46464af2a93

SHA512
0fec56341abf01d7df1fd5eaeee03e43d8420514a53c9302cc3d52b3ed37035be28e850699c2757528e980e9b0563f80ec833af3b132c6b04ad53e0e8eb895e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6e1427d19ff38087_0

Filesize
3KB

MD5
f78fd594cf42df939159c4945abc96a4

SHA1
7798c72df46f2703b491784c124d41695a8dc804

SHA256
ac1736dd0e755514e33f964888393ff84fae74c6d676a311324025e9c777b600

SHA512
25cd618ede3b108d7f13a7533729fd2ee32a9c624e3cd0ed6794e3effe373891394ac06ac76a2382398541248960cc12dd3204a7adc1247be0f97355fcfd6c80

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\718aba49c9504085_0

Filesize
2KB

MD5
690370b6da80fb4a4e7d90f208990e42

SHA1
e976aca76db71ed9e62c8e6bb878840664c40f98

SHA256
9d6c9297b3a9e6cb19d31a82b10c0414b2d774c42c674b8a614c5e979135671d

SHA512
f3c0af7ff928833eedba73ef1b3d9b7113323ba925e1c2abf558c641420ad9f592386bb8ac0c961750e538c596024f0a6d3e52d678757e851b19d909c9f0efbb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\74b88724f60b0383_0

Filesize
1KB

MD5
a6c7da6250c680bd62b8039eb29d2846

SHA1
70092e79671a5af96d1c6e1ad42495e307f83aaf

SHA256
1254c55fd79e00f2f0aff1f486cfd9fb7d6e7e0fda15811aba57fa6e3ed13fe2

SHA512
325eeacf89961a619c120a28911715cf1e4db67849d6fdb96ed4ad4799a9de68e833fbaa2974258073f1bde22f589d3b22be414a5d2e774706f129937bc033e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7a66a1246c4f29f4_0

Filesize
9KB

MD5
6ebf1d4e6651f10db766681bb147fa9c

SHA1
a17ff620999a3321e72a61ec3cb3b50c1c92ba99

SHA256
08b6bac25bd21e5cfcf5db9b69d186456738c6b71cda1cb7580ce571487ce3a7

SHA512
e9f1d584ffb9e8e38c6ae3ff931260391115c43bdc4584d95bc18502741cbc67193100ebfc11d8680716285349109166018dbe8b3aa405e4c31e5459e518b0ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7e23bcf4dbf5c221_0

Filesize
14KB

MD5
76466b77ae8c319bfc431b5d2d4b810f

SHA1
43eaa1ff8efa5071db7f883ba6174d4fcff49d24

SHA256
baa0d34e6f89f31da4169ed4015cca6f0fb0bae51ef357e2f0bd4722d9998b6d

SHA512
65e428c551c83d09efff5403963b8f686b08b3f48b25253c9ed401b5f5443abe1f308fc3e7ee043247c2a137ee8758e395e4bd846a58dfe25950c99bd98435b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\81764cdb356c9506_0

Filesize
6KB

MD5
38fe78a84de31a2737a8c38dd68bbc89

SHA1
02a4ae6b4b684194a991d60ade4aabd4a1b9b734

SHA256
98f6be1c1a28b2c4f18c659f9b7fe665e5ba24f5345618a0deec3a6805cb1232

SHA512
44d886563a80c2e06660b025cae0e959e5aa0d91d9a836b8870735977185dc7103e2585934a19af248d23cb4c168851277a7667f87b83e1bdc2981d416f6c6cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\83d6d3a772bbc707_0

Filesize
6KB

MD5
bb220f25a16e79ff19bf5e2dfc81efee

SHA1
be6dde7d321c9daa4424c0891f4c37dca68c2e54

SHA256
bec31ecf482c8eb139f66bc9a13ddafe8431ae0a5e584041df2ee28a2c53e8af

SHA512
12cea17152dd3a42824b20b22682d18446ca3857d4b9ac350ba4f78472e27f795c5a97fb730b673ae5b654c1085b9bc1363389c98f7d80e759b631c2d831443f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\87bfea9426cb2ef3_0

Filesize
5KB

MD5
7df841e0c1b1f2afffd83d92988ba98e

SHA1
37833a51cdfb85008c6b0291326826169aaa39ec

SHA256
1d277521edc2e3d768ed84f3ce627d935b853ee923d6bf4ed821d8e33046cdba

SHA512
e7c860a5e5d0a51e3557ef1c6e8d3f765cc27c8223479212ef2b4769e17a2d5c0efd7daa69bb8eeb8175944c6f9d7aab20e49393eca2b3d03fb9289fd904e2f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8e5987d08f7b6e11_0

Filesize
1KB

MD5
5d38a484fc21afd09475f1fa90898541

SHA1
07649451a5f4625d31bd3351b691ca02d2978822

SHA256
26fe15269dd695c65164b02d2c40c3818596da9592a1c384d32ab735e69d0ca7

SHA512
61e2cd9a4f21ea6fd9b96b4f23f8e8b5099ad850fe3bee7cc357ffff19d9877c09e057660ef7c94a156e19162092cc61c68ce753e1c90226bc6b0df9552d96e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8ee73a31bd0cce7d_0

Filesize
7KB

MD5
6e6dcdcefcf67660b47408d1e7c0f896

SHA1
5c42e58a9d81cc6528242f0cbe2960dfaf5bdf17

SHA256
d48c39ba86c9230ee03aa56644731644049af81704b9013fe76fa0d7c5806319

SHA512
06be3dd00f6a77cc6964b80b991ad77ffe9643b88dc9d21771a0e6807f7f50546462c77254898cde489b91f80cc67ee3d4d2551dfb31c611b2320ce1f8df2cb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9412c8b664751f90_0

Filesize
1KB

MD5
58348d87a6e6e35d32501c7dc52ae61f

SHA1
1f1d40476c7c1e04030f1ac6fd9e17aa999db089

SHA256
b1e345ea9e299aef3d1f6fe827adb721c1e968aa0875f1775b74b0682c7483b8

SHA512
16611f919a3245382f6bae3437283296f43b1f05cdbf0e5de915c7447decdaa490fe02ced25664b46d956073772271c3234768e67c2c8eb8c1cb086fa9280215

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9573e7f9b7653e6a_0

Filesize
291KB

MD5
826a13dd03c6897412590657c1c49e25

SHA1
4a9723cafbdccbf1acb2aa310113a5304a7f578e

SHA256
5b24133d0bf43328a9cd86427581c59afe1b8fb536c5acbaf376188eba3a15b1

SHA512
fc64d003484b73da4cff43f2ae55deb5ba8efe9fb94547206f21ac776e0d29992c47c6a5be18b76f489e0ad3595492badc8d28e7fb8298e8c93f5ffa5679f4b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9dbb949d27873cbc_0

Filesize
2KB

MD5
2011c7a274ea321ade3f7db3d5c10b0f

SHA1
3a24300718fa45d40f20c556f6ba23f317c0ec1e

SHA256
652bf2499de14cd5825d0fdef68c1ba00074a87e1d64c1693969f40d1c9edf40

SHA512
e48a696fbd9e6bf3e209dc959dca532a1c06b9a571a212e6f004a948c7af1310dd28743eee428f820f968d5baaf8a1deaacefeca9cb0b9d8dbeba89b8b63af6d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a09f6271ad0c4092_0

Filesize
48KB

MD5
df07a8935b6d905ec743d3a32945072a

SHA1
a3574abafa2fd1f35db3a1fe9202a94d91a3b547

SHA256
c5eb78340255956dfbde48491f11b38a5523b0382f564443bc3df0e7ebabd79f

SHA512
9070b8a68b46586d4fa560d48bdc1489769ab2800b53ee2a0830955813666974c79dbd15ce8166961df66f817ddb7b93f56e2744b1b46e7622c4e5d07fc22f50

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a267b7c21d8b8c9c_0

Filesize
9KB

MD5
408315cd8d759dbc1f9d554a211295ce

SHA1
69347d3060dbb2961978cc527184edd3623ef174

SHA256
9c0e3b0e0017a7ffa927d0841a0c85f4c93d005c27989ab51d0197c9c1b19e35

SHA512
f0d5315cc0151fcf9422bdbb42e84b8560f8f6f4f79278e077ee9818c94616274529ec6808f927a8a9b96031aa7142d155bcf880649b2619c9d65767bfad11af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\aa5fe3b36e22e31b_0

Filesize
3KB

MD5
0d6c09cec6789f62d97293798a7fdbe8

SHA1
e565c3c0d94be6f3b3f3e679dd9231afb0d67278

SHA256
312c8d9bd1c8694546d3df9c9106a1e1fda4d322d70c00b0649eff626bcf0a55

SHA512
70038da49e296579ee2d58d9288ea66029c1b3b0de87ebcb8acabe2868294124d297dae98b552572f91d7b5604681d488b6bdcdc36805a92613d12728c73f89d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ac0d1673b2c5d73d_0

Filesize
2KB

MD5
be7d33f640ab14f6310e29ebb2c19fe3

SHA1
4cc4f6df09f3ad2362a0199c23371fed5913d90b

SHA256
add462a6c2145a1965015cb4a12867395aadc5510eb3d620c9db9f212f5528f4

SHA512
e5f77e903d0474ad176e8e82adf8076adc8f0d1a2fc595573f9cdc9c76f72cd61d1006fdced62300d796d9e5a4e319bca66074d22fca2cf45e51189f18b81535

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b4efbb7782bded86_0

Filesize
3KB

MD5
557ff7b018621b651628e6f6dead57df

SHA1
729751707c4d0d7dc6398aec9ad55c2a87339617

SHA256
cd978199d0dd90630fb4fbfb5e4f9a7b644fdb32511bd97328d35a9092223ab7

SHA512
f1a4afa46055786ab58db7383bdc4f0a767559aa038ed2fa626e2978d021448eb00beece34cf1fa58ae6d6df21a9cb7c9debbfcbc55ab5cf4d1d2aeee63bf850

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d3dbb3008455b523_0

Filesize
262B

MD5
1e5d26718d9f0a9d60ad41711a586927

SHA1
cb0f542495354aa1923aea0ee7fab4e1c3d0b42f

SHA256
6d39d180d80e15b2647db63be67662c7974eb6cb630ae68d8d8231a7d5fb48b6

SHA512
8f91daa453346fbb422182072e5ddb36fec3d73bfd3a9d6f493b310bafd00a2f7cce027d7980673d52b214bc54ba98be32d5e388e9b1f818103593cd213a067e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d4a83f1366a5cfa0_0

Filesize
75KB

MD5
b2728f8cd5dc03cda0556e201b090682

SHA1
b121a958982861c101352532339ed7a9185fec30

SHA256
a131cc1c9b03019e75ae0a80b9204348a806edee1f14678920f3544a26d78f55

SHA512
d3dbe0c30ea3de38d46e2557df9ad76fafa05833c1ec729d00ebbb62156250f954d219ddd6f6516814821afc74862f4ade480d2784c4acfd94c63271408991b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d76c6336a7c279db_0

Filesize
249B

MD5
4becbe5ea3c7440c1549b87db78cb546

SHA1
43f64b558b1c3e9ec1962a6e421ceb47f2872334

SHA256
82ebc714b349f3fb5a92a7e9a31ec882efa4605664b43ae7d95fc87281643bf3

SHA512
b5586cfce25473558f0c091012cebf0d9728dbe1b579890322c2547d59435844cff102c156c11123d165c3e5c5b56c8f7eb85a791236340858759219e7708d64

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d7a29efad91a1117_0

Filesize
262B

MD5
2f2271a68379c5aa1020082279607f64

SHA1
aebb932deda96e91d4cb561193fb72a5600e8214

SHA256
99f79c7d5997d1ac6de1acb44c3cdd41ec7e4bb088df810ff92bc54217046ab6

SHA512
e21061fe037b09850d4282621ac9236cad93cdae780bea8537e2a32ba65c4e55271a4ccce886ce46fb5160bac3d6f79a9871c5aa3b1a9848c0353f210cc0c842

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d879f75d55c4852f_0

Filesize
262B

MD5
9fa7738dcd753cff4b32d8c3eb01ff02

SHA1
bcfac9b1894925475e3c657a725f3a8533fc1978

SHA256
6f204a0cfe6f483b758bd5522c5fb13af126fba1d92cf2afcb3165279548e075

SHA512
3703aece2bc90ff551f019eac410681d30dbe1f9d35e66411285b94a9eccdd3f6cbcc5e88cb321c9d916582bd46ed9bf956b57ac58638ae57290f6830b33344d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\daea348421cbc209_0

Filesize
2KB

MD5
e10684357f2f4ba42ab2446c2dea2774

SHA1
b999afe668fbddd182c43d310c2bb4ef920ae52e

SHA256
b2cc169b10cbf010273e326b0ab5dba54d53927bbab7ffa903ead4de53936a81

SHA512
a434df852d184e15be78a82c5abf72244dad67b4ffd9a64abc8bce5859b6e589d1886f03a1e99efce095e6b6c22d94cc30736c1170fa1b46df554b0a9c47ad5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\dfe07f2c15075c28_0

Filesize
28KB

MD5
4b9190624cb12e7dd969adb7def91d44

SHA1
79197fec80350f0dc6af34b4dbd05ffc8f227c7e

SHA256
adc3aad93df569d5a62771c88cf5057f3c2f3fe8a9bc2cedd6a4d2caa91bb7b7

SHA512
e0a3e02bb1410e6d5318f337e97373ec87ae67ee040ba421cbf968ab0e38b77a4a36a031ef5f3b39d98604a6a247460291f2d525eb07eee92f2f585cbf6fb986

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e4f85019800026a2_0

Filesize
8KB

MD5
7118e2bbf27e68560ecf1acef0a745dc

SHA1
f0afd41245389990935ce8181e3c7a5b021920a1

SHA256
6ecc4af39c4a9542be188e40e00926afd5b3abc437cc8568980eea4b6288e8ad

SHA512
cee2e00f1afe006237e5a8bdad467958683852b8de7d628538c44d315be0100d1130fd06ca194317dc3b95b420ea038dd696b747e760af30dd4e3439adf37691

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e55f0a6d1b533c66_0

Filesize
2KB

MD5
21a04ac1aafa3af5957294c8182b502d

SHA1
78a0d9fea5d3c92bac4ac2063c7e01f146b8989d

SHA256
027f13c5917960a2fa3741f282faa5a4cb42670c720098111ae40598c4c7d892

SHA512
fd4738544868d9478ed1e10b4895e2f3ddd593e3c14c20bfc24e0c9f25182762ba29d6b6beaad3841dee0e20f8c36ef98236f2a3dfb5d39b3c3e70393b2ab4db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\eeea6a59c461170c_0

Filesize
6KB

MD5
11209a49edab1169f4aedb03b6b33450

SHA1
0939e3072eb5e92c269de732c496c67527fdda4a

SHA256
18b9dcc1a0f16b57b86a50cf464982663a4862799e3a39dc85e3aab11ceb9674

SHA512
0dbb91fe031d42ed91858fd8b51ae6a9afc0c13e3da8102fe3c9d8149323ee5e2f306885a629aa6fda9c5507dc24a2d0e21188fc92a37e7823cd12dfc0a695e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f2e4bbad99a372cc_0

Filesize
2KB

MD5
7518ba88fa5988e006ef98b9f55d88a7

SHA1
bd3b2b418fdd13f84389d3abf893e3a215a14ab3

SHA256
7b4f723b169d322b0402db89804b61dcf70ac7b91380cfca671648cab162cf26

SHA512
c23772cf9cbe74b96b0d302d6227d274fc2436752ee3592b8c38396575de3fdf681137c7c04c9de58ebdd95483d1000f541e84628a7d4a5ceb8d9e0b39b13a01

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f89251fac2b69325_0

Filesize
3KB

MD5
83b025806ddcdc66144c8b5504f15fb0

SHA1
e2c893ccbb0f8a2903802cf4ee5b7a17f3d4fdee

SHA256
85cdc6f062d7fbc6a4b10d018bc2a4dc5a5417d5356e0cc26e8e79288222ed8b

SHA512
23188fbc3bd678ef6c5523c1afb05c13f89146f1557fb95706e78424c87169250000306c07defbe3614bb6180bbbe26beb254ddf1b6d4688667bcca0ee646794

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f9f62c9874921ef1_0

Filesize
1KB

MD5
05721ccf9b476b9ed27524b843fc40f8

SHA1
1fc88bd1a0b441b3383c9a41438df1df83d92c9f

SHA256
7b7d37aedb791d0e5c3c030ec70210fd0247c04da6ded6fbdb78e6ae0c9b6736

SHA512
32fcfa8c3e35756c5ed6c4ba4838cff6f16b8a9ef3f6543f3100325d09e9a0c99e98fe92f31fa3ee7f1f36ac23df892152fb23417e2c39cfc161ae29c1b9c35d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
acbf7bb8e43d1bc512bf1ce84618e42a

SHA1
c796c4ab80367cd1db3e5c4972d4f35ff7fcde04

SHA256
c07d1b3f13c9de0e22a77173063111eb37e5209353b594f925a6f9758cba7cb2

SHA512
693eeca8dac4a3df464d6cf66683bb215b0d2b13504f877686c6854026652b7d71e83dd6736506ccb9ef51a3621cb3d2d4c9f99ddad72f9f14c1c260f8310ca4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
19d39dc7129f72abc111a506712d0982

SHA1
e6c414a884fe23dc8e3f2cbbee20df3755501ccc

SHA256
2c50f7f7133bc7a48ae3f0b6312f95d932981d0a778c6349b4021be4faca6203

SHA512
c1db1e15def5d1baddd3721e5a9bb13a87020fabb50bf2bd0c678ce2f3dd65e3beae90eb46291e7a483ea7476b5dbfbc83470f44997d77cf1f7ebb0b896416cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
02cd2b8f37bafbffb2545427df3e1bd0

SHA1
d75e96f2207fe5116acdf69d0ac1a8758c3fd66c

SHA256
6f9a9690f6acef27d51862cd49d2a969d1b68297e5e80001dab47c98df1f20dc

SHA512
ededebc73579112d6897a1b7b89eaa4c009de25e8cccecd6897c6993bd8c86cadc9e26c1f54eef434e9f74eeab7f351656199e3de37633fa9c784ca2e45ad10f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
97639d2a788f3fa31c43d1aca268c1a3

SHA1
b169546259974e837e174b617c2b028b8c878504

SHA256
624818ef1778844a8b6c212ac3f4940cff291e3b17ed20b8be1f27a0d338ac3f

SHA512
ee28a33fcd92aa17fe0f9e5f2bb93c7ce920b851981e133845f86bcf597ca637d61ef7d26ea106dcfbaf44df020e525a6adef119ca762452d854bd23b58d8542

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
6KB

MD5
0b0f5652ebd7ccafc0c8ef77daca732a

SHA1
2f76171bdfe87b23caa37c030060b1b8721de1c8

SHA256
25769e704e1f1cef12e912b6a0748d4a5509902a14cd8c3b2df127d0c7c46948

SHA512
70484ebc60b6943f73ffa7c68998f6fa7fc2fb075fc277267d1968bd16ac80d6c4d22c02a3a5a0ba9aeb21e7ceb9895480bc7b5ebf445cb6495fe43bb22cbb90

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
f09c186b38d95ece3690efdfa110c6f8

SHA1
664f574bc503c09f4fd03fd9ba4c676e5989d3b5

SHA256
9cb9e2514cc6dad3ead352ef350536869a1c9c317d2188f015b1746eed1b0aca

SHA512
3467de09598ef6e4d5fae67727f43ee6fd15fd13fc7332d78f353316b43c3d9a9b9332fd607b87d6fedb00f115f026c11dda3f346aec335a9fa9533ce7f8a5ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
557cf7c41642f4074562384b3e6b2be7

SHA1
26793bfae49e2ff1d1e5d6a1bc9a2c9f0957f6b5

SHA256
9e373c30f44bde83540485d81c35924b2a329158f1e9a357529d6cdb74c724fc

SHA512
ce11d461fb07454e31495bb9b13befa64ea9dd03c37aecee45eb267ac0e6a037c04a48fcacc1494e4b1f0b0407d57533aaf7f111882baca93b3998097ffab090

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
6KB

MD5
327f3571fcb883a47d940313baa96d2d

SHA1
0639f0beafb437a590e0135adf3a290d609569a3

SHA256
69216eb09c95b8f9e154f1aa10a7f2fe5743b896c579fdd5440d935b385aab06

SHA512
937642cb30203212786779a13be81d3a5df98b0e1f02d652ab86a8a98ad84c5d1b3dd427a7832a235531f04cc6ff3680066f4a5097c11462c6de9c7b196ceff8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
f179f30253c27886f0727855c3894d0b

SHA1
fe6c9aa500929408231ab46709d222eec0fba135

SHA256
2f64159baa1fa2f74729e08de58533e7e5c7bbcc9bc7a9a22c91bc2e54749312

SHA512
42f14ad78b4891d6a312bc61bb485e386853ef424627a28ffade020c2982c2cee6e673c13dab43fab3c19bc37abf8df12e777b5ed65fe196beb8b3efc29a5488

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
6KB

MD5
2dd14fbe740b535179955ed87e233432

SHA1
0d1ceb14415bb123e9d459cc07a53e920eb02f2b

SHA256
72c1d7c4f2c0212fc9a2e1a96ba9e57c59a158e153a75df105b48d94c193ae18

SHA512
1860fa5f7aa8487a6daf83aeaa45be3d3eae6cc9f65b66f936002d5cc810f6f1322ee19a449537028cccb7653617f6bcfe696295bf133830b6b43427243f998c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
6KB

MD5
15b48be15814cd34e6889d4ea5137980

SHA1
1701074174275cfa09abf0eaefc577f058a556bd

SHA256
aacb57513c09c5833a760703ddb0ba29e27bce28be454e40af544bab66ca4cf5

SHA512
f7b6b2b181fc951ffc348340f6ee6e3416e2ac41948ff69fbeff6c11600aeb4884d46c1a60c6b61825e0bcb990cd2b82bd7e6d55aebce477883705448d62bd6e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
6KB

MD5
fa3c3615decf941a36fab67acd83f54c

SHA1
b690437745fe7d2fab06c2dbf9f43a8744079f4a

SHA256
b2515ea6aa94f40a7298b9a74f74677635876aca14ced37625c33788b6980704

SHA512
948834fffaaf31ad57b28a0f5cd2b0b9636e30faba953b36c5907820a07ddc5de9ee82983a513582143358f6a380c7fa1fff10019e77861f1494c75319ddce54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
573B

MD5
a6d346f58cbec0a6e4015327b25f1537

SHA1
750056e65a8b1c20b1a6051f5adcdf35821a6ac1

SHA256
1a715b1b5b62ef83ca8c62a18eddb3b5b6b738be2c654ab7a38cf22fdc8bea56

SHA512
74e563217a28cd6427739731f51ba2e35ee060c8ae6959d458d06a0416e17ffc6a49f8d0bbcb8d17cef144a45c36eb9f3b92305389ab0cfc5043f530d9f28d89

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
df38dec54f0430440af41e70a6ea3ee8

SHA1
73d0a98d5c46a90ac8a0176be974c3d6972af432

SHA256
e070389bbeb0b1476ff891781af28d3d25e232723202deac12a88107bcb8e1f5

SHA512
a08d985ac42b3425e993d2f3a6292b68c3284be1a334f9237f43528e3d3a27abcab65ac89780a16ed7d520a5bf0400ca169b5bcbbe753b8d56bdbd3c88d3115a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
4566615de6afdd86b73d930d778687a6

SHA1
0f2f6de1896628392b2d05f05f0dd2074132ae65

SHA256
bff8a2c55eef7f0c9ef1d1ae197182b8df7297c8b5ac88b2025478b56bfb10bb

SHA512
5e42091428e2266204e11f598b5a6f9eaeb019529656ff6adba06672678401e711af231761d9c4da98148006f771e688e4ebfe6c5bef1f2476eba2e19791ec1d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
ce982e1220a38ce5ae1d41d18a107535

SHA1
b4b96d1d366c7cfd32429c7363efc16dc5ee513f

SHA256
d3e7c7024e57ad83062dade472c8192fe8d4d5ad977a5175a987e7426356488f

SHA512
8f001012e7113cbe5c36e9f61df413bb7b54ae866bc007c2391c05492d7b51960d4b057df4b1a046375d89e3db5d38ef726aa698728420226114bc0ddd5e3fea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5ad3324f9b9bb51ca6526af4e94abffb

SHA1
e1a8e1235283bc1c735b45f33b106dbcf9748f35

SHA256
446d4865cc2fbd0de19b08d8bd3712998d95be6b4129fa89eef0ffedfaf65c0d

SHA512
b98c73f956881234a1c0067222f30fc2628ccf591b64ea7a16c3a3ff077e68ad8904ddc1a525b8c00bc5ee41de3bd155d98cff34247d2a9cbd7de31ecbe8d539

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
041d762d0e3e27d9875ea3f09c64f87e

SHA1
7b4955e41ef8642d2cd119b80c87ca54df9f6f02

SHA256
ec46ed6d5e87de8a90f50c2bb6c43e4718fe8a7e09d3b11b48c0e20fcf1a7ef4

SHA512
c3cc37709b54771e51ba465d91573cbd30304e7ec01c761586313482af04829ff875bf86de5174d55d2f3c31511e16adf2e685913f9e9486343478e7fb2bfe66

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
768b69934d6f4caab8b4a67a3a7bbe7b

SHA1
dce9aefe094fe03875635cbad8e0477390e1f492

SHA256
7bfef4ad6fccc1e5447587a4dacb10bec3a55d00e4cd57f36391db37b628e0a2

SHA512
b145b5f3441ddf40f6a5a98fa3a6f8f0c52911fb1f86edeb26bd3990328199b2113dfe1ce65e0bcb607be91cb69dcadb08d112d95dfc522f373035a425fa1146

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
987a01a22c52f0facf4d488426af83c4

SHA1
0555b3008a8158f975dfcc8f73c41ef8bd921b0e

SHA256
5809017edf4fcc2b3b3dc6d547248819e1793a828c3656409988985761170f28

SHA512
373e245cbf0b6b27cda407d3aeda4ed670a08c1efc64fcdbd9bd929bea4a5abbd92efade65cf9351c01a133d10b8fe7ddcdad90e907c99346c56688245df7e48

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
006cd1b4422fea7283ef05480e44bd08

SHA1
f2d486d560e04b9882892662cf118380480fc43f

SHA256
bfcfa48c98e3fed9a1685d5c8ae7fb2b3a76adb349742dcf9e466b45c4928782

SHA512
05eac2ab98cd747be706b001026f1d335ae9b68a66091d74d62f90d5f3a46d9f186869c11149072df62b2d09f5a545584639117301f84c0c4f0c6d14f9cbd309

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9e45e5429f2b05cefb957e3c33a3847e

SHA1
0bbcd11f6db94f1e133d4ed63988c1bedd907801

SHA256
c4555066e9a657c39d849657ba33f91f8029627584676c2bda91f136648d259b

SHA512
b30b959eaa662ad848d754f400fa772db0061634c9ae45503822103adcacbe435141d076ddeee5269d8d8a604adf760d2d13bda42de2004c2f6cc77e9b473d1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
8bb09eee551629e79e5f1b0f570a17a1

SHA1
0de2119808c9fb23d4a3181dcfe610658758bc64

SHA256
15b6094d5d2dee88abb9262358d7f04b3b5ba1cb94959044986bd576a635fd40

SHA512
2e6f0d970a70e4349e492c299527f44f80609229b3eda8dab93a1b7fa06593d5c6fbd22286cacacb8ca6e2eac09ffb0ebab205a7d783cc42f88ed7ef37fc0eef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
19dc5727c38663b2fac793902d568b5f

SHA1
6001de65a5fc2957ce6a47159d84f7c380cff87d

SHA256
de1eeed667dbd347d77ad9646ff6a50929eb235acea289a74105ebce15987acd

SHA512
9c2ed2a4348d37f5d5488ef3f3767c765ea89102fbc4113c32f605d24d53e9f90995d22e40038372cbd73961608eab221b96b1fd73049a3546ede6c2b46f3be3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a36115f22af4e787950c320e5e9ef5ba

SHA1
ed1de6dee911a7a93b61169250ec3d17c3b8344b

SHA256
f9859d04e462dd8b16e27ece93c9311fb77708d386c0447508d2b1fb0d2bdf8d

SHA512
fe72c21db0cb3c94277985134bfe96d0d244812ba52e34c0b3b256912282d10f25d3bea44d89e6f36abc475acf36cc298bb327a2bb2c6e0b55b2078cbcc1a11c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
2bebfe843b53f1a7bcd623948573c4a8

SHA1
191d04ff89e40ff76da65f033a4eb42cc9f77854

SHA256
ef0f0b4bca471c2a01eb6d19e51de0b1213fb55fb18fa74a0f49e2d5db5cf0ac

SHA512
b67154936001c51f510132f55533ba3bef4040b014a568ef4dbf7fa68394e804d029e66dd1f54e2bec63a7a37ec63a6ca82db7ea8a72c68f76d0261b0e103dfc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
172eaf34cbcbf955a3d1ca8aeaf34de0

SHA1
13b49c15e2c0e87a4f6d7b41e85d155fdfc8639b

SHA256
9c07587183834cb6f7ff8422e54f42aac7724f7a7920c662341ddfff69d76630

SHA512
ea45bc21deced9b5f081dbf8b36f9d5a9fe193a3cfeb2abe240c0cc982280545e18c9c135999cf1be5156d2831a37b3a993bf7e9cdfa2b687f207df78e40b38f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3d7530ac437780b57e8c3daf1408976d

SHA1
7f3f97c8386140ea673c35447914050e3ab9f11c

SHA256
cf957f2bac45c7095e408248ea03ed2f1e08b386271359fad34c9b37d461e50c

SHA512
97297be47b07038eaa13863e11df594669c130238317a0e5ef349d8d50af2ca1fd1077e598c97010add960e8bdb7e7187ff031d92636aa550eb8b1428e55f413

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
214980ffcd4bc6c722212cbf03bb32a5

SHA1
ef925c9e2eb93995c95314bef29e2f55fcabf6db

SHA256
23addf30c7a992fb8171853f987c1173f209b728c222a6c7ded8f208f91ef74e

SHA512
d405dc5b490a0ed3b63788bec29edfc58bc417fc4f9a6d7c96788f5fc4f40633e1d5c16e79a90015949d6ea87c52dbb1dde50d8faec4ee0c7d728c990a3175af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d3f6e92f328bf7e1a16357953b34ffe7

SHA1
77bf853e841997ebd6aa0b4cf263a0afa98a5936

SHA256
7957dd05b6ac5a1794197957ac33847155a0df404e6c573ac026b0f30bdf4c08

SHA512
01a28fdb5bfe605ab192cab48b513d0092b8b61739f658bceb5da8d4a3bcadd1f8f58e89bd9a615d82763174526e6f844796386b2538e2a784328d9ebdac1bae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
322ef5bbfff5769044b52b3e47e8ba1a

SHA1
5c161342672f605b4b9c2ea26c8849b8dd7143fb

SHA256
ddc28be9388b6c7df0159d9a1e37a061b12bafb9d5c446380ceee661968dc3c4

SHA512
c4fc394de67b6637a0ae1e0d5fd7eb52a4f6c3a5624d0d30e2e0c6e4e0febf5741ecf954c9b558baecc13e9d3a06e714e76bfdaffbaad08a031ab2fa91f4f51e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
e1099379def8f200fc2a01b924be2d6c

SHA1
648741a986bacd7b6480786d7a746b12511c03ce

SHA256
a74629f7ed78e41f0f8e5294f4f19443d9d01961581c6841a593e7589a85a2f6

SHA512
97ce2f1fdc9af0a504c34ae02f73487aa89dad2b30ce13f6d3c9df6ca2bca8832055f01b73ef1e3bfcdce694c8390554ece7b19d92acd201d8d3efa518b94262

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
4fa975465c76c5732aae9b0dcea60a40

SHA1
80e3a6879c9e7abd62215bfb7d170cedb12c95bb

SHA256
7dd8ceca258a32181cf4c8271962b086a051a443e251114f9747760861294540

SHA512
541b963441f3fd4f1c392a208e8ef12b863da441d392eed416491537fe1330ff2a501cf6260d956eaaca007f2984c84e3f9962712ac8f3534c918a819a876d3d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
2855dd298e32aa3b13160232e91e0dac

SHA1
d894c026b88c979eaa731d08eafac4a111c1589a

SHA256
5fe4ac89af8b7f6d08828b541e3d3b76e7799396844d30420459418126ede3a4

SHA512
b03d64872d76547c29a455c6d766e3a2deedc470d8e0d15d33c76d5969c0bc014a33a6e8f7b5d76e56e9adfd2d5d6d137fdebb6be654aa1d4041f78eb57de912

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
5736fc466e82341f5bf6fc69590dfc64

SHA1
a4757298617b79b1e69e7639215f09af85e5cb7f

SHA256
48a4ae3e51edc2681f27461509fd20c1fa20eaed6788ac122b959fe40acf711e

SHA512
e4a93a6002393be132f0fc862c17b0dc44b14bf6e40b9f5574c429e1a8f608c7a30edfc368ff6e4fe674d622553be74afe0c03c7036aaf17dc3db885ab21caec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe60168a.TMP

Filesize
48B

MD5
6aac2df870477551faf3770c1f84c9fe

SHA1
0316b918d239af306564acbc3b220a4127ff1ee4

SHA256
f7d0369843177117589b809036e0c95c99104c7392df857b0cf7f67a483e5edd

SHA512
45e2efe56db97b207caaa22ca62ddd2089e60422c7595ab9d09ee1b22a56a1a173c6699a6d76df85c4e00d42c59686b96b43b83d768ed8502605d3d26ea91043

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
8c04723e0deb153a1180a02b43e8eede

SHA1
3fc30b7e89ca13ee0e895d79ab6fe7a7cfca9326

SHA256
c80e523969a9a44cd84b861d44d2269ee52e3738c00f9271b513f7e9eb9c4cda

SHA512
76a2f2638605bca210549b9a9868ea0e5082dfe36611a7281e456e15ce17469c97f06c6800f4f9fd6f0131afa856b69e60e6dc9be05c954b25ed60cb0dd80fd2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
744e194c91c537dad7ae1bf946749737

SHA1
cb44ffafe93de9e5200f7c3ec53039375cd77986

SHA256
c5fd1f791675be40e4c735217398c495235e7aaa090c7f4a929aff1576d1110f

SHA512
8afd7a07f3441f6507a21d12cefa6290a74251107b44ca0f7921b1783fc9d1fff8e4b60d5ab3d7a53abf244dc3eb5447d4328dbfcbf442266036ab1408e176b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
4fc6f16e7601b910f56b080732b4ac07

SHA1
4a489bc9067d0c415735c0a6ea6f7360777c150c

SHA256
449471d35b8429699641050e19fd613fd107c30fa68a44466372fa2d062a9038

SHA512
2e0aa8dcd35385c712dbfe01c601b22a5d41f239e335b15ddb30d15d3c4810b9ff301d73a9ccb8977ee2bb4b92539004fd5c30eb1b85b0385201858527ad429f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
13298d817995420656aecf2e60f74698

SHA1
fe66f96d82d88bf32b70861e150ae33181e549c9

SHA256
6574b673af883737f91207db4e978e7390615b346f2af8f004aa2618bc244acc

SHA512
4c7209c8d0cbbffdbd5c21764306515a7ef91c3adae6132505712d0aba7f87507a20402113ec394d06d40120b604dcd6b865be90d74043499eb0fa1dbd5a7c83

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
11cb8a4ca3d139dea427525d36f7699e

SHA1
5c09f2ff72639a5673857b7f1dde2834933317f7

SHA256
d21d1162054e439d6e97a6e2cd4365e1921cd663b0d7974d53e46ed3fb782112

SHA512
7f3609d80a54690034fe28dc77b5ecf53136ae4eda224691466bda15d7e7e5f129d0290e4e1c2087c4b7e8346a16e82eadaba111612a488b4598629ec557eff4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
3fdda238e990e3c2fccb1ec49d778bcf

SHA1
bcd320a13e4fe38ee11189a5d64a6825254b0462

SHA256
a51263b3d7c810699f9cb91883a1ef118305a447ba4583b77d592eee40a173c9

SHA512
97766bf14d0bb4d265512643733e7074381a3b50d9a7b69bcc8bd633c7e6ea75644e1a9e9aac53f355f532f151f9806602654744e3bc16444cc7c98b5636fa91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
34044dc4a9b10937402c5d672b6c5af1

SHA1
f5bf9710ff65d4906452b8e7dc41c903595e39bb

SHA256
3d7a9d73cc9559cd6ed6ff8bc01301378a97357c835bec20715a899d050f8821

SHA512
d4317c397db7216021f69c6cc78727d939e6dbaaa69506db3e1dccd08d59c64697da67de33e1778da47ba8a793f532157d94652e46026f9ba482f881dafaf47a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
92255d98538f81a9375e5fc3848d37aa

SHA1
4f01912ca7e72f296305b49a5292e6e67e88178e

SHA256
4eedf957875f1c00e7a2d4d3cfd0c298f634c7fbd9ce10b8551241471484f6f9

SHA512
55edde01bc5b0a8425bbf2e5a56699ef262b92e1227935327c76a8da8588383017e245e6399fe24507e2e06a1f12fb68cdb591941682b5e5a81f4e4d2cea80a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
29614e0dbda1dc9612d95f9869c6a75e

SHA1
465bf33d8ddd2720c9ac05750f71f02afeaf653b

SHA256
0f25eac7ea19d2c49104277e91f1ca77461f8c5f3027a6fb517551c1b852bb4d

SHA512
096de90e8a8a33b55e248f656ee04e1182c073c7c2ef2233758e299616dbbe3fb8fd9e633ef12f9cc1805ab192d4725a70f3103758a42fda529412171659a393

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
cc6e1c6cbda8dcb2c91e2799e1e0772f

SHA1
4fc18c4a75bc76c8db609e882fac12bccf1f1953

SHA256
82657dee6324a8e4d03b4f49021f66ce82144751ad3a0cb9c5249fcd8db77676

SHA512
d0c20ac75d761fc18ab6885cba9acd225089ab19ad5715b4a42248a1eaed31550592f260ec079ba6a36e1df14491551d13853d044e22618d8a8fe2fd52916713

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
65719285cde3bbd5ddde1ce3bdf648ad

SHA1
ebe6a19c87e235cccf12f03a81826149c0239ced

SHA256
ad6fa935ba93025d8332d9eb0d8348640a9576aa9fc2d444563d4b5c740b1908

SHA512
5cae461603a7a1f01ffc53bd275428b7017112380e490e4a3587e9efd404105006e6d1b222e563ef92d7e23ad22a9e7b1edd6aec93c96c7ac72e4533c6dc8412

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
2b6369b393b3f52b2e7d70e066047c5c

SHA1
a75d5d488b3f8cde03276859d44494b18ed89a52

SHA256
6af1b5f1256136b51b9a4453cc2a1573b015cb11eff16545a525b0479406318d

SHA512
0db39417f1f9b7ee5ef40e3fa712ccfe54e1ae358743935cba6a95927f98114ed76f743f1f6c15561727e10fdc19dd9e602da2e713cb9d4dc569cce54087c4b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5807bb.TMP

Filesize
1KB

MD5
c986e5737bed7da4c93f09ed11b6eb3f

SHA1
b6d5fb6c962e2311ac0452d43c17c40269d17b91

SHA256
080210a1904d3c16cadd66223e771c35e62fcc3f175371a6dd74752d601078ee

SHA512
e3d19bf4b19c3776396b17d04c7f260dc6c92f16cde9fa784e469884c84d921701ef4d66292d22eea14846fb9062305778a1576ef55d3df7a3ba91491c2b0b4b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
f52b41b07dedd051b00b0df674aa9ac0

SHA1
d7860418b1df5c2b4620134d5005e00489836285

SHA256
242899ef027d257a7f8ca9058c55b19db531339b14cbd7a3db486913854b6184

SHA512
0bdc45d57f77a39222b848af2740b2b907cadb0982fb1c0286a93b27cd00d4b82f9a324804e731b6fb6597e66a536cdbec7ff2634435d2ed6437400a35fa5f94

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
2bc560d7ed8430b5631fbe7892532ef2

SHA1
21c10ed22526f0e97aff7f6a7772c2211dd99049

SHA256
566d88912e380725b05897c44b88cb219219bac28d4c47913ed312932d2bf268

SHA512
6d3822e48c580725b4454a621e5a90cecbc2167d31c4185e4db004e762d362be3a921923c22a0138f22d3414505a707b0ec063d10bef387d09ab2ccaf4e487ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
fd847a71265ec5a06ff7a1e8ba2a819b

SHA1
6d8dd38a5cac6a105f90ffa50d036b73259071ac

SHA256
6e8400470c345ad15f52a657be1bb1eaf76d5b975e52443d726a51ded033e7b4

SHA512
ec689f720f1881356fb01f70891d5667e867a2538a034fe1e2877dd046d4a56342c5beb120a9d6effbbf1fbceed56323095a75edd602b71bc6d78f27e43dc798

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
841f882abd829e6effdf2210efb0ed4f

SHA1
7af79d88add5244fd59bf4ef430d7f0120f49a25

SHA256
7db4ee188c3ee1c0329b8960f042f47f623d412f539ddc85c10e650b945f9622

SHA512
ef3caeb496b4af33e189e5bd0984c58461bf1ba3efb253151ad59a8b96f585389c67d6715b5973110ecafd567aac4b570e716e65f014e4479000fb724ad845ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
cb80b234b65a1f12f665b775bce00263

SHA1
c2f859d25e8cbde32f5e3fcc446c921defa719d1

SHA256
bd6e150a9d0cc59565c5fd2b3e665c541675627277c8671b58d72b380e9145ae

SHA512
bd9dfdb0406ff5b029842ace4b493f64c4d071c8c0985da70c06b38cb883b0580aef3e6e3632d8936ce12449d30b4edb25e229b976d032bf56ad8b7eeb3596ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
4c1a4f88b71a517ed695fa5d027461f1

SHA1
94558b2a4d2fe6b162a96b8e5ed1b5bf0ffeaa25

SHA256
901ef2f04cd289c6e33be092c29b4fc1ac21b222551756e7167c5840d3a2a888

SHA512
5046092504d252f446f1b90cfd3d7e423e114a751cfe2134f4b73b5189beabc75c2309e2aebf8647f88c79cc9440c92792975413a591b0f22dae4c8ac6496ae2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
746146437d68da93f7c1235410e8788e

SHA1
83c989659d7bb08381278a5375c9f2af17bd5f40

SHA256
12a0c7025e13f28d509546509e31dc014becf57b7b722fe0aea27b4a8fa047e9

SHA512
a37c58e71daa3f1f75135b2967d0f9a512a4670b3bcf67a18b23293b2fb5a7e807aee06d377b36575c35f81fc2aa6f0c920cac6ebd1f2ece7896698126f4dc9b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
79d6eeff9d405a03d95549bf9e334e5b

SHA1
16e5ca59cb57d1c8b6dbda4de92f9cdea19cded8

SHA256
2e402e19229b008389f1b16fdb1c2c60a9ce54280d7ad5f709224e3ab8994c5d

SHA512
80527111a97c48a97a814786ad0828e30ff4f736b55c8e2bfa1145bcf34685f7ae286f3d65ecbb97905089aa1209199e6cff31e013a35e87578214a91e0b6507

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
f0333ad19e7b6da93d6b9b104c21df25

SHA1
c0ea7f889b1f735e8560337193f36d1f1774df1b

SHA256
02098a261b43ffc8a26a1297e14e0618367c45b762f8af797e430359031a0e2d

SHA512
8333c52affc8755584d3c06d0e2a8e09c762a5d3b3f14def2a06a9e1068ba81406da05e2aab1cea0685d7c7f8651ef4502efa99ffd3cc80a687ee65ec1279920

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
058ded046ce1c3dd4649706fe3c565be

SHA1
db98bd7398c5dd4a35c4e398e8f37f6e41470fba

SHA256
212aaa42f7d7bac52c1192ef442d23c55ac458a1cb7ed6a203cbd900fc265ed9

SHA512
0b5fe6b76154ce302d68323f7d70d4ef16a0d1b0db5037aa36e2ac36e3526e2bee0a3199dacc950e18fbd1bd36e818e7b439638de88207bad358a64f166395ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
83623839065e7c92e0db0f716e449104

SHA1
831a99996a141edb39c66b17d4967d108b88ef71

SHA256
8be539351e2046d50ca575c19da0a676030f4b690cc6b07e76661ddb479587c9

SHA512
3ced6eaee254316222ed80cbc4a2dad3201a52dfc2d0e2054dd261c29b31311a85de8e6b69560d3a10ffd5718ea084fc3fa32111df9f74c3814d8c901cf10011

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
abda8321efb54c573b44cc6da9205b9e

SHA1
17ad0a8285b06460ed4c3e3beb175662a3fc92c9

SHA256
ad1cdadf811ed7d06bec8e0c2312139c4d599dc4f320436c90cd5290c0babcf5

SHA512
b637a3a089b7b1f7064714eaae8daa4ecd0e8434ca4c8e80785f6880e877ab8ca5eabd1f0efd2b2398fae4608156b165b669049f0b33eafef2445c7a3d7c84e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
50836f9e9e5003279690b2caff9036d7

SHA1
cad32fb80c91acd2ff7479f05b8b01354d50edbc

SHA256
407017d4d8c084486d127c2d47c8f16c48d8104709b4f2a201c781677b8ad259

SHA512
7424f7dd5f5300873a20775ed1cb98ed64e9f618dfc60c9a68b765ec4abb23988160fbf28c60bed7c8bff0084e2506eb6998a761a50ea696e05588012ca20403

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
24c25f20a32796163b13ed383e21e858

SHA1
d9812c39af17ad9affb7213c804166fa2ae7dcbe

SHA256
b4424992ecaf640d03436544a78132257120697cec4df86b84a94b789354d8ec

SHA512
38310891022c370ba04b290b26051af33558d2ef209b889cf5cd5dc541dbc813c546e9588f13011210ecc4df5681fc063614da90d4fa3e2411b48626f0a75f43

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Office\Recent\index.dat

Filesize
416B

MD5
0c4280f8873c48a49a2222ec1d7a367b

SHA1
096182237fd258f7efecefa4dbff8a78e6197fe9

SHA256
61cd422d485acd8904e138943107b5ea64aac8c306bfc70cf702ecc6ce61e1b1

SHA512
c41a3185cfa9d32984ed08895bf13ba3a5352f5368ba3cabbe17fdc4cb961f91a5eed7cd710fcae54e95235f9e3185912cdacab0465a91dd18dc9d1824663561

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms

Filesize
1KB

MD5
b9b25d9f5fd3e710070162780c9feee5

SHA1
a6e301002a192ed732d92c3a3dfcb987bc19bcb8

SHA256
fdc4f59da3067f7198a82597602559aece089872cadeca92151fa817cc9d8b90

SHA512
9052eb8fab469db0fa184f490d94686cd903fca535e17385fb001b2347f8d610e4163dceb2db340421aca6e180a2979a475c59309f18906ad4c00c4147db0ead

Download Submit
C:\Users\Admin\Downloads\Lua-Bytecode-Deobfuscator-master.zip

Filesize
7.2MB

MD5
5abd8b700cc166e4c8f3e43b0f9acd12

SHA1
7a0a513abafdcfa50748b7eb4dd6cc907943f21b

SHA256
68f2a7f9e5d74dcd5cf6dfef5734fa12c32023e5737034e8fd76ce9ba2e12766

SHA512
9cc8a4a5c51f233090eaeaed3d2aa1726ea280339db4a1a4324cd115d84d345f0f2580c4e78549a0eb7ed615aa821a6af960d84b350c26cc8dd0b5659e57e33a

Download Submit
C:\Users\Admin\Downloads\Lua-Bytecode-Deobfuscator-master.zip:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
C:\Users\Admin\Downloads\Lua-Bytecode-Deobfuscator-master\Lua-Bytecode-Deobfuscator-master\Lua_Byte_Deobfuscator\bin\Release\Lua_Byte_Deobfuscator_Secure\PlaneSystem.lua

Filesize
236KB

MD5
1756d853e6e20386965eb67acae8339e

SHA1
43e59b7083a1439adf9cd7b51ba760a404c222a2

SHA256
5143814c27cbd189fe928a2bc3f71702afd5f5a79e241ed733125c37ac91a30d

SHA512
aa28fea7226cd8389a3bb02bf0408a46e5fb7cced69ec74fb9d106167e9102490a4039bbc96e053c0d0f592d0bab55f79dffbe32ed67e8f44ba09406120e8df2

Download Submit
C:\Users\Admin\Downloads\PlaneSystem.txt

Filesize
236KB

MD5
6b34403f3cf81a044765cca1050d274d

SHA1
6eee59af9e6383a7924e83e61b0b43f2655916f8

SHA256
187280400dbd9f53b32f646cdb0eae5f8cec67587c082787f32bb39bc9284f89

SHA512
59046bcc0fcae330607c875cfcdcfae678e3e5389ad36cc573341180a98d205c696fb7ee9ae738134d3a92de5c2996e62fd9ea90bd54e8e51e5581c55b59d892

Download Submit
C:\Users\Admin\Downloads\WeaponsScript.lua:Zone.Identifier

Filesize
160B

MD5
9c95ea7dc5ff82bb660e30e35e3a1716

SHA1
fb91220b35b6c6efe737e4758d2338f57e5ea06c

SHA256
81da358642baa1ba6819528fa4ff86ab566ca79de0ddac18b3e3560b314dc1db

SHA512
378605813e7cbc3ec77407b619ac5de861b98b522688b5f2e644eb138c0b9a9afc31510d5317310198236c6d6f203d0d0f27d66a15f29c1e7cfbe637711d4d89

Download Submit
C:\Users\Admin\Downloads\b95f1428-f0f0-4e8e-80fa-21ad15f13770.tmp

Filesize
237KB

MD5
1e6cfecb99c74bc3fe5265d849d0b27c

SHA1
1e524f4d42ae2212af51877b8b0d23b8599f6474

SHA256
e109132f262577824b72762957f7a941fbc063a6d8f98bdab22eb83ba70f4454

SHA512
b8ad41c2c18e9aa507c0100e196361bf39bbda2a9f2d5318ef28ee127a10e1471ef4de142cee1f13f8ce3efe6f28bc6c8c1a9b32807160bc09de0ca3f57a5bda

Download Submit
memory/3744-1391-0x0000028E85AC0000-0x0000028E85AD4000-memory.dmp

Filesize
80KB

Download
memory/4348-1414-0x0000000005CC0000-0x0000000005D10000-memory.dmp

Filesize
320KB

Download
memory/4348-1394-0x0000000000EA0000-0x0000000000F08000-memory.dmp

Filesize
416KB

Download
memory/4888-1487-0x0000000004D90000-0x0000000004E97000-memory.dmp

Filesize
1.0MB

Download
memory/4888-1471-0x0000000004D90000-0x0000000004E97000-memory.dmp

Filesize
1.0MB

Download
memory/4888-1457-0x0000000004D90000-0x0000000004E97000-memory.dmp

Filesize
1.0MB

Download
memory/4888-1459-0x0000000004D90000-0x0000000004E97000-memory.dmp

Filesize
1.0MB

Download
memory/4888-1453-0x0000000004D90000-0x0000000004E97000-memory.dmp

Filesize
1.0MB

Download
memory/4888-1445-0x0000000004D90000-0x0000000004E9E000-memory.dmp

Filesize
1.1MB

Download
memory/4888-1444-0x0000000004FB0000-0x0000000005556000-memory.dmp

Filesize
5.6MB

Download
memory/4888-1511-0x0000000004D90000-0x0000000004E97000-memory.dmp

Filesize
1.0MB

Download
memory/4888-1509-0x0000000004D90000-0x0000000004E97000-memory.dmp

Filesize
1.0MB

Download
memory/4888-1501-0x0000000004D90000-0x0000000004E97000-memory.dmp

Filesize
1.0MB

Download
memory/4888-1499-0x0000000004D90000-0x0000000004E97000-memory.dmp

Filesize
1.0MB

Download
memory/4888-1451-0x0000000004D90000-0x0000000004E97000-memory.dmp

Filesize
1.0MB

Download
memory/4888-1496-0x0000000004D90000-0x0000000004E97000-memory.dmp

Filesize
1.0MB

Download
memory/4888-1491-0x0000000004D90000-0x0000000004E97000-memory.dmp

Filesize
1.0MB

Download
memory/4888-1443-0x0000000004EA0000-0x0000000004FAE000-memory.dmp

Filesize
1.1MB

Download
memory/4888-1449-0x0000000004D90000-0x0000000004E97000-memory.dmp

Filesize
1.0MB

Download
memory/4888-1485-0x0000000004D90000-0x0000000004E97000-memory.dmp

Filesize
1.0MB

Download
memory/4888-1474-0x0000000004D90000-0x0000000004E97000-memory.dmp

Filesize
1.0MB

Download
memory/4888-1447-0x0000000004D90000-0x0000000004E97000-memory.dmp

Filesize
1.0MB

Download
memory/4888-1455-0x0000000004D90000-0x0000000004E97000-memory.dmp

Filesize
1.0MB

Download
memory/4888-1467-0x0000000004D90000-0x0000000004E97000-memory.dmp

Filesize
1.0MB

Download
memory/4888-1461-0x0000000004D90000-0x0000000004E97000-memory.dmp

Filesize
1.0MB

Download
memory/4888-1446-0x0000000004D90000-0x0000000004E97000-memory.dmp

Filesize
1.0MB

Download
memory/4888-1507-0x0000000004D90000-0x0000000004E97000-memory.dmp

Filesize
1.0MB

Download
memory/4888-1505-0x0000000004D90000-0x0000000004E97000-memory.dmp

Filesize
1.0MB

Download
memory/4888-1503-0x0000000004D90000-0x0000000004E97000-memory.dmp

Filesize
1.0MB

Download
memory/4888-1497-0x0000000004D90000-0x0000000004E97000-memory.dmp

Filesize
1.0MB

Download
memory/4888-1493-0x0000000004D90000-0x0000000004E97000-memory.dmp

Filesize
1.0MB

Download
memory/4888-1489-0x0000000004D90000-0x0000000004E97000-memory.dmp

Filesize
1.0MB

Download
memory/4888-1477-0x0000000004D90000-0x0000000004E97000-memory.dmp

Filesize
1.0MB

Download
memory/4888-1483-0x0000000004D90000-0x0000000004E97000-memory.dmp

Filesize
1.0MB

Download
memory/4888-1481-0x0000000004D90000-0x0000000004E97000-memory.dmp

Filesize
1.0MB

Download
memory/4888-1479-0x0000000004D90000-0x0000000004E97000-memory.dmp

Filesize
1.0MB

Download
memory/4888-1476-0x0000000004D90000-0x0000000004E97000-memory.dmp

Filesize
1.0MB

Download
memory/4888-3416-0x0000000005900000-0x0000000005992000-memory.dmp

Filesize
584KB

Download
memory/4888-1463-0x0000000004D90000-0x0000000004E97000-memory.dmp

Filesize
1.0MB

Download
memory/4888-1465-0x0000000004D90000-0x0000000004E97000-memory.dmp

Filesize
1.0MB

Download
memory/4888-1469-0x0000000004D90000-0x0000000004E97000-memory.dmp

Filesize
1.0MB

Download
memory/5452-5390-0x00000000056F0000-0x00000000056FA000-memory.dmp

Filesize
40KB

Download