crimsonrat | hxxps://github[.]com/MalwareStudio/FunnyFile

Analysis

max time kernel
490s
max time network
490s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
09-11-2024 15:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/MalwareStudio/FunnyFile

Score

10^/10

crimsonrat warzonerat aspackv2 defense_evasion discovery infostealer persistence privilege_escalation rat rezer0

Malware Config

Extracted

Family

crimsonrat

185.136.161.124

Extracted

Family

warzonerat

168.61.222.215:5400

Signatures

CrimsonRAT main payload 1 IoCs

Processes:

resource	yara_rule
C:\ProgramData\Hdlharas\dlrarhsiva.exe	family_crimsonrat

CrimsonRat
Crimson RAT is a malware linked to a Pakistani-linked threat actor.
rat crimsonrat
Crimsonrat family
crimsonrat
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
rat infostealer warzonerat
Warzonerat family
warzonerat

ReZer0 packer 1 IoCs

Detects ReZer0, a packer with multiple versions used in various campaigns.

rezer0

Processes:

resource	yara_rule
behavioral1/memory/4256-1589-0x00000000055F0000-0x0000000005618000-memory.dmp	rezer0

Warzone RAT payload 2 IoCs

rat

Processes:

resource	yara_rule
behavioral1/memory/3548-1596-0x0000000000400000-0x0000000000553000-memory.dmp	warzonerat
behavioral1/memory/3548-1598-0x0000000000400000-0x0000000000553000-memory.dmp	warzonerat

Downloads MZ/PE file

ASPack v2.12-2.42 3 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

Processes:

resource	yara_rule
C:\Users\Admin\Downloads\Unconfirmed 899491.crdownload	aspack_v212_v242
C:\Users\Admin\Downloads\Unconfirmed 354358.crdownload	aspack_v212_v242
C:\Users\Admin\Downloads\Unconfirmed 625701.crdownload	aspack_v212_v242

Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
persistence privilege_escalation

Component Object Model Hijacking
T1546.015

Executes dropped EXE 13 IoCs

Processes:

winrar-x64-701.exewinrar-x64-701.exe7z2408-x64.exeCrimsonRAT.exedlrarhsiva.exeCrimsonRAT.exedlrarhsiva.exeWarzoneRAT.exeWinNuke.98.exePopup.exeAvoid.exerickroll.exeScreenScrew.exe

pid	process
5032	winrar-x64-701.exe
5068	winrar-x64-701.exe
128	7z2408-x64.exe
3520	CrimsonRAT.exe
5020	dlrarhsiva.exe
2772	CrimsonRAT.exe
2480	dlrarhsiva.exe
4256	WarzoneRAT.exe
2620	WinNuke.98.exe
5328	Popup.exe
1944	Avoid.exe
2228	rickroll.exe
3116	ScreenScrew.exe

Loads dropped DLL 1 IoCs

Processes:

CrimsonRAT.exe

pid process

3520 CrimsonRAT.exe
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service
T1102

Processes:

flow ioc

4 raw.githubusercontent.com
12 raw.githubusercontent.com
56 raw.githubusercontent.com
Suspicious use of SetThreadContext 1 IoCs

Processes:

WarzoneRAT.exe

description pid process target process

PID 4256 set thread context of 3548 4256 WarzoneRAT.exe MSBuild.exe

pid	process
3520	CrimsonRAT.exe

flow	ioc
4	raw.githubusercontent.com
12	raw.githubusercontent.com
56	raw.githubusercontent.com

description	pid	process	target process
PID 4256 set thread context of 3548	4256	WarzoneRAT.exe	MSBuild.exe

Drops file in Program Files directory 64 IoCs

Processes:

7z2408-x64.exe

description	ioc	process
File opened for modification	C:\Program Files\7-Zip\7-zip.chm	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\et.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\tg.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\vi.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\be.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\gu.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sl.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Uninstall.exe	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\mk.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\mn.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\nl.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\readme.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\7z.dll	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\he.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ka.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\kaa.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\th.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\bg.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\br.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sa.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ba.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\cs.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\tk.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\tr.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\fy.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\mr.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sk.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\co.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\mng.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\uk.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\7zCon.sfx	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\hu.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ko.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ky.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\pl.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\7-zip32.dll	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\kab.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\nb.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\fur.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ne.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ps.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ar.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\da.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\lv.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\si.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\uz.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\7z.sfx	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\eo.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\eu.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\hr.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\lt.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\pt.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\7zFM.exe	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\zh-cn.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\it.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\History.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ug.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\7-zip.dll	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\fr.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\mng2.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ms.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\7z.exe	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\es.txt	7z2408-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sr-spl.txt	7z2408-x64.exe

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 10 IoCs

When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

defense_evasion

SIP and Trust Provider Hijacking

T1553.003

Processes:

msedge.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exe

description	ioc	process
File opened for modification	C:\Users\Admin\Downloads\CrimsonRAT.exe:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\WinNuke.98.exe:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Popup.exe:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Avoid.exe:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\rickroll.exe:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\winrar-x64-701.exe:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\7z2408-x64.exe:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\WarzoneRAT.exe:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\MadMan.exe:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\ScreenScrew.exe:Zone.Identifier	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 11 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

DllHost.exeScreenScrew.exeWarzoneRAT.exePopup.exeMSBuild.exeWinNuke.98.exeDllHost.exeDllHost.exeAvoid.exe7z2408-x64.exeschtasks.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DllHost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ScreenScrew.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WarzoneRAT.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Popup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MSBuild.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WinNuke.98.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DllHost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DllHost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Avoid.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7z2408-x64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	schtasks.exe

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

WINWORD.EXE

description	ioc	process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	WINWORD.EXE

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

WINWORD.EXEmsedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	WINWORD.EXE
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 64 IoCs

Processes:

Popup.exe7z2408-x64.exemsedge.exemsedge.exemsedge.exemsedge.exeOpenWith.exe

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlgLegacy\{24CCB8A6-C45A-477D-B940-3382B9225668}\Mode = "6"	Popup.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 010000000200000000000000ffffffff	Popup.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12\ComDlgLegacy\{5FA96407-7E77-483C-AC93-691D05850DE8}\IconSize = "96"	Popup.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\3\MRUListEx = ffffffff	Popup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\14\ComDlgLegacy\TV_TopViewID = "{82BA0782-5B7A-4569-B5D7-EC83085F08CC}"	Popup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\ShellEx\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2408-x64.exe
Key created	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlgLegacy\{C4D98F09-6124-4FE0-9942-826416082DA9}\Mode = "6"	Popup.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\15\ComDlgLegacy\{0B2BAAEB-0042-4DCA-AA4D-3EE8648D03E5}\IconSize = "96"	Popup.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000010000000300000002000000ffffffff	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlgLegacy\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	Popup.exe
Key created	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12\ComDlgLegacy\{5FA96407-7E77-483C-AC93-691D05850DE8}	Popup.exe
Key created	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	msedge.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2408-x64.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlgLegacy\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	Popup.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlgLegacy\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "4"	Popup.exe
Key created	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings	OpenWith.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ = "C:\\Program Files\\7-Zip\\7-zip.dll"	7z2408-x64.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlgLegacy\{B3690E58-E961-423B-B687-386EBFD83239}\Mode = "1"	Popup.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257"	msedge.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2408-x64.exe
Key created	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlgLegacy\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	Popup.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlgLegacy\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	Popup.exe
Key created	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlgLegacy	Popup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlgLegacy\{24CCB8A6-C45A-477D-B940-3382B9225668}\GroupByKey:FMTID = "{30C8EEF4-A832-41E2-AB32-E3C3CA28FD29}"	Popup.exe
Key created	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell	Popup.exe
Key created	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlgLegacy\{B3690E58-E961-423B-B687-386EBFD83239}	Popup.exe
Key created	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\15	Popup.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\15\ComDlgLegacy\{0B2BAAEB-0042-4DCA-AA4D-3EE8648D03E5}\LogicalViewMode = "3"	Popup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip	7z2408-x64.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlgLegacy\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "6"	Popup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlgLegacy\{C4D98F09-6124-4FE0-9942-826416082DA9}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	Popup.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1 = 740000001a00eebbfe23000010009fae90a93ba0804e94bc9912d750410400002a0000000000efbe000000200000000000000000000000000000000000000000000000000100000020002a0000001900efbeebaa2b0b4200ca4daa4d3ee8648d03e58207ba827a5b6945b5d7ec83085f08cc20000000	Popup.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlgLegacy\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "48"	Popup.exe
Key created	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	Popup.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 01000000000000000300000002000000ffffffff	Popup.exe
Key created	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlgLegacy	Popup.exe
Key created	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\Shell	Popup.exe
Key created	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\13\ComDlgLegacy	Popup.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\NodeSlot = "4"	Popup.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlgLegacy\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	Popup.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlgLegacy\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257"	Popup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\Shell\SniffedFolderType = "Pictures"	Popup.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlgLegacy\{B3690E58-E961-423B-B687-386EBFD83239}\GroupByKey:PID = "0"	Popup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ThreadingModel = "Apartment"	7z2408-x64.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlgLegacy\{C4D98F09-6124-4FE0-9942-826416082DA9}\FFlags = "1"	Popup.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlgLegacy\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1"	Popup.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlgLegacy\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a000000a000000030f125b7ef471a10a5f102608c9eebac04000000c8000000354b179bff40d211a27e00c04fc308710300000080000000354b179bff40d211a27e00c04fc308710200000080000000	Popup.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlgLegacy\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16"	Popup.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	Popup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell\SniffedFolderType = "Downloads"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\3	Popup.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\15\ComDlgLegacy\{0B2BAAEB-0042-4DCA-AA4D-3EE8648D03E5}\Mode = "1"	Popup.exe
Key created	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4	Popup.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000030000000200000001000000ffffffff	Popup.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\MRUListEx = ffffffff	Popup.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlgLegacy\{24CCB8A6-C45A-477D-B940-3382B9225668}\GroupByKey:PID = "2"	Popup.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlgLegacy\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "2"	Popup.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2584844841-1405471295-1760131749-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlgLegacy\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	Popup.exe

NTFS ADS 27 IoCs

Processes:

msedge.exemsedge.exeWarzoneRAT.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exe

description	ioc	process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 354358.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\WarzoneRAT.exe:Zone.Identifier	msedge.exe
File created	C:\Users\Admin\AppData\Roaming\jFvfxe.exe\:SmartScreen:$DATA	WarzoneRAT.exe
File created	C:\Users\Admin\AppData\Roaming\jFvfxe.exe\:Zone.Identifier:$DATA	WarzoneRAT.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 899491.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 342149.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\winrar-x64-701.exe:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 936762.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\WinNuke.98.exe:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 715428.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\MadMan.exe:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\OIP.jpg:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 536789.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 625701.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 634600.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\FunnyFile-main (1).zip:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 188655.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\OIP.png:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\FunnyFile-main.zip:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 8408.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\7z2408-x64.exe:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\ScreenScrew.exe:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\CrimsonRAT.exe:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Melissa.doc:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Popup.exe:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\rickroll.exe:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Avoid.exe:Zone.Identifier	msedge.exe

Scheduled Task/Job: Scheduled Task 1 TTPs 1 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
persistence execution

Scheduled Task
T1053.005

Processes:

schtasks.exe

pid process

1572 schtasks.exe
Suspicious behavior: AddClipboardFormatListener 4 IoCs

Processes:

vlc.exevlc.exeWINWORD.EXE

pid process

2776 vlc.exe
3628 vlc.exe
740 WINWORD.EXE
740 WINWORD.EXE

pid	process
1572	schtasks.exe

pid	process
2776	vlc.exe
3628	vlc.exe
740	WINWORD.EXE
740	WINWORD.EXE

Suspicious behavior: EnumeratesProcesses 52 IoCs

Processes:

msedge.exemsedge.exemsedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exeWarzoneRAT.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exe

pid	process
1332	msedge.exe
1332	msedge.exe
4184	msedge.exe
4184	msedge.exe
4088	msedge.exe
4088	msedge.exe
3844	msedge.exe
3844	msedge.exe
3976	identity_helper.exe
3976	identity_helper.exe
2016	msedge.exe
2016	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
3852	msedge.exe
3852	msedge.exe
4408	msedge.exe
4408	msedge.exe
2876	msedge.exe
2876	msedge.exe
4256	WarzoneRAT.exe
4256	WarzoneRAT.exe
4256	WarzoneRAT.exe
4256	WarzoneRAT.exe
1096	msedge.exe
1096	msedge.exe
4712	msedge.exe
4712	msedge.exe
5936	msedge.exe
5936	msedge.exe
5196	msedge.exe
5196	msedge.exe
5268	msedge.exe
5268	msedge.exe
3376	msedge.exe
3376	msedge.exe
3612	msedge.exe
3612	msedge.exe
5272	msedge.exe
5272	msedge.exe
3152	msedge.exe
3152	msedge.exe
4472	msedge.exe
4472	msedge.exe
5616	msedge.exe
5616	msedge.exe
5116	msedge.exe
5116	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 3 IoCs

Processes:

vlc.exemsedge.exePopup.exe

pid process

2776 vlc.exe
4184 msedge.exe
5328 Popup.exe

pid	process
2776	vlc.exe
4184	msedge.exe
5328	Popup.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 53 IoCs

Processes:

msedge.exe

pid	process
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

WarzoneRAT.exe

description pid process

Token: SeDebugPrivilege 4256 WarzoneRAT.exe

description	pid	process
Token: SeDebugPrivilege	4256	WarzoneRAT.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

msedge.exevlc.exe

pid	process
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
2776	vlc.exe
2776	vlc.exe
2776	vlc.exe
2776	vlc.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe

Suspicious use of SendNotifyMessage 18 IoCs

Processes:

msedge.exevlc.exevlc.exe

pid	process
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
4184	msedge.exe
2776	vlc.exe
2776	vlc.exe
2776	vlc.exe
3628	vlc.exe
3628	vlc.exe
3628	vlc.exe

Suspicious use of SetWindowsHookEx 29 IoCs

Processes:

OpenWith.exevlc.exewinrar-x64-701.exewinrar-x64-701.exe7z2408-x64.exevlc.exeWINWORD.EXEMiniSearchHost.exemsedge.exePopup.exemsedge.exemsedge.exemsedge.exe

pid	process
868	OpenWith.exe
868	OpenWith.exe
868	OpenWith.exe
2776	vlc.exe
5032	winrar-x64-701.exe
5032	winrar-x64-701.exe
5032	winrar-x64-701.exe
5068	winrar-x64-701.exe
5068	winrar-x64-701.exe
5068	winrar-x64-701.exe
128	7z2408-x64.exe
3628	vlc.exe
740	WINWORD.EXE
740	WINWORD.EXE
740	WINWORD.EXE
740	WINWORD.EXE
740	WINWORD.EXE
740	WINWORD.EXE
740	WINWORD.EXE
740	WINWORD.EXE
3668	MiniSearchHost.exe
4184	msedge.exe
5328	Popup.exe
5268	msedge.exe
3376	msedge.exe
5328	Popup.exe
5272	msedge.exe
5328	Popup.exe
740	WINWORD.EXE

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 4184 wrote to memory of 3344	4184	msedge.exe	msedge.exe
PID 4184 wrote to memory of 3344	4184	msedge.exe	msedge.exe
PID 4184 wrote to memory of 2212	4184	msedge.exe	msedge.exe
PID 4184 wrote to memory of 2212	4184	msedge.exe	msedge.exe
PID 4184 wrote to memory of 2212	4184	msedge.exe	msedge.exe
PID 4184 wrote to memory of 2212	4184	msedge.exe	msedge.exe
PID 4184 wrote to memory of 2212	4184	msedge.exe	msedge.exe
PID 4184 wrote to memory of 2212	4184	msedge.exe	msedge.exe
PID 4184 wrote to memory of 2212	4184	msedge.exe	msedge.exe
PID 4184 wrote to memory of 2212	4184	msedge.exe	msedge.exe
PID 4184 wrote to memory of 2212	4184	msedge.exe	msedge.exe
PID 4184 wrote to memory of 2212	4184	msedge.exe	msedge.exe
PID 4184 wrote to memory of 2212	4184	msedge.exe	msedge.exe
PID 4184 wrote to memory of 2212	4184	msedge.exe	msedge.exe
PID 4184 wrote to memory of 2212	4184	msedge.exe	msedge.exe
PID 4184 wrote to memory of 2212	4184	msedge.exe	msedge.exe
PID 4184 wrote to memory of 2212	4184	msedge.exe	msedge.exe
PID 4184 wrote to memory of 2212	4184	msedge.exe	msedge.exe
PID 4184 wrote to memory of 2212	4184	msedge.exe	msedge.exe
PID 4184 wrote to memory of 2212	4184	msedge.exe	msedge.exe
PID 4184 wrote to memory of 2212	4184	msedge.exe	msedge.exe
PID 4184 wrote to memory of 2212	4184	msedge.exe	msedge.exe
PID 4184 wrote to memory of 2212	4184	msedge.exe	msedge.exe
PID 4184 wrote to memory of 2212	4184	msedge.exe	msedge.exe
PID 4184 wrote to memory of 2212	4184	msedge.exe	msedge.exe
PID 4184 wrote to memory of 2212	4184	msedge.exe	msedge.exe
PID 4184 wrote to memory of 2212	4184	msedge.exe	msedge.exe
PID 4184 wrote to memory of 2212	4184	msedge.exe	msedge.exe
PID 4184 wrote to memory of 2212	4184	msedge.exe	msedge.exe
PID 4184 wrote to memory of 2212	4184	msedge.exe	msedge.exe
PID 4184 wrote to memory of 2212	4184	msedge.exe	msedge.exe
PID 4184 wrote to memory of 2212	4184	msedge.exe	msedge.exe
PID 4184 wrote to memory of 2212	4184	msedge.exe	msedge.exe
PID 4184 wrote to memory of 2212	4184	msedge.exe	msedge.exe
PID 4184 wrote to memory of 2212	4184	msedge.exe	msedge.exe
PID 4184 wrote to memory of 2212	4184	msedge.exe	msedge.exe
PID 4184 wrote to memory of 2212	4184	msedge.exe	msedge.exe
PID 4184 wrote to memory of 2212	4184	msedge.exe	msedge.exe
PID 4184 wrote to memory of 2212	4184	msedge.exe	msedge.exe
PID 4184 wrote to memory of 2212	4184	msedge.exe	msedge.exe
PID 4184 wrote to memory of 2212	4184	msedge.exe	msedge.exe
PID 4184 wrote to memory of 2212	4184	msedge.exe	msedge.exe
PID 4184 wrote to memory of 1332	4184	msedge.exe	msedge.exe
PID 4184 wrote to memory of 1332	4184	msedge.exe	msedge.exe
PID 4184 wrote to memory of 2496	4184	msedge.exe	msedge.exe
PID 4184 wrote to memory of 2496	4184	msedge.exe	msedge.exe
PID 4184 wrote to memory of 2496	4184	msedge.exe	msedge.exe
PID 4184 wrote to memory of 2496	4184	msedge.exe	msedge.exe
PID 4184 wrote to memory of 2496	4184	msedge.exe	msedge.exe
PID 4184 wrote to memory of 2496	4184	msedge.exe	msedge.exe
PID 4184 wrote to memory of 2496	4184	msedge.exe	msedge.exe
PID 4184 wrote to memory of 2496	4184	msedge.exe	msedge.exe
PID 4184 wrote to memory of 2496	4184	msedge.exe	msedge.exe
PID 4184 wrote to memory of 2496	4184	msedge.exe	msedge.exe
PID 4184 wrote to memory of 2496	4184	msedge.exe	msedge.exe
PID 4184 wrote to memory of 2496	4184	msedge.exe	msedge.exe
PID 4184 wrote to memory of 2496	4184	msedge.exe	msedge.exe
PID 4184 wrote to memory of 2496	4184	msedge.exe	msedge.exe
PID 4184 wrote to memory of 2496	4184	msedge.exe	msedge.exe
PID 4184 wrote to memory of 2496	4184	msedge.exe	msedge.exe
PID 4184 wrote to memory of 2496	4184	msedge.exe	msedge.exe
PID 4184 wrote to memory of 2496	4184	msedge.exe	msedge.exe
PID 4184 wrote to memory of 2496	4184	msedge.exe	msedge.exe
PID 4184 wrote to memory of 2496	4184	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://github.com/MalwareStudio/FunnyFile
1⤵
- Enumerates system info in registry
- Modifies registry class
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffb4ed33cb8,0x7ffb4ed33cc8,0x7ffb4ed33cd8
  2⤵
  PID:3344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1892,4608088758353330503,8516073646752633660,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1904 /prefetch:2
  2⤵
  PID:2212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1892,4608088758353330503,8516073646752633660,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2348 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1892,4608088758353330503,8516073646752633660,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2776 /prefetch:8
  2⤵
  PID:2496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,4608088758353330503,8516073646752633660,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
  2⤵
  PID:1012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,4608088758353330503,8516073646752633660,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
  2⤵
  PID:728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1892,4608088758353330503,8516073646752633660,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5076 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,4608088758353330503,8516073646752633660,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4680 /prefetch:1
  2⤵
  PID:1064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1892,4608088758353330503,8516073646752633660,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5496 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:3844
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1892,4608088758353330503,8516073646752633660,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6028 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,4608088758353330503,8516073646752633660,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5680 /prefetch:1
  2⤵
  PID:4408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,4608088758353330503,8516073646752633660,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3944 /prefetch:1
  2⤵
  PID:244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,4608088758353330503,8516073646752633660,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6344 /prefetch:1
  2⤵
  PID:1408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,4608088758353330503,8516073646752633660,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6212 /prefetch:1
  2⤵
  PID:1060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,4608088758353330503,8516073646752633660,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6316 /prefetch:1
  2⤵
  PID:3880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,4608088758353330503,8516073646752633660,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6220 /prefetch:1
  2⤵
  PID:2156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,4608088758353330503,8516073646752633660,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2192 /prefetch:1
  2⤵
  PID:4048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,4608088758353330503,8516073646752633660,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
  2⤵
  PID:1272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,4608088758353330503,8516073646752633660,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6664 /prefetch:1
  2⤵
  PID:624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1892,4608088758353330503,8516073646752633660,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6040 /prefetch:8
  2⤵
  PID:3932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1892,4608088758353330503,8516073646752633660,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6668 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:2016
- C:\Users\Admin\Downloads\winrar-x64-701.exe
  "C:\Users\Admin\Downloads\winrar-x64-701.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:5032
- C:\Users\Admin\Downloads\winrar-x64-701.exe
  "C:\Users\Admin\Downloads\winrar-x64-701.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:5068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,4608088758353330503,8516073646752633660,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6572 /prefetch:1
  2⤵
  PID:4424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,4608088758353330503,8516073646752633660,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6472 /prefetch:1
  2⤵
  PID:872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,4608088758353330503,8516073646752633660,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6692 /prefetch:1
  2⤵
  PID:3376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,4608088758353330503,8516073646752633660,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6452 /prefetch:1
  2⤵
  PID:984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,4608088758353330503,8516073646752633660,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5632 /prefetch:1
  2⤵
  PID:2904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,4608088758353330503,8516073646752633660,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6968 /prefetch:1
  2⤵
  PID:4560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,4608088758353330503,8516073646752633660,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7040 /prefetch:1
  2⤵
  PID:1480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1892,4608088758353330503,8516073646752633660,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7260 /prefetch:8
  2⤵
  PID:232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1892,4608088758353330503,8516073646752633660,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7248 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:2908
- C:\Users\Admin\Downloads\7z2408-x64.exe
  "C:\Users\Admin\Downloads\7z2408-x64.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,4608088758353330503,8516073646752633660,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6604 /prefetch:1
  2⤵
  PID:4932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1892,4608088758353330503,8516073646752633660,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5396 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,4608088758353330503,8516073646752633660,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7144 /prefetch:1
  2⤵
  PID:240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1892,4608088758353330503,8516073646752633660,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6632 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:3852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,4608088758353330503,8516073646752633660,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6992 /prefetch:1
  2⤵
  PID:1572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,4608088758353330503,8516073646752633660,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7592 /prefetch:1
  2⤵
  PID:4424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,4608088758353330503,8516073646752633660,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7636 /prefetch:1
  2⤵
  PID:1624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,4608088758353330503,8516073646752633660,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7244 /prefetch:1
  2⤵
  PID:1236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,4608088758353330503,8516073646752633660,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6096 /prefetch:1
  2⤵
  PID:3664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,4608088758353330503,8516073646752633660,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6540 /prefetch:1
  2⤵
  PID:4920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,4608088758353330503,8516073646752633660,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3440 /prefetch:1
  2⤵
  PID:1076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,4608088758353330503,8516073646752633660,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7264 /prefetch:1
  2⤵
  PID:1328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,4608088758353330503,8516073646752633660,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7832 /prefetch:1
  2⤵
  PID:3136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,4608088758353330503,8516073646752633660,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7996 /prefetch:1
  2⤵
  PID:3088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1892,4608088758353330503,8516073646752633660,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2512 /prefetch:8
  2⤵
  PID:800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1892,4608088758353330503,8516073646752633660,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7200 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:4408
- C:\Users\Admin\Downloads\CrimsonRAT.exe
  "C:\Users\Admin\Downloads\CrimsonRAT.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:3520
- - C:\ProgramData\Hdlharas\dlrarhsiva.exe
    "C:\ProgramData\Hdlharas\dlrarhsiva.exe"
    3⤵
    - Executes dropped EXE
    PID:5020
- C:\Users\Admin\Downloads\CrimsonRAT.exe
  "C:\Users\Admin\Downloads\CrimsonRAT.exe"
  2⤵
  - Executes dropped EXE
  PID:2772
- - C:\ProgramData\Hdlharas\dlrarhsiva.exe
    "C:\ProgramData\Hdlharas\dlrarhsiva.exe"
    3⤵
    - Executes dropped EXE
    PID:2480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,4608088758353330503,8516073646752633660,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7296 /prefetch:1
  2⤵
  PID:3660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1892,4608088758353330503,8516073646752633660,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7424 /prefetch:8
  2⤵
  PID:3268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1892,4608088758353330503,8516073646752633660,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4068 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:2876
- C:\Users\Admin\Downloads\WarzoneRAT.exe
  "C:\Users\Admin\Downloads\WarzoneRAT.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetThreadContext
  - System Location Discovery: System Language Discovery
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:4256
- - C:\Windows\SysWOW64\schtasks.exe
    "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\jFvfxe" /XML "C:\Users\Admin\AppData\Local\Temp\tmp8128.tmp"
    3⤵
    - System Location Discovery: System Language Discovery
    - Scheduled Task/Job: Scheduled Task
    PID:1572
- - C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
    "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,4608088758353330503,8516073646752633660,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7904 /prefetch:1
  2⤵
  PID:2152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1892,4608088758353330503,8516073646752633660,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7932 /prefetch:8
  2⤵
  PID:3452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1892,4608088758353330503,8516073646752633660,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6056 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:1096
- C:\Users\Admin\Downloads\WinNuke.98.exe
  "C:\Users\Admin\Downloads\WinNuke.98.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:2620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,4608088758353330503,8516073646752633660,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6016 /prefetch:1
  2⤵
  PID:668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1892,4608088758353330503,8516073646752633660,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7552 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:4712
- C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
  "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\Downloads\Melissa.doc" /o ""
  2⤵
  - Checks processor information in registry
  - Enumerates system info in registry
  - Suspicious behavior: AddClipboardFormatListener
  - Suspicious use of SetWindowsHookEx
  PID:740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,4608088758353330503,8516073646752633660,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8184 /prefetch:1
  2⤵
  PID:3520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1892,4608088758353330503,8516073646752633660,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7072 /prefetch:8
  2⤵
  PID:5388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,4608088758353330503,8516073646752633660,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7640 /prefetch:1
  2⤵
  PID:5824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1892,4608088758353330503,8516073646752633660,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5384 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:5936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,4608088758353330503,8516073646752633660,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4816 /prefetch:1
  2⤵
  PID:4936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1892,4608088758353330503,8516073646752633660,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6976 /prefetch:8
  2⤵
  PID:2876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1892,4608088758353330503,8516073646752633660,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8128 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:5196
- C:\Users\Admin\Downloads\Popup.exe
  "C:\Users\Admin\Downloads\Popup.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Modifies registry class
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:5328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,4608088758353330503,8516073646752633660,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7848 /prefetch:1
  2⤵
  PID:5736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1892,4608088758353330503,8516073646752633660,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6052 /prefetch:8
  2⤵
  PID:3088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,4608088758353330503,8516073646752633660,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7172 /prefetch:1
  2⤵
  PID:5136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,4608088758353330503,8516073646752633660,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7936 /prefetch:1
  2⤵
  PID:1396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,4608088758353330503,8516073646752633660,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5384 /prefetch:1
  2⤵
  PID:5608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,4608088758353330503,8516073646752633660,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=876 /prefetch:1
  2⤵
  PID:5616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,4608088758353330503,8516073646752633660,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7192 /prefetch:1
  2⤵
  PID:5876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,4608088758353330503,8516073646752633660,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=81 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8228 /prefetch:1
  2⤵
  PID:6076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,4608088758353330503,8516073646752633660,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=82 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7188 /prefetch:1
  2⤵
  PID:5904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1892,4608088758353330503,8516073646752633660,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7832 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:5268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,4608088758353330503,8516073646752633660,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=85 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6868 /prefetch:1
  2⤵
  PID:5612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,4608088758353330503,8516073646752633660,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=86 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7488 /prefetch:1
  2⤵
  PID:3424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1892,4608088758353330503,8516073646752633660,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8672 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:3376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,4608088758353330503,8516073646752633660,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=89 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8760 /prefetch:1
  2⤵
  PID:1940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1892,4608088758353330503,8516073646752633660,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8864 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:3612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1892,4608088758353330503,8516073646752633660,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2948 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:5272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,4608088758353330503,8516073646752633660,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=93 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6804 /prefetch:1
  2⤵
  PID:5016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1892,4608088758353330503,8516073646752633660,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7216 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:3152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,4608088758353330503,8516073646752633660,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=96 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8892 /prefetch:1
  2⤵
  PID:5820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1892,4608088758353330503,8516073646752633660,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=8456 /prefetch:8
  2⤵
  PID:1060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1892,4608088758353330503,8516073646752633660,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8780 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:4472
- C:\Users\Admin\Downloads\Avoid.exe
  "C:\Users\Admin\Downloads\Avoid.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:1944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,4608088758353330503,8516073646752633660,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=100 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1752 /prefetch:1
  2⤵
  PID:644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1892,4608088758353330503,8516073646752633660,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7308 /prefetch:8
  2⤵
  PID:3420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1892,4608088758353330503,8516073646752633660,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6032 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:5616
- C:\Users\Admin\Downloads\rickroll.exe
  "C:\Users\Admin\Downloads\rickroll.exe"
  2⤵
  - Executes dropped EXE
  PID:2228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,4608088758353330503,8516073646752633660,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=104 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8464 /prefetch:1
  2⤵
  PID:1432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,4608088758353330503,8516073646752633660,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=106 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7360 /prefetch:1
  2⤵
  PID:4660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1892,4608088758353330503,8516073646752633660,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3168 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:5116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1892,4608088758353330503,8516073646752633660,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2768 /prefetch:8
  2⤵
  PID:4424
- C:\Users\Admin\Downloads\ScreenScrew.exe
  "C:\Users\Admin\Downloads\ScreenScrew.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:3116

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4484

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2500

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:972

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:868
- C:\Program Files\VideoLAN\VLC\vlc.exe
  "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\Temp1_FunnyFile-main.zip\FunnyFile-main\NotScaryFile.rar"
  2⤵
  - Suspicious behavior: AddClipboardFormatListener
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:2776

C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\978c806aed5749ae86fdf40854ec9dc7 /t 4760 /p 5032
1⤵
PID:1160

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\Temp1_FunnyFile-main (1).zip\FunnyFile-main\NotScaryFile.rar"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:3628

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Suspicious use of SetWindowsHookEx
PID:3668

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
1⤵
- System Location Discovery: System Language Discovery
PID:5540

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
1⤵
- System Location Discovery: System Language Discovery
PID:5572

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
1⤵
- System Location Discovery: System Language Discovery
PID:4524

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Persistence

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Privilege Escalation

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Defense Evasion

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip.dll

Filesize
99KB

MD5
d346530e648e15887ae88ea34c82efc9

SHA1
5644d95910852e50a4b42375bddfef05f6b3490f

SHA256
f972b164d9a90821be0ea2f46da84dd65f85cd0f29cd1abba0c8e9a7d0140902

SHA512
62db21717f79702cbdd805109f30f51a7f7ff5f751dc115f4c95d052c5405eb34d5e8c5a83f426d73875591b7d463f00f686c182ef3850db2e25989ae2d83673

Download Submit
C:\ProgramData\Hdlharas\dlrarhsiva.exe

Filesize
9.1MB

MD5
64261d5f3b07671f15b7f10f2f78da3f

SHA1
d4f978177394024bb4d0e5b6b972a5f72f830181

SHA256
87f51b4632c5fbc351a59a234dfefef506d807f2c173aac23162b85d0d73c2ad

SHA512
3a9ff39e6bc7585b0b03f7327652e4c3b766563e8b183c25b6497e30956945add5684f1579862117e44c6bac2802601fc7c4d2a0daa1824f16c4da1fd6c9c91a

Download Submit
C:\ProgramData\Hdlharas\mdkhm.zip

Filesize
56KB

MD5
b635f6f767e485c7e17833411d567712

SHA1
5a9cbdca7794aae308c44edfa7a1ff5b155e4aa8

SHA256
6838286fb88e9e4e68882601a13fa770f1b510a0a86389b6a29070a129bf2e5e

SHA512
551ba05bd44e66685f359802b35a8c9775792a12844906b4b53e1a000d56624c6db323754331c9f399072790991c1b256d9114a50fb78111652a1c973d2880af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\2d99f9e7-b3d3-4d6a-b501-56a3bdb6f7ca.tmp

Filesize
10KB

MD5
6dd5395d797d31ee7ca1bebc5dc766d9

SHA1
0b8aea5991397aa4b73ef12a6ce7b73408ab62dd

SHA256
ee8a94c4692e5908b2e4f852250be84c6df7a70145b93c72daff0ee9042ecd36

SHA512
ba6fb3ac27dd2a18849385e78a0c66a0a1518299511a32229c689cdb0b2a32f104b973b9feea9d1956cc19171b79766d159b19c1886f80291c5fa4c32ca0c2ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
826c7cac03e3ae47bfe2a7e50281605e

SHA1
100fbea3e078edec43db48c3312fbbf83f11fca0

SHA256
239b1d7cc6f76e1d1832b0587664f114f38a21539cb8548e25626ed5053ea2ab

SHA512
a82f3c817a6460fd8907a4ac6ab37c2129fb5466707edcfb565c255680d7f7212a5669fe2a42976150f16e4e549ea8310078f22ed35514ee1b7b45b46d8cc96e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
02a4b762e84a74f9ee8a7d8ddd34fedb

SHA1
4a870e3bd7fd56235062789d780610f95e3b8785

SHA256
366e497233268d7cdf699242e4b2c7ecc1999d0a84e12744f5af2b638e9d86da

SHA512
19028c45f2e05a0cb32865a2554513c1536bf9da63512ff4e964c94a3e171f373493c7787d2d2a6df8012648bbefab63a9de924f119c50c39c727cf81bdc659f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

Filesize
47KB

MD5
55a93dd8c17e1019c87980a74c65cb1b

SHA1
4b99f1784b2bb2b2cc0e78b88c5d25858ff01c5d

SHA256
4925dd477b8abf082cb81e636f8d2c76f34d7864947114fc9f1db0e68b5a9009

SHA512
f9ade542c593067dbcd13ed94da1ba17a84782575355396db8fd7c28aa70a3120d0c0a22d3ca3d2f0774c1dcb06b9319e243b36001c618c92e0af25cb9c8e46b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

Filesize
67KB

MD5
fb2f02c107cee2b4f2286d528d23b94e

SHA1
d76d6b684b7cfbe340e61734a7c197cc672b1af3

SHA256
925dd883d5a2eb44cf1f75e8d71346b98f14c4412a0ea0c350672384a0e83e7a

SHA512
be51d371b79f4cc1f860706207d5978d18660bf1dc0ca6706d43ca0375843ec924aa4a8ed44867661a77e3ec85e278c559ab6f6946cba4f43daf3854b838bb82

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

Filesize
62KB

MD5
c3c0eb5e044497577bec91b5970f6d30

SHA1
d833f81cf21f68d43ba64a6c28892945adc317a6

SHA256
eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb

SHA512
83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

Filesize
19KB

MD5
76a3f1e9a452564e0f8dce6c0ee111e8

SHA1
11c3d925cbc1a52d53584fd8606f8f713aa59114

SHA256
381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c

SHA512
a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

Filesize
25KB

MD5
cd74fa4f0944963c0908611fed565d9b

SHA1
c18033d8679d742e2aab1d6c88c28bd8f8a9e10d

SHA256
e432edfafbd52fcdbd59ef74892aa2e2ab19df6647ae723b368fca529066a804

SHA512
b526216bdbc73a97db41edbec6fdfd09b7b4ae149d415fb5811dde03ad4b1b0247950abd78fef807ae47674ab1b56ff0b971fa5e305b26bc92dc07871313b750

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019

Filesize
40KB

MD5
3051c1e179d84292d3f84a1a0a112c80

SHA1
c11a63236373abfe574f2935a0e7024688b71ccb

SHA256
992cbdc768319cbd64c1ec740134deccbb990d29d7dccd5ecd5c49672fa98ea3

SHA512
df64e0f8c59b50bcffb523b6eab8fabf5f0c5c3d1abbfc6aa4831b4f6ce008320c66121dcedd124533867a9d5de83c424c5e9390bf0a95c8e641af6de74dabff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a

Filesize
53KB

MD5
68f0a51fa86985999964ee43de12cdd5

SHA1
bbfc7666be00c560b7394fa0b82b864237a99d8c

SHA256
f230c691e1525fac0191e2f4a1db36046306eb7d19808b7bf8227b7ed75e5a0f

SHA512
3049b9bd4160bfa702f2e2b6c1714c960d2c422e3481d3b6dd7006e65aa5075eed1dc9b8a2337e0501e9a7780a38718d298b2415cf30ec9e115a9360df5fa2a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000044

Filesize
47KB

MD5
abcdc719204b75b443849e662c50e331

SHA1
e143b1671d4e72bb249c6d14f19429fef677a6e2

SHA256
0e5af9beefa2af0ad9e8da592b4f9de8f29cce2adda77f6bbd5b41d21ab550d3

SHA512
0f757179eb3937f1f610e8d629d3b5263a291ce975157afe364f13283e9e34c58ee2450e80f2d27ff12f8becaa64808e7542329663ece1064a15fbde1727d2e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005f

Filesize
30KB

MD5
1a803ec18d78d9eb9ea90284617b8569

SHA1
1630522cffeb50d5857e36c10baa1e24678556a8

SHA256
2de9208f9b31065c0696d18ce83fb7c60d9a83316128831d486b81ef5add364f

SHA512
a0f4d3babb6252b983625c77cb4335ccb416cb35f81c9ac0ce75235b90e9893b77ead18f67e57f3e8439330e1001bdb69c2990e9265a9589a4d39b6fa1c2b78e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000060

Filesize
34KB

MD5
2ba4fc348a8cbc1dd106b2b7ef5d8a76

SHA1
ac4c4241dcf1d307a2f145d069cb85cc8e3e2c4a

SHA256
ed898ddcf4f01ee33d82b9e62c27a0fba465ff6873729ff5a72d280d9adcaf12

SHA512
3e75a032984ea69c0c0bc8470f5667086d63ba6fe7013c67b85d22b61cb5d1fb5d0edd3047ac74eba9390f8fefbf7ab22c6aee1242ee4b7d80fabff615ccb9e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000063

Filesize
28KB

MD5
5edcbd2579f1645b4f6f34005239f645

SHA1
d791ea001cdc9b8408edc510aedb4ef4f0555ac3

SHA256
4b4ec57c7fa3091211019e8332b0fe28830df406441e521aeb8a45d57926b416

SHA512
2d5f9be07b6743122f98e2bdbc225c241d24eadbec0c239924598aa5d204e4fab0a1a3443d373caf5cc110d004ef2bbeb72946c0f04d0c1dcc76ec4b4a9b7c98

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000064

Filesize
34KB

MD5
84a68bc27370b15560dd4d7b966aa2f8

SHA1
42b846d1d994b2d40a74c315619d1dda32d23d5a

SHA256
51643299ce0072fb3d10fb031ff9de00e1a84f981353d9bacf1ffe4ba743ace0

SHA512
0895b32c0024195de8ecee85cd460480dc0c187198d4c7aac0f249c2447d9cf57a173c07773adf74ee95a78d8bbce85c8d5bf10cbfc98348e415ae99bb10f67a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000065

Filesize
26KB

MD5
0587d97061591edfa210b0d1af6a202c

SHA1
c5748347895f8c249f130690d892681ec0a644e3

SHA256
f5d1095ce4cdf168b68dd7e768601dc8cd34a6d15bd670e444c1deefc74f9513

SHA512
b8c57c4dcef630eaed3b60252d3f6c7a4458d9c014c942d8d858e3b6ad4ad039092002cd7b9ee81966f98aca01caaced144325f924e8a6d89225fc9f54721a4c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00006a

Filesize
78KB

MD5
901a453df28b80a8b5acb923baa8bc8b

SHA1
7b29284fc39168b9f975870ef876ae26a199e142

SHA256
4ff02bfee4a59e141df1dfe0e0f17019c91d5601c5ce9b9d3d04084d0416a02a

SHA512
d532108111e9260aed44874c84a69f87e2b4f185e72b93fd6b4cdee9fbfa27b7d8fefa2faf72d2f46945269a467a6f4099354a5e6bb2622b296d1592ad0db988

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00006b

Filesize
53KB

MD5
c5608c3aeb2bfd2945c0471b4ba645be

SHA1
e00536f4b9739de755eaa4558e1ea24106e1bc44

SHA256
41abc9431929fed82493ac7399dc4d6e7b3c6c1c13efbe7daed632bd1bb4e343

SHA512
b90ac2afbdeb13ea782702c6e1b8d29f0947327b6f111caa9b92be1eef23160307216cc77da51cc0e08b1182359ffc561b3e8dd0f3bbc23be230daf5401718c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00006c

Filesize
84KB

MD5
f6b2c5fef4cd0cee6adb32a8a7a7a3c8

SHA1
e9f05f18a080530b04abdea5532bf53433cc3c55

SHA256
e8aac6218a9025d2bc04765de9a802778fd86c47d1cfc1ab8a9847a5151195c7

SHA512
316f3d6b237ad8837e7b6091fd132df4832a9f76e7769df44b59d289e6f90766857309f036b1a9edf52548060a329833674703553ba1503e91f5dd89fb234f84

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000071

Filesize
17KB

MD5
7f99d1c4bffbb17cd35f74c9864bcae3

SHA1
9272008c02dbd8112a5937e98df9655a7ce16a3d

SHA256
d48c66cd38d4076fead5e84ef41e1d3e34edaa81eba07bbc54ba34cdd15617c3

SHA512
25f0f457162724af0aeace1b8aa5eb63917058eee0376e6d15d58c431177cc21727a6344b72ae0520f6485f35e7068fc3538ce071971efd43551b163009df40e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0373765715b33cb4_0

Filesize
294B

MD5
b30275c1718adcf657ecb313a19c4d1c

SHA1
95ae82aae45ad16c3f58cf3fe72e35c36f46ae98

SHA256
be497e0c36f7902fe69b4aaa4ab20c1c1bc2b09c4f76043d2e45683cb228d5e1

SHA512
80a3a21905c6c23443eca529ac808f765565674cdeff05c6149edc2c2295c9ddb76c52addd07c30f35eae5c2e3079544b4dd130f202bf69458d3bdb22985911b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0bbe00d9bf7b798e_0

Filesize
2KB

MD5
07f1d8e510a34deacb301f33bad8ae7b

SHA1
e14097c2978faadea0ed1f5899a89d9bdfb3ba55

SHA256
dab0f3fb4fda3ed5b125bd4879c20a83556ce2ae8c421313a7d8b6e4ae899212

SHA512
fc802cf262b8f026914f448999dbd27c073bcf914eed5a938e857015d6b83f71aafc8de3eb9ac90b6d631feeea5d723a2815653fe200f7928372373e0f7be4ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\25c90b4fb1c6ef85_0

Filesize
1KB

MD5
91a79f2f1aa8ae2972420860e2dbc27a

SHA1
3bee8dc1545e6fdb672bb48871769edb80b8503a

SHA256
d746d6330e8422455d6aa49000d5663ce34d351b666aa8f58111e191072ec7c9

SHA512
650cda23fdddecb56244ac75bcc1a26b2ce383d785e437189b98dddd0dfee087f8371fb2c9a008f1f8cf4268ab2590538d8c6243ab04de9b6a8c734b27dcaca5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\45a16ff6d0d9ab5f_0

Filesize
1KB

MD5
57975790b04e8c6cfea85aa6ab7eec1d

SHA1
311d8443ae7d4587ab8f5923c6a74765fb85c2e2

SHA256
c8f21785183be3851e0505c73a8ba723bf0933be7568a26bfe2587633081b18d

SHA512
703d43d0771089fd2a3a08e29df51d92ee2b8f03e4365a1f35c20674acb0eaf320e0c822ad0e249400d9ed9a37ee9f8701bace413d633398f51f3e65c53e6a2c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\476831ba582729ec_0

Filesize
3KB

MD5
f9f3dc6e119d70039739d4820e3a5cc4

SHA1
410129d38d9f7153cb8bd228c3e658f661b94cb0

SHA256
1ffd7cfd69881352637b1dbaf73f55d8538af12b9c62aae08ada1b2c123d226c

SHA512
8e1fc0f1ab64e22bf2fbb15ba67aca94f152688ceb261c7ee6a36aae658a60c6601f27ca21a2c3e6ad3820a4bb1759470efffc62b83ce9f9138a58c622535b60

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\53ac5abc87e80789_0

Filesize
2KB

MD5
2cce42c1f7a84c269ff3099f10ad6165

SHA1
d11b36e781b87af68455cf18dc3bcd44e83154fd

SHA256
bf856b77fe4bac024f2fe050a94d88a67b2581cd9c5a4cf5a770b91f049f117a

SHA512
40f2389dc6c46cef2732750e8826ca073a4a1490f723d40b89612fe83a223e25a581d59469ed1b6d800878a350af381d93354ff50e246f348575e94ea707c25a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5801d3329fb36c59_0

Filesize
2KB

MD5
a285f0669a49207ec8f6d805145192a0

SHA1
4ab4e94728dd3635f92f6a0236cb9311cb7490ca

SHA256
c4821ccc2dcbb86c5dabe3d5a49132eb087da427ec501d42c7c77e2080410cf0

SHA512
75b50770448a4a94a3c638dbab3b86d1f1d36e8acd8c05358eff281a726f28a1c7a5af5aa16d73e665b5a3373dfcadb31a06a676d72952306622ba0074431c51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\580fd9376c2d4a3e_0

Filesize
5KB

MD5
c658adaf7a32e5fe311495d73016d0ad

SHA1
108568e55efbcaa5d115c54d632585b31e5f1e69

SHA256
5519610c8816927da57526bfb1d4f6bbf331c0fb102f7052018b0b4ba118c489

SHA512
ab2f5c729092c1cd72b4cfd44ab1eff065a17e422eaa818d989adce8bd21a01fb470719d64190e2f60b5b32b43d965d4e935f0379f3dc0cf6efeaf8b7d1e77e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5a994fe24b451732_0

Filesize
4KB

MD5
8cbec3d71e9fc501db9624cbe73ae879

SHA1
6ef49008fae62afd05b512b818d530948d1a47ef

SHA256
ac56a38d1f5ca1923382ee9808be2cacadbdbc4f5619dd16b9fbe2a42dca357b

SHA512
c175dfaf897869e209d27f997cc74d55cc4aa08bbebeb8ac94163834ad8579b60070803462e573d26188d6c147832a4d692fd5c7135644a2ab21c4676cf5ca4c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5d0c04f9998369cd_0

Filesize
3KB

MD5
a74565c45a1b7ad8ae5e09cce2289869

SHA1
e4e8d9c873b54db6bf2ae72e60704f6767bff5d7

SHA256
c16be342514d507f66b4cb569a7dcddc50bac16db85946c55b9fe7d15596facf

SHA512
4c32add2a3a212b39edf4ddd33cc930ca624bb25404d0a27c8972fe20c6af8d2c3fd08c12c73355c98b1cd27c0534ebf07a731ec5ba30765211db72817686d39

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5dd1e579c9681f95_0

Filesize
2KB

MD5
8bb1d8e6b2bf36ca363cebff5cd209b7

SHA1
ebd3b5b01ec1417e33bdda15ead29f970d673bdc

SHA256
b8bf8c462c524c5dbc7fc59afecc6c1e30961e7c26d998cc9b7be533dfb60e6c

SHA512
bffa3183ed8cefd16b75e86f4e4ff6497c7bdd4492a581018f2907a797b496c9c6b3f0159e4db0e32274849ddd7c23b6e356987132f19e7bb0f1e34c36446563

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\605167868572c6c4_0

Filesize
27KB

MD5
3d42ee2a767118e377bef7e079f025fc

SHA1
bea6054802fbad8596ad6cd5330ecb1e4606d823

SHA256
9b8d57cb5178de58edffc6d953ca875347d7be612d7b2a2490d79d5d4ebe8373

SHA512
3c68ea09fb7dce42f8c4c36bc77c4878f168d6301a05f1298504ee84553ecad468a95e360af15307777bdf018940dba00c396c640b9d597e777e7d8c95ba5f71

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\635e64b37935c888_0

Filesize
1KB

MD5
58f8d4ca02b5b411cf19f3eb4619d12d

SHA1
7795d124045c42ff31e5d209ee6b165ee54a71df

SHA256
c7c9d207ed03b81e7d28954c24c58e3b446d9c618e2a14b8b6b3ec33617f6619

SHA512
7814ea3d42c9a6287d5178c1d809d2942b0024cb1f188bd798444f55e81c2a52d13322a9177e8e18b4cbbf973404e3fadaef83f97704dfd747a59d3f5f591ee5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6d3b0ad57bdf7db9_0

Filesize
1KB

MD5
8cfbb4464e6d7a1bd265f82624227574

SHA1
5877bb6ba047c4ba3b423a281065258bdf3a4faf

SHA256
f816d99d1da473450ce463d2afffdc6bb9dfced8d06de7f68275315284ce058a

SHA512
a22ec3b2badeaaa6656df8e8ef3708df0533e94c50f314a2ee52c33c45d4f6059dc712c981d00165961edc14b4b3ef121a0c6065b253d5b9d8c32899f386cf68

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\718aba49c9504085_0

Filesize
2KB

MD5
7453a31bc358de78939febde689d3d90

SHA1
13c70d15bec6f577426ba8907aab4b714640703a

SHA256
bfc9c007efed2fef43c317c9ed5315cdb904626329f431d9ecdd3b7cd7386b16

SHA512
6af5d3ac1a93faded7cbaf665510e2fc6f55eff3db05659d7e0c3922012a1e1dceb49222bf3046b824a6556b494d853349f4dbb6d75f4a22ee49fdeca6f822b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\74b88724f60b0383_0

Filesize
1KB

MD5
8c1e339de56b8bab492c3764d29bab30

SHA1
8b635fa52aad8b0ebce7329fe02b1f5536e0f44e

SHA256
bf2c5a21379a9fd79c041393eb566f52d8ef4336b8397cb2e27b0f5dc5dc12f8

SHA512
8972e9cb962715f8a72386b3b0968cf65f2ddf47a888826191bd76bbeb8cee33b17adfbc26bb0964b12b47a8721938c3ca38f7f3e56658f24b88cc7b137a6ffe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\87bfea9426cb2ef3_0

Filesize
2KB

MD5
c17a013cb0379350be1bc26600475a1d

SHA1
34db7bcd05c305a70b25b7b11f1239324486b54d

SHA256
fdb106d2a94e56e7989437448a94be187191c3a98259fe86f366f7b5db55a2fa

SHA512
423aaae38f442d85956b186ac8b552abd1002c382a3a8fbeffb49f3df6e3c64ea60384c8d8ab9dfbb683a8d4ef8de6983643a9bc58a761c0cb19d680a5200e03

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8908012b8e4a5af1_0

Filesize
11KB

MD5
96a9367f66e23ba4cf67a7146c165436

SHA1
7d9d202757d048990a8c93149eada389b98db2d5

SHA256
c53819208b12184e6d62056cdc93a9254568c30d7522076e10530618e497931d

SHA512
72c8fc9fa274ccc2d75f5b881036d9ce8ebf97447d3b5ed74bbb5d4a6c22f57715398cd2a23f414e259fd40a7638b0073b15528ddb8e92c21f035261109b156e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8ec4b11de0b23393_0

Filesize
4KB

MD5
4bbadd9b53fb78eb3d7f3d571e553551

SHA1
ae8676f95b1e9e1a7c503de9247b2b03994d4905

SHA256
4d545b5d2560b37331554e9890badb329593c4b9c97ac38636ade48e6d447c88

SHA512
9485fb899888ef61b8331d766c6c1402771bc3538f7ea9e669a15f7c551f2592da194bec01069db343262bc4b7cbbc91055c4af8663932217d44180de9a5d7cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8ee73a31bd0cce7d_0

Filesize
7KB

MD5
a22aaf9cb50fc691c9ca0afb607e5b52

SHA1
e618dbfd3818fabad03b25ac064b0e2d95b00e29

SHA256
3af0580ab0424634435de16de2ff989725d22027ccd7949fe7a78ac83724da8e

SHA512
0b4c6609851dca6d677c46439359468bc650a03d3ee161723264a78983a3025a6a70bd8ae607591da8619818cb94c1625fa828f496ef9b84aa3cd43049491605

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9412c8b664751f90_0

Filesize
1KB

MD5
ffedad9abf33bbfd6a8bc3d034522863

SHA1
c0cb49146cef9a12baee7aba66d3ddca7649a851

SHA256
40f312bf0aa748eefadddb83c53888278b09b7bf9c7b1b3a8e8afa9375cd2cc3

SHA512
a95f85e67b3fbe790e9e5a4a430dfa1e4ba4d0c5c76e805644aa4a2b98d5e5deaa77e6d2477d4ba9b3c01cab98db8bdbe231a3e5659ed9aa930f94e1e313344b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9a267665648440b9_0

Filesize
6KB

MD5
041a07d97064caef112c847fd4f544b1

SHA1
2a26e73c2a023be0b83cbd214c9c75c151391567

SHA256
c36757bd96bd032495e0e657e4b9a6b0ec2bd525cc12f60c5cac0e1fff130838

SHA512
4314756d0065b342b129ca65d0c0d1ce01d21b63625ddbbcb16beb94af5558fd7ce91d09dabbb9df89dabca73552edfdc4ac8e843fd20facda52831fb6f78dc1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ca5bb3c84b908d6e_0

Filesize
2KB

MD5
bc47ac368bf0549ae2a95b3a584d40fa

SHA1
afc9c6e329ec4434608a63e3fa2330863f1ac44f

SHA256
e0fec9cfced0669d0602f85e893912d6af609f23d58f8cbbc56b981953634e13

SHA512
177e844ba6c02bfaa707925c0f2ca999959ab82b6ed6797b7e6a79898c5fedc49dd15d63d8b7cf12a7bbe474307b2bd886875262f996be0a8034dbdf35289c17

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d569216e37873bd8_0

Filesize
291KB

MD5
d675ec72c96eae479cb590df3a3fb1b7

SHA1
a27a0cdd93abcf9c17b56ff12c9d8a357542eebf

SHA256
fb0ca5c402ee71827692f57b23099f8099b392518607dd7ac76a617d4fcc5312

SHA512
f01b6e8d5b50b1d5b198e1c8e76b51c97451c4ccfa426b1944e4c78ccf7e386fbe1c533b3938b50ac08a081524de5750149b8f2ecf5d6e63f4333e0ddf1649e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d7a29efad91a1117_0

Filesize
262B

MD5
77cf69f2c7e37693071b82349cbbbecc

SHA1
b2cd6348a6171fc6d7c65576a772bfdf0e665989

SHA256
6ecbc88b1ff4f12a8b9ea5d57d107dae019980832a08bbdf87aaef2acea86ec4

SHA512
7cc05ad5275167eb85b4c5bc9c1ab9e3b3c19507187b9e358de87f51fd80a115a6e0269c40f8065cc4415087c16218f639411d6bfeae973be04d535f8d36d38d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\daea348421cbc209_0

Filesize
2KB

MD5
f4160cc49d00f6873a08ae5b48d07cbf

SHA1
c3d4695b924996fde627782c27ad56125b141fa0

SHA256
0775804377db848b52c868baa0714b426daccc9299aa12f358188a4943fd0635

SHA512
e0544bc39b8995f72e4a37174e59e472b6b32c5d41a5dde8b47bb4649bbe2881ef2e7630dea2dacb627882f22a668821ff35fcf0e995b314809afd0bdbb8e365

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\dbe453c20a6bc349_0

Filesize
201KB

MD5
8af6c4058ed614db31ccb10a470ea035

SHA1
9f3fc1a01623f9b7d32d0828c6b923e9184cc56a

SHA256
3744c153ab473dff4a0136538b1d52727f42116f30e0634e2c443cdb01b0402c

SHA512
9cfc5707cfbdba20aff89ff0a060f251f147437a0cb5c970393c1393cc83ec00a41da7adcfd0dd1bb0dd5982d54dbb348096a6d662544cb370bef05aaf2273da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e55f0a6d1b533c66_0

Filesize
2KB

MD5
ce4073821d56a7f29686e9e9b7192bfd

SHA1
a9e217cd208e0bdcf364794efc95a0ecbd2eabb8

SHA256
c661da6fcc98414b7a7e95736121f90f6ba4cfde2b892e91003ebaaf9f2c316c

SHA512
f12be99b77422ae2d6b45c7d1583004c21168d044a048327c400be440dff0169cd049143b17a7a3a4c9ed80c0da04ca1ab73215d71fd08a4ce54a3faa2581653

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f9f54d7f2e6cf0b1_0

Filesize
14KB

MD5
79f6eb6f294331f3e600a1f851c91cb4

SHA1
7cbbca399bbd2f399f5d2fa67c6c09f27c4c7d29

SHA256
2daa20f7db3418459a85ae3b2452a4e37389b920d41880b11a0981e281feafdc

SHA512
3e9476712968edf50264fc0baf2728d34a6d7fe3b8787feff93a40c3a7bacadaa39d7ea738bf89ecebf42ecb7d3770f472c7a40d249f2b219114ab51242b6490

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
ac03af438e0a4bf48b56bbf5322b7d16

SHA1
d6290a040d9dd57e319b7ba25df2bc25a9dc526e

SHA256
2b2b122bb5e8c722bafe10ed22989ee1e8366bff66bcfbf7e7eb8f44e31215ff

SHA512
a15b21a8694a38efc239d1f343b4d32825f94bc85d06add06e82bf4c8c7b540d69c0d7cbb9277e84182e4adc5392bab5ba1bb4f81159709e3f4fd9f561f43bf6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
998102c4ea2f6e84ab71c82550dc7d38

SHA1
10eef3c542b88fa6f390ea8973915482fd680655

SHA256
b5a4d1b5e5ecff04d74b6b624bac5f7955b1048bb163a6b1476e458106f6eb8d

SHA512
cc4b19cefcc3d85a73f16132fe61fbb6fcb002daf7c9c610c8fafae7a25affc474a65b6f4acbff8391d23e043a32b751655d29b6fab6769f628e40834f2fc8af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
8be7254466b4db7afd9211429d4e6c5f

SHA1
7c0845240be070089ce52b115ecc70987d7244fa

SHA256
6211b472d03c2c0e4a559626c79b281f417a4eb8176470239b282a4f0011b68e

SHA512
37ca60b444d41bcea70174f61007f9372e578377287f83f51e618fe2d00de6e0ff4bd1da0cabb2aefa6ee5ef32cc2a56ab64acb143b0b1f41800727fa39ec157

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
e14f997d3c0b48696867a487b8b3ac3b

SHA1
f44cedb3bbd6b0fd6c995cbd710d574fdfbd13a7

SHA256
260d5cf7da09660f6c64238298d764e3e5eb628c8ce50425be0bc7d923a36c51

SHA512
dcad063ea3a22b6d6bc89e33a286412076e396a0baa3e79612a8df4155fe05ba89dcd1b99b105f096e3e35e1ed3234d8fe888c7f9bb68234737880c2ec92b818

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
4c3bb3647b48e8becad65eb8be87feae

SHA1
9b89f3f9b2ef154a8f8b2816a857fb27e150e88c

SHA256
b67e693c6603bb0a3abd356c15a946ecd45b4643c5145b94c9ec164e3aa45717

SHA512
c7bf9da9697ad64d1fa857a89a87b4f2bb9db153a58489789a2bda865fb5fad8871cb32410df46a1d5336f2339b0ec587eb97d7db667f4e697236c4ac4cdca96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1007B

MD5
ca73635d8b3754ea2be5cc006ea3adac

SHA1
1198035f8c8a30ccddbbb8b315377ef5b7a59945

SHA256
d3b50257f7a6c18b9da9f679688f31b1b2c3b341d0b799cdba585be231186b4b

SHA512
5287188ec246d10a3722ae41aca2e210fc0b36f2e79d488e1087332162d20d663412a612ebe81fcfe0c7e884828463600a9ee725cc30154ad29b3e6be8c5b451

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
8b0d864a84bdd9047246aefaeca0bdcb

SHA1
3a8cae080e4b380aac9e0092e12ff601bf7ee06c

SHA256
07579b84376523051ee7375b32ff92c5d97b5f0e19fa36afe596a7344b61fa50

SHA512
761b55cf4cd2c7c0e98e57152b335adecb9b9fb032f15a009916d7ea3d31196a64b452ef950c635265aa8c9377f6a0a4f93ff4c8bcfa97bb54a457405ab878e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
32a0fcb490bd73fe7d882cb3aaade3c9

SHA1
d8ddde4d18d42fb25f37d9d0eb7888e9e7af1bd5

SHA256
8ca1cdcc9ddc19224494a1bfea2f348022a09e38922904d869474c6ca2d09d65

SHA512
182b1fa5d317ae5e752cb930a6cdfe0fa9ea4cbb8612cdcccb79ec3f7de48a60b80d002690114cd4e6442a26c22901df8bcc899f2e7c1c072dc698322b9ddaca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
b38e2c13ef0497f0cdeacf9a90d05888

SHA1
e3ce6c859148243d781eab0fab9933434a03bfed

SHA256
be0b1d5cd9c2c1289fad36ec492051d4a9be68f9e96c096e24e08398b4398305

SHA512
e46814cb5e66e300c7d528ffb48413d651e7df590861ec14072b5d060313812b642c81241f2312d89a918422c35cb1e8d997105c0872db0f15da860f1332346a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
345965583787971feae71a78e5eb1502

SHA1
671f71d2795fa91d7658d3a94614550e18b6f700

SHA256
d5e90d83d9ad2ecffc4542e30aee5dbf32e0fce9ccd10f112ebbc9c062f0f66e

SHA512
f388f4ea9609f67ebbb44e32cfea18f0f4a2c7933b8de47df9d4489397e3b94a0c303908c603693028dec4e453ee8a93b1811880bfe35b74a7285a6bc29548a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5acc99f8411eb4cc87abf82b9ca632f3

SHA1
ff7845da1a820437f312e5538905b28846678f23

SHA256
43a44b064211e13e688a76a7a41ab9af7b70719c7a56dc53e4decbb3514e477c

SHA512
047f06a9c1a6e4accfbb87d1b2d421ec7416d076990c7dc3baa6e9f6d945cac954c7dd1fe0b8a4beb8966fc471db01a49b8c7ece14139f4b6fe292e62ed47382

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
cd331a2545b42055746cfe8c932bb25b

SHA1
27bef5464d7c44fcdd52d817d8131588a76c3bc9

SHA256
bce2eb0e778cb25786c1ff649d07106a87f38b577485d4b3ac1b0071773d6237

SHA512
0f3e3c4ffeed7cfd46a23a1176bc89d8cc73ccb9cd90531a2cbea989290cace8901aea3550dc0937f7cfd4bf4e989d6f9adf6d4bc183b71387cd401033b493e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
dd290549bed643210d57c18eb6836651

SHA1
169696fb49f4e5e98f31655b91dd6e00bc97fdea

SHA256
353e3f8b07e65db8ab6cf7e8f6020e817781e068fce754b68d3b5df9a7f59ee9

SHA512
bff7b512dd18720df75f3d38cd3bafbca55d26b9794baca37182d22bea9518b52cd903227098b484bfcf085c4410219fce4316b66e48c3966a0b32b5a2984523

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
be219f3364f8ebedc5ec88aeef791ead

SHA1
3603be34a6f6b16a95503cc3f663de01687e2836

SHA256
bb5d5fdc25cff43fce0c29f2142944291e774344fedea43e40023096c614fdc6

SHA512
585d0f1c433151bdd8896af0ba157b9f46eb606c0cc4067c5d375a41dfd33d3a07095e0f2cc62cfeb659225ec6f74877b027d7c4924490393d1bffbb5b3c82c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
e7e37646f7808719102a92271d270282

SHA1
7e714bec260e876eb844b316cdad343f6b840a2f

SHA256
645384b0df0db838e23c1727989e9250d1dde34d7469f668a97026163bcd6492

SHA512
dca32ff4b85a4216692b7b1847f5bab329f294c9aed5ac97e64d85faa796b21288b9654d078907afdfef08955b5cfd5f9ccc8d7c11d34c116c272d1e4e23a4d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
836449388c2bb19b6e55c072fd2e6915

SHA1
1ae5d327fcba12cccdaff03fedfc7630f954fa4c

SHA256
d9f0a959dad72ce0506b1923ba3e2cfaa6b336f3cba339b5f2f2b6163f03fde1

SHA512
f00ce9c22349d97a42d2e05d45f5c5d7f5d7b0badb27b37bef63bdde7f81d1b4ac495b9f5a46247a0f773da9128f9ad5a0104bada5ee96a00376d70a44cf572d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
78ea4fb7618927af5649118abd788f87

SHA1
b11b018f06aae301cb894179a6fba6cb59505871

SHA256
f86464b314f1e5d71c3cc4d249f8b99e25c16216debace014ab8cb305f934ffa

SHA512
8f09b436dd49df06045aeb8eeaddbd7823b48ddaf8044bbd8e0c04d095dea5ee4d2d54295973ee8b1849248ca1d6b2553c0dc8c16fd18c94cdee15a4057f006e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
160c6ac73591abdcd3f82e4be742af95

SHA1
57782bd3272ee4994d83aec18f4c26b65cd668f0

SHA256
fa93607932122bed2cdea2e558bcd9021141d6d7213f500223b613d0b4ca84f5

SHA512
ca9064e2d3aee1d321ab7eb6b92ff12a856d675e7b62313bc706e4711941ab776087e22d15514cdd1d7fa4f7c82160a28f49e8c11c14be5b10ed657d9c5d2129

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
e9a8539e6b11ed873ec0de2629810f04

SHA1
8b7953c348b7f4c048f4aa8f7bb8da112f65da89

SHA256
260d87d8992c21b6f94adc4e37ccc64d27f59ac2851078f463c4c3b96e99bc6a

SHA512
37e71a5f20dd617d57d3920033db04e131cbe6087faaa37685f4e6c06b5534c47d29f69e4eec22a36fbad1cc1076f0d3286b66ed7324b43e4343a0886ec92049

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
39a38f8d639b31416095633e94adb1b5

SHA1
1e6528a312778b1ce5afbf9cc7ec628597524fab

SHA256
202e901f7f0d579f14c77271e86bcb1425188e49755f1562c0f9a222dea0815f

SHA512
ebc252e77fe8e6c45bc94850acbbf7dc8402e48883fd6c129c14245221ff5ac7e78bc8440bc611fccce67115cb6342c84e7ab89ca067ad3b674f97c0d4b25418

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
20041a423f4643a016abe78a6471eedf

SHA1
2b27d512de070607e8fe623e07457ae93fd4e834

SHA256
5d2a763e79d87f4ed79d4312977a6a493d537f1dfb2926fcca7a8c821ec60287

SHA512
a4f3aeb974d379fcb43812118731a228f8cb705ffa04e0057a6c18ab1b25de6e7512d0f9a948b9f5ddbdc6b5c099ad5b7a7b01ee136c61df5079279c71d49a61

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
f0f27169fa1a422eadf124f5ea066bc0

SHA1
20276c8be26d81574d560f527ac0a63447538a30

SHA256
5c3d5be84f7ac735efbe3d2e01363f1ad9d3895ced0e64a240980d5e25c67cb5

SHA512
1b9ab0f4b9e128932405c19c345fe3e7574777f7321df15e76202c4cb9bf2f6518025cd91bf980d2d4afbbb0b1dad768014c96dfe46045fc7c1e23592afaa6c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
210e005cc68295a9e93c28e17d39da6d

SHA1
22be92075977c714ed49f0dc6b2c0fc588f6ec2b

SHA256
d5688e24a2522245124c099e1f76a0ed0323ae5ae9f87f48157f71233895f8e7

SHA512
f3984f9a8ca257162b38772cd5339c0317ee829979957b0eb91906b159dd963fe1a24a84c15da789fca2ef09901adab61274ef1cd16f92996720a207b879e744

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
5adc7fd754ee64ca91636c0eefda96ec

SHA1
1e2aabd11bdb136c6614c5d821fdf56b9aadbde7

SHA256
ce110fb4882ff0dcc3e06bf5061206aed3ff64a73e5a68e718d3abbc1a789792

SHA512
4dec5046e1befb7979d42fa99dd726b7f2ae79b11cf058e401066e76ab99c4711f633e7b9e3862a33e17f45f84d729135f37ada50a72a3f31529adf4b575794e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
cc18f10380e46343edb36a80a1508ce6

SHA1
bade99968413a6f74918189315d24c7135ae2f96

SHA256
2c5f060447e84341e6159506fb4c390309d6f15c80e4d6cd5bdf3092e5958825

SHA512
edfed5ba468e5c687f03e478d609f33dfa062328f3a02a9bced655b7ee244710ca86a37a082330529071c861385262cdfc28ce89bf9ebcf63cdfa86167b150af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
da36e4d78d11be50271dc21c1a12e38e

SHA1
2977ceabf2b83e0c928a50d3d606f26e9b5d28bb

SHA256
a1fef9d86862795c0735d47ce54e15b50ce6c61c5049999d8d494e30d3f26d6b

SHA512
8bbe0e2d3e2b1f1f5f6c91c41e58d6283529b06b054f8786db8d378eb3b669f61c3ff89b76ea0261a479566e1a0b965eb3bb7155681f660e8c34e4c8a4d18bea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
8d9f17f0d021326a2cd15f90d435da75

SHA1
f9ab90721b7a36522c49a885640ea2bedadf122f

SHA256
68e0e1378b9b90c221bd05f44b7f11a83b1275f7c0827946b0554bff7ce828ce

SHA512
14c272f066ef7ac672c9c99c6b5fe5f37f25db5f6b840dd3c0526fc496583b1c227aa8ec26d37ba9f4ddf9f48e2df3a7fbc5ec8876c58a89c07132879b336f98

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
7a7e81bd72cb4f494307bbe8a016986c

SHA1
016ea7ce5ae37174ea5ea080e5790ed960cfa48f

SHA256
f8d389299f3b5cc6f77b14ac70fcfcc9bb6e727d67edcea7470a291a2c877e52

SHA512
1bd73f434b0eb33b0a6defb5cadeb711ff56851eac303829c17de9e7ecc2224b838100993aa7fe4c737ae22eb2ff34ca7d2ccc13ed65ee2822ac32396efd8598

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
288df93b497ee8cc4732195fd7f0d77f

SHA1
ffe4cc78d0f22306a129542663ff43568f6c8471

SHA256
ae84124e80836928d35232ea93f545cb450b1b4390246ae93ac4d3fc90524463

SHA512
a4514090a5c6636fe67ab6da606d2fdb9a1f972ed9e7d9ffb0d1a4eee79a90b24e7106afa691c4599ec103c8d5094f9c2484fc1e423696ccc92d1e24999d76a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
67cc6b195ab6fcb64367a46c837abc98

SHA1
0c551e27843ca3f54bbcc27b346c6cbab1cffeee

SHA256
abc9fa4f564458aeffa18143c63e37f051c91c7cd7488060a26fb584e61cba99

SHA512
223351883ed68cac4359e65761c3ba8ff7c9be24a00cb91febe3c3e0eb0cbbcc15a71ddbd6f426cf8157d34ca0f66bdd07e442387eb9f228ced96ca59d4180dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
4cbacf64a8d30de8a39e3223434fa74c

SHA1
e393b92174b47c215baafcd947e9e29df65a2b1a

SHA256
938d6ffef4adf95ba69a396f1c061f44de28bb3bef283365826737ae5c0308a0

SHA512
b30f87eef2566597c299e930dec800e98b81e8fb624164ba7ec40f965e89cdb5e4114794a821225e528d479dfd76081b8145e3890fe7d4ced17c678bad2ab8be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
67c3396102a1fc6db4f37894465f0e0e

SHA1
c8521f8d2b8eb9c8f7b190f8f496c95bc323e3a9

SHA256
b399a862895da19113d582d1df761c693f980c5ca05e860f5cceaa1f5f09d7aa

SHA512
847759e956ddf2279cb19c90554c065740f75115da1534da4fa556e4f477d14e4f15c132374507b8dd732a04d12c5368511bc5aa74c108357b7954b4bbf29d28

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
523005c52f6a8e4ec624ff3b5203a8de

SHA1
002ad95040ed7f960b1ee11ea56bf6c77b060940

SHA256
f00f0cb7aa1a9bf8a068c3e2295dac040b5f871a93baecddb616820839386819

SHA512
68a01d81c8cf1d96c23b036356d867c89dc723109797da5c9464f2eb6e25e0448dad302a1ac7f52111a4924c64e7fe9f58f0f1e520b2590ca9fec3528b321821

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
12c868834bb0a03be35305250342acbf

SHA1
5b03114ba59f6ff87a9d463a3fc474ec2e1f4052

SHA256
9bd47d581d934e28e4a20dfecc700862006b20ac7d9be2022768698aefee20ac

SHA512
c7ac478e94c69df134565da5325c69d4d5e3419d403dc7291ae7de90c596a1e4e479217af293597e873e82c38c3d8cbd33ef3c8d6caee74cc1ce98af531de58f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
968d594999ab3f471c64b3e2a39663c2

SHA1
001941f87ea0f06e2d00c0d60b397b3b532e9ae0

SHA256
68a73091f044d13cb40acbf9396956f492a6c90961f9efbb0276b178715f10e0

SHA512
7dc8fc5e50bc44f0e90cd09c2d7cc32e759786003bdba144dce6dcc756343723a53edf499a5bb61033f460dc81424dbb502ded6dadbb2fb7565bd46e183982f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
8f34c2e3be985abab52551f94b4546fe

SHA1
32bc176ecdb90e743e351b591945357f2e0839b5

SHA256
632e0e3a07995b56d2cd7039c3f555873ef13accb2ea122c95dd5ea4e4b05ada

SHA512
ff0a46cf04724fc188daf191728a4c61ddc2c90355f4de4e82111e6659553fe2865ae988f3dee03612fd68b2ca834f13cf4444b3528d0db02fa678a960a8f4f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
ea4066fab72a5af4ab1ba8d000348b3d

SHA1
9239138bd5f3c88648642b28167390ce5b73f245

SHA256
0edde70027c29267b22a88b34250d605aed9b0ad678ef6d3e38ee52926199f22

SHA512
1369de195ec7f8dbd0751522b56ba6064d23dbee5d20ecda89729dfe17e0c85141b16fa74790df4f1ac0943df2633824bd64a8038be8a58b6d213137ec12f87a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe581f5a.TMP

Filesize
1KB

MD5
ff7f956ff0ab4e052748f2da59d7ed7a

SHA1
a202050d0bdbe81ff0c1e3f8d85cf024a34d99c0

SHA256
7d7a6689e43528f7245af167ed7780155e2d84de715693a49016c4945319d8ee

SHA512
3909e100172a678c03c6979e6ea20fff9d8d6c6c0210759bf1f171d235a7d66a8b993ad7e848e078e75e3235d9de366234e93cd38b084f3648a59f6bc34b7343

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
e8f938c8d1fe580af7b8acfda1437a03

SHA1
d908d4cd0b64f4e27b5c28b1799a257d014b3f4f

SHA256
48d2a1f79367efa8d8aa9fd3d2c526ccafea94a0f87bec9dd1fa92f0f1538e80

SHA512
f723469a349738d893d7f1c6b573b71c14b67e6075e1fbebb5b0f1339a9ae4ccb10e067b56fb386cc1c37d7aadc4f437d2cb46dd56074b6e64df9a2bb1f59549

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
08046f9141afc136ea40299c04f6c6cd

SHA1
c5404d9fea0917c9f4f9c8eeb095d261215478d7

SHA256
7af49ee2aa7bb8a0c0aa75317c2beb50a0daff59736ee2657937a47c12a411f8

SHA512
8b22292be90e74abbc10f740d40502448b3c7b3961b4a9ce406460ac77a68676cee29b44e32daf251aefc9f1d828cc33e88ef11dfd2774d84dd8141911a4a287

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
bba07359e6b661945acbb8d94fd5ecc4

SHA1
92cb063cc836fbb77fb735f7ba9c9a2854af5f9b

SHA256
0fd5135d9a784967b57f57f884c1f903567799af8e9b6572f8c2e18904ebb39c

SHA512
70c5b8a126208c45c434f0446d505557fe9c88bd53fb29a223e8d1fedafc9f39285e18fe078ad523aeacf716d202fa5ff99ce0f0a4c0f99bc1133e765af302e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
01bb4dbff905e8b90550f2f89680316b

SHA1
e251f611435c321b1d209daa4def9fb154defde2

SHA256
092bd79874cea516c2b603be6f571181e87b2371e02e84d5cab27893dbbd49c0

SHA512
9201bf497458a055a8d12ad99d84d63839458d2be8fdb67a317c57dabe10944378c5a34b45e4458ffde3ae6891af5e120a75c3f30af1520f9a8f716e56062a9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
6f6c88be83b818322a9a0a7411165a70

SHA1
5657f12a3e2e5b9c83b28b5b75768d053670dcda

SHA256
1afb24437ce5998baad8d81f54815cf95383487d395f6d9b11a2a703b836aa81

SHA512
348e0752b483ba55e08bc8095e8fc97d474e9a18f42a73cfde7951934b42b0a7a6d2968872f39a0dca0ce6ec099313b9c0c70ee3858318e810bf0e99feb64107

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
5cd3ab4a99b955dc28176089cc156a9f

SHA1
b5cac252b2447c07ef9e7a2a4ba10aa6dc80f63b

SHA256
51102456d8069effe0ce294ab5005fc22731b6ed4b1f46598ec71324b8768dcc

SHA512
1f1f540f4d7cbad0975a10595dc32f7f9eb08fc29fb1fa744bb890bccf2df74251b41e3b1e83d7d7358222f3b0f70e7a404edef451d1303c60d44ddf76835f9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
3330e3ea83f46c8141f219728c22ece6

SHA1
f6d02f4cd7a588b8223e7d466740d773bae037d6

SHA256
e60684cb8ba2e01ed05f763abc5255c4df6d6a3a2f7712efbd21d9b008fb1730

SHA512
1a75326483d3daf3891132d623e6b7040bb0f349a36b3e5b6886f4acd0aa9b70e0043a73a7efaf5b638a962cbb993a25586609d301ab4bb44c41188cdee9e24d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
def082caa708f81fb219f9f1e38ddeb0

SHA1
d2493d97b5a04c7f2be0ce110a80200f9fb78d26

SHA256
5dfa0e45aa72b7abc886f9d6060d022708aa7a6de161fa5fa6e30f7911ae20fa

SHA512
8d61140f2fc87f56a9eef1277601713bc5761f3d885de0dcd7394f056e78183a1eb3e63a7c8ee21e44f2343ba7d56b46452cede9869a00ee400bdde707e5103c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
709945be4bc32e04aa9a65cbe682e1e2

SHA1
ac3aa8e75676c115930fc67e7849a169ebf30a5b

SHA256
768a451b0aeab4994300258e03012e1099f179a3a53c14bc247983fe280d2a5c

SHA512
4eca024c9ff826fec240234ede68fe1e4c1c06c6f8a031dbd2258e7c409370cc1224b6536eebd3a61598d16136f63de6ae3d2d88fde3bb8b42d9731a3c31d548

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
d0203e7a6b5aef3b0e513d7b9e1100ef

SHA1
03109f7d0c9e3871471411c8ecfda6b0dba6f06b

SHA256
e6ce923d5241d412484d55101f8125cb583db3c34e98e665129979d300233948

SHA512
478e3d7808d904a2afb6852e9c53875792e37fa83e388ac3114f1ad0b2f0db3af68b683e2508d5d4f54c1424e97652e08ef7747650df12de8efe9c4018a3aff1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
3ac34c4e6e48fd3a4c29a70173c8c2b1

SHA1
ee538826e8a2b3a22bd38de1083eec50b97e87e4

SHA256
a52de9acbdebd7f7dcdfde291650238bd5a0b2ef7c4dae042daa270d484933fd

SHA512
502733dad98a0ffae82d0753228231ddba7e21ad0f01174f625a63bab0c2fc48f91bf91f4e00d70c3ba4a32b2e9e9c8739a2456c694ff5e85e3386f7287479d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
188e5f25c3396de473b893d0a154fd5b

SHA1
09e401a5eb0490765123ff2f2a112590c504e36b

SHA256
7b2656423f0e78ada14b1069ca0f4cf2d451ede1fadbe1563c9afccccb13ef44

SHA512
3f3f93dc5b06025a4868d22bb5a79f464b21e0982296c0313fcb58356851c5fc5636225575885f367ba5f85ded3b5ccc5ff0da0637a3a92f16624991bf0f781e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
41780d931f7f678f7025957ba0253526

SHA1
965eec202ae2ad8e16f7ffaeb90073d09bbf7ea2

SHA256
58475477d02c8eded8cdf47129dff5e2a7a7516c2d456d08ae8f9a3086b23c9a

SHA512
e0c2cf05a031f9bd1b3c6ffbcd51f9feb3bad29e5adbeda7e8023547b48ea4588e2eeac53e8fb71f2a2714ea6e1c3b2e31e549f27f42c3fa4fc0af652497ffa6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
cf77f357227a478a581355e80c851b6b

SHA1
01afff4c422138adc48a1ed80ba0e4f9bbd6e3ac

SHA256
bc2ea8630268d334650f3b3f48e12911d7ca0616412ce1d1040af32897c64768

SHA512
ccc0e91354e36d4c4a59a4c8427ae78a83388134e3536bf38688700491cd41304df02f241f97127ac629e19d4d67b4c5fd4f4b1ac591d916e86b90e3705f7828

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
71a6b59e08e25451e52675c842fae23c

SHA1
565a97673954a9209c7a05fba20b89d10b88025f

SHA256
5b96212d3d1347b76c8c1c64b2f7ef981242bedd3b84b766b543d56dbbf8dbd6

SHA512
5cc98eb2aa02e2e69165170451d89dd880893e6b07440bb84fbab6cf92cb558bd58c2235d8d64ff43d380c5e9869827800d310ee67950bb21b498d89fbb5aab3

Download Submit
C:\Users\Admin\AppData\Local\Temp\01b5da98-dd70-42ae-ae19-a83dbec34df8.tmp

Filesize
83KB

MD5
704c1585c76a96e2ef87c0a1fbcd658a

SHA1
98a0a151e009b739f42348080b7050c9a2e400d5

SHA256
0f4bab1308262b9dee0163083566fc68eb1302f3412d3e27f72c92970eb3c3c3

SHA512
13721b5945cd9333e19f09839360b0ef1b5d3c4579bc88dac0ffdaa9c4273de03f66d223b031d3e0ea90c2e3d74282dc9494b99f0b0ed217908334333ffc7b57

Download Submit
C:\Users\Admin\AppData\Local\Temp\09a31347-cc06-473f-92df-7ced44c05ac3.tmp

Filesize
49KB

MD5
ff7b96573f530b29708127d8a0f0a714

SHA1
449643a391fb7133593261aa4a1e40ad2ef78202

SHA256
a9fc53c7269ec40c7679bd7498adb7d84deb99719eb41b09e395db09a4f78d57

SHA512
2795e993c72272faee3629ecb534e0e8529cd3622b0b6701f1b44a7d8384edac3e7495d362138ae1f568330471bcb5273db41d273d126f87c76f5fe1a2d118ea

Download Submit
C:\Users\Admin\AppData\Local\Temp\1f4590ef-8bc6-4eb4-8b10-fd2bee92164b.tmp

Filesize
16KB

MD5
13ef4daa103660010a3a786e85b28c0e

SHA1
0cf0527adb1078e037bf3ba89281f0922e8aec5d

SHA256
6eb6c989d8474f0381b46457cc5577a5e5b55403843ae402cc155525b58dad38

SHA512
1f2fd815681a8739796324a9ee7f850db83123e9275c641945139039875fee470fa67af430acca7c895e965f07c8be284dcbceccea6e1e892c6b30eadf9185ea

Download Submit
C:\Users\Admin\AppData\Local\Temp\300407cb-8d47-4544-b164-b01f4439e7ec.tmp

Filesize
84KB

MD5
9c541c445c39dfc413a2080f106c9290

SHA1
b6bcaced0a2928dfd660d937f937491b8e9fdbaf

SHA256
0c37cc6218ea22f51c6f6f694c1e994889f8b8b316d7ef40959db36625820f51

SHA512
1aecddb848250a1f097fe0a09178fa69c6eef641e3d25fb067c8d81c13bd4ccf3ec232060a9a1b647a0beaae46e73536a801168eebbab79f3667170dacc4b6df

Download Submit
C:\Users\Admin\AppData\Local\Temp\37ee1a37-d478-4f32-90c5-7a61758cd666.tmp

Filesize
31KB

MD5
2ff377e40cbc6957d6b2c9b7c65c29b0

SHA1
b92d0c7b5b93d1558de10b9f87ecbaa5500cb11c

SHA256
c83c119b78e9e894712f5ad1a98e90e5b7cce965a51961264ef19689b0ee248a

SHA512
22ff60e78ae8d9aa09a8f1a76d9b5121a98a9ab59e1213b54fd620d3058b7fdbcf5b14e3daa92b47fbb3164e5ddcd40003137a7656b1f1a526756ecd8c8a9a49

Download Submit
C:\Users\Admin\AppData\Local\Temp\38ac6573-9fc8-42f1-a123-b80b6e7b24b1.tmp

Filesize
86KB

MD5
824a5836b5a12aa9ed56eda598414b9c

SHA1
1cdb867ff45497d35e8c1fe808dc526cdc854fb1

SHA256
ad18b1ad4a8660b5c695e1eba3b33e744a001652a406b3d4da4947d912c1f1ed

SHA512
4a92d3ad34fbdcec0394bad42ef8702a4e6d3859eaff3db4848f4348f8878ea89871073126baac302dc32e97d3df48d2011f81d6bad10ad0dd96dd108c973ed1

Download Submit
C:\Users\Admin\AppData\Local\Temp\3b52b237-8a0c-4080-bfc9-692be381c434.tmp

Filesize
26KB

MD5
5eeb734e5228d2d0de89a1d5ce523e4a

SHA1
c202c1a795b2c9d0e7f696afa3c1485e4a39e240

SHA256
258bb990d0245131c38d7f22b3bb50fc15986869b27c8a6550f60e9fab9f4eb7

SHA512
5c1693b5e06172b9eabf72795f31826832fd940d783ef401875592c6daccb231c1003301bde305a17b4cdb9a61106bb3073fd2de1d9107a6a6c9dc7ab7a562bc

Download Submit
C:\Users\Admin\AppData\Local\Temp\7263fb64-17a5-482b-aa41-e7c9eb0e7fed.tmp

Filesize
144KB

MD5
bdd99c4d79bfa062f00b584da9ba2597

SHA1
54596070136afd81e22f49a56e01f67470fa1d6f

SHA256
d61df57b917ec7563bc360de53496063f593b0a88245e54c6919fdbf7602d1c0

SHA512
7694b18b85bb304fd23d3f38a7a145c28597cb9e2db94ae3e17d4b9242b827d99bb4986a34afbbbfe8afd51f49e181f82df8fefdc6e01481db19a1660814c51a

Download Submit
C:\Users\Admin\AppData\Local\Temp\82744b22-1197-46d5-bf03-ed7ce87c457b.tmp

Filesize
22KB

MD5
a3aa524c28c2a2cd07b508f4ecc123ff

SHA1
735618bb331179d6c67319443da42de25e483de2

SHA256
a9ca2c7c36c9a77dcab97dcdea1bcca007fed3be696a3118c94a579588444f97

SHA512
6774a6eef8bb36c09f063b83d2eba0c8b5ff5f6b21d450f812283f3200ab5182d68fd0977203cd41a64363e54907d544b4d248c1a3963d2d1e25d08be0d1df85

Download Submit
C:\Users\Admin\AppData\Local\Temp\90b81090-418d-416b-9f09-89cdf602c3ea.tmp

Filesize
41KB

MD5
ca2fe0a15ddb0f2f74c8f10fbaada4ce

SHA1
c9579fa18c626d97a764fa35f359d7da9c4ddc57

SHA256
2574ef7ac61ab0563ef8170ba9d6a0cf12cfe50ffa4fa7ff646972970b6dcabe

SHA512
50d53a8bf16a22a64c3c57982f84d1521d44a2aca21da02aa2fd289bfbfd29bda070268879de0d4af38c8999d4d59f8a4005004c63d60ca2b6eec90676b13bfb

Download Submit
C:\Users\Admin\AppData\Local\Temp\9e652995-d686-4830-be30-423c3a058a96.tmp

Filesize
22KB

MD5
e1b1cef6bf9cbb5aa977bfa3138985c4

SHA1
9fad5e3f2459c5b35171783a06fbde7b2528c144

SHA256
98ed249d4aa195f84652d15f8058730f564bce3c0ef626bfdb95dc4ed1636be4

SHA512
93f87127ae7b598ebf34e1fbb395274a2a57df398ed0a7db7bff4f96093a114bde77ecd00dd453e2de0c88476eea85974ed255b0d7ad1db1681735baa1edf031

Download Submit
C:\Users\Admin\AppData\Local\Temp\TCD2F9F.tmp\iso690.xsl

Filesize
263KB

MD5
ff0e07eff1333cdf9fc2523d323dd654

SHA1
77a1ae0dd8dbc3fee65dd6266f31e2a564d088a4

SHA256
3f925e0cc1542f09de1f99060899eafb0042bb9682507c907173c392115a44b5

SHA512
b4615f995fab87661c2dbe46625aa982215d7bde27cafae221dca76087fe76da4b4a381943436fcac1577cb3d260d0050b32b7b93e3eb07912494429f126bb3d

Download Submit
C:\Users\Admin\AppData\Local\Temp\aa8da127-0001-4429-892a-c0b42fdca0dc.tmp

Filesize
16KB

MD5
dca971a3d5e4370bff74342db3df7c92

SHA1
ea9ded94ebf9c5a227660d0a47c3eba8f4c93146

SHA256
ac1d63adb985782775d567f0fa9e0f3dc0107de6435dae456caceddd8903c393

SHA512
49373f948ff9cefa9cf03a075ac25fa9c04607cf267c04bf4046ed94db7e0e644e850d1b0b987c2d5e11329ba7ec81cf0878b7e83f5ec8164521ce747a6e4ccc

Download Submit
C:\Users\Admin\AppData\Local\Temp\b1118f1a-bb0e-4191-b86b-0f7b41b0b8c5.tmp

Filesize
19KB

MD5
7b0e20d14c2904ef23517f0ced757509

SHA1
3bd7963990196227275a4e25370246387ea9a5ae

SHA256
705334a40e2e2bfbc7874e4ab61d0f23b912b100628df78420ea0f5cc82c12e9

SHA512
72d9ec03e45f979a8d95a62c6613b717362a53428bfaf63df25a6c9c1dcadabc12ef96a1f4100c9a5660a708eefaaa0adff723abc51a0582e284a042e01ebc7f

Download Submit
C:\Users\Admin\AppData\Local\Temp\b95dd054-b787-4eaf-b389-0f02aeea197c.tmp

Filesize
26KB

MD5
35c2d80ac51cfb394e83cfb04c4a46cd

SHA1
5cabdb89325ace8058052f892573748f3fe11e1d

SHA256
cac82fec6790de9c43e79eaa71c3da9e8399198d5b0d53e0ce518b55a74d269b

SHA512
55b23a0d5219d506a4b9ab8be9d0ea498eadd4d09881ba5e64a6527fc88f678bd7f30ee4cded65bc32d97972b6082f5a760658aeb8d743451c5467a2157b4580

Download Submit
C:\Users\Admin\AppData\Local\Temp\c7880b29-e9b0-4bc9-a1fc-52e9c3a96152.tmp

Filesize
71KB

MD5
8c967292b03880fa2b2b722e0307f407

SHA1
a2bb1af078ad6775eaeb8c4bc70bfff7f6a08113

SHA256
f767a45189a3f834dc3f2d280b4386644a024316fff39bd2723330efbc03513b

SHA512
410c12aacf9ad23f23b9f239c9f6e4e5f4d6558b1fea4e099c0316605af0de62be71e33a7c52cb8ba0b986ad4e9e6caa03cc1c09ae0d46c9e47e137c9438842a

Download Submit
C:\Users\Admin\AppData\Local\Temp\e33ec32a-2632-49eb-b069-888a118c0333.tmp

Filesize
86KB

MD5
fd9a706868ae17290f20585b7536eecb

SHA1
e148058183d2e74788fb2e62745d044d8bd19244

SHA256
3dcecb035e263d89b0fdf22c9a6d1720110662722786e08fa730b829269da159

SHA512
0b2166c4e9598c91d19f88c203d5c20fd4782c5d7471b4ed2ed6862959d474ab61cff1e7b4a7a124b623adfb43f77a831cbd46a6d7561e71495a3c7f0dbc8105

Download Submit
C:\Users\Admin\AppData\Local\Temp\e349bdd2-5759-4412-bdca-74e7681c5716.tmp

Filesize
35KB

MD5
1762fef041881354583be1e192d56a81

SHA1
ef5c72ab26c70b5c3ace1afcbd3d329b83ef9f70

SHA256
ed4e578df80b33b6ab362a9c763e31913ce143ab85b28a8fc91f2ba684b4853a

SHA512
8aa0c4b9ee8ce4407abcdb784e0c038a662256af96e872a37e3d361fe900845fe4c3adcf56895e13df064c5970ccf71b0e1eca7a15603b56ee725e1b67031163

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Office\Recent\index.dat

Filesize
380B

MD5
e3ab27af2109b5ec5d4290ce36c7666e

SHA1
3836d7b330b189205f2756a13ed39579461d9af7

SHA256
ba12db79db7fe4180d41da187c5d07fe69dc4d5f7986d863ad3a13d25d9941c9

SHA512
60462dfdfcdc82bde3c402f53940ce68a9fc9f251cacdee146a58be5694b23c4f62e30ef73d86667b6da0b7cc7c9f8abfa862a546b1d4bcd14e79e3c0c61efa6

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Libraries\~ictures.tmp

Filesize
2KB

MD5
94e67ec85f86e871094d6767aaef3b68

SHA1
14b233bab290f693118324d86c9c2f195cafebfe

SHA256
924124ecc18d18a61082dba57e0fcd4421253492315c59b09d91cfea8f852549

SHA512
d7d9c210e54b603cf6f75f575845599fdbc8d99f8a7cca6a6d9153efd2054f9e1dd8bb7b77d265a20518e010c09a01eae10c0e91c5ba20fc28938e5d48386890

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms

Filesize
1KB

MD5
4d6eec288fe51e1378d6c7269d8ec1ef

SHA1
27c9b21b9d055785db3d0058c6d18cd1722a787f

SHA256
ccb09c84077156e0a3270edd0c3ee2da0f107c63ad4ffa2fa44ae25bfac02d07

SHA512
6248f9d7b02795ec0db43294ab06b57abdeb89147f057fc1f258a87db476e645d723c18f7f6e748beac45eb379f99ecc37e35e63264ff379106dca9673a00e03

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms

Filesize
1KB

MD5
3c197cb1e0c0a1cd32f3b98663e45fb0

SHA1
33eec99fb2ee8a4f09799e9baae3c719cd17680a

SHA256
21fd0fe338c0e161ce506fb11d6c90fbd3b85d93da9d8b2ddce1a92b34c3de15

SHA512
ae4294fa10d0f5b9310b7c6d6993de39856ee7fae9ba284d05f15a2dd219a34bc0b891954ed66d9cea30a88be2e4f06db7a8291e010b410fc2af3949837efe05

Download Submit
C:\Users\Admin\AppData\Roaming\jFvfxe.exe:SmartScreen

Filesize
7B

MD5
4047530ecbc0170039e76fe1657bdb01

SHA1
32db7d5e662ebccdd1d71de285f907e3a1c68ac5

SHA256
82254025d1b98d60044d3aeb7c56eed7c61c07c3e30534d6e05dab9d6c326750

SHA512
8f002af3f4ed2b3dfb4ed8273318d160152da50ee4842c9f5d9915f50a3e643952494699c4258e6af993dc6e1695d0dc3db6d23f4d93c26b0bc6a20f4b4f336e

Download Submit
C:\Users\Admin\AppData\Roaming\vlc\ml.xspf

Filesize
304B

MD5
781602441469750c3219c8c38b515ed4

SHA1
e885acd1cbd0b897ebcedbb145bef1c330f80595

SHA256
81970dbe581373d14fbd451ac4b3f96e5f69b79645f1ee1ca715cff3af0bf20d

SHA512
2b0a1717d96edb47bdf0ffeb250a5ec11f7d0638d3e0a62fbe48c064379b473ca88ffbececb32a72129d06c040b107834f1004ccda5f0f35b8c3588034786461

Download Submit
C:\Users\Admin\AppData\Roaming\vlc\vlc-qt-interface.ini

Filesize
498B

MD5
6dad9362c473438326f37814160d657a

SHA1
3c137404bc2263d0eb0cbd6f7893952490d76b35

SHA256
95ae84e8b1cb583852152a96c84922f53d701c9fa070e6da15db5ec54b01ecfe

SHA512
d2d4ed8649ee4f59d4b0d336e6650629dcdb8f1e3e07d6cf3cafc9a52700e1bfd0a3961030d03fc6e200289e8fb75b94b1b8e48f2bfca2378b759e549b3fbc0b

Download Submit
C:\Users\Admin\AppData\Roaming\vlc\vlcrc

Filesize
94KB

MD5
7b37c4f352a44c8246bf685258f75045

SHA1
817dacb245334f10de0297e69c98b4c9470f083e

SHA256
ec45f6e952b43eddc214dba703cf7f31398f3c9f535aad37f42237c56b9b778e

SHA512
1e8d675b3c6c9ba257b616da268cac7f1c7a9db12ffb831ed5f8d43c0887d711c197ebc9daf735e3da9a0355bf21c2b29a2fb38a46482a2c5c8cd5628fea4c02

Download Submit
C:\Users\Admin\Downloads\7z2408-x64.exe:Zone.Identifier

Filesize
58B

MD5
37da88b521d433509b41a4f658730dbe

SHA1
2ea39c5e0b87a0717eac738f9ae92be8771fd576

SHA256
62ba564e8b8b6fba4ae004166cddac5e232f0b2d06dd97c0e4656571adfe7d84

SHA512
98a00650022e0e36e748714b92b6beaebc3afa3c7a5baab8cecd155091d7acac94dbec0fb9c7c2c24c07e0ac7068058926de85bf10ed4e7a3b634d47119ea832

Download Submit
C:\Users\Admin\Downloads\CrimsonRAT.exe:Zone.Identifier

Filesize
221B

MD5
770dbbcc03fc90a7bdc5a9ec6d81b2bc

SHA1
0c127b6e062caed1a581edc3ffe5fa9c2cd98039

SHA256
773eaa9c919c51d4fbbca3ecf7a2bace49b874aac373a6d8f99e66f3384601d9

SHA512
40915dd92e502b71bc53cb77fcdbc783cb9c54644bb55978af8219d2d5c5ce4937cee237aa94720fcd506196ef2baf15216a8fddfaec4fbc714c905320793817

Download Submit
C:\Users\Admin\Downloads\FunnyFile-main.zip:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
C:\Users\Admin\Downloads\Melissa.doc

Filesize
40KB

MD5
4b68fdec8e89b3983ceb5190a2924003

SHA1
45588547dc335d87ea5768512b9f3fc72ffd84a3

SHA256
554701bc874da646285689df79e5002b3b1a1f76daf705bea9586640026697ca

SHA512
b2205ad850301f179a078219c6ce29da82f8259f4ec05d980c210718551de916df52c314cb3963f3dd99dcfb9de188bd1c7c9ee310662ece426706493500036f

Download Submit
C:\Users\Admin\Downloads\OIP.jpg:Zone.Identifier

Filesize
159B

MD5
6d1000064759e13a0f5a545a52609e18

SHA1
8b26e9d31766d7bee0932a36afee8d85fd73b0de

SHA256
ef4306b9bbc472f6daf7247cf6cca2dac4f70ae9607f1c360190408966bdfa88

SHA512
65a18e798d153eb84e2372c303f901f15968f0dde10ba6c77dbd1fc3699946c700f598ac481ef3018282ea2ca899987a8adb280a93f1bc630b405c60a1ca3532

Download Submit
C:\Users\Admin\Downloads\OIP.png

Filesize
7KB

MD5
9478c2d588957a77fa66c9f87136f28b

SHA1
5978613c24361f8a7b7d97763bffde6377f45835

SHA256
25611480b78a8f5c683aa068bc271aacc2f33d418b2e2dff9b5d8aa09ee34525

SHA512
700b819bb09505969bb17687b11f07a048b74c5ee7f00027ff2026de5e7aef156e5e7ddc5ed26c8f62ed75b8f63f93ad449249957e6d2a8250aff0752e272237

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 188655.crdownload

Filesize
321KB

MD5
600e0dbaefc03f7bf50abb0def3fb465

SHA1
1b5f0ac48e06edc4ed8243be61d71077f770f2b4

SHA256
61e6a93f43049712b5f2d949fd233fa8015fe4bef01b9e1285d3d87b12f894f2

SHA512
151eebac8f8f6e72d130114f030f048dff5bce0f99ff8d3a22e8fed7616155b3e87d29acf79f488d6b53ed2c5c9b05b57f76f1f91a568c21fe9bca228efb23d9

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 342149.crdownload

Filesize
3.8MB

MD5
46c17c999744470b689331f41eab7df1

SHA1
b8a63127df6a87d333061c622220d6d70ed80f7c

SHA256
c5b5def1c8882b702b6b25cbd94461c737bc151366d2d9eba5006c04886bfc9a

SHA512
4b02a3e85b699f62df1b4fe752c4dee08cfabc9b8bb316bc39b854bd5187fc602943a95788ec680c7d3dc2c26ad882e69c0740294bd6cb3b32cdcd165a9441b6

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 354358.crdownload

Filesize
248KB

MD5
20d2c71d6d9daf4499ffc4a5d164f1c3

SHA1
38e5dcd93f25386d05a34a5b26d3fba1bf02f7c8

SHA256
3ac8cc58dcbceaec3dab046aea050357e0e2248d30b0804c738c9a5b037c220d

SHA512
8ffd56fb3538eb60da2dde9e3d6eee0dac8419c61532e9127f47c4351b6e53e01143af92b2e26b521e23cdbbf15d7a358d3757431e572e37a1eede57c7d39704

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 395402.crdownload

Filesize
15.0MB

MD5
42b610e943d98a8b4050512c18ea7d66

SHA1
31b4396b9ae18b034f6662374cb7bd7e0e606b39

SHA256
ec1f37d1036972c0ff0b08c37c4f5a0a952ef68d8c1fae7220c1b659b3def3e4

SHA512
bac7777436b4c22ff73766f1447b26f49df7618008f21eb011b99440a31f7f5f19d42fd48235955c5fb7a92bd85b9cae0de3e42200b9a2239bafed241fb2b047

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 536789.crdownload

Filesize
129KB

MD5
0ec108e32c12ca7648254cf9718ad8d5

SHA1
78e07f54eeb6af5191c744ebb8da83dad895eca1

SHA256
48b08ea78124ca010784d9f0faae751fc4a0c72c0e7149ded81fc03819f5d723

SHA512
1129e685f5dd0cb2fa22ef4fe5da3f1e2632e890333ce17d3d06d04a4097b4d9f4ca7d242611ffc9e26079900945cf04ab6565a1c322e88e161f1929d18a2072

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 625701.crdownload

Filesize
111KB

MD5
e87a04c270f98bb6b5677cc789d1ad1d

SHA1
8c14cb338e23d4a82f6310d13b36729e543ff0ca

SHA256
e03520794f00fb39ef3cfff012f72a5d03c60f89de28dbe69016f6ed151b5338

SHA512
8784f4d42908e54ecedfb06b254992c63920f43a27903ccedd336daaeed346db44e1f40e7db971735da707b5b32206be1b1571bc0d6a2d6eb90bbf9d1f69de13

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 634600.crdownload

Filesize
1.5MB

MD5
0330d0bd7341a9afe5b6d161b1ff4aa1

SHA1
86918e72f2e43c9c664c246e62b41452d662fbf3

SHA256
67cb9d3452c9dd974b04f4a5fd842dbcba8184f2344ff72e3662d7cdb68b099b

SHA512
850382414d9d33eab134f8bd89dc99759f8d0459b7ad48bd9588405a3705aeb2cd727898529e3f71d9776a42e141c717e844e0b5c358818bbeac01d096907ad1

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 715428.crdownload

Filesize
2KB

MD5
a56d479405b23976f162f3a4a74e48aa

SHA1
f4f433b3f56315e1d469148bdfd835469526262f

SHA256
17d81134a5957fb758b9d69a90b033477a991c8b0f107d9864dc790ca37e6a23

SHA512
f5594cde50ca5235f7759c9350d4054d7a61b5e61a197dffc04eb8cdef368572e99d212dd406ad296484b5f0f880bdc5ec9e155781101d15083c1564738a900a

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 8408.crdownload

Filesize
32KB

MD5
eb9324121994e5e41f1738b5af8944b1

SHA1
aa63c521b64602fa9c3a73dadd412fdaf181b690

SHA256
2f1f93ede80502d153e301baf9b7f68e7c7a9344cfa90cfae396aac17e81ce5a

SHA512
7f7a702ddec8d94cb2177b4736d94ec53e575be3dd2d610410cb3154ba9ad2936c98e0e72ed7ab5ebbcbe0329be0d9b20a3bcd84670a6d1c8d7e0a9a3056edd2

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 899491.crdownload

Filesize
373KB

MD5
9c3e9e30d51489a891513e8a14d931e4

SHA1
4e5a5898389eef8f464dee04a74f3b5c217b7176

SHA256
f8f7b5f20ca57c61df6dc8ff49f2f5f90276a378ec17397249fdc099a6e1dcd8

SHA512
bf45677b7dd6c67ad350ec6ecad5bc3f04dea179fae0ff0a695c69f7de919476dd7a69c25b04c8530a35119e4933f4a8c327ed6dcef892b1114dfd7e494a19a7

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 936762.crdownload

Filesize
84KB

MD5
b6e148ee1a2a3b460dd2a0adbf1dd39c

SHA1
ec0efbe8fd2fa5300164e9e4eded0d40da549c60

SHA256
dc31e710277eac1b125de6f4626765a2684d992147691a33964e368e5f269cba

SHA512
4b8c62ddfc7cd3e5ce1f8b5a1ba4a611ab1bfccf81d80cf2cfc831cffa1d7a4b6da0494616a53b419168bc3a324b57382d4a6186af083de6fc93d144c4503741

Download Submit
\??\pipe\LOCAL\crashpad_4184_HGTAEEQXNQGBKSHJ

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/740-1675-0x00007FFB1DAB0000-0x00007FFB1DAC0000-memory.dmp

Filesize
64KB

Download
memory/740-1680-0x00007FFB1D960000-0x00007FFB1D970000-memory.dmp

Filesize
64KB

Download
memory/740-1677-0x00007FFB1DAB0000-0x00007FFB1DAC0000-memory.dmp

Filesize
64KB

Download
memory/740-1679-0x00007FFB1D960000-0x00007FFB1D970000-memory.dmp

Filesize
64KB

Download
memory/740-1678-0x00007FFB1DAB0000-0x00007FFB1DAC0000-memory.dmp

Filesize
64KB

Download
memory/740-1676-0x00007FFB1DAB0000-0x00007FFB1DAC0000-memory.dmp

Filesize
64KB

Download
memory/740-1674-0x00007FFB1DAB0000-0x00007FFB1DAC0000-memory.dmp

Filesize
64KB

Download
memory/1944-3606-0x0000000000400000-0x00000000004A6000-memory.dmp

Filesize
664KB

Download
memory/2228-3654-0x0000000000400000-0x0000000000422000-memory.dmp

Filesize
136KB

Download
memory/2776-215-0x00007FFB395C0000-0x00007FFB3A670000-memory.dmp

Filesize
16.7MB

Download
memory/2776-213-0x00007FFB4B820000-0x00007FFB4B854000-memory.dmp

Filesize
208KB

Download
memory/2776-212-0x00007FF7C6A30000-0x00007FF7C6B28000-memory.dmp

Filesize
992KB

Download
memory/2776-214-0x00007FFB3B230000-0x00007FFB3B4E6000-memory.dmp

Filesize
2.7MB

Download
memory/3116-3722-0x0000000000400000-0x000000000044A000-memory.dmp

Filesize
296KB

Download
memory/3520-1475-0x0000020B6C770000-0x0000020B6C78E000-memory.dmp

Filesize
120KB

Download
memory/3548-1598-0x0000000000400000-0x0000000000553000-memory.dmp

Filesize
1.3MB

Download
memory/3548-1596-0x0000000000400000-0x0000000000553000-memory.dmp

Filesize
1.3MB

Download
memory/3628-1106-0x00007FFB52180000-0x00007FFB521B4000-memory.dmp

Filesize
208KB

Download
memory/3628-1105-0x00007FF7C6A30000-0x00007FF7C6B28000-memory.dmp

Filesize
992KB

Download
memory/3628-1108-0x00007FFB38930000-0x00007FFB38A3E000-memory.dmp

Filesize
1.1MB

Download
memory/3628-1107-0x00007FFB38BC0000-0x00007FFB38E76000-memory.dmp

Filesize
2.7MB

Download
memory/4256-1585-0x0000000005760000-0x0000000005D06000-memory.dmp

Filesize
5.6MB

Download
memory/4256-1588-0x0000000005680000-0x000000000571C000-memory.dmp

Filesize
624KB

Download
memory/4256-1584-0x00000000003B0000-0x0000000000406000-memory.dmp

Filesize
344KB

Download
memory/4256-1586-0x0000000005290000-0x0000000005322000-memory.dmp

Filesize
584KB

Download
memory/4256-1587-0x0000000004F30000-0x0000000004F38000-memory.dmp

Filesize
32KB

Download
memory/4256-1589-0x00000000055F0000-0x0000000005618000-memory.dmp

Filesize
160KB

Download
memory/5020-1509-0x0000022A71060000-0x0000022A71974000-memory.dmp

Filesize
9.1MB

Download
memory/5328-3479-0x0000000000400000-0x00000000004DF000-memory.dmp

Filesize
892KB

Download
memory/5328-2381-0x0000000000400000-0x00000000004DF000-memory.dmp

Filesize
892KB

Download
memory/5328-3451-0x0000000000400000-0x00000000004DF000-memory.dmp

Filesize
892KB

Download
memory/5328-3452-0x0000000000400000-0x00000000004DF000-memory.dmp

Filesize
892KB

Download
memory/5328-3471-0x0000000000400000-0x00000000004DF000-memory.dmp

Filesize
892KB

Download
memory/5328-3523-0x0000000000400000-0x00000000004DF000-memory.dmp

Filesize
892KB

Download
memory/5328-3515-0x0000000000400000-0x00000000004DF000-memory.dmp

Filesize
892KB

Download
memory/5328-3535-0x0000000000400000-0x00000000004DF000-memory.dmp

Filesize
892KB

Download