infinitylock | 2af181737df7c2c5f3809d338b25a7475170e8fdfe3bbed46df9fa034be6ce14

Analysis

max time kernel
1800s
max time network
1783s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
12-11-2024 01:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

4KB
MD5

df4ddb3a83e99bb59168c5afd60b1a00
SHA1

43d0a2ed86f60bd0fb9c2e3e7a22e5ac1209bef3
SHA256

2af181737df7c2c5f3809d338b25a7475170e8fdfe3bbed46df9fa034be6ce14
SHA512

af3a287510b5e86e5cb3fc3b90856ad0a3df2879f274e35406c7e01a2597b82de1cf2f0d6c5af77624d2ea809dbd84f8935d2e1d391185ab397dfb556366526e
SSDEEP

96:1j9jwIjYj5jDK/D5DMF+C8jZqXKHvpIkdN9ArRU9PaQxJbGD:1j9jhjYj9K/Vo+nwaHvFdN9Ary9ieJGD

Score

10^/10

infinitylock wannacry defense_evasion discovery evasion execution impact motw persistence phishing privilege_escalation ransomware spyware stealer worm

Malware Config

Extracted

Path

C:\Users\Admin\Downloads\!Please Read Me!.txt

Family

wannacry

Ransom Note

Q: What's wrong with my files? A: Ooops, your important files are encrypted. It means you will not be able to access them anymore until they are decrypted. If you follow our instructions we guarantee that you can decrypt all your files quickly and safely! Let's start decrypting! Q: What do I do? A: First, you need to pay service fees for the decryption. Please send $300 worth of bitcoin to this bitcoin address: 15zGqZCTcys6eCjDkE3DypCjXi6QWRV6V1 Next, please find the decrypt software on your desktop, an executable file named "!WannaDecryptor!.exe". If it does not exsit, download the software from the address below. (You may need to disable your antivirus for a while.) rar password: wcry123 Run and follow the instructions! �

Wallets

15zGqZCTcys6eCjDkE3DypCjXi6QWRV6V1

Extracted

Path

C:\Users\Admin\Downloads\@[email protected]

Family

wannacry

Ransom Note

Q: What's wrong with my files? A: Ooops, your important files are encrypted. It means you will not be able to access them anymore until they are decrypted. If you follow our instructions, we guarantee that you can decrypt all your files quickly and safely! Let's start decrypting! Q: What do I do? A: First, you need to pay service fees for the decryption. Please send $300 worth of bitcoin to this bitcoin address: 13AM4VW2dhxYgXeQepoHkHSQuy6NgaEb94 Next, please find an application file named "@[email protected]". It is the decrypt software. Run and follow the instructions! (You may need to disable your antivirus for a while.) Q: How can I trust? A: Don't worry about decryption. We will decrypt your files surely because nobody will trust us if we cheat users. * If you need our assistance, send a message by clicking <Contact Us> on the decryptor window. �

Wallets

13AM4VW2dhxYgXeQepoHkHSQuy6NgaEb94

Signatures

InfinityLock Ransomware
Also known as InfinityCrypt. Based on the open-source HiddenTear ransomware.
ransomware infinitylock
Infinitylock family
infinitylock
Wannacry
WannaCry is a ransomware cryptoworm.
ransomware worm wannacry
Wannacry family
wannacry
Deletes shadow copies 3 TTPs
Ransomware often targets backup files to inhibit system recovery.
ransomware defense_evasion impact execution

File Deletion
T1070.004

Inhibit System Recovery
T1490

Windows Management Instrumentation
T1047

Disables RegEdit via registry modification 2 IoCs

evasion

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1"	Krotten.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1"	Krotten.exe

Disables Task Manager via registry modification
evasion
Downloads MZ/PE file

Modifies Windows Firewall 2 TTPs 8 IoCs

evasion

Windows Service

T1543.003

Disable or Modify System Firewall

T1562.004

pid	Process
9056	netsh.exe
7488	netsh.exe
8352	netsh.exe
2388	netsh.exe
1912	netsh.exe
8464	netsh.exe
5464	netsh.exe
8760	netsh.exe

Stops running service(s) 4 TTPs
evasion execution

Windows Service
T1543.003

Impair Defenses
T1562

Service Stop
T1489

Service Execution
T1569.002
A potential corporate email address has been identified in the URL: [email protected]
phishing
A potential corporate email address has been identified in the URL: [email protected]/20241112/auto/storage/goog4_request
phishing
A potential corporate email address has been identified in the URL: [email protected]
phishing
A potential corporate email address has been identified in the URL: [email protected]
phishing

Drops startup file 28 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\~SDA2E.tmp	WannaCrypt0r (1).exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\~SDEF8D.tmp	WannaCrypt0r (1).exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\~SDE654.tmp	WannaCrypt0r (1).exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\~SDB9D5.tmp	WannaCry.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\~SDE64D.tmp	WannaCrypt0r (1).exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\~SD30E7.tmp	WannaCrypt0r (1).exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\~SD1D3C.tmp	WannaCrypt0r (1).exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\~SDA27.tmp	WannaCrypt0r (1).exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\~SDF881.tmp	WannaCrypt0r (1).exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\~SD3A6E.tmp	WannaCrypt0r (1).exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\~SD422F.tmp	WannaCrypt0r (1).exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\~SD3A57.tmp	WannaCrypt0r (1).exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\~SD1D35.tmp	WannaCrypt0r (1).exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\~SD13AE.tmp	WannaCrypt0r (1).exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\~SDB9EC.tmp	WannaCry.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\~SD30E0.tmp	WannaCrypt0r (1).exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\~SD13B5.tmp	WannaCrypt0r (1).exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\~SDEF77.tmp	WannaCrypt0r (1).exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\~SD4228.tmp	WannaCrypt0r (1).exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\~SD26A4.tmp	WannaCrypt0r (1).exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\~SD1E0.tmp	WannaCrypt0r (1).exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\~SD3029.tmp	WannaCrypt0r (1).exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\~SD269D.tmp	WannaCrypt0r (1).exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\~SDF888.tmp	WannaCrypt0r (1).exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\~SD303F.tmp	WannaCrypt0r (1).exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\~SDDD15.tmp	WannaCrypt0r (1).exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\~SDDD1C.tmp	WannaCrypt0r (1).exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\~SD1C9.tmp	WannaCrypt0r (1).exe

Executes dropped EXE 64 IoCs

pid	Process
6624	BlueStacks10Installer_10.41.550.1001_native_13fba11c530093e31a794b0838e7ea83_MzsxNSwwOzUsMTsxNSw0OzE1LA==_UGxhbnRzIHZzLiBab21iaWVzIEZSRUU=.exe
5052	BlueStacksInstaller.exe
6952	HD-CheckCpu.exe
7004	HD-CheckCpu.exe
1772	BSX-Setup-5.21.550.1031_nxt.exe
6560	BlueStacks10Installer_10.41.550.1001_native_13fba11c530093e31a794b0838e7ea83_MzsxNSwwOzUsMTsxNSw0OzE1LA==_UGxhbnRzIHZzLiBab21iaWVzIEZSRUU=.exe
5208	Bootstrapper.exe
5736	BlueStacksInstaller.exe
7240	BlueStacksServicesSetup.exe
7412	7zr.exe
8624	7zr.exe
9420	BlueStacksServices.exe
4180	BlueStacksServices.exe
2444	HD-ForceGPU.exe
3436	BlueStacksServices.exe
5740	HD-GLCheck.exe
3108	HD-GLCheck.exe
5260	HD-GLCheck.exe
1416	HD-GLCheck.exe
2948	HD-GLCheck.exe
892	HD-GLCheck.exe
4968	BlueStacksServices.exe
7184	HD-CheckCpu.exe
8236	7zr.exe
7596	7zr.exe
10032	7zr.exe
716	7zr.exe
8944	HD-GLCheck.exe
9064	HD-GLCheck.exe
7456	HD-GLCheck.exe
7860	HD-CheckCpu.exe
7952	7zr.exe
9544	BlueStacksServices.exe
7564	CheatEngine75.exe
7536	CheatEngine75.tmp
5572	CheatEngine75.exe
6124	CheatEngine75.tmp
5132	_setup64.tmp
6572	Kernelmoduleunloader.exe
7020	windowsrepair.exe
6080	Cheat Engine.exe
9440	cheatengine-x86_64-SSE4-AVX2.exe
6048	$uckyLocker.exe
536	InfinityCrypt.exe
7280	Krotten.exe
7720	WannaCry.exe
8580	!WannaDecryptor!.exe
1080	!WannaDecryptor!.exe
7788	!WannaDecryptor!.exe
9136	!WannaDecryptor!.exe
3900	WannaCrypt0r (1).exe
2396	taskdl.exe
6284	taskse.exe
10072	@[email protected]
7164	taskdl.exe
7316	taskse.exe
4212	@[email protected]
8408	taskdl.exe
3280	taskse.exe
8168	@[email protected]
5808	taskdl.exe
5528	taskse.exe
6632	@[email protected]
5048	YouAreAnIdiot.exe

Loads dropped DLL 64 IoCs

pid	Process
1772	BSX-Setup-5.21.550.1031_nxt.exe
1772	BSX-Setup-5.21.550.1031_nxt.exe
1772	BSX-Setup-5.21.550.1031_nxt.exe
1772	BSX-Setup-5.21.550.1031_nxt.exe
1772	BSX-Setup-5.21.550.1031_nxt.exe
1772	BSX-Setup-5.21.550.1031_nxt.exe
1772	BSX-Setup-5.21.550.1031_nxt.exe
1772	BSX-Setup-5.21.550.1031_nxt.exe
1772	BSX-Setup-5.21.550.1031_nxt.exe
1772	BSX-Setup-5.21.550.1031_nxt.exe
1772	BSX-Setup-5.21.550.1031_nxt.exe
1772	BSX-Setup-5.21.550.1031_nxt.exe
1772	BSX-Setup-5.21.550.1031_nxt.exe
1772	BSX-Setup-5.21.550.1031_nxt.exe
1772	BSX-Setup-5.21.550.1031_nxt.exe
1772	BSX-Setup-5.21.550.1031_nxt.exe
1772	BSX-Setup-5.21.550.1031_nxt.exe
1772	BSX-Setup-5.21.550.1031_nxt.exe
1772	BSX-Setup-5.21.550.1031_nxt.exe
1772	BSX-Setup-5.21.550.1031_nxt.exe
1772	BSX-Setup-5.21.550.1031_nxt.exe
1772	BSX-Setup-5.21.550.1031_nxt.exe
1772	BSX-Setup-5.21.550.1031_nxt.exe
1772	BSX-Setup-5.21.550.1031_nxt.exe
1772	BSX-Setup-5.21.550.1031_nxt.exe
1772	BSX-Setup-5.21.550.1031_nxt.exe
1772	BSX-Setup-5.21.550.1031_nxt.exe
1772	BSX-Setup-5.21.550.1031_nxt.exe
1772	BSX-Setup-5.21.550.1031_nxt.exe
1772	BSX-Setup-5.21.550.1031_nxt.exe
1772	BSX-Setup-5.21.550.1031_nxt.exe
1772	BSX-Setup-5.21.550.1031_nxt.exe
1772	BSX-Setup-5.21.550.1031_nxt.exe
1772	BSX-Setup-5.21.550.1031_nxt.exe
1772	BSX-Setup-5.21.550.1031_nxt.exe
1772	BSX-Setup-5.21.550.1031_nxt.exe
1772	BSX-Setup-5.21.550.1031_nxt.exe
1772	BSX-Setup-5.21.550.1031_nxt.exe
1772	BSX-Setup-5.21.550.1031_nxt.exe
1772	BSX-Setup-5.21.550.1031_nxt.exe
1772	BSX-Setup-5.21.550.1031_nxt.exe
1772	BSX-Setup-5.21.550.1031_nxt.exe
1772	BSX-Setup-5.21.550.1031_nxt.exe
1772	BSX-Setup-5.21.550.1031_nxt.exe
1772	BSX-Setup-5.21.550.1031_nxt.exe
1772	BSX-Setup-5.21.550.1031_nxt.exe
1772	BSX-Setup-5.21.550.1031_nxt.exe
1772	BSX-Setup-5.21.550.1031_nxt.exe
1772	BSX-Setup-5.21.550.1031_nxt.exe
1772	BSX-Setup-5.21.550.1031_nxt.exe
1772	BSX-Setup-5.21.550.1031_nxt.exe
1772	BSX-Setup-5.21.550.1031_nxt.exe
1772	BSX-Setup-5.21.550.1031_nxt.exe
1772	BSX-Setup-5.21.550.1031_nxt.exe
1772	BSX-Setup-5.21.550.1031_nxt.exe
1772	BSX-Setup-5.21.550.1031_nxt.exe
1772	BSX-Setup-5.21.550.1031_nxt.exe
1772	BSX-Setup-5.21.550.1031_nxt.exe
1772	BSX-Setup-5.21.550.1031_nxt.exe
1772	BSX-Setup-5.21.550.1031_nxt.exe
1772	BSX-Setup-5.21.550.1031_nxt.exe
1772	BSX-Setup-5.21.550.1031_nxt.exe
1772	BSX-Setup-5.21.550.1031_nxt.exe
1772	BSX-Setup-5.21.550.1031_nxt.exe

Modifies file permissions 1 TTPs 3 IoCs

discovery

File and Directory Permissions Modification

T1222

pid	Process
8076	icacls.exe
7148	icacls.exe
8020	icacls.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Adds Run key to start application 2 TTPs 4 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000\Software\Microsoft\Windows\CurrentVersion\Run\electron.app.BlueStacks Services = "C:\\Users\\Admin\\AppData\\Local\\Programs\\bluestacks-services\\BlueStacksServices.exe --hidden"	BlueStacksServices.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\svchost = "C:\\WINDOWS\\Web\\rundll32.exe"	Krotten.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\AVPCC = "C:\\WINDOWS\\Cursors\\avp.exe"	Krotten.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Microsoft Update Task Scheduler = "\"C:\\Users\\Admin\\Downloads\\WannaCry.exe\" /r"	WannaCry.exe

Checks for any installed AV software in registry 1 TTPs 9 IoCs

Security Software Discovery

T1518.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\AVAST Software\Avast	CheatEngine75.tmp
Key opened	\REGISTRY\MACHINE\SOFTWARE\AVAST Software\Avast	CheatEngine75.tmp
Key opened	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000\SOFTWARE\AVAST Software\Avast	CheatEngine75.tmp
Key opened	\REGISTRY\MACHINE\SOFTWARE\AVG\AV\Dir	CheatEngine75.tmp
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Avira\Browser\Installed	CheatEngine75.tmp
Key opened	\REGISTRY\MACHINE\SOFTWARE\Avira\Browser\Installed	CheatEngine75.tmp
Key opened	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000\SOFTWARE\Avira\Browser\Installed	CheatEngine75.tmp
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\AVG\AV\Dir	CheatEngine75.tmp
Key opened	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000\SOFTWARE\AVG\AV\Dir	CheatEngine75.tmp

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops desktop.ini file(s) 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Videos\Captures\desktop.ini	svchost.exe

File and Directory Permissions Modification: Windows File and Directory Permissions Modification 1 TTPs
defense_evasion

Windows File and Directory Permissions Modification
T1222.001

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
265	raw.githubusercontent.com
645	raw.githubusercontent.com
854	raw.githubusercontent.com

Mark of the Web detected: This indicates that the page was originally saved or cloned. 1 IoCs

phishing motw

flow	ioc
425	https://storage.googleapis.com/script.aniview.com/ssync/62f53b2c7850d0786f227f64/ssync.html

Modifies WinLogon 2 TTPs 2 IoCs

persistence

Winlogon Helper DLL

T1547.004

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\LegalNoticeCaption = "DANGER"	Krotten.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\LegalNoticeText = "Äëÿ òîãî ÷òîáû âîññòàíîâèòü íîðìàëüíóþ ðàáîòó ñâîåãî êîìïüþòåðà íå ïîòåðÿâ ÂÑÞ èíôîðìàöèþ! È ñ ýêîíîìèâ äåíüãè, ïðèøëè ìíå íà e-mail [email protected] êîä ïîïîëíåíèÿ ñ÷åòà êèåâñòàð íà 25 ãðèâåíü. Â îòâåò â òå÷åíèå äâåíàäöàòè ÷àñîâ íà ñâîé e-mail òû ïîëó÷èøü ôàèë äëÿ óäàëåíèÿ ýòîé ïðîãðàììû."	Krotten.exe

Network Service Discovery 1 TTPs 1 IoCs

Attempt to gather information on host's network.

discovery

Network Service Discovery

T1046

pid	Process
6976	GameBarPresenceWriter.exe

Drops file in System32 directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\d3d10warp.dll	cheatengine-x86_64-SSE4-AVX2.exe
File created	C:\Windows\system32\storage.json	BlueStacksServices.exe
File opened for modification	C:\Windows\SysWOW64\ntdll.dll	cheatengine-x86_64-SSE4-AVX2.exe
File opened for modification	C:\Windows\SysWOW64\KERNEL32.DLL	cheatengine-x86_64-SSE4-AVX2.exe
File opened for modification	C:\Windows\SysWOW64\ADVAPI32.dll	cheatengine-x86_64-SSE4-AVX2.exe
File opened for modification	C:\Windows\System32\msvcp_win.dll	cheatengine-x86_64-SSE4-AVX2.exe
File opened for modification	C:\Windows\SYSTEM32\dxcore.dll	cheatengine-x86_64-SSE4-AVX2.exe
File opened for modification	C:\Windows\SYSTEM32\wintypes.dll	cheatengine-x86_64-SSE4-AVX2.exe
File opened for modification	C:\Windows\System32\advapi32.dll	cheatengine-x86_64-SSE4-AVX2.exe
File opened for modification	C:\Windows\System32\comdlg32.dll	cheatengine-x86_64-SSE4-AVX2.exe
File opened for modification	C:\Windows\SysWOW64\shlwapi.dll	cheatengine-x86_64-SSE4-AVX2.exe
File opened for modification	C:\Windows\System32\wow64.dll	cheatengine-x86_64-SSE4-AVX2.exe
File opened for modification	C:\Windows\System32\wow64cpu.dll	cheatengine-x86_64-SSE4-AVX2.exe
File opened for modification	C:\Windows\SysWOW64\windows.storage.dll	cheatengine-x86_64-SSE4-AVX2.exe
File opened for modification	C:\Windows\SysWOW64\textinputframework.dll	cheatengine-x86_64-SSE4-AVX2.exe
File opened for modification	C:\Windows\SysWOW64\DCIMAN32.dll	cheatengine-x86_64-SSE4-AVX2.exe
File opened for modification	C:\Windows\System32\oleaut32.dll	cheatengine-x86_64-SSE4-AVX2.exe
File opened for modification	C:\Windows\SYSTEM32\wininet.dll	cheatengine-x86_64-SSE4-AVX2.exe
File opened for modification	C:\Windows\SYSTEM32\msimg32.dll	cheatengine-x86_64-SSE4-AVX2.exe
File opened for modification	C:\Windows\SysWOW64\WINMM.dll	cheatengine-x86_64-SSE4-AVX2.exe
File opened for modification	C:\Windows\SysWOW64\profapi.dll	cheatengine-x86_64-SSE4-AVX2.exe
File opened for modification	C:\Windows\System32\GDI32.dll	cheatengine-x86_64-SSE4-AVX2.exe
File opened for modification	C:\Windows\SYSTEM32\hhctrl.ocx	cheatengine-x86_64-SSE4-AVX2.exe
File opened for modification	C:\Windows\SYSTEM32\windows.storage.dll	cheatengine-x86_64-SSE4-AVX2.exe
File opened for modification	C:\Windows\SysWOW64\gdi32full.dll	cheatengine-x86_64-SSE4-AVX2.exe
File opened for modification	C:\Windows\SysWOW64\powrprof.dll	cheatengine-x86_64-SSE4-AVX2.exe
File opened for modification	C:\Windows\System32\combase.dll	cheatengine-x86_64-SSE4-AVX2.exe
File opened for modification	C:\Windows\System32\imm32.dll	cheatengine-x86_64-SSE4-AVX2.exe
File opened for modification	C:\Windows\SYSTEM32\opengl32.dll	cheatengine-x86_64-SSE4-AVX2.exe
File opened for modification	C:\Windows\System32\bcryptPrimitives.dll	cheatengine-x86_64-SSE4-AVX2.exe
File opened for modification	C:\Windows\SysWOW64\dxcore.dll	cheatengine-x86_64-SSE4-AVX2.exe
File opened for modification	C:\Windows\SysWOW64\wintypes.dll	cheatengine-x86_64-SSE4-AVX2.exe
File opened for modification	C:\Windows\SysWOW64\AVRT.dll	cheatengine-x86_64-SSE4-AVX2.exe
File opened for modification	C:\Windows\SysWOW64\msacm32.drv	cheatengine-x86_64-SSE4-AVX2.exe
File opened for modification	C:\Windows\SYSTEM32\version.dll	cheatengine-x86_64-SSE4-AVX2.exe
File opened for modification	C:\Windows\SYSTEM32\uxtheme.dll	cheatengine-x86_64-SSE4-AVX2.exe
File opened for modification	C:\Windows\SYSTEM32\PROPSYS.dll	cheatengine-x86_64-SSE4-AVX2.exe
File opened for modification	C:\Windows\SysWOW64\GDI32.dll	cheatengine-x86_64-SSE4-AVX2.exe
File opened for modification	C:\Windows\System32\SHLWAPI.dll	cheatengine-x86_64-SSE4-AVX2.exe
File opened for modification	C:\Windows\System32\KERNELBASE.dll	cheatengine-x86_64-SSE4-AVX2.exe
File opened for modification	C:\Windows\SYSTEM32\winmm.dll	cheatengine-x86_64-SSE4-AVX2.exe
File opened for modification	C:\Windows\SysWOW64\USER32.dll	cheatengine-x86_64-SSE4-AVX2.exe
File opened for modification	C:\Windows\System32\ole32.dll	cheatengine-x86_64-SSE4-AVX2.exe
File opened for modification	C:\Windows\SYSTEM32\wsock32.dll	cheatengine-x86_64-SSE4-AVX2.exe
File opened for modification	C:\Windows\SysWOW64\MMDevApi.dll	cheatengine-x86_64-SSE4-AVX2.exe
File opened for modification	C:\Windows\SysWOW64\AUDIOSES.DLL	cheatengine-x86_64-SSE4-AVX2.exe
File opened for modification	C:\Windows\SysWOW64\ddraw.dll	cheatengine-x86_64-SSE4-AVX2.exe
File opened for modification	C:\Windows\SysWOW64\clbcatq.dll	cheatengine-x86_64-SSE4-AVX2.exe
File opened for modification	C:\Windows\System32\RPCRT4.dll	cheatengine-x86_64-SSE4-AVX2.exe
File opened for modification	C:\Windows\System32\ws2_32.dll	cheatengine-x86_64-SSE4-AVX2.exe
File opened for modification	C:\Windows\System32\clbcatq.dll	cheatengine-x86_64-SSE4-AVX2.exe
File opened for modification	C:\Windows\System32\wow64win.dll	cheatengine-x86_64-SSE4-AVX2.exe
File opened for modification	C:\Windows\SysWOW64\ucrtbase.dll	cheatengine-x86_64-SSE4-AVX2.exe
File opened for modification	C:\Windows\SysWOW64\ole32.dll	cheatengine-x86_64-SSE4-AVX2.exe
File opened for modification	C:\Windows\SysWOW64\dxgi.dll	cheatengine-x86_64-SSE4-AVX2.exe
File opened for modification	C:\Windows\SysWOW64\msdmo.dll	cheatengine-x86_64-SSE4-AVX2.exe
File opened for modification	C:\Windows\SysWOW64\DEVOBJ.dll	cheatengine-x86_64-SSE4-AVX2.exe
File opened for modification	C:\Windows\System32\gdi32full.dll	cheatengine-x86_64-SSE4-AVX2.exe
File opened for modification	C:\Windows\System32\wow64con.dll	cheatengine-x86_64-SSE4-AVX2.exe
File opened for modification	C:\Windows\SysWOW64\msvcrt.dll	cheatengine-x86_64-SSE4-AVX2.exe
File opened for modification	C:\Windows\SysWOW64\bcryptPrimitives.dll	cheatengine-x86_64-SSE4-AVX2.exe
File opened for modification	C:\Windows\SysWOW64\IMM32.DLL	cheatengine-x86_64-SSE4-AVX2.exe
File opened for modification	C:\Windows\SysWOW64\cfgmgr32.dll	cheatengine-x86_64-SSE4-AVX2.exe
File opened for modification	C:\Windows\SysWOW64\wdmaud.drv	cheatengine-x86_64-SSE4-AVX2.exe

Enumerates processes with tasklist 1 TTPs 64 IoCs

discovery

Process Discovery

T1057

pid	Process
8552	tasklist.exe
5912	Process not Found
3116	Process not Found
5196	Process not Found
7900	Process not Found
4504	tasklist.exe
8000	tasklist.exe
8780	tasklist.exe
7328	tasklist.exe
2300	tasklist.exe
8416	tasklist.exe
5572	tasklist.exe
8796	tasklist.exe
7424	tasklist.exe
5996	Process not Found
6732	Process not Found
8216	tasklist.exe
4900	tasklist.exe
5956	Process not Found
3368	Process not Found
9696	tasklist.exe
10056	Process not Found
8656	Process not Found
1520	Process not Found
5528	Process not Found
3120	tasklist.exe
7020	tasklist.exe
8184	tasklist.exe
6356	tasklist.exe
6664	tasklist.exe
2708	tasklist.exe
6316	Process not Found
8764	Process not Found
6328	Process not Found
8824	tasklist.exe
9296	tasklist.exe
4020	tasklist.exe
1432	Process not Found
7780	Process not Found
1988	tasklist.exe
7108	tasklist.exe
9896	tasklist.exe
2264	Process not Found
10164	Process not Found
7116	Process not Found
7836	tasklist.exe
5312	tasklist.exe
8300	Process not Found
6224	tasklist.exe
7836	tasklist.exe
9432	tasklist.exe
4240	tasklist.exe
8572	tasklist.exe
8188	tasklist.exe
3792	Process not Found
8200	Process not Found
4440	tasklist.exe
5728	tasklist.exe
6204	tasklist.exe
7920	tasklist.exe
5156	tasklist.exe
1144	Process not Found
10172	tasklist.exe
2000	tasklist.exe

Sets desktop wallpaper using registry 2 TTPs 4 IoCs

ransomware

Defacement

T1491

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000\Control Panel\Desktop\Wallpaper = "0"	$uckyLocker.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\!WannaCryptor!.bmp"	!WannaDecryptor!.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\@[email protected]"	WannaCrypt0r (1).exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\@[email protected]"	@[email protected]

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\eBook.api.21C81B71B2065CD25C6E7B114605AF1EB22A3A0EA18C25E89D76211890D7A41A	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_ellipses-hover.svg.21C81B71B2065CD25C6E7B114605AF1EB22A3A0EA18C25E89D76211890D7A41A	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_history_18.svg.21C81B71B2065CD25C6E7B114605AF1EB22A3A0EA18C25E89D76211890D7A41A	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Download_on_the_App_Store_Badge_es_135x40.svg.21C81B71B2065CD25C6E7B114605AF1EB22A3A0EA18C25E89D76211890D7A41A	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\image\checkBox\uncheck_hover.svg	BSX-Setup-5.21.550.1031_nxt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\images\themeless\measure_poster.jpg.21C81B71B2065CD25C6E7B114605AF1EB22A3A0EA18C25E89D76211890D7A41A	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\pl-pl\ui-strings.js.21C81B71B2065CD25C6E7B114605AF1EB22A3A0EA18C25E89D76211890D7A41A	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\plugins\audio_output\libmmdevice_plugin.dll.21C81B71B2065CD25C6E7B114605AF1EB22A3A0EA18C25E89D76211890D7A41A	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\selector.js.21C81B71B2065CD25C6E7B114605AF1EB22A3A0EA18C25E89D76211890D7A41A	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\images\themes\dark\example_icons2x.png.21C81B71B2065CD25C6E7B114605AF1EB22A3A0EA18C25E89D76211890D7A41A	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\www\images\nxt-noNetwork.svg.21C81B71B2065CD25C6E7B114605AF1EB22A3A0EA18C25E89D76211890D7A41A	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\ResiliencyLinks\Trust Protection Lists\Sigma\Content.DATA.21C81B71B2065CD25C6E7B114605AF1EB22A3A0EA18C25E89D76211890D7A41A	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\image\MyGames\Card_Elliptical_gradient.svg	BSX-Setup-5.21.550.1031_nxt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\images\themeless\media_poster.jpg.21C81B71B2065CD25C6E7B114605AF1EB22A3A0EA18C25E89D76211890D7A41A	InfinityCrypt.exe
File opened for modification	C:\Program Files\BlueStacks_nxt\QtWebChannel\webchannelquickplugin.dll	7zr.exe
File opened for modification	C:\Program Files\Cheat Engine 7.5\dll\bcryptprimitives.pdb	cheatengine-x86_64-SSE4-AVX2.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_anonymoususer_18.svg.21C81B71B2065CD25C6E7B114605AF1EB22A3A0EA18C25E89D76211890D7A41A	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_organize_18.svg.21C81B71B2065CD25C6E7B114605AF1EB22A3A0EA18C25E89D76211890D7A41A	InfinityCrypt.exe
File created	C:\Program Files (x86)\BlueStacks X\image\Guide\Step3_img.png	BSX-Setup-5.21.550.1031_nxt.exe
File created	C:\Program Files (x86)\BlueStacks X\plugins\audio_output\libamem_plugin.dll	BSX-Setup-5.21.550.1031_nxt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\en-us\AppStore_icon.svg.21C81B71B2065CD25C6E7B114605AF1EB22A3A0EA18C25E89D76211890D7A41A	InfinityCrypt.exe
File opened for modification	C:\Program Files\Cheat Engine 7.5\symbols\dll\cfgmgr32.pdb	cheatengine-x86_64-SSE4-AVX2.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\image\radioButton	BSX-Setup-5.21.550.1031_nxt.exe
File created	C:\Program Files (x86)\BlueStacks X\api-ms-win-crt-utility-l1-1-0.dll	BSX-Setup-5.21.550.1031_nxt.exe
File created	C:\Program Files\Cheat Engine 7.5\tcclib\is-3MI7D.tmp	CheatEngine75.tmp
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\pdf-ownership-rdr-es_es_2x.gif.21C81B71B2065CD25C6E7B114605AF1EB22A3A0EA18C25E89D76211890D7A41A	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\tr-tr\ui-strings.js.21C81B71B2065CD25C6E7B114605AF1EB22A3A0EA18C25E89D76211890D7A41A	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\Marketplace.exe.21C81B71B2065CD25C6E7B114605AF1EB22A3A0EA18C25E89D76211890D7A41A	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\image\boot_bg.svg.21C81B71B2065CD25C6E7B114605AF1EB22A3A0EA18C25E89D76211890D7A41A	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\plugins\video_filter\libcanvas_plugin.dll	BSX-Setup-5.21.550.1031_nxt.exe
File created	C:\Program Files\BlueStacks_nxt\translations\qtwebengine_locales\it.pak	7zr.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\d3dcompiler_47.dll.21C81B71B2065CD25C6E7B114605AF1EB22A3A0EA18C25E89D76211890D7A41A	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\images\themes\dark\share_icons2x.png.21C81B71B2065CD25C6E7B114605AF1EB22A3A0EA18C25E89D76211890D7A41A	InfinityCrypt.exe
File created	C:\Program Files (x86)\BlueStacks X\UIControl.dll	BSX-Setup-5.21.550.1031_nxt.exe
File created	C:\Program Files (x86)\BlueStacks X\api-ms-win-crt-multibyte-l1-1-0.dll	BSX-Setup-5.21.550.1031_nxt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\js\nls\sl-si\ui-strings.js.21C81B71B2065CD25C6E7B114605AF1EB22A3A0EA18C25E89D76211890D7A41A	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\Installer\setup.exe.21C81B71B2065CD25C6E7B114605AF1EB22A3A0EA18C25E89D76211890D7A41A	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\ResiliencyLinks\Locales\km.pak.DATA.21C81B71B2065CD25C6E7B114605AF1EB22A3A0EA18C25E89D76211890D7A41A	InfinityCrypt.exe
File created	C:\Program Files (x86)\BlueStacks X\image\Guide\Mask_BG.png	BSX-Setup-5.21.550.1031_nxt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\new_icons.png.21C81B71B2065CD25C6E7B114605AF1EB22A3A0EA18C25E89D76211890D7A41A	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\Contracts\Microsoft.VisualStudio.Tools.Applications.Contract.v9.0.dll.21C81B71B2065CD25C6E7B114605AF1EB22A3A0EA18C25E89D76211890D7A41A	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\onnxruntime.dll.21C81B71B2065CD25C6E7B114605AF1EB22A3A0EA18C25E89D76211890D7A41A	InfinityCrypt.exe
File created	C:\Program Files\BlueStacks_nxt\HD-ForceGPU.exe	7zr.exe
File created	C:\Program Files\Cheat Engine 7.5\include\is-856TU.tmp	CheatEngine75.tmp
File opened for modification	C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\HostSideAdapters\Microsoft.VisualStudio.Tools.Office.Excel.HostAdapter.v10.0.dll.21C81B71B2065CD25C6E7B114605AF1EB22A3A0EA18C25E89D76211890D7A41A	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\compare-2x.png.21C81B71B2065CD25C6E7B114605AF1EB22A3A0EA18C25E89D76211890D7A41A	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\ko-kr\ui-strings.js.21C81B71B2065CD25C6E7B114605AF1EB22A3A0EA18C25E89D76211890D7A41A	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\ko-kr\ui-strings.js.21C81B71B2065CD25C6E7B114605AF1EB22A3A0EA18C25E89D76211890D7A41A	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\image\Optional\Icon_Help_Default.svg	BSX-Setup-5.21.550.1031_nxt.exe
File created	C:\Program Files (x86)\BlueStacks X\translations\qtwebengine_locales\ta.pak	BSX-Setup-5.21.550.1031_nxt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\js\nls\en-il\ui-strings.js.21C81B71B2065CD25C6E7B114605AF1EB22A3A0EA18C25E89D76211890D7A41A	InfinityCrypt.exe
File created	C:\Program Files\Cheat Engine 7.5\autorun\is-A3AHV.tmp	CheatEngine75.tmp
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\nl_get.svg.21C81B71B2065CD25C6E7B114605AF1EB22A3A0EA18C25E89D76211890D7A41A	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\plugins\codec\libflac_plugin.dll	BSX-Setup-5.21.550.1031_nxt.exe
File opened for modification	C:\Program Files\BlueStacks_nxt\Assets\BlueStacks.ico	7zr.exe
File created	C:\Program Files\BlueStacks_nxt\QtQuick\Dialogs\quickimpl\qtquickdialogs2quickimplplugin.dll	7zr.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\da-dk\ui-strings.js.21C81B71B2065CD25C6E7B114605AF1EB22A3A0EA18C25E89D76211890D7A41A	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\ca-es\ui-strings.js.21C81B71B2065CD25C6E7B114605AF1EB22A3A0EA18C25E89D76211890D7A41A	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.143.57\psuser.dll.21C81B71B2065CD25C6E7B114605AF1EB22A3A0EA18C25E89D76211890D7A41A	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\config\log.ini.21C81B71B2065CD25C6E7B114605AF1EB22A3A0EA18C25E89D76211890D7A41A	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\Locales\en-GB.pak.21C81B71B2065CD25C6E7B114605AF1EB22A3A0EA18C25E89D76211890D7A41A	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\uk-ua\ui-strings.js.21C81B71B2065CD25C6E7B114605AF1EB22A3A0EA18C25E89D76211890D7A41A	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\image\Gallery\next_disabled.svg.21C81B71B2065CD25C6E7B114605AF1EB22A3A0EA18C25E89D76211890D7A41A	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\BlueStacks X\plugins\video_filter\libbluescreen_plugin.dll	BSX-Setup-5.21.550.1031_nxt.exe

Drops file in Windows directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.22000.120_none_9d947278b86cc467\comctl32.dll	cheatengine-x86_64-SSE4-AVX2.exe
File opened for modification	C:\WINDOWS\Web	Krotten.exe

Launches sc.exe 3 IoCs

Sc.exe is a Windows utlilty to control services on the system.

pid	Process
7868	sc.exe
8848	sc.exe
7232	sc.exe

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 7 IoCs

When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

defense_evasion

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\CheatEngine75.exe:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\BlueStacks10Installer_10.41.550.1001_native_13fba11c530093e31a794b0838e7ea83_MzsxNSwwOzUsMTsxNSw0OzE1LA==_UGxhbnRzIHZzLiBab21iaWVzIEZSRUU=.exe:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\$uckyLocker.exe:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\InfinityCrypt.exe:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\WannaCry.exe:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\WannaCrypt0r (1).exe:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\YouAreAnIdiot.exe:Zone.Identifier	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Event Triggered Execution: Netsh Helper DLL 1 TTPs 24 IoCs

Netsh.exe (also referred to as Netshell) is a command-line scripting utility used to interact with the network configuration of a system.

persistence privilege_escalation

Netsh Helper DLL

T1546.007

description	ioc	Process
Key queried	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3792	5048	WerFault.exe	1434

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BSX-Setup-5.21.550.1031_nxt.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	find.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	HD-CheckCpu.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	PlantsVsZombies.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BlueStacksServicesSetup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	icacls.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	!WannaDecryptor!.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WMIC.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskdl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	windowsrepair.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7zr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	attrib.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	CheatEngine75.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BlueStacks10Installer_10.41.550.1001_native_13fba11c530093e31a794b0838e7ea83_MzsxNSwwOzUsMTsxNSw0OzE1LA==_UGxhbnRzIHZzLiBab21iaWVzIEZSRUU=.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	tasklist.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Cheat Engine.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	!WannaDecryptor!.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	YouAreAnIdiot.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	netsh.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	HD-CheckCpu.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	HD-CheckCpu.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskdl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Process not Found
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	HD-CheckCpu.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7zr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe

Checks processor information in registry 2 TTPs 14 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	BlueStacksInstaller.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	svchost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	svchost.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	svchost.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	InfinityCrypt.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\	CheatEngine75.tmp
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	svchost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	InfinityCrypt.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	BlueStacksInstaller.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	svchost.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	CheatEngine75.tmp
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	svchost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	svchost.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	svchost.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Kills process with taskkill 9 IoCs

evasion

pid	Process
1416	taskkill.exe
7024	taskkill.exe
7792	taskkill.exe
7356	taskkill.exe
7860	taskkill.exe
6748	taskkill.exe
9224	taskkill.exe
6332	taskkill.exe
8796	taskkill.exe

Modifies Control Panel 6 IoCs

evasion

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000\Control Panel\Desktop	Krotten.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000\Control Panel\Desktop\WallpaperOriginX = "210"	Krotten.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000\Control Panel\Desktop\WallpaperOriginY = "187"	Krotten.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000\Control Panel\Desktop\MenuShowDelay = "9999"	Krotten.exe
Key created	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000\Control Panel\International	Krotten.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000\Control Panel\International\sTimeFormat = "ÕÓÉ"	Krotten.exe

Modifies Internet Explorer settings 1 TTPs 4 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\Main	Krotten.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\Window title = ":::::::::::::::::: ÌÎÉ ÕÓÉ ÏÐÎÒÓÕ À ÏÈÇÄÀ ÃÍÈÅÒ ::::::::::::::::::"	Krotten.exe
Key created	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000\Software\Microsoft\Internet Explorer\Main	Krotten.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000\Software\Microsoft\Internet Explorer\Main\Window title = ":::::::::::::::::: ÌÎÉ ÕÓÉ ÏÐÎÒÓÕ À ÏÈÇÄÀ ÃÍÈÅÒ ::::::::::::::::::"	Krotten.exe

Modifies Internet Explorer start page 1 TTPs 2 IoCs

stealer

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\Start Page = "http://poetry.rotten.com/lightning/"	Krotten.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000\Software\Microsoft\Internet Explorer\Main\Start Page = "http://poetry.rotten.com/lightning/"	Krotten.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5FA96407-7E77-483C-AC93-691D05850DE8}\GroupByDirection = "1"	cheatengine-x86_64-SSE4-AVX2.exe
Key created	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0	cheatengine-x86_64-SSE4-AVX2.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	cheatengine-x86_64-SSE4-AVX2.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\MRUListEx = 00000000ffffffff	cheatengine-x86_64-SSE4-AVX2.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5FA96407-7E77-483C-AC93-691D05850DE8}\FFlags = "1092616257"	cheatengine-x86_64-SSE4-AVX2.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5FA96407-7E77-483C-AC93-691D05850DE8}\GroupView = "0"	cheatengine-x86_64-SSE4-AVX2.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0 = 4e003100000000006c59a51010004261736500003a0009000400efbe6c59a5106c59a5102e00000095af020000001a000000000000000000000000000000c1a2b2004200610073006500000014000000	cheatengine-x86_64-SSE4-AVX2.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	cheatengine-x86_64-SSE4-AVX2.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\BlueStacksX\shell\open\command	BSX-Setup-5.21.550.1031_nxt.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix	BackgroundTransferHost.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	cheatengine-x86_64-SSE4-AVX2.exe
Key created	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell	cheatengine-x86_64-SSE4-AVX2.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	cheatengine-x86_64-SSE4-AVX2.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	cheatengine-x86_64-SSE4-AVX2.exe
Key created	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\Shell	cheatengine-x86_64-SSE4-AVX2.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	cheatengine-x86_64-SSE4-AVX2.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2 = 3a002e80aba36ff8d270c74f9c99fcbf05467f3a260001002600efbe11000000c448ecc3b018db01b4141153a734db0171ee9855a734db0114000000	cheatengine-x86_64-SSE4-AVX2.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1"	cheatengine-x86_64-SSE4-AVX2.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	cheatengine-x86_64-SSE4-AVX2.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202020202	cheatengine-x86_64-SSE4-AVX2.exe
Key created	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1	cheatengine-x86_64-SSE4-AVX2.exe
Key created	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	cheatengine-x86_64-SSE4-AVX2.exe
Key created	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg	cheatengine-x86_64-SSE4-AVX2.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	cheatengine-x86_64-SSE4-AVX2.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.CT	CheatEngine75.tmp
Set value (data)	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	cheatengine-x86_64-SSE4-AVX2.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	cheatengine-x86_64-SSE4-AVX2.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	cheatengine-x86_64-SSE4-AVX2.exe
Key created	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell	cheatengine-x86_64-SSE4-AVX2.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0\0\MRUListEx = ffffffff	cheatengine-x86_64-SSE4-AVX2.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	cheatengine-x86_64-SSE4-AVX2.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	cheatengine-x86_64-SSE4-AVX2.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5FA96407-7E77-483C-AC93-691D05850DE8}\FFlags = "1"	cheatengine-x86_64-SSE4-AVX2.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Documents"	cheatengine-x86_64-SSE4-AVX2.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	cheatengine-x86_64-SSE4-AVX2.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4018527317-446799424-2810249686-1000\{81E59193-3069-457D-8FC6-3A2988F81D82}	svchost.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CheatEngine\shell\open	CheatEngine75.tmp
Key created	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3	cheatengine-x86_64-SSE4-AVX2.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14"	cheatengine-x86_64-SSE4-AVX2.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202020202	cheatengine-x86_64-SSE4-AVX2.exe
Key created	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell	cheatengine-x86_64-SSE4-AVX2.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0\NodeSlot = "7"	cheatengine-x86_64-SSE4-AVX2.exe
Key created	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8	cheatengine-x86_64-SSE4-AVX2.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\MRUListEx = 0100000000000000ffffffff	cheatengine-x86_64-SSE4-AVX2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.CETRAINER\ = "CheatEngine"	CheatEngine75.tmp
Set value (data)	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\MRUListEx = ffffffff	cheatengine-x86_64-SSE4-AVX2.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	cheatengine-x86_64-SSE4-AVX2.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0100000000000000ffffffff	cheatengine-x86_64-SSE4-AVX2.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 000000000200000001000000ffffffff	cheatengine-x86_64-SSE4-AVX2.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	cheatengine-x86_64-SSE4-AVX2.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	cheatengine-x86_64-SSE4-AVX2.exe
Key created	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	cheatengine-x86_64-SSE4-AVX2.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupView = "0"	cheatengine-x86_64-SSE4-AVX2.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\Shell\SniffedFolderType = "Generic"	cheatengine-x86_64-SSE4-AVX2.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4018527317-446799424-2810249686-1000\{CDF5D39F-C5E1-4D48-B64C-B5C0F424ADD2}	svchost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\BlueStacksX\shell\	BSX-Setup-5.21.550.1031_nxt.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	cheatengine-x86_64-SSE4-AVX2.exe
Key created	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6	cheatengine-x86_64-SSE4-AVX2.exe
Key created	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg	cheatengine-x86_64-SSE4-AVX2.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\1 = 5e003100000000006c59a610100050524f5045527e310000460009000400efbe6c59a6106c59a6102e00000026b50200000011000000000000000000000000000000b7723d00700072006f007000650072007400690065007300000018000000	cheatengine-x86_64-SSE4-AVX2.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Version = "1"	cheatengine-x86_64-SSE4-AVX2.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\bstsrvs\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Programs\\bluestacks-services\\BlueStacksServices.exe\" \"%1\""	BlueStacksServices.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CheatEngine	CheatEngine75.tmp
Key created	\REGISTRY\USER\S-1-5-21-4018527317-446799424-2810249686-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2	cheatengine-x86_64-SSE4-AVX2.exe

Modifies registry key 1 TTPs 1 IoCs

Modify Registry

T1112

pid	Process
5168	reg.exe

NTFS ADS 18 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 533103.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 683780.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 966772.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\YouAreAnIdiot.exe:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\BlueStacks10Installer_10.41.550.1001_native_13fba11c530093e31a794b0838e7ea83_MzsxNSwwOzUsMTsxNSw0OzE1LA==_UGxhbnRzIHZzLiBab21iaWVzIEZSRUU=.exe:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 867833.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 372530.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 824252.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\CheatEngine75.exe:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\$uckyLocker.exe:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 224865.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\WannaCry.exe:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\WannaCrypt0r (1).exe:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Plants vs. Zombies.zip:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\popcapgame1.CT:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 999180.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 414439.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\InfinityCrypt.exe:Zone.Identifier	msedge.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4744	msedge.exe
4744	msedge.exe
5948	msedge.exe
5948	msedge.exe
5304	identity_helper.exe
5304	identity_helper.exe
1224	msedge.exe
1224	msedge.exe
4884	msedge.exe
4884	msedge.exe
6044	msedge.exe
6044	msedge.exe
4884	msedge.exe
4884	msedge.exe
4884	msedge.exe
4884	msedge.exe
956	msedge.exe
956	msedge.exe
5052	BlueStacksInstaller.exe
5052	BlueStacksInstaller.exe
5052	BlueStacksInstaller.exe
5052	BlueStacksInstaller.exe
5052	BlueStacksInstaller.exe
5052	BlueStacksInstaller.exe
5052	BlueStacksInstaller.exe
1772	BSX-Setup-5.21.550.1031_nxt.exe
1772	BSX-Setup-5.21.550.1031_nxt.exe
1772	BSX-Setup-5.21.550.1031_nxt.exe
1772	BSX-Setup-5.21.550.1031_nxt.exe
5208	Bootstrapper.exe
5208	Bootstrapper.exe
5208	Bootstrapper.exe
5208	Bootstrapper.exe
5208	Bootstrapper.exe
5208	Bootstrapper.exe
5208	Bootstrapper.exe
5208	Bootstrapper.exe
5736	BlueStacksInstaller.exe
5736	BlueStacksInstaller.exe
7240	BlueStacksServicesSetup.exe
7240	BlueStacksServicesSetup.exe
8392	tasklist.exe
8392	tasklist.exe
5736	BlueStacksInstaller.exe
5736	BlueStacksInstaller.exe
5736	BlueStacksInstaller.exe
5736	BlueStacksInstaller.exe
5736	BlueStacksInstaller.exe
5736	BlueStacksInstaller.exe
7984	msedge.exe
7984	msedge.exe
9544	BlueStacksServices.exe
9544	BlueStacksServices.exe
7536	CheatEngine75.tmp
7536	CheatEngine75.tmp
7536	CheatEngine75.tmp
7536	CheatEngine75.tmp
7536	CheatEngine75.tmp
7536	CheatEngine75.tmp
7536	CheatEngine75.tmp
7536	CheatEngine75.tmp
7536	CheatEngine75.tmp
7536	CheatEngine75.tmp
7536	CheatEngine75.tmp

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
10148	PlantsVsZombies.exe
9440	cheatengine-x86_64-SSE4-AVX2.exe

Suspicious behavior: LoadsDriver 1 IoCs

pid	Process
656	Process not Found

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs

pid	Process
5948	msedge.exe
5948	msedge.exe
5948	msedge.exe
5948	msedge.exe
5948	msedge.exe
5948	msedge.exe
5948	msedge.exe
5948	msedge.exe
5948	msedge.exe
5948	msedge.exe
5948	msedge.exe
5948	msedge.exe
5948	msedge.exe
5948	msedge.exe
5948	msedge.exe
5948	msedge.exe
5948	msedge.exe
5948	msedge.exe
5948	msedge.exe
5948	msedge.exe
5948	msedge.exe
5948	msedge.exe
5948	msedge.exe
5948	msedge.exe
5948	msedge.exe
5948	msedge.exe
5948	msedge.exe
5948	msedge.exe
5948	msedge.exe
5948	msedge.exe
5948	msedge.exe
5948	msedge.exe
5948	msedge.exe
5948	msedge.exe
5948	msedge.exe
5948	msedge.exe
5948	msedge.exe
5948	msedge.exe
5948	msedge.exe
5948	msedge.exe
5948	msedge.exe
5948	msedge.exe
5948	msedge.exe
5948	msedge.exe
5948	msedge.exe
5948	msedge.exe
5948	msedge.exe
5948	msedge.exe
5948	msedge.exe
5948	msedge.exe
5948	msedge.exe
5948	msedge.exe
5948	msedge.exe
5948	msedge.exe
5948	msedge.exe
5948	msedge.exe
5948	msedge.exe
5948	msedge.exe
5948	msedge.exe
5948	msedge.exe
5948	msedge.exe
5948	msedge.exe
5948	msedge.exe
5948	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	5052	BlueStacksInstaller.exe
Token: SeSecurityPrivilege	1772	BSX-Setup-5.21.550.1031_nxt.exe
Token: SeDebugPrivilege	5208	Bootstrapper.exe
Token: SeDebugPrivilege	5736	BlueStacksInstaller.exe
Token: SeRestorePrivilege	7412	7zr.exe
Token: 35	7412	7zr.exe
Token: SeSecurityPrivilege	7412	7zr.exe
Token: SeSecurityPrivilege	7412	7zr.exe
Token: SeDebugPrivilege	8392	tasklist.exe
Token: SeSecurityPrivilege	7240	BlueStacksServicesSetup.exe
Token: SeRestorePrivilege	8624	7zr.exe
Token: 35	8624	7zr.exe
Token: SeSecurityPrivilege	8624	7zr.exe
Token: SeSecurityPrivilege	8624	7zr.exe
Token: SeShutdownPrivilege	9420	BlueStacksServices.exe
Token: SeCreatePagefilePrivilege	9420	BlueStacksServices.exe
Token: SeDebugPrivilege	1988	tasklist.exe
Token: SeDebugPrivilege	3100	tasklist.exe
Token: SeShutdownPrivilege	9420	BlueStacksServices.exe
Token: SeCreatePagefilePrivilege	9420	BlueStacksServices.exe
Token: SeRestorePrivilege	8236	7zr.exe
Token: 35	8236	7zr.exe
Token: SeSecurityPrivilege	8236	7zr.exe
Token: SeSecurityPrivilege	8236	7zr.exe
Token: SeDebugPrivilege	8380	tasklist.exe
Token: SeDebugPrivilege	8824	tasklist.exe
Token: SeShutdownPrivilege	9420	BlueStacksServices.exe
Token: SeCreatePagefilePrivilege	9420	BlueStacksServices.exe
Token: SeShutdownPrivilege	9420	BlueStacksServices.exe
Token: SeCreatePagefilePrivilege	9420	BlueStacksServices.exe
Token: SeShutdownPrivilege	9420	BlueStacksServices.exe
Token: SeCreatePagefilePrivilege	9420	BlueStacksServices.exe
Token: SeRestorePrivilege	7596	7zr.exe
Token: 35	7596	7zr.exe
Token: SeSecurityPrivilege	7596	7zr.exe
Token: SeSecurityPrivilege	7596	7zr.exe
Token: SeShutdownPrivilege	9420	BlueStacksServices.exe
Token: SeCreatePagefilePrivilege	9420	BlueStacksServices.exe
Token: SeShutdownPrivilege	9420	BlueStacksServices.exe
Token: SeCreatePagefilePrivilege	9420	BlueStacksServices.exe
Token: SeDebugPrivilege	8012	tasklist.exe
Token: SeShutdownPrivilege	9420	BlueStacksServices.exe
Token: SeCreatePagefilePrivilege	9420	BlueStacksServices.exe
Token: SeDebugPrivilege	8084	tasklist.exe
Token: SeShutdownPrivilege	9420	BlueStacksServices.exe
Token: SeCreatePagefilePrivilege	9420	BlueStacksServices.exe
Token: SeShutdownPrivilege	9420	BlueStacksServices.exe
Token: SeCreatePagefilePrivilege	9420	BlueStacksServices.exe
Token: SeShutdownPrivilege	9420	BlueStacksServices.exe
Token: SeCreatePagefilePrivilege	9420	BlueStacksServices.exe
Token: SeRestorePrivilege	10032	7zr.exe
Token: 35	10032	7zr.exe
Token: SeSecurityPrivilege	10032	7zr.exe
Token: SeSecurityPrivilege	10032	7zr.exe
Token: SeRestorePrivilege	716	7zr.exe
Token: 35	716	7zr.exe
Token: SeSecurityPrivilege	716	7zr.exe
Token: SeSecurityPrivilege	716	7zr.exe
Token: SeShutdownPrivilege	9420	BlueStacksServices.exe
Token: SeCreatePagefilePrivilege	9420	BlueStacksServices.exe
Token: SeShutdownPrivilege	9420	BlueStacksServices.exe
Token: SeCreatePagefilePrivilege	9420	BlueStacksServices.exe
Token: SeDebugPrivilege	1552	tasklist.exe
Token: SeShutdownPrivilege	9420	BlueStacksServices.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
5948	msedge.exe
5948	msedge.exe
5948	msedge.exe
5948	msedge.exe
5948	msedge.exe
5948	msedge.exe
5948	msedge.exe
5948	msedge.exe
5948	msedge.exe
5948	msedge.exe
5948	msedge.exe
5948	msedge.exe
5948	msedge.exe
5948	msedge.exe
5948	msedge.exe
5948	msedge.exe
5948	msedge.exe
5948	msedge.exe
5948	msedge.exe
5948	msedge.exe
5948	msedge.exe
5948	msedge.exe
5948	msedge.exe
5948	msedge.exe
5948	msedge.exe
5948	msedge.exe
5948	msedge.exe
5948	msedge.exe
5948	msedge.exe
5948	msedge.exe
5948	msedge.exe
5948	msedge.exe
5948	msedge.exe
5948	msedge.exe
5948	msedge.exe
5948	msedge.exe
5948	msedge.exe
5948	msedge.exe
5948	msedge.exe
5948	msedge.exe
5948	msedge.exe
5948	msedge.exe
5948	msedge.exe
5948	msedge.exe
5948	msedge.exe
5948	msedge.exe
5948	msedge.exe
5948	msedge.exe
5948	msedge.exe
5948	msedge.exe
5948	msedge.exe
5948	msedge.exe
9420	BlueStacksServices.exe
9420	BlueStacksServices.exe
9420	BlueStacksServices.exe
9420	BlueStacksServices.exe
5948	msedge.exe
5948	msedge.exe
5948	msedge.exe
5948	msedge.exe
5948	msedge.exe
5948	msedge.exe
5948	msedge.exe
5948	msedge.exe

Suspicious use of SendNotifyMessage 33 IoCs

pid	Process
5948	msedge.exe
5948	msedge.exe
5948	msedge.exe
5948	msedge.exe
5948	msedge.exe
5948	msedge.exe
5948	msedge.exe
5948	msedge.exe
5948	msedge.exe
5948	msedge.exe
5948	msedge.exe
5948	msedge.exe
9420	BlueStacksServices.exe
9420	BlueStacksServices.exe
9420	BlueStacksServices.exe
9420	BlueStacksServices.exe
9420	BlueStacksServices.exe
1164	msedge.exe
1164	msedge.exe
1164	msedge.exe
1164	msedge.exe
1164	msedge.exe
1164	msedge.exe
1164	msedge.exe
1164	msedge.exe
1164	msedge.exe
1164	msedge.exe
1164	msedge.exe
1164	msedge.exe
1164	msedge.exe
1164	msedge.exe
1164	msedge.exe
1164	msedge.exe

Suspicious use of SetWindowsHookEx 42 IoCs

pid	Process
2948	HD-GLCheck.exe
9064	HD-GLCheck.exe
2792	OpenWith.exe
4480	MiniSearchHost.exe
9440	cheatengine-x86_64-SSE4-AVX2.exe
9440	cheatengine-x86_64-SSE4-AVX2.exe
8580	!WannaDecryptor!.exe
8580	!WannaDecryptor!.exe
1080	!WannaDecryptor!.exe
1080	!WannaDecryptor!.exe
7788	!WannaDecryptor!.exe
7788	!WannaDecryptor!.exe
9136	!WannaDecryptor!.exe
9136	!WannaDecryptor!.exe
10072	@[email protected]
10072	@[email protected]
4212	@[email protected]
4212	@[email protected]
8168	@[email protected]
6632	@[email protected]
8228	@[email protected]
7016	@[email protected]
9296	Process not Found
5280	Process not Found
3112	Process not Found
5496	Process not Found
5572	Process not Found
3452	Process not Found
8300	Process not Found
2876	Process not Found
7016	Process not Found
3004	Process not Found
4620	Process not Found
6572	Process not Found
7980	Process not Found
8588	Process not Found
4428	Process not Found
3420	Process not Found
4440	Process not Found
9164	Process not Found
4880	Process not Found
4896	Process not Found

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5948 wrote to memory of 5760	5948	msedge.exe	77
PID 5948 wrote to memory of 5760	5948	msedge.exe	77
PID 5948 wrote to memory of 3344	5948	msedge.exe	78
PID 5948 wrote to memory of 3344	5948	msedge.exe	78
PID 5948 wrote to memory of 3344	5948	msedge.exe	78
PID 5948 wrote to memory of 3344	5948	msedge.exe	78
PID 5948 wrote to memory of 3344	5948	msedge.exe	78
PID 5948 wrote to memory of 3344	5948	msedge.exe	78
PID 5948 wrote to memory of 3344	5948	msedge.exe	78
PID 5948 wrote to memory of 3344	5948	msedge.exe	78
PID 5948 wrote to memory of 3344	5948	msedge.exe	78
PID 5948 wrote to memory of 3344	5948	msedge.exe	78
PID 5948 wrote to memory of 3344	5948	msedge.exe	78
PID 5948 wrote to memory of 3344	5948	msedge.exe	78
PID 5948 wrote to memory of 3344	5948	msedge.exe	78
PID 5948 wrote to memory of 3344	5948	msedge.exe	78
PID 5948 wrote to memory of 3344	5948	msedge.exe	78
PID 5948 wrote to memory of 3344	5948	msedge.exe	78
PID 5948 wrote to memory of 3344	5948	msedge.exe	78
PID 5948 wrote to memory of 3344	5948	msedge.exe	78
PID 5948 wrote to memory of 3344	5948	msedge.exe	78
PID 5948 wrote to memory of 3344	5948	msedge.exe	78
PID 5948 wrote to memory of 3344	5948	msedge.exe	78
PID 5948 wrote to memory of 3344	5948	msedge.exe	78
PID 5948 wrote to memory of 3344	5948	msedge.exe	78
PID 5948 wrote to memory of 3344	5948	msedge.exe	78
PID 5948 wrote to memory of 3344	5948	msedge.exe	78
PID 5948 wrote to memory of 3344	5948	msedge.exe	78
PID 5948 wrote to memory of 3344	5948	msedge.exe	78
PID 5948 wrote to memory of 3344	5948	msedge.exe	78
PID 5948 wrote to memory of 3344	5948	msedge.exe	78
PID 5948 wrote to memory of 3344	5948	msedge.exe	78
PID 5948 wrote to memory of 3344	5948	msedge.exe	78
PID 5948 wrote to memory of 3344	5948	msedge.exe	78
PID 5948 wrote to memory of 3344	5948	msedge.exe	78
PID 5948 wrote to memory of 3344	5948	msedge.exe	78
PID 5948 wrote to memory of 3344	5948	msedge.exe	78
PID 5948 wrote to memory of 3344	5948	msedge.exe	78
PID 5948 wrote to memory of 3344	5948	msedge.exe	78
PID 5948 wrote to memory of 3344	5948	msedge.exe	78
PID 5948 wrote to memory of 3344	5948	msedge.exe	78
PID 5948 wrote to memory of 3344	5948	msedge.exe	78
PID 5948 wrote to memory of 4744	5948	msedge.exe	79
PID 5948 wrote to memory of 4744	5948	msedge.exe	79
PID 5948 wrote to memory of 4864	5948	msedge.exe	80
PID 5948 wrote to memory of 4864	5948	msedge.exe	80
PID 5948 wrote to memory of 4864	5948	msedge.exe	80
PID 5948 wrote to memory of 4864	5948	msedge.exe	80
PID 5948 wrote to memory of 4864	5948	msedge.exe	80
PID 5948 wrote to memory of 4864	5948	msedge.exe	80
PID 5948 wrote to memory of 4864	5948	msedge.exe	80
PID 5948 wrote to memory of 4864	5948	msedge.exe	80
PID 5948 wrote to memory of 4864	5948	msedge.exe	80
PID 5948 wrote to memory of 4864	5948	msedge.exe	80
PID 5948 wrote to memory of 4864	5948	msedge.exe	80
PID 5948 wrote to memory of 4864	5948	msedge.exe	80
PID 5948 wrote to memory of 4864	5948	msedge.exe	80
PID 5948 wrote to memory of 4864	5948	msedge.exe	80
PID 5948 wrote to memory of 4864	5948	msedge.exe	80
PID 5948 wrote to memory of 4864	5948	msedge.exe	80
PID 5948 wrote to memory of 4864	5948	msedge.exe	80
PID 5948 wrote to memory of 4864	5948	msedge.exe	80
PID 5948 wrote to memory of 4864	5948	msedge.exe	80
PID 5948 wrote to memory of 4864	5948	msedge.exe	80

System policy modification 1 TTPs 37 IoCs

evasion

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSMMyPictures = "1"	Krotten.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoStartMenuMyMusic = "1"	Krotten.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoControlPanel = "1"	Krotten.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispCPL = "1"	Krotten.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1"	Krotten.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoStartMenuMFUprogramsList = "1"	Krotten.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoToolbarCustomize = "1"	Krotten.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoThemesTab = "1"	Krotten.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSMHelp = "1"	Krotten.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoPrinters = "1"	Krotten.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoNetHood = "1"	Krotten.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System	Krotten.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFind = "1"	Krotten.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoClose = "1"	Krotten.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSaveSettings = "1"	Krotten.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoPrinterTabs = "1"	Krotten.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer	Krotten.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoCommonGroups = "1"	Krotten.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoManageMyComputerVerb = "1"	Krotten.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum	Krotten.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoViewOnDrive = "1"	Krotten.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoUserNameInStartMenu = "1"	Krotten.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{450D8FBA-AD25-11D0-98A8-0800361B1103} = "1"	Krotten.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Uninstall	Krotten.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Uninstall\NoAddRemovePrograms = "1"	Krotten.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoStartMenuPinnedList = "1"	Krotten.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoStartMenuSubFolders = "1"	Krotten.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDesktop = "1"	Krotten.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives = "1044"	Krotten.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRun = "1"	Krotten.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoLogOff = "1"	Krotten.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{20D04FE0-3AEA-1069-A2D8-08002B30309D} = "1"	Krotten.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr = "1"	Krotten.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSMMyDocs = "1"	Krotten.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRecentDocsMenu = "1"	Krotten.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktop = "1"	Krotten.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFavoritesMenu = "1"	Krotten.exe

Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

Views/modifies file attributes 1 TTPs 14 IoCs

evasion

Hidden Files and Directories

T1564.001

pid	Process
6204	Process not Found
7968	Process not Found
8128	Process not Found
176	Process not Found
9228	Process not Found
7828	attrib.exe
6232	attrib.exe
4368	attrib.exe
32	Process not Found
8000	Process not Found
9476	Process not Found
6980	attrib.exe
7404	Process not Found
6692	Process not Found

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffb23ba3cb8,0x7ffb23ba3cc8,0x7ffb23ba3cd8
  2⤵
  PID:5760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1892 /prefetch:2
  2⤵
  PID:3344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2032 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2672 /prefetch:8
  2⤵
  PID:4864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
  2⤵
  PID:6000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3484 /prefetch:1
  2⤵
  PID:3588
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5288 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5360 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5348 /prefetch:1
  2⤵
  PID:6012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5704 /prefetch:1
  2⤵
  PID:384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3736 /prefetch:1
  2⤵
  PID:5772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5968 /prefetch:1
  2⤵
  PID:2380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5668 /prefetch:1
  2⤵
  PID:940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4748 /prefetch:1
  2⤵
  PID:3272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5864 /prefetch:1
  2⤵
  PID:4448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2072 /prefetch:1
  2⤵
  PID:4148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5616 /prefetch:1
  2⤵
  PID:3904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5380 /prefetch:1
  2⤵
  PID:5000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5624 /prefetch:1
  2⤵
  PID:2820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5904 /prefetch:1
  2⤵
  PID:4540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6524 /prefetch:1
  2⤵
  PID:3996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6588 /prefetch:1
  2⤵
  PID:4560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7084 /prefetch:1
  2⤵
  PID:1956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4736 /prefetch:1
  2⤵
  PID:3984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6464 /prefetch:8
  2⤵
  PID:6076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7096 /prefetch:8
  2⤵
  PID:2684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6392 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:4884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7124 /prefetch:1
  2⤵
  PID:4692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6724 /prefetch:1
  2⤵
  PID:2984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4796 /prefetch:1
  2⤵
  PID:3092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6864 /prefetch:1
  2⤵
  PID:400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5588 /prefetch:8
  2⤵
  PID:1640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4764 /prefetch:1
  2⤵
  PID:688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6720 /prefetch:1
  2⤵
  PID:4132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3716 /prefetch:1
  2⤵
  PID:416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6692 /prefetch:1
  2⤵
  PID:5200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7680 /prefetch:1
  2⤵
  PID:3096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7780 /prefetch:1
  2⤵
  PID:4696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7852 /prefetch:1
  2⤵
  PID:3176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8292 /prefetch:1
  2⤵
  PID:4148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8452 /prefetch:1
  2⤵
  PID:1416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7292 /prefetch:1
  2⤵
  PID:1220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9040 /prefetch:1
  2⤵
  PID:4296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9200 /prefetch:1
  2⤵
  PID:1528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9316 /prefetch:1
  2⤵
  PID:5156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8768 /prefetch:1
  2⤵
  PID:1912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9044 /prefetch:1
  2⤵
  PID:1152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9668 /prefetch:1
  2⤵
  PID:1176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9876 /prefetch:1
  2⤵
  PID:3028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=8948 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8940 /prefetch:1
  2⤵
  PID:2620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10244 /prefetch:1
  2⤵
  PID:2212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10616 /prefetch:1
  2⤵
  PID:3068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10056 /prefetch:1
  2⤵
  PID:2500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5724 /prefetch:1
  2⤵
  PID:720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10356 /prefetch:1
  2⤵
  PID:1148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=8620 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7840 /prefetch:1
  2⤵
  PID:5964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10508 /prefetch:1
  2⤵
  PID:4752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9004 /prefetch:1
  2⤵
  PID:5572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10984 /prefetch:1
  2⤵
  PID:3120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7936 /prefetch:1
  2⤵
  PID:1308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9000 /prefetch:1
  2⤵
  PID:900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9080 /prefetch:1
  2⤵
  PID:5624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9092 /prefetch:1
  2⤵
  PID:5316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9072 /prefetch:1
  2⤵
  PID:4928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10512 /prefetch:1
  2⤵
  PID:5076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9228 /prefetch:1
  2⤵
  PID:5824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10464 /prefetch:1
  2⤵
  PID:2252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7928 /prefetch:1
  2⤵
  PID:5544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8640 /prefetch:1
  2⤵
  PID:5912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9712 /prefetch:1
  2⤵
  PID:2504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9720 /prefetch:1
  2⤵
  PID:3032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6668 /prefetch:1
  2⤵
  PID:5852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4020 /prefetch:1
  2⤵
  PID:1196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10304 /prefetch:1
  2⤵
  PID:4588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9480 /prefetch:1
  2⤵
  PID:5428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7576 /prefetch:1
  2⤵
  PID:1152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=81 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9100 /prefetch:1
  2⤵
  PID:4472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=82 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8172 /prefetch:1
  2⤵
  PID:3504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=83 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10540 /prefetch:1
  2⤵
  PID:5108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=84 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8028 /prefetch:1
  2⤵
  PID:2744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=85 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11196 /prefetch:1
  2⤵
  PID:5228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=86 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10940 /prefetch:1
  2⤵
  PID:3772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=87 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7784 /prefetch:1
  2⤵
  PID:5348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=88 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8556 /prefetch:1
  2⤵
  PID:5060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=89 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9596 /prefetch:1
  2⤵
  PID:1616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=90 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10596 /prefetch:1
  2⤵
  PID:1228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=91 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8912 /prefetch:1
  2⤵
  PID:4132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=92 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6864 /prefetch:1
  2⤵
  PID:3572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=93 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9132 /prefetch:1
  2⤵
  PID:2980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=94 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11424 /prefetch:1
  2⤵
  PID:4564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=95 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11664 /prefetch:1
  2⤵
  PID:996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=96 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11524 /prefetch:1
  2⤵
  PID:6152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=97 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12004 /prefetch:1
  2⤵
  PID:6160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=98 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11792 /prefetch:1
  2⤵
  PID:6292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=99 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12160 /prefetch:1
  2⤵
  PID:6612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=100 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8036 /prefetch:1
  2⤵
  PID:1308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=101 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9752 /prefetch:1
  2⤵
  PID:6548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=102 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12164 /prefetch:1
  2⤵
  PID:4324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=103 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10364 /prefetch:1
  2⤵
  PID:936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=104 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10244 /prefetch:1
  2⤵
  PID:196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=105 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12064 /prefetch:1
  2⤵
  PID:3368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=106 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10420 /prefetch:1
  2⤵
  PID:3016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=107 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10444 /prefetch:1
  2⤵
  PID:6592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=108 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8944 /prefetch:1
  2⤵
  PID:6848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=109 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9264 /prefetch:1
  2⤵
  PID:6932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=110 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9340 /prefetch:1
  2⤵
  PID:6948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=111 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12172 /prefetch:1
  2⤵
  PID:6956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=112 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11824 /prefetch:1
  2⤵
  PID:6944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=113 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10320 /prefetch:1
  2⤵
  PID:6088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=114 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11580 /prefetch:1
  2⤵
  PID:740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=115 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11308 /prefetch:1
  2⤵
  PID:6520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=116 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9356 /prefetch:1
  2⤵
  PID:2264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=117 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8828 /prefetch:1
  2⤵
  PID:4732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=118 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12064 /prefetch:1
  2⤵
  PID:3420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=119 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7280 /prefetch:1
  2⤵
  PID:5536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=120 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12096 /prefetch:1
  2⤵
  PID:6112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=121 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11480 /prefetch:1
  2⤵
  PID:5872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=122 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9164 /prefetch:1
  2⤵
  PID:6008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=123 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9888 /prefetch:1
  2⤵
  PID:252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=124 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11772 /prefetch:1
  2⤵
  PID:5020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=125 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11240 /prefetch:1
  2⤵
  PID:6908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=126 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11804 /prefetch:1
  2⤵
  PID:3512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=127 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11132 /prefetch:1
  2⤵
  PID:5696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=128 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10912 /prefetch:1
  2⤵
  PID:4696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=129 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10536 /prefetch:1
  2⤵
  PID:6372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=130 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11620 /prefetch:1
  2⤵
  PID:6440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=131 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9028 /prefetch:1
  2⤵
  PID:7136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=132 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11048 /prefetch:1
  2⤵
  PID:1476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=133 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8256 /prefetch:1
  2⤵
  PID:4904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=134 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8592 /prefetch:1
  2⤵
  PID:5852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=135 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11328 /prefetch:1
  2⤵
  PID:1940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=136 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11128 /prefetch:1
  2⤵
  PID:6216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=137 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9044 /prefetch:1
  2⤵
  PID:4816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=138 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11764 /prefetch:1
  2⤵
  PID:2160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=139 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8900 /prefetch:1
  2⤵
  PID:4324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=140 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10876 /prefetch:1
  2⤵
  PID:4528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=141 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11192 /prefetch:1
  2⤵
  PID:5608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=142 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7420 /prefetch:1
  2⤵
  PID:6972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=143 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12236 /prefetch:1
  2⤵
  PID:6980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=144 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9348 /prefetch:1
  2⤵
  PID:2128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=145 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8540 /prefetch:1
  2⤵
  PID:6944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=146 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9796 /prefetch:1
  2⤵
  PID:5472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=147 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8684 /prefetch:1
  2⤵
  PID:6356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=148 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8512 /prefetch:1
  2⤵
  PID:2056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=149 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5424 /prefetch:1
  2⤵
  PID:5428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=150 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8756 /prefetch:1
  2⤵
  PID:3436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=151 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8604 /prefetch:1
  2⤵
  PID:4660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=152 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6852 /prefetch:1
  2⤵
  PID:3028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=153 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10124 /prefetch:1
  2⤵
  PID:2876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=154 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8420 /prefetch:1
  2⤵
  PID:2616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=155 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8584 /prefetch:1
  2⤵
  PID:1336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=156 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8976 /prefetch:1
  2⤵
  PID:6164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=157 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4944 /prefetch:1
  2⤵
  PID:1492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=158 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8768 /prefetch:1
  2⤵
  PID:1912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=159 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7888 /prefetch:1
  2⤵
  PID:1404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=160 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12208 /prefetch:1
  2⤵
  PID:2000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=161 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8788 /prefetch:1
  2⤵
  PID:5872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=162 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8000 /prefetch:1
  2⤵
  PID:2264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=163 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10136 /prefetch:1
  2⤵
  PID:6072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=164 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12484 /prefetch:1
  2⤵
  PID:6812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=165 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11256 /prefetch:1
  2⤵
  PID:6420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=166 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7516 /prefetch:1
  2⤵
  PID:6292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=167 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10652 /prefetch:1
  2⤵
  PID:5932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=168 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11036 /prefetch:1
  2⤵
  PID:6472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=169 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11868 /prefetch:1
  2⤵
  PID:2860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=170 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12488 /prefetch:1
  2⤵
  PID:6688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=171 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8936 /prefetch:1
  2⤵
  PID:4288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=172 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10124 /prefetch:1
  2⤵
  PID:6344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=173 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12144 /prefetch:1
  2⤵
  PID:5484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=174 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12020 /prefetch:1
  2⤵
  PID:2612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=175 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7424 /prefetch:1
  2⤵
  PID:2428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=176 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8484 /prefetch:1
  2⤵
  PID:4936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=177 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12820 /prefetch:1
  2⤵
  PID:936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=178 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11660 /prefetch:1
  2⤵
  PID:2508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=179 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7776 /prefetch:1
  2⤵
  PID:760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=180 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8800 /prefetch:1
  2⤵
  PID:3420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=181 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12580 /prefetch:1
  2⤵
  PID:6532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=182 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13024 /prefetch:1
  2⤵
  PID:4504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=183 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12456 /prefetch:1
  2⤵
  PID:4824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=184 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12764 /prefetch:1
  2⤵
  PID:6724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=185 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11680 /prefetch:1
  2⤵
  PID:6156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=186 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9572 /prefetch:1
  2⤵
  PID:5900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=187 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10980 /prefetch:1
  2⤵
  PID:6088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=188 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11660 /prefetch:1
  2⤵
  PID:3040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=189 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10528 /prefetch:1
  2⤵
  PID:6200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=190 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10364 /prefetch:1
  2⤵
  PID:7032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=191 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12472 /prefetch:1
  2⤵
  PID:4948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=192 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8512 /prefetch:1
  2⤵
  PID:1196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=193 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8500 /prefetch:1
  2⤵
  PID:3440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=194 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9908 /prefetch:1
  2⤵
  PID:5864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=195 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10704 /prefetch:1
  2⤵
  PID:3708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=196 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11528 /prefetch:1
  2⤵
  PID:1476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=197 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10540 /prefetch:1
  2⤵
  PID:3636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=198 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13196 /prefetch:1
  2⤵
  PID:1404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=199 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12208 /prefetch:1
  2⤵
  PID:5904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=200 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13184 /prefetch:1
  2⤵
  PID:5368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=202 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13136 /prefetch:1
  2⤵
  PID:3928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=8296 /prefetch:8
  2⤵
  PID:6084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6484 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:956
- C:\Users\Admin\Downloads\BlueStacks10Installer_10.41.550.1001_native_13fba11c530093e31a794b0838e7ea83_MzsxNSwwOzUsMTsxNSw0OzE1LA==_UGxhbnRzIHZzLiBab21iaWVzIEZSRUU=.exe
  "C:\Users\Admin\Downloads\BlueStacks10Installer_10.41.550.1001_native_13fba11c530093e31a794b0838e7ea83_MzsxNSwwOzUsMTsxNSw0OzE1LA==_UGxhbnRzIHZzLiBab21iaWVzIEZSRUU=.exe"
  2⤵
  - Executes dropped EXE
  PID:6624
- - C:\Users\Admin\AppData\Local\Temp\7zS0E977EAB\BlueStacksInstaller.exe
    "C:\Users\Admin\AppData\Local\Temp\7zS0E977EAB\BlueStacksInstaller.exe"
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:5052
  - - C:\Users\Admin\AppData\Local\Temp\7zS0E977EAB\HD-CheckCpu.exe
      "C:\Users\Admin\AppData\Local\Temp\7zS0E977EAB\HD-CheckCpu.exe" --cmd checkHypervEnabled
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      PID:6952
  - - C:\Users\Admin\AppData\Local\Temp\7zS0E977EAB\HD-CheckCpu.exe
      "C:\Users\Admin\AppData\Local\Temp\7zS0E977EAB\HD-CheckCpu.exe" --cmd checkSSE4
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      PID:7004
  - - C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.550.1031_nxt.exe
      "C:\Users\Admin\AppData\Local\BlueStacksSetup\BSX-Setup-5.21.550.1031_nxt.exe" -s
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Drops file in Program Files directory
      System Location Discovery: System Language Discovery
      Modifies registry class
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:1772
    - - C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\BlueStacks X\green.vbs"
        5⤵
        
        PID:2188
      - C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /c green.bat
        6⤵
        
        PID:6396
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh advfirewall firewall delete rule name="BlueStacksWeb"
        7⤵
        Modifies Windows Firewall
        Event Triggered Execution: Netsh Helper DLL
        
        PID:2388
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh advfirewall firewall delete rule name="Cloud Game"
        7⤵
        Modifies Windows Firewall
        Event Triggered Execution: Netsh Helper DLL
        System Location Discovery: System Language Discovery
        
        PID:1912
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh advfirewall firewall add rule name="BlueStacksWeb" dir=in action=allow program="C:\Program Files (x86)\BlueStacks X\BlueStacksWeb.exe"
        7⤵
        Modifies Windows Firewall
        Event Triggered Execution: Netsh Helper DLL
        
        PID:8464
        
        C:\Windows\SysWOW64\netsh.exe
        
        netsh advfirewall firewall add rule name="Cloud Game" dir=in action=allow program="C:\Program Files (x86)\BlueStacks X\Cloud Game.exe"
        7⤵
        Modifies Windows Firewall
        Event Triggered Execution: Netsh Helper DLL
        
        PID:5464
  - - C:\Users\Admin\AppData\Local\BlueStacksSetup\BlueStacks10Installer_10.41.550.1001_native_13fba11c530093e31a794b0838e7ea83_MzsxNSwwOzUsMTsxNSw0OzE1LA==_UGxhbnRzIHZzLiBab21iaWVzIEZSRUU=.exe
      "C:\Users\Admin\AppData\Local\BlueStacksSetup\BlueStacks10Installer_10.41.550.1001_native_13fba11c530093e31a794b0838e7ea83_MzsxNSwwOzUsMTsxNSw0OzE1LA==_UGxhbnRzIHZzLiBab21iaWVzIEZSRUU=.exe" -versionMachineID=6711c705-1249-4c90-ad25-70108a3f1f2f -machineID=f31e55b7-68a4-406b-85e5-acf36b0800f3 -pddir="C:\ProgramData\BlueStacks_nxt" -defaultImageName=Pie64 -imageToLaunch=Pie64 -isSSE4Available=1 -appToLaunch=bsx -bsxVersion=10.41.550.1001 -country=GB -skipBinaryShortcuts -isWalletFeatureEnabled
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      PID:6560
    - - C:\Users\Admin\AppData\Local\Temp\7zS0A926A7D\Bootstrapper.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7zS0A926A7D\Bootstrapper.exe" -versionMachineID=6711c705-1249-4c90-ad25-70108a3f1f2f -machineID=f31e55b7-68a4-406b-85e5-acf36b0800f3 -pddir="C:\ProgramData\BlueStacks_nxt" -defaultImageName=Pie64 -imageToLaunch=Pie64 -isSSE4Available=1 -appToLaunch=bsx -bsxVersion=10.41.550.1001 -country=GB -skipBinaryShortcuts -isWalletFeatureEnabled
        5⤵
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:5208
      - C:\Users\Admin\AppData\Local\Temp\7zS0A926A7D\BlueStacksInstaller.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7zS0A926A7D\BlueStacksInstaller.exe" -versionMachineID="6711c705-1249-4c90-ad25-70108a3f1f2f" -machineID="f31e55b7-68a4-406b-85e5-acf36b0800f3" -pddir="C:\ProgramData\BlueStacks_nxt" -defaultImageName="Pie64" -imageToLaunch="Pie64" -appToLaunch="bsx" -bsxVersion="10.41.550.1001" -country="GB" -skipBinaryShortcuts -isWalletFeatureEnabled -parentpath="C:\Users\Admin\AppData\Local\BlueStacksSetup\BlueStacks10Installer_10.41.550.1001_native_13fba11c530093e31a794b0838e7ea83_MzsxNSwwOzUsMTsxNSw0OzE1LA==_UGxhbnRzIHZzLiBab21iaWVzIEZSRUU=.exe" -md5=13fba11c530093e31a794b0838e7ea83 -app64=UGxhbnRzIHZzLiBab21iaWVzIEZSRUU=
        6⤵
        Executes dropped EXE
        Checks processor information in registry
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:5736
        
        C:\Users\Admin\AppData\Local\Temp\7zS0A926A7D\7zr.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7zS0A926A7D\7zr.exe" x "C:\Users\Admin\AppData\Local\Temp\7zS0A926A7D\CommonInstallUtils.zip" -o"C:\Users\Admin\AppData\Local\Temp\7zS0A926A7D\" -aoa
        7⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:7412
        
        C:\Users\Admin\AppData\Local\Temp\7zS0A926A7D\7zr.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7zS0A926A7D\7zr.exe" x "C:\Users\Admin\AppData\Local\Temp\7zS0A926A7D\QtRedistx64.zip" -o"C:\Users\Admin\AppData\Local\Temp\7zS0A926A7D\" -aoa
        7⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:8624
        
        C:\Users\Admin\AppData\Local\Temp\7zS0A926A7D\HD-ForceGPU.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7zS0A926A7D\HD-ForceGPU.exe" 1 "C:\Program Files\BlueStacks_nxt"
        7⤵
        Executes dropped EXE
        
        PID:2444
        
        C:\Users\Admin\AppData\Local\Temp\7zS0A926A7D\HD-GLCheck.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7zS0A926A7D\HD-GLCheck.exe" 1 2
        7⤵
        Executes dropped EXE
        
        PID:5740
        
        C:\Users\Admin\AppData\Local\Temp\7zS0A926A7D\HD-GLCheck.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7zS0A926A7D\HD-GLCheck.exe" 4 2
        7⤵
        Executes dropped EXE
        
        PID:3108
        
        C:\Users\Admin\AppData\Local\Temp\7zS0A926A7D\HD-GLCheck.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7zS0A926A7D\HD-GLCheck.exe" 2 2
        7⤵
        Executes dropped EXE
        
        PID:5260
        
        C:\Users\Admin\AppData\Local\Temp\7zS0A926A7D\HD-GLCheck.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7zS0A926A7D\HD-GLCheck.exe" 1 1
        7⤵
        Executes dropped EXE
        
        PID:1416
        
        C:\Users\Admin\AppData\Local\Temp\7zS0A926A7D\HD-GLCheck.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7zS0A926A7D\HD-GLCheck.exe" 4 1
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2948
        
        C:\Users\Admin\AppData\Local\Temp\7zS0A926A7D\HD-GLCheck.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7zS0A926A7D\HD-GLCheck.exe" 2 1
        7⤵
        Executes dropped EXE
        
        PID:892
        
        C:\Users\Admin\AppData\Local\Temp\7zS0A926A7D\HD-CheckCpu.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7zS0A926A7D\HD-CheckCpu.exe" --cmd checkSSE4
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:7184
        
        C:\Users\Admin\AppData\Local\Temp\7zS0A926A7D\7zr.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7zS0A926A7D\7zr.exe" x "C:\Users\Admin\AppData\Local\Temp\7zS0A926A7D\PF.zip" -o"C:\Program Files\BlueStacks_nxt" -aoa
        7⤵
        Executes dropped EXE
        Drops file in Program Files directory
        Suspicious use of AdjustPrivilegeToken
        
        PID:8236
        
        C:\Users\Admin\AppData\Local\Temp\7zS0A926A7D\7zr.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7zS0A926A7D\7zr.exe" x "C:\Users\Admin\AppData\Local\Temp\7zS0A926A7D\QtRedistx64.zip" -o"C:\Program Files\BlueStacks_nxt" -aoa
        7⤵
        Executes dropped EXE
        Drops file in Program Files directory
        System Location Discovery: System Language Discovery
        Suspicious use of AdjustPrivilegeToken
        
        PID:7596
        
        C:\Users\Admin\AppData\Local\Temp\7zS0A926A7D\7zr.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7zS0A926A7D\7zr.exe" x "C:\Users\Admin\AppData\Local\Temp\7zS0A926A7D\PD.zip" -o"C:\ProgramData\BlueStacks_nxt" -aoa
        7⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:10032
        
        C:\Users\Admin\AppData\Local\Temp\7zS0A926A7D\7zr.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7zS0A926A7D\7zr.exe" x "C:\ProgramData\Pie64_5.21.550.1031.exe" -o"C:\ProgramData\BlueStacks_nxt\Engine\Pie64" -aoa
        7⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:716
        
        C:\Windows\SYSTEM32\netsh.exe
        
        "netsh.exe" advfirewall firewall delete rule name="BlueStacks Service"
        7⤵
        Modifies Windows Firewall
        Event Triggered Execution: Netsh Helper DLL
        
        PID:8760
        
        C:\Users\Admin\AppData\Local\Temp\7zS0A926A7D\HD-GLCheck.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7zS0A926A7D\\HD-GLCheck.exe" 2
        7⤵
        Executes dropped EXE
        
        PID:8944
        
        C:\Users\Admin\AppData\Local\Temp\7zS0A926A7D\HD-GLCheck.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7zS0A926A7D\\HD-GLCheck.exe" 3
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:9064
        
        C:\Windows\SYSTEM32\netsh.exe
        
        "netsh.exe" advfirewall firewall add rule name="BlueStacks Service" dir=in action=allow program="C:\Program Files\BlueStacks_nxt\HD-Player.exe" enable=yes
        7⤵
        Modifies Windows Firewall
        Event Triggered Execution: Netsh Helper DLL
        
        PID:9056
        
        C:\Users\Admin\AppData\Local\Temp\7zS0A926A7D\HD-GLCheck.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7zS0A926A7D\\HD-GLCheck.exe" 1
        7⤵
        Executes dropped EXE
        
        PID:7456
        
        C:\Windows\SYSTEM32\netsh.exe
        
        "netsh.exe" advfirewall firewall delete rule name="BlueStacksAppplayerWeb"
        7⤵
        Modifies Windows Firewall
        Event Triggered Execution: Netsh Helper DLL
        
        PID:7488
        
        C:\Windows\SYSTEM32\netsh.exe
        
        "netsh.exe" advfirewall firewall add rule name="BlueStacksAppplayerWeb" dir=in action=allow program="C:\Program Files\BlueStacks_nxt\BlueStacksAppplayerWeb.exe" enable=yes
        7⤵
        Modifies Windows Firewall
        Event Triggered Execution: Netsh Helper DLL
        
        PID:8352
        
        C:\Users\Admin\AppData\Local\Temp\7zS0A926A7D\HD-CheckCpu.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7zS0A926A7D\HD-CheckCpu.exe" --cmd checkSSE3
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:7860
        
        C:\Windows\SYSTEM32\cmd.exe
        
        "cmd.exe" /c "sc.exe delete BlueStacksDrv_nxt"
        7⤵
        
        PID:2860
        
        C:\Windows\system32\sc.exe
        
        sc.exe delete BlueStacksDrv_nxt
        8⤵
        Launches sc.exe
        
        PID:7868
        
        C:\Windows\SYSTEM32\reg.exe
        
        "reg.exe" EXPORT HKLM\Software\BlueStacks_nxt "C:\Users\Admin\AppData\Local\Temp\lqj3jau0.eyn\RegHKLM.txt"
        7⤵
        
        PID:7876
        
        C:\Users\Admin\AppData\Local\Temp\7zS0A926A7D\7zr.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7zS0A926A7D\7zr.exe" a "C:\Users\Admin\AppData\Local\Temp\Installer.zip" -m0=LZMA:a=1 "C:\Users\Admin\AppData\Local\Temp\lqj3jau0.eyn\*"
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:7952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=205 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11452 /prefetch:1
  2⤵
  PID:6084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=206 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7964 /prefetch:1
  2⤵
  PID:8692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=207 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
  2⤵
  PID:4292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=208 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8324 /prefetch:1
  2⤵
  PID:8304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=209 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7432 /prefetch:1
  2⤵
  PID:1500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=210 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9728 /prefetch:1
  2⤵
  PID:7264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=212 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10080 /prefetch:1
  2⤵
  PID:8776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5292 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:7984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=215 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11860 /prefetch:1
  2⤵
  PID:3928
- C:\Users\Admin\Downloads\CheatEngine75.exe
  "C:\Users\Admin\Downloads\CheatEngine75.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:7564
- - C:\Users\Admin\AppData\Local\Temp\is-E9TM6.tmp\CheatEngine75.tmp
    "C:\Users\Admin\AppData\Local\Temp\is-E9TM6.tmp\CheatEngine75.tmp" /SL5="$1101FE,29027361,780800,C:\Users\Admin\Downloads\CheatEngine75.exe"
    3⤵
    - Executes dropped EXE
    - Checks for any installed AV software in registry
    - Checks processor information in registry
    - Suspicious behavior: EnumeratesProcesses
    PID:7536
  - - C:\Users\Admin\AppData\Local\Temp\is-A9QKO.tmp\CheatEngine75.exe
      "C:\Users\Admin\AppData\Local\Temp\is-A9QKO.tmp\CheatEngine75.exe" /VERYSILENT /ZBDIST
      4⤵
      Executes dropped EXE
      PID:5572
    - - C:\Users\Admin\AppData\Local\Temp\is-9D0JL.tmp\CheatEngine75.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\is-9D0JL.tmp\CheatEngine75.tmp" /SL5="$10498,26511452,832512,C:\Users\Admin\AppData\Local\Temp\is-A9QKO.tmp\CheatEngine75.exe" /VERYSILENT /ZBDIST
        5⤵
        Executes dropped EXE
        Drops file in Program Files directory
        Modifies registry class
        
        PID:6124
      - C:\Windows\SYSTEM32\net.exe
        
        "net" stop BadlionAntic
        6⤵
        
        PID:8028
        
        C:\Windows\system32\net1.exe
        
        C:\Windows\system32\net1 stop BadlionAntic
        7⤵
        
        PID:8036
      - C:\Windows\SYSTEM32\net.exe
        
        "net" stop BadlionAnticheat
        6⤵
        
        PID:7964
        
        C:\Windows\system32\net1.exe
        
        C:\Windows\system32\net1 stop BadlionAnticheat
        7⤵
        
        PID:8060
      - C:\Windows\SYSTEM32\sc.exe
        
        "sc" delete BadlionAntic
        6⤵
        Launches sc.exe
        
        PID:8848
      - C:\Windows\SYSTEM32\sc.exe
        
        "sc" delete BadlionAnticheat
        6⤵
        Launches sc.exe
        
        PID:7232
      - C:\Users\Admin\AppData\Local\Temp\is-QEFG8.tmp\_isetup\_setup64.tmp
        
        helper 105 0x3D4
        6⤵
        Executes dropped EXE
        
        PID:5132
      - C:\Windows\system32\icacls.exe
        
        "icacls" "C:\Program Files\Cheat Engine 7.5" /grant *S-1-15-2-1:(OI)(CI)(RX)
        6⤵
        Modifies file permissions
        
        PID:8076
      - C:\Program Files\Cheat Engine 7.5\Kernelmoduleunloader.exe
        
        "C:\Program Files\Cheat Engine 7.5\Kernelmoduleunloader.exe" /SETUP
        6⤵
        Executes dropped EXE
        
        PID:6572
      - C:\Program Files\Cheat Engine 7.5\windowsrepair.exe
        
        "C:\Program Files\Cheat Engine 7.5\windowsrepair.exe" /s
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:7020
      - C:\Windows\system32\icacls.exe
        
        "icacls" "C:\Program Files\Cheat Engine 7.5" /grant *S-1-15-2-1:(OI)(CI)(RX)
        6⤵
        Modifies file permissions
        
        PID:7148
  - - C:\Program Files\Cheat Engine 7.5\Cheat Engine.exe
      "C:\Program Files\Cheat Engine 7.5\Cheat Engine.exe"
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      PID:6080
    - - C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe
        
        "C:\Program Files\Cheat Engine 7.5\cheatengine-x86_64-SSE4-AVX2.exe"
        5⤵
        Executes dropped EXE
        Drops file in System32 directory
        Drops file in Program Files directory
        Drops file in Windows directory
        Modifies registry class
        Suspicious behavior: GetForegroundWindowSpam
        Suspicious use of SetWindowsHookEx
        
        PID:9440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=216 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11584 /prefetch:1
  2⤵
  PID:9304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=217 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11924 /prefetch:1
  2⤵
  PID:9724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=218 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11592 /prefetch:1
  2⤵
  PID:9848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=219 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10764 /prefetch:1
  2⤵
  PID:10056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=220 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10780 /prefetch:1
  2⤵
  PID:5016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=221 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11628 /prefetch:1
  2⤵
  PID:2684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=223 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9596 /prefetch:1
  2⤵
  PID:8408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1880,8003794326642689207,268034896087252894,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=12684 /prefetch:8
  2⤵
  - NTFS ADS
  PID:1140

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5708

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3420

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004EC 0x00000000000004E8
1⤵
PID:6000

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6276

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3376

C:\ProgramData\BlueStacksServicesSetup.exe
"C:\ProgramData\BlueStacksServicesSetup.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:7240
- C:\Windows\SysWOW64\cmd.exe
  cmd /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq BlueStacksServices.exe" | find "BlueStacksServices.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:7308
- - C:\Windows\SysWOW64\tasklist.exe
    tasklist /FI "USERNAME eq Admin" /FI "IMAGENAME eq BlueStacksServices.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:8392
- - C:\Windows\SysWOW64\find.exe
    find "BlueStacksServices.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:8384

C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
"C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --hidden --initialLaunch
1⤵
- Executes dropped EXE
- Adds Run key to start application
- Drops file in System32 directory
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:9420
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1476 --field-trial-handle=1656,i,1199900164741416283,14540322482332599451,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
  2⤵
  - Executes dropped EXE
  PID:4180
- C:\Windows\system32\cscript.exe
  cscript.exe
  2⤵
  PID:1268
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --mojo-platform-channel-handle=1968 --field-trial-handle=1656,i,1199900164741416283,14540322482332599451,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
  2⤵
  - Executes dropped EXE
  PID:3436
- C:\Windows\system32\cscript.exe
  cscript.exe //Nologo C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\regedit\vbs\regList.wsf A HKCU\SOFTWARE\BlueStacksServices
  2⤵
  PID:4884
- C:\Windows\system32\cscript.exe
  cscript.exe //Nologo C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\regedit\vbs\regList.wsf A HKCU\SOFTWARE\BlueStacksServices
  2⤵
  PID:6992
- C:\Windows\system32\cscript.exe
  cscript.exe //Nologo C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\regedit\vbs\regPutValue.wsf A
  2⤵
  PID:688
- C:\Windows\system32\cscript.exe
  cscript.exe //Nologo C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\regedit\vbs\regPutValue.wsf A
  2⤵
  PID:5692
- C:\Windows\system32\cscript.exe
  cscript.exe //Nologo C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\regedit\vbs\regList.wsf A "HKCU\SOFTWARE\BlueStacks X"
  2⤵
  PID:6952
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --app-user-model-id=com.bluestacks.services --app-path="C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2600 --field-trial-handle=1656,i,1199900164741416283,14540322482332599451,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
  2⤵
  - Executes dropped EXE
  PID:4968
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:6828
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:3100
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:6784
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    - Enumerates processes with tasklist
    - Suspicious use of AdjustPrivilegeToken
    PID:1988
- C:\Windows\system32\cscript.exe
  cscript.exe //Nologo C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\regedit\vbs\regList.wsf A "HKCU\SOFTWARE\BlueStacks X"
  2⤵
  PID:3336
- C:\Windows\system32\cscript.exe
  cscript.exe //Nologo C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\regedit\vbs\regList.wsf A "HKCU\SOFTWARE\BlueStacks X"
  2⤵
  PID:5748
- C:\Windows\system32\cscript.exe
  cscript.exe //Nologo C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\regedit\vbs\regList.wsf A "HKCU\SOFTWARE\BlueStacks X"
  2⤵
  PID:6176
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:8244
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:8380
- C:\Windows\system32\cscript.exe
  cscript.exe //Nologo C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\regedit\vbs\regList.wsf A HKLM\SOFTWARE\BlueStacks_nxt
  2⤵
  PID:8416
- C:\Windows\system32\cscript.exe
  cscript.exe //Nologo C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\regedit\vbs\regList.wsf A HKLM\SOFTWARE\BlueStacks_nxt
  2⤵
  PID:8356
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:8740
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    - Enumerates processes with tasklist
    - Suspicious use of AdjustPrivilegeToken
    PID:8824
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:7976
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:8012
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:8040
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:8084
- C:\Windows\system32\cscript.exe
  cscript.exe //Nologo C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\regedit\vbs\regList.wsf A "HKCU\SOFTWARE\BlueStacks X"
  2⤵
  PID:2552
- C:\Windows\system32\cscript.exe
  cscript.exe //Nologo C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\regedit\vbs\regList.wsf A HKLM\SOFTWARE\BlueStacks_nxt
  2⤵
  PID:7076
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:5328
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:1552
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:2780
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:2388
- C:\Windows\system32\cscript.exe
  cscript.exe //Nologo C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\regedit\vbs\regList.wsf A "HKCU\SOFTWARE\BlueStacks X"
  2⤵
  PID:5476
- C:\Windows\system32\cscript.exe
  cscript.exe //Nologo C:\Users\Admin\AppData\Local\Programs\bluestacks-services\resources\regedit\vbs\regList.wsf A HKLM\SOFTWARE\BlueStacks_nxt
  2⤵
  PID:8472
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:5096
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:8724
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:8644
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:8244
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:8536
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:8416
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:8528
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:8828
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:9140
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:7432
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:7684
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:7176
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:8008
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:8092
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:8076
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:6708
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:6184
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:7400
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:9232
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:9272
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:9316
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:9356
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:9868
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:9892
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:10016
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:10044
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:10100
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:10172
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:4000
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:5932
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:888
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:5728
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:3376
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:5392
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:1448
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:8612
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:5584
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:7272
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:1948
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:1076
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:6248
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:6584
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:1184
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:3100
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:8652
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:7288
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:8336
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:8444
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:9080
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:8940
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:9036
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:9072
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:9076
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:7452
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:7544
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:7564
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:7680
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:7188
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:8176
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:9800
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:6220
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:7844
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:8188
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:7920
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:8024
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:4440
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:7456
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:8072
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:3004
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:7428
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:8148
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:9272
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:1424
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:5580
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:7592
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:408
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:9468
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:9488
- C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe
  "C:\Users\Admin\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --user-data-dir="C:\Users\Admin\AppData\Roaming\bluestacks-services" --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3576 --field-trial-handle=1656,i,1199900164741416283,14540322482332599451,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:9544
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:6036
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:6384
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:2320
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:10012
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:7632
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:6804
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:6684
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:6268
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:7004
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:7216
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:10128
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:4196
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:6276
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:8592
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:8636
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:1504
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:8676
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:2000
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:7220
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:8512
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:3140
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:7296
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:8948
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:8940
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:8952
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:9044
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:9152
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:9200
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:9052
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:7496
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:984
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:7744
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:5976
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:7840
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:7856
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:7944
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:6240
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:7920
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:7240
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:5176
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:7836
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:7312
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:1680
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:7248
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:10004
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:7096
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:9068
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:8476
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:9156
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:9312
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:7548
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:8256
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:4780
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:3232
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:7840
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:7080
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:7212
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:7780
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:9212
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:8328
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:5212
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:6416
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:7356
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:7952
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:6100
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:8020
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:7876
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:536
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:7772
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:8216
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:8056
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:9824
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:7764
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:9244
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:9224
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:1908
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:2448
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:7252
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:10080
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:10024
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:7668
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:5048
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:5464
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:3964
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:4012
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:4476
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:5564
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:4424
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:6576
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:10128
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:5748
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:5572
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:7012
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:8224
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:4368
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:7316
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:7836
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:3484
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:6984
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:10004
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:1940
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:7352
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:9176
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:8756
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:10232
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:8284
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:7508
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:3232
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:7188
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:7560
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:9124
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:8088
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:8580
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:1388
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:4888
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:8808
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:8988
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:6224
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:8916
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:9308
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:9272
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:9296
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:8084
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:4504
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:10168
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:2900
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:1908
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:1328
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:8900
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:9396
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:4004
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:5596
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:7604
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:9464
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:9544
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:6356
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:556
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:4240
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:2060
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:900
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:7100
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:8572
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:10100
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:3776
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:8524
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:3540
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:2712
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:5044
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:568
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:5764
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:688
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:5336
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:4536
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:2884
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:2540
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:9772
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:2708
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:7112
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:6600
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:960
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:4808
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:5728
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:1772
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:3172
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:6900
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:5992
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:4196
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:7020
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:6672
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:6664
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:1396
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:8000
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:8204
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:6876
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:7848
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:4368
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:7220
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:6420
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:5492
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:10200
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:3624
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:6232
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:6160
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:7464
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:10220
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:7460
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:5496
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:9852
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:5140
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:7452
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:6864
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:1760
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:7528
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:1620
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:7560
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:7552
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:8496
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:8184
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:8484
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:7892
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:6956
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:7896
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:3572
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:8868
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:1160
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:4996
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:4620
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:6024
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:8268
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:5476
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:9452
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:9676
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:9292
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:3120
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:2932
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:5156
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:6208
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:9700
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:4368
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:7316
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:8372
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:4752
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:228
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:7424
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:356
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:9148
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:7916
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:8484
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:932
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:6220
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:4960
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:6484
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:7356
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:8796
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:8144
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:8340
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:4688
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:8780
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:6636
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:8988
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:5576
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:7144
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:6284
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:5612
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:6620
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:7108
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:8640
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:8256
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:8020
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:9588
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:716
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:4020
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:8080
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:2668
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:5408
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:8552
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:5884
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:4344
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:4648
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:9896
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:3896
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:5808
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:4416
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:2704
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:1372
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:7084
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:5112
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:4736
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:940
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:8408
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:3856
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:8740
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:8996
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:9476
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:2040
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:10216
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:9632
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:4228
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:7780
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:9516
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:5672
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:10076
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:2324
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:8268
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:7076
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:1920
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:4740
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:10084
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:8600
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:9696
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:7164
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:5308
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:8632
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:7836
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:5544
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:7256
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:9920
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:3268
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:6812
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:7544
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:8288
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:7512
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:3348
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:5140
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:7648
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:7548
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:7612
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:7800
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:8496
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:6044
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:8592
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:4868
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:5780
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:1492
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:8720
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:4900
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:7468
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:5340
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:6496
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:9124
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:1784
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:968
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:6244
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:8552
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:5884
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:1116
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:3916
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:6804
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:8008
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:4828
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:8828
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:8960
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:8880
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:7916
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:4120
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:5884
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:8056
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:6732
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:7560
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:6204
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:8712
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:7840
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:6712
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:5556
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:10136
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:10164
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:4824
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:10140
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:7564
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:7468
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:7948
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:2836
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:7096
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:1176
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:6536
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:7084
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:3732
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:2844
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:5900
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:7328
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:8432
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:7768
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:9780
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:8032
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:6112
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:2188
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:7904
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:4212
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:8948
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:3268
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:8884
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:3336
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:5880
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:10232
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:5252
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:7424
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:7016
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:5636
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:5904
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:6384
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:8720
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:792
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:5864
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:4444
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:7356
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:8120
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:6668
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:1300
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:6904
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:6456
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:6104
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:9996
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:4516
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:7696
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:8308
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:7600
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:7128
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:9260
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:9988
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:7604
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:1556
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:2216
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:3276
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:10024
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:404
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:5116
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:9100
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:6152
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:9432
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:6932
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:5232
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:5628
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:7312
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:4576
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:10200
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:6372
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:3624
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:4196
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:5136
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:9176
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:9620
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:7548
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:2424
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:9936
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:2160
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:8884
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:10232
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:6440
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:7712
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:7472
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:7800
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:9804
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:4748
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:9900
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:3904
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:5312
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:5972
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:3052
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:6276
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:1580
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:9856
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:1616
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:6956
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:4924
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:8668
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:5964
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:72
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:1584
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:5836
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:1420
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:2316
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:2808
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:6676
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:7344
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:9684
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:2300
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:6492
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:8320
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:3592
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:9508
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:1116
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:6416
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:3376
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:6732
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:6108
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:5908
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:8940
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:992
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:6076
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:9944
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:8272
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:9324
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:9004
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:8188
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:4788
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:8600
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:1952
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:8484
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:8468
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:5112
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:4860
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:2708
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:7124
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:3028
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:7984
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:9432
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:3916
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    - Enumerates processes with tasklist
    PID:7836
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:7192
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:1020
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:1192
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:9016
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:9116
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:6360
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:6532
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:7668
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:1472
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:7336
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:1048
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:7656
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:9052
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:3232
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:8800
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq BlueStacks X.exe"
    3⤵
    PID:7776
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq HD-Player.exe""
  2⤵
  PID:7840
- - C:\Windows\system32\tasklist.exe
    tasklist /FI "IMAGENAME eq HD-Player.exe"
    3⤵
    PID:5680
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "tasklist /FI "IMAGENAME eq BlueStacks X.exe""
  2⤵
  PID:9948

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:9324

C:\Users\Admin\Downloads\Plants vs. Zombies\PlantsVsZombies.exe
"C:\Users\Admin\Downloads\Plants vs. Zombies\PlantsVsZombies.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
PID:10148

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004EC 0x00000000000004E8
1⤵
PID:2368

C:\Windows\System32\GameBarPresenceWriter.exe
"C:\Windows\System32\GameBarPresenceWriter.exe" -ServerName:Windows.Gaming.GameBar.Internal.PresenceWriterServer
1⤵
- Network Service Discovery
PID:6976

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:2792

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService
1⤵
- Drops desktop.ini file(s)
- Checks processor information in registry
- Modifies registry class
PID:8280

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Suspicious use of SetWindowsHookEx
PID:4480

C:\Windows\system32\BackgroundTransferHost.exe
"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.13
1⤵
- Modifies registry class
PID:8528

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService
1⤵
- Checks processor information in registry
PID:8544

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService
1⤵
- Checks processor information in registry
- Modifies registry class
PID:7288

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService
1⤵
- Checks processor information in registry
PID:7780

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious use of SendNotifyMessage
PID:1164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffb23ba3cb8,0x7ffb23ba3cc8,0x7ffb23ba3cd8
  2⤵
  PID:1328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1884,2161576035631501131,3865925971552553873,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1944 /prefetch:2
  2⤵
  PID:756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1884,2161576035631501131,3865925971552553873,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 /prefetch:3
  2⤵
  PID:9048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1884,2161576035631501131,3865925971552553873,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2540 /prefetch:8
  2⤵
  PID:4280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,2161576035631501131,3865925971552553873,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3428 /prefetch:1
  2⤵
  PID:1468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,2161576035631501131,3865925971552553873,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3448 /prefetch:1
  2⤵
  PID:9540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,2161576035631501131,3865925971552553873,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4960 /prefetch:1
  2⤵
  PID:568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,2161576035631501131,3865925971552553873,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4904 /prefetch:1
  2⤵
  PID:1552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1884,2161576035631501131,3865925971552553873,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3492 /prefetch:8
  2⤵
  PID:5896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,2161576035631501131,3865925971552553873,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3504 /prefetch:1
  2⤵
  PID:2756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,2161576035631501131,3865925971552553873,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3700 /prefetch:1
  2⤵
  PID:2464
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1884,2161576035631501131,3865925971552553873,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5744 /prefetch:8
  2⤵
  PID:5564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,2161576035631501131,3865925971552553873,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5216 /prefetch:1
  2⤵
  PID:9056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,2161576035631501131,3865925971552553873,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4984 /prefetch:1
  2⤵
  PID:4196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,2161576035631501131,3865925971552553873,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:1
  2⤵
  PID:5124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,2161576035631501131,3865925971552553873,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5368 /prefetch:1
  2⤵
  PID:6296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,2161576035631501131,3865925971552553873,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4452 /prefetch:1
  2⤵
  PID:5272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,2161576035631501131,3865925971552553873,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5788 /prefetch:1
  2⤵
  PID:7960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1884,2161576035631501131,3865925971552553873,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6172 /prefetch:8
  2⤵
  PID:8116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1884,2161576035631501131,3865925971552553873,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5188 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  PID:5368
- C:\Users\Admin\Downloads\$uckyLocker.exe
  "C:\Users\Admin\Downloads\$uckyLocker.exe"
  2⤵
  - Executes dropped EXE
  - Sets desktop wallpaper using registry
  PID:6048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,2161576035631501131,3865925971552553873,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5040 /prefetch:1
  2⤵
  PID:3864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,2161576035631501131,3865925971552553873,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5964 /prefetch:1
  2⤵
  PID:9820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,2161576035631501131,3865925971552553873,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5952 /prefetch:1
  2⤵
  PID:6312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,2161576035631501131,3865925971552553873,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6648 /prefetch:1
  2⤵
  PID:10116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1884,2161576035631501131,3865925971552553873,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6628 /prefetch:2
  2⤵
  PID:8596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,2161576035631501131,3865925971552553873,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7160 /prefetch:1
  2⤵
  PID:6956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1884,2161576035631501131,3865925971552553873,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=1288 /prefetch:8
  2⤵
  PID:932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1884,2161576035631501131,3865925971552553873,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7164 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  PID:8396
- C:\Users\Admin\Downloads\InfinityCrypt.exe
  "C:\Users\Admin\Downloads\InfinityCrypt.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - Checks processor information in registry
  PID:536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,2161576035631501131,3865925971552553873,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4172 /prefetch:1
  2⤵
  PID:7248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,2161576035631501131,3865925971552553873,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6944 /prefetch:1
  2⤵
  PID:9300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,2161576035631501131,3865925971552553873,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7004 /prefetch:1
  2⤵
  PID:8080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,2161576035631501131,3865925971552553873,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4044 /prefetch:1
  2⤵
  PID:3908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,2161576035631501131,3865925971552553873,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4880 /prefetch:1
  2⤵
  PID:7404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1884,2161576035631501131,3865925971552553873,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7508 /prefetch:8
  2⤵
  PID:8284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1884,2161576035631501131,3865925971552553873,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7440 /prefetch:8
  2⤵
  PID:5264
- C:\Users\Admin\Downloads\Krotten.exe
  "C:\Users\Admin\Downloads\Krotten.exe"
  2⤵
  - Disables RegEdit via registry modification
  - Executes dropped EXE
  - Adds Run key to start application
  - Modifies WinLogon
  - Drops file in Windows directory
  - Modifies Control Panel
  - Modifies Internet Explorer settings
  - Modifies Internet Explorer start page
  - System policy modification
  PID:7280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,2161576035631501131,3865925971552553873,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3076 /prefetch:1
  2⤵
  PID:4736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1884,2161576035631501131,3865925971552553873,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3472 /prefetch:8
  2⤵
  PID:384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1884,2161576035631501131,3865925971552553873,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3532 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  PID:1860
- C:\Users\Admin\Downloads\WannaCry.exe
  "C:\Users\Admin\Downloads\WannaCry.exe"
  2⤵
  - Drops startup file
  - Executes dropped EXE
  - Adds Run key to start application
  PID:7720
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c 30651731377590.bat
    3⤵
    PID:7972
  - - C:\Windows\SysWOW64\cscript.exe
      cscript //nologo c.vbs
      4⤵
      PID:9948
- - C:\Users\Admin\Downloads\!WannaDecryptor!.exe
    !WannaDecryptor!.exe f
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:8580
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im MSExchange*
    3⤵
    - System Location Discovery: System Language Discovery
    - Kills process with taskkill
    PID:8796
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im Microsoft.Exchange.*
    3⤵
    - Kills process with taskkill
    PID:7024
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im sqlserver.exe
    3⤵
    - System Location Discovery: System Language Discovery
    - Kills process with taskkill
    PID:7356
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im sqlwriter.exe
    3⤵
    - Kills process with taskkill
    PID:7792
- - C:\Users\Admin\Downloads\!WannaDecryptor!.exe
    !WannaDecryptor!.exe c
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:1080
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe /c start /b !WannaDecryptor!.exe v
    3⤵
    PID:5804
  - - C:\Users\Admin\Downloads\!WannaDecryptor!.exe
      !WannaDecryptor!.exe v
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:7788
    - - C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c vssadmin delete shadows /all /quiet & wmic shadowcopy delete & bcdedit /set {default} bootstatuspolicy ignoreallfailures & bcdedit /set {default} recoveryenabled no & wbadmin delete catalog -quiet
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5388
      - C:\Windows\SysWOW64\Wbem\WMIC.exe
        
        wmic shadowcopy delete
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:9504
- - C:\Users\Admin\Downloads\!WannaDecryptor!.exe
    !WannaDecryptor!.exe
    3⤵
    - Executes dropped EXE
    - Sets desktop wallpaper using registry
    - Suspicious use of SetWindowsHookEx
    PID:9136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,2161576035631501131,3865925971552553873,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5580 /prefetch:1
  2⤵
  PID:2364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1884,2161576035631501131,3865925971552553873,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7716 /prefetch:8
  2⤵
  PID:5780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,2161576035631501131,3865925971552553873,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7092 /prefetch:1
  2⤵
  PID:8048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1884,2161576035631501131,3865925971552553873,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6828 /prefetch:8
  2⤵
  PID:6748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1884,2161576035631501131,3865925971552553873,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5796 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  PID:7024
- C:\Users\Admin\Downloads\WannaCrypt0r (1).exe
  "C:\Users\Admin\Downloads\WannaCrypt0r (1).exe"
  2⤵
  - Drops startup file
  - Executes dropped EXE
  - Sets desktop wallpaper using registry
  PID:3900
- - C:\Windows\SysWOW64\attrib.exe
    attrib +h .
    3⤵
    - Views/modifies file attributes
    PID:7828
- - C:\Windows\SysWOW64\icacls.exe
    icacls . /grant Everyone:F /T /C /Q
    3⤵
    - Modifies file permissions
    - System Location Discovery: System Language Discovery
    PID:8020
- - C:\Users\Admin\Downloads\taskdl.exe
    taskdl.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:2396
- - C:\Users\Admin\Downloads\taskse.exe
    taskse.exe C:\Users\Admin\Downloads\@[email protected]
    3⤵
    - Executes dropped EXE
    PID:6284
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe /c reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "djngtpfvszyb324" /t REG_SZ /d "\"C:\Users\Admin\Downloads\tasksche.exe\"" /f
    3⤵
    PID:5072
  - - C:\Windows\SysWOW64\reg.exe
      reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "djngtpfvszyb324" /t REG_SZ /d "\"C:\Users\Admin\Downloads\tasksche.exe\"" /f
      4⤵
      Modifies registry key
      PID:5168
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c 126261731377623.bat
    3⤵
    PID:2300
  - - C:\Windows\SysWOW64\cscript.exe
      cscript.exe //nologo m.vbs
      4⤵
      PID:8552
- - C:\Windows\SysWOW64\attrib.exe
    attrib +h +s F:\$RECYCLE
    3⤵
    - Views/modifies file attributes
    PID:6232
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe /c start /b @[email protected] vs
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4228
  - - C:\Users\Admin\Downloads\@[email protected]
      @[email protected] vs
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:10072
    - - C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /c vssadmin delete shadows /all /quiet & wmic shadowcopy delete & bcdedit /set {default} bootstatuspolicy ignoreallfailures & bcdedit /set {default} recoveryenabled no & wbadmin delete catalog -quiet
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5324
      - C:\Windows\SysWOW64\Wbem\WMIC.exe
        
        wmic shadowcopy delete
        6⤵
        
        PID:6664
- - C:\Users\Admin\Downloads\taskdl.exe
    taskdl.exe
    3⤵
    - Executes dropped EXE
    PID:7164
- - C:\Users\Admin\Downloads\taskse.exe
    taskse.exe C:\Users\Admin\Downloads\@[email protected]
    3⤵
    - Executes dropped EXE
    PID:7316
- - C:\Users\Admin\Downloads\@[email protected]
    @[email protected]
    3⤵
    - Executes dropped EXE
    - Sets desktop wallpaper using registry
    - Suspicious use of SetWindowsHookEx
    PID:4212
- - C:\Users\Admin\Downloads\taskdl.exe
    taskdl.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:8408
- - C:\Users\Admin\Downloads\taskse.exe
    taskse.exe C:\Users\Admin\Downloads\@[email protected]
    3⤵
    - Executes dropped EXE
    PID:3280
- - C:\Users\Admin\Downloads\@[email protected]
    @[email protected]
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:8168
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill.exe /f /im Microsoft.Exchange.*
    3⤵
    - Kills process with taskkill
    PID:7860
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill.exe /f /im MSExchange*
    3⤵
    - System Location Discovery: System Language Discovery
    - Kills process with taskkill
    PID:1416
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill.exe /f /im sqlserver.exe
    3⤵
    - System Location Discovery: System Language Discovery
    - Kills process with taskkill
    PID:6332
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill.exe /f /im sqlwriter.exe
    3⤵
    - System Location Discovery: System Language Discovery
    - Kills process with taskkill
    PID:9224
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill.exe /f /im mysqld.exe
    3⤵
    - System Location Discovery: System Language Discovery
    - Kills process with taskkill
    PID:6748
- - C:\Windows\SysWOW64\attrib.exe
    attrib +h +s F:\$RECYCLE
    3⤵
    - Views/modifies file attributes
    PID:6980
- - C:\Users\Admin\Downloads\taskdl.exe
    taskdl.exe
    3⤵
    - Executes dropped EXE
    PID:5808
- - C:\Users\Admin\Downloads\taskse.exe
    taskse.exe C:\Users\Admin\Downloads\@[email protected]
    3⤵
    - Executes dropped EXE
    PID:5528
- - C:\Users\Admin\Downloads\@[email protected]
    @[email protected]
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:6632
- - C:\Users\Admin\Downloads\taskdl.exe
    taskdl.exe
    3⤵
    PID:996
- - C:\Users\Admin\Downloads\taskse.exe
    taskse.exe C:\Users\Admin\Downloads\@[email protected]
    3⤵
    PID:4144
- - C:\Users\Admin\Downloads\@[email protected]
    @[email protected]
    3⤵
    - Suspicious use of SetWindowsHookEx
    PID:8228
- - C:\Windows\SysWOW64\attrib.exe
    attrib +h +s F:\$RECYCLE
    3⤵
    - System Location Discovery: System Language Discovery
    - Views/modifies file attributes
    PID:4368
- - C:\Users\Admin\Downloads\taskdl.exe
    taskdl.exe
    3⤵
    PID:356
- - C:\Users\Admin\Downloads\taskse.exe
    taskse.exe C:\Users\Admin\Downloads\@[email protected]
    3⤵
    PID:5640
- - C:\Users\Admin\Downloads\@[email protected]
    @[email protected]
    3⤵
    - Suspicious use of SetWindowsHookEx
    PID:7016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,2161576035631501131,3865925971552553873,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3076 /prefetch:1
  2⤵
  PID:2820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1884,2161576035631501131,3865925971552553873,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6784 /prefetch:8
  2⤵
  PID:4780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1884,2161576035631501131,3865925971552553873,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4156 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  PID:7708
- C:\Users\Admin\Downloads\YouAreAnIdiot.exe
  "C:\Users\Admin\Downloads\YouAreAnIdiot.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:5048
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 5048 -s 1232
    3⤵
    - Program crash
    PID:3792

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:7128

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:10212

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:8952

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
PID:1156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 5048 -ip 5048
1⤵
PID:3016

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

System Services

T1569

Service Execution

T1569.002

Windows Management Instrumentation

T1047

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Winlogon Helper DLL

T1547.004

Create or Modify System Process

T1543

Windows Service

T1543.003

Event Triggered Execution

T1546

Netsh Helper DLL

T1546.007

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Winlogon Helper DLL

T1547.004

Create or Modify System Process

T1543

Windows Service

T1543.003

Event Triggered Execution

T1546

Netsh Helper DLL

T1546.007

Defense Evasion

File and Directory Permissions Modification

T1222

Windows File and Directory Permissions Modification

T1222.001

Hide Artifacts

T1564

Hidden Files and Directories

T1564.001

Impair Defenses

T1562

Disable or Modify System Firewall

T1562.004

Indicator Removal

T1070

File Deletion

T1070.004

Modify Registry

T1112

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Network Service Discovery

T1046

Process Discovery

T1057

Query Registry

T1012

Software Discovery

T1518

Security Software Discovery

T1518.001

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Defacement

T1491

Inhibit System Recovery

T1490

Service Stop

T1489

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\icudtl.dat.21C81B71B2065CD25C6E7B114605AF1EB22A3A0EA18C25E89D76211890D7A41A

Filesize
16B

MD5
0f207da8038f18e393950b172755f526

SHA1
223ac688b48c9906f4d033aa060d92f990a9450b

SHA256
2af765457c7b9d2a8d161364b106a16bfdaec2bc448d59e76b73a41ed3cc4528

SHA512
32cf29cd05154ad1208742615332afee8cf526a4280be60657a6ec06d8c012885443ac3db03385de830dfcb3f789f6e384456c2404376a1cbb301b24a0d11993

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_remove_18.svg.21C81B71B2065CD25C6E7B114605AF1EB22A3A0EA18C25E89D76211890D7A41A

Filesize
720B

MD5
d6e402ccc2457dca2f6f4100801b7a56

SHA1
2c5dfd10e4e63e7eb2f351aa4e7d165360971a07

SHA256
b156f23c135411e4eb6aa8df51d32a85b6549c945fcb8c468284319e16ab4b79

SHA512
3436b808de9a5c2c139f154a73efdc35de4642b72fcb8eeb06f5ad2b46eeb5725da9fa22c3734dee258f4ab09118b35592c0b313a03f8a0b0fbdd927072f9190

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\images\example_icons.png.21C81B71B2065CD25C6E7B114605AF1EB22A3A0EA18C25E89D76211890D7A41A

Filesize
688B

MD5
b4a2c89d6b22e3861dd50f59ef839291

SHA1
9ed8f200601c9c12df41173718cede3c3715c95e

SHA256
af0635473fca013fba3b8b22d88399695b7981e0be86e1457446d7217241bc12

SHA512
d1a20e92181236cbf76c0599a925a3216ac3bb83d7275b7a5b33bac21f14fe3d2bce9e9e25636122ebbb3cd5cd944b37586439990370f99e60bcabe1fccffbfc

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\images\example_icons2x.png.21C81B71B2065CD25C6E7B114605AF1EB22A3A0EA18C25E89D76211890D7A41A

Filesize
1KB

MD5
affe13ab1231c51bb0de327e6dad8d51

SHA1
f01672dd7ca0787399292ebce5f687cfa39652da

SHA256
1c05a25cd8a487b65fd766ff99c3801d75e264bcb55837d7287369f79bdf4d68

SHA512
2b150a9eb2c437892a63c789a3df924cf0d039fb1adec1151bce71ac58e7cbe02a5a8c874884c158605a68f8eb7688b268ab305949b1a36162a2fc2c4bb8b97f

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon.png.21C81B71B2065CD25C6E7B114605AF1EB22A3A0EA18C25E89D76211890D7A41A

Filesize
448B

MD5
b3b1b4206fd8d1f4284b35dd9b0a8b84

SHA1
54634b7baa34e188d9eb0e6aae2ea749e013ada6

SHA256
90f704f5557ca083b300af2c9b7fbb0f121aeb3122a6f444474ef49d8c6447a1

SHA512
60d8e6a16f963f5fc5dcd8b5e3deb36d010d3801cd55dd95a4346216b3b53c4ddc0bb2a53e4fa25801608b42fcb4da72ff8edf11331bb2438b4812cb54b53112

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_2x.png.21C81B71B2065CD25C6E7B114605AF1EB22A3A0EA18C25E89D76211890D7A41A

Filesize
624B

MD5
dbe007c94e73517f56f8ee81aba2ba20

SHA1
a861bd45b4475a1131035f9ff0fc02d6fb2563c9

SHA256
c9b79ca3bd9151b8ec147a73147bfd02da22d8443b58018c465d3bc25f95994e

SHA512
914267260138d94e8c9b86b0d1da8e6a1952079bc4e88ecb56151441a54b563357a7784d18fec6c8dcad7ea09be2afe610e19008c476d53c3c491f1837f87770

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_hover.png.21C81B71B2065CD25C6E7B114605AF1EB22A3A0EA18C25E89D76211890D7A41A

Filesize
400B

MD5
7ca77a24c5f5dd86b070437280fd3f28

SHA1
819ec8e5562bd41cd79fdf4382fb8f10c2784d6c

SHA256
4e86c94f63f320a2c02f980557b3709004d6b342abdcfd2aad467c10cb9a218f

SHA512
e7292b1f8b6666faeb100075569eefd72910242a3c914cb4af4ecfc15d4366995ad84c4659c27859d5b29167050b15f2981c1aa959b66b3580df708eba6ba296

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_hover_2x.png.21C81B71B2065CD25C6E7B114605AF1EB22A3A0EA18C25E89D76211890D7A41A

Filesize
560B

MD5
ba667d1bab0b9f4d78b584014e949326

SHA1
a66335259085d6f8582e7e2807db57369bd43bf5

SHA256
f94fe948cbc851554a3e10c9a3c29af595083cdef81e349b0e005454cdc00be1

SHA512
d0418e5aea35fd6681b8c21dbe3f83af7f2c65bec31fdf8df87d4e858c5f9420f0768c9e47efffacd99f7defcc6ae5e1e2b850e476aec996155bf988eadc105d

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon.png.21C81B71B2065CD25C6E7B114605AF1EB22A3A0EA18C25E89D76211890D7A41A

Filesize
400B

MD5
e4b1fc9555dbf701d40bcd9ad2f328e2

SHA1
f45b69b5e89436e8c1dc86e2ef1dd8517ef04a38

SHA256
ce591d211d2cd18f9eb58a29ed96fa332bedfe49ac327277dbec68e490c14466

SHA512
41c7131b476b116c20515551149e4aeaead766d96f2566feafd2b2c4182216e40b0b88c625ac649eed19ca0d14cc44b93deb6f21df8356651c454166b7c80e4c

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png.21C81B71B2065CD25C6E7B114605AF1EB22A3A0EA18C25E89D76211890D7A41A

Filesize
560B

MD5
242d47e57658e814f3ebe953cdf3ae4f

SHA1
1f1ae45fe1521ecf8b73430555388d108c354a14

SHA256
d471da494044745d82ba4d0fd9a2fde8f191152fdfd3dc215fdff33fbeb21353

SHA512
cfd565c9f3fe44391d393362f14920f3c999874e292a206e75d4f7b2e4fa6b78dd4f3b0e503b97ee8bb6d770ac865909dc999146206b29ec3729d59bf367d333

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png.21C81B71B2065CD25C6E7B114605AF1EB22A3A0EA18C25E89D76211890D7A41A

Filesize
400B

MD5
6f74402854ca408eb6098c23ffe383b5

SHA1
e7d4fe8711fdba9688a12006bb72e13484300471

SHA256
7431d513c9c484c8dc1baa5fa49eb94b7192f563bc85851e72c1aeadcb527544

SHA512
c675116dfc1ce5bfdd8b6efc11b3ac5d0dd3fe33b14054bf5f74f91e39f5715734c1591e3b3b1b0d37995e04dcb25b38705fc7ad56e6cf98c982209f1286315d

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png.21C81B71B2065CD25C6E7B114605AF1EB22A3A0EA18C25E89D76211890D7A41A

Filesize
560B

MD5
3b9b8336688795373127084811b806a1

SHA1
5caf3af1939cede4280dd9bd25fc59f08498cb4c

SHA256
fd3248a932b9b34359d13a049e00f2d3a76c99eb09e095d9ceabbd6725c0ea1f

SHA512
4b1e53134f970b279866b74bb567435d6360bf4e336d704cc5f1529a5e4174595b5be9c528dfaf7574a86a49e9ac03fa3440ea2bc440e76dae0706a669bccd66

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\icons.png.21C81B71B2065CD25C6E7B114605AF1EB22A3A0EA18C25E89D76211890D7A41A

Filesize
7KB

MD5
dbef7b92099dc224aa297bbb3f1f2524

SHA1
e7309dde6086e5085f2985dba048aa90691a93c7

SHA256
0c4c735bcdaa82aed27c54f51caa73133a362c5bba295bf8312e86374119de9a

SHA512
181e3eab0b66c9df63620d67d9b43ad72ee1f9e538e8e8476118d7fdec6aebc42ec101bb54ff30d5f03dbe2c17423f58963996e65f36ae77cff05d75eac88856

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\icons_ie8.gif.21C81B71B2065CD25C6E7B114605AF1EB22A3A0EA18C25E89D76211890D7A41A

Filesize
7KB

MD5
1b76934f72995d8e8427c74222b247d7

SHA1
049471d64731fdefd29b8c917ee5cbdc64ac0e84

SHA256
cbf9464f0538d3fd6b0033521c46655b4e9c09c1822b9b56dfaf27125a949cd2

SHA512
be1eccceb7f77095f987b2b3e6a05e350f82d80c50f3aa1111c5069f96d94b49cdea8a2f267e2b9e130cbf2a1d41f8af7db92e6e9278b2851f0f48d9e7ef26f9

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\icons_retina.png.21C81B71B2065CD25C6E7B114605AF1EB22A3A0EA18C25E89D76211890D7A41A

Filesize
15KB

MD5
923e5bf44127509e0baf12582cbdf936

SHA1
3ea1bb321cf255390c51f5ff75d17aaaaa8c5302

SHA256
90bc1eee5e9c645ac8e6cb6218370a284b3344824259e57cfb91c4ad4ff8166d

SHA512
03829059878faebd0f10c9eb6b8abca2eadb124471f6a8387f6440b6803a2b8b7fb9bd2e7ba1813471cc20e3f57d5b61083cd51814ac5357bf51c57dfe30d79e

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\new_icons.png.21C81B71B2065CD25C6E7B114605AF1EB22A3A0EA18C25E89D76211890D7A41A

Filesize
8KB

MD5
4926194d081025310303ecf0eaf7d844

SHA1
afbef4f2ea1c7f419de59c62164e9bbc04df4ce4

SHA256
b8a943f2076c624fb0f060a6c35edfd9c7b30ffc139d74f17d00ebdd4233f679

SHA512
81ded6f660ab9afb23c725fcec27e0a980ccb1f38d7078a6ffb39706035e312ccf2c16226e0000cff687ec09cc7143eb5cadf42ab7f12ff119214d33fc9c9d7f

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\new_icons_retina.png.21C81B71B2065CD25C6E7B114605AF1EB22A3A0EA18C25E89D76211890D7A41A

Filesize
17KB

MD5
5e7f1986a5fa4d8598c8b87f7a05a24e

SHA1
48ce7c70f00d24b51826aa96c725b55d56458625

SHA256
25790b7833d22f82a5e8c712091511879b2a29da96071e61e185200e2c19f85e

SHA512
2ce8ac5d81c5592d5d07758c59d5b292bb0bfdc08cf0245feb2e5b4c6740f29971a7c0087ae2e069a43901e8cc506ff653351745966b061cbfa1313270828518

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\bg_pattern_RHP.png.21C81B71B2065CD25C6E7B114605AF1EB22A3A0EA18C25E89D76211890D7A41A

Filesize
192B

MD5
6fa95d20fe3ac97453ae3d8008cbbaab

SHA1
1b9053831029e53a41e01869002868e773beea50

SHA256
c21688dafd94747beb5b0efd5d0b64481e3b9283ea9d2b2b4fd727c038d40555

SHA512
9f50fd9dca0b07f71666cbb4592ce9a1e53fcbe98aeaba0beef24b78f8f1733780105a28c27fcecbb3408b6e472743fe9220a146f4eb2105e505a31902988166

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\bg_patterns_header.png.21C81B71B2065CD25C6E7B114605AF1EB22A3A0EA18C25E89D76211890D7A41A

Filesize
704B

MD5
cb21b8193c722f0841f2ea7cbb436c7b

SHA1
d0c3467497cd6dd1bc4d15b082b853271e5277f0

SHA256
d317c88f492ea628f3c9915b3132e262fd2623cdb61aaee77c700b3c4e708924

SHA512
f30f6687feb24f66d8e0dcafbbf145131b01ee0b5985f401ed59847492dbf018caef217ae3bf77243e83f24a406173e5b0caf0032a7edf35be83e07ffccec133

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\illustrations.png.21C81B71B2065CD25C6E7B114605AF1EB22A3A0EA18C25E89D76211890D7A41A

Filesize
8KB

MD5
88e73440a73746249f3377562a447147

SHA1
b47ccc6b817cc411bc6918f276cc2abcc2a1cf46

SHA256
f2586604da0a92257e78fdd3dacd802ab16d771abf8037c3f9d1fd001b5bd0ee

SHA512
d4684d431bbb99c92262dbe10a97347a35b2587154464c84769e21ebb7d52b6d203fb5e57091a7405fee7810da21cf8d8bde7ecdf5b4a79f0c523d11ff9ee044

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\illustrations_retina.png.21C81B71B2065CD25C6E7B114605AF1EB22A3A0EA18C25E89D76211890D7A41A

Filesize
19KB

MD5
e1645161c8b16a473c6323a718ef9edb

SHA1
def1450b5709427109cdf49203fc9a923bc4ba84

SHA256
6952502df6a02e51c323e9b4f75cfdc7f35a0c1a948494c66abcffa5ec6e453b

SHA512
4de0e3c269ebc4076b62106438ce56ec1fc0613b91cab141c96c98b2981009be434ad4eae46b750f3ca821f7ae7e5873a7b8576924bb9aefa1e56bb5e2030706

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\en-gb\ui-strings.js.21C81B71B2065CD25C6E7B114605AF1EB22A3A0EA18C25E89D76211890D7A41A

Filesize
832B

MD5
dadac67881073669a4e720a735474c90

SHA1
ac570d0335a9fb2bfc09330c71efd65af8d58f76

SHA256
80d8cbbc395407963ebcd730d548c97099d5ff955314189266abfbf292bf9a5a

SHA512
f9c1484c721dd6cb8a6fffb305abb2033df0c9af65912365e02d2d9958b80d8fcb0c222fdc4d9b91a0d29f15b048e9262c5d4128b6b4df3d6d88fe48a24c36de

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\ui-strings.js.21C81B71B2065CD25C6E7B114605AF1EB22A3A0EA18C25E89D76211890D7A41A

Filesize
1KB

MD5
41c543697fed84a2d55f84c14caeec84

SHA1
b1ea38959b7679bd88ae0354f5d5a2ae3d34b11a

SHA256
e4649269487f43d90fe318358447537f60b3df332a07dbe34803ffd67dbbfb5e

SHA512
f8ee66c0aa7fcb0fd14ff470a2aec81c1481e39d06f34b4722e435fb22d47b01b90febe84096e93cf2b01854d52dff2ba13bfcc93e1f2d23ee55f7c1008ea3ca

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\ui-strings.js.21C81B71B2065CD25C6E7B114605AF1EB22A3A0EA18C25E89D76211890D7A41A

Filesize
1KB

MD5
5ff6085191415f7548a719da16e4904c

SHA1
81be0be8bf4b651b70c79431ac9f0a6f11ccbb9d

SHA256
99f72dec9a962460b25ed8796261548b693cf658fb728962b89d5057dbc0b2cc

SHA512
3983638c86a299ddc990f35bdd9d99a9ebbc91cfe4c3eb4237a9615baff8373c48286f289f1db77fc59f35690634480435854fc153ecc5c8ec73ff226e0b806c

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\task-handler\css\main.css.21C81B71B2065CD25C6E7B114605AF1EB22A3A0EA18C25E89D76211890D7A41A

Filesize
816B

MD5
4f809d91afa260158f7b451d4b7d8cc9

SHA1
433c7b2d242bb84ee9254702094574bd40fe55c3

SHA256
dcf53a47fbdee30ba5f42c977ff883cf97edb34c0c95dde19b191e35735568fc

SHA512
72bcdb82081a898f2d12cae3445bf95504cced741b17d0e636c2c5b39e170556b7edd56624dc3dba15b2f19247a2591ef47c98f3a7b3549205a54222c363753f

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\bun.png.21C81B71B2065CD25C6E7B114605AF1EB22A3A0EA18C25E89D76211890D7A41A

Filesize
2KB

MD5
2c7748deb4f2ff0819ef18a1de9ba22a

SHA1
c97660cd4d5c557619ed9d85946c76f9d7fc113b

SHA256
b0b4b8a7bef639e7c749ee938a65cd143103a8a16955f6357e6581a894d72588

SHA512
1aafe0036d59f82086cbaf6eb761470e4874ac29eeda65a188cc8222205ec4684184824bff29ac0f585bd0ae1221b33fa7a175acd60caae42a5825cc60cfa64b

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\cstm_brand_preview.png.21C81B71B2065CD25C6E7B114605AF1EB22A3A0EA18C25E89D76211890D7A41A

Filesize
2KB

MD5
1a7b769369adab6fe95568249d95ea18

SHA1
1b77c9fbc93dbacc6220b924300c596dfc31fe68

SHA256
6b3bbeac3c71df754d7ca27df2fcb61c75d7a738f11c92f1938a3a57051edca9

SHA512
f37f07b646c97265c6faaad00b1096870ce8a62644bd9cdce7a5ce8bbd5a96c87d1ae4003647822a487f7eb0c024dd20f7e65daa80da1face39d3e5b32cc00e2

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\cstm_brand_preview2x.png.21C81B71B2065CD25C6E7B114605AF1EB22A3A0EA18C25E89D76211890D7A41A

Filesize
4KB

MD5
fb29a5270542affbe75911218ff45eff

SHA1
6cf16b7ed99db42ac041efcc68fc97b42b99d95b

SHA256
45925528e4a55ca8f13bc605df4781b8c86d0fa41c31532bf8f8daf2e60d6ef5

SHA512
b56c6c174b31118bdd8f6d4354569882eff45684d51aea23eff81311f63c3ae3dfb7d9042692b79275747d567598b8309ef8e89d2f046160aee854c71667695c

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\dd_arrow_small.png.21C81B71B2065CD25C6E7B114605AF1EB22A3A0EA18C25E89D76211890D7A41A

Filesize
304B

MD5
0fba1cfa29add31fea1454c5e7442af5

SHA1
4ac9ce8a83200f12ec75e17212e40b6080105929

SHA256
d8dc100e4513176b6d87d19382939f194b5f816ced9945e32310061d0dcd4365

SHA512
26f09a3c882c509916205e592035775959fb9251f016b4f077f160df7c63c977a2103399b9c40622d2badd46389371d102ba1e375584e2caf09dda2a74f75198

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\dd_arrow_small2x.png.21C81B71B2065CD25C6E7B114605AF1EB22A3A0EA18C25E89D76211890D7A41A

Filesize
400B

MD5
0b1871ab6be73168dcede61fbe42e28a

SHA1
be82ed97e4ddaf9ab13726cff87eba70d24d53b9

SHA256
1c172ff45a1f49855de92cc214d69486084c5484a2ec2e6bc03d007d06c201e1

SHA512
636ebfa0e184ce8f4e0bd8943b37b0a3164d9a009709a090ae91f66c8e3d7636cadfbc29a0dd138b2d4b0a79eeb587452211c020588dc93ef3778c74b2f3feb9

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\nub.png.21C81B71B2065CD25C6E7B114605AF1EB22A3A0EA18C25E89D76211890D7A41A

Filesize
1008B

MD5
b34fa142c646146935db054004a7b5de

SHA1
971ba1597a0e744c6b3257c10f3e00fddeab1069

SHA256
93f2c3b09ca190381c33a70cd9c4517c712ff3e2d1f9052d259a811ff9ef01bf

SHA512
8f8a0d9bd8cdf89892c90efd03f66e9fc952de9e1a7e4d89a5e0f246d08f419abf9e03aa71a36f44c6313a3e71601378fad09fbceccf09aa07537d4acf60ddb4

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\share_icons.png.21C81B71B2065CD25C6E7B114605AF1EB22A3A0EA18C25E89D76211890D7A41A

Filesize
1KB

MD5
2a6a60c3ce02f13047d2e57fd1f60209

SHA1
cc092d446e142370237effb0b6b87b8efc67930c

SHA256
a2b1b2a71780432ba19edec9af4c0de52a4c212bc92cbf7cf9b3e54192dfb751

SHA512
16a12b23be647d5314b5f206d0a22a41610bed3eea9478903938951fc69c2ee67787bf3c3dfeb92140464a5ab15ba5058c5a5f0a28668f5df230dce5960ef870

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\share_icons2x.png.21C81B71B2065CD25C6E7B114605AF1EB22A3A0EA18C25E89D76211890D7A41A

Filesize
2KB

MD5
3a95cf4bbb64e28b5f6fa29dc35753a6

SHA1
86c77dbe94fe717e013ca183093109cd298919fc

SHA256
41b7e66dfb54a02d40430b2d1c6a0fb3af84681907cf20672c61166c226b8fb6

SHA512
dcdca3f8e09229c748540d678c997e2480f5b41d5f68f55cc2d3234a0cd5c0d081ce708f8d76018e2c9fc61fd7ed455fe601b1f3925052ee908ea425007211b9

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\nl-nl\ui-strings.js.21C81B71B2065CD25C6E7B114605AF1EB22A3A0EA18C25E89D76211890D7A41A

Filesize
848B

MD5
ace12a52a7f48b9554d0369ca3df468f

SHA1
9df29887aa725ef2d3a3475728b447d9cc047088

SHA256
95ea1a862e1948aaa745d1d2d876c81ea79c497f6b0fa96fb81a7a366e9287ce

SHA512
d8d39fb6295974b637a64508d4f5c825a183f3ccf7cb1f4d6557b194290f7297175b1fdf628fa1a90ba334032726148562f6c3175b0d317e1126ae0512e058de

Download Submit
C:\Program Files (x86)\BlueStacks X\BlueStacks X.exe

Filesize
478KB

MD5
06d025aae4b21c47d045bd25e12a551b

SHA1
9e81e6d43266e1211636f6bf25abd0d4577ac267

SHA256
f08765fe49c43b7751efceada0ee09cf48087b4eaed5193537cea5dfdd080edd

SHA512
c3b5226d5391e30bf717f7e7237c2352f5e2ec2aa9aedff255c46d58e3a3367378eea7ac8dc0c77eb209a260d103881327223862c495c9dbae9052cfd8bce117

Download Submit
C:\Program Files (x86)\BlueStacks X\image\LocalAPK\close_disabled.svg

Filesize
569B

MD5
e7fdf6a9c8cae1fc1108dc5a803a1905

SHA1
2853f9ff5e63685ebb1449dcf693176b17e4ab60

SHA256
8ee5aa84139b2ea5549f7272523aeb203d73954c5ccdcf6f7407bf1a3469f13e

SHA512
a6388b24926934e20ccf7fcab41bd219dc6c0053428481d7f466bf89f26bf1a36fdff716a9ddd9ab268df73b04dff1449c6bac1f5c707e31ae2ee71c2087e0d9

Download Submit
C:\Program Files (x86)\BlueStacks X\image\LocalAPK\close_hover.svg

Filesize
653B

MD5
76166804e6ce35e8a0c92917b8abc071

SHA1
8bd38726a11a9633ac937b9c6f205ce5d36348b0

SHA256
1bca2e912184b8168ee8961de68d1d839f4f9827fde6f48ab100fb61e82eff90

SHA512
93c4f1af7e9f89091a207ab308e05ddd4c92406c039f7465d3b8aca7e0cc7a6c922a22e1eee2f5c88db5e89016ef69294b2a0905d7d6a90fd32835bc11929005

Download Submit
C:\Program Files (x86)\BlueStacks X\image\LocalAPK\close_normal.svg

Filesize
569B

MD5
3221ac69d7facd8aa90ffa15aea991b0

SHA1
e0571f30f4708ec78addc726a743679ca0f05e45

SHA256
92aeae68e9e0973d9e0dc575941f1cb2e24afd0574341a46b870be7384eaa537

SHA512
5e2de0abfe60a4db16ea5e8739260c19962fbfc60869a77bde6ab3547ad8ee3ad88e74e97da31fa23be096afddad018e431d152d6d0fa21a75357a11dacb1328

Download Submit
C:\Program Files (x86)\BlueStacks X\image\LocalAPK\close_pressed.svg

Filesize
653B

MD5
dfddf8d0788988c3e48fcbfb2a76cd20

SHA1
463bb61f0012289e860c32f1885a3a8f57467f2e

SHA256
9585f41eb6202e89f2087266fa31852d7f41ca8cc659b907c96753fe165f937d

SHA512
e708c5114c60f7574589d6a56c9faedda26ee4a40f0eeb25f5e12eadcf790f24fdbf393fa0aa6ad449b5337d625b092d6f8822472fa8a6ce1339aca59c50c3ca

Download Submit
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_US_POSIX.txt.21C81B71B2065CD25C6E7B114605AF1EB22A3A0EA18C25E89D76211890D7A41A

Filesize
32KB

MD5
b5c1fde9ddd7399ab50015aa2ca14666

SHA1
626bd70a6157f4614f7f966d51c3810bee2b985c

SHA256
3bdb73024e9a94162d89683820d73833efe7e8338144cec330cf47d15f406637

SHA512
dba7317ec6325a6d7f941ab7cdb9f8d900063de6604cb82f9067d0f67fcf9338a1188d8aafa507fa1d776c4d05ef47beae70370eef0ca965665f2bf60a484692

Download Submit
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\ResiliencyLinks\Trust Protection Lists\Mu\Other.DATA.21C81B71B2065CD25C6E7B114605AF1EB22A3A0EA18C25E89D76211890D7A41A

Filesize
48B

MD5
7d59d6b72f6e3731b3b130182adec9a3

SHA1
b09b1a4468db13e4c8563f209b3fd798ffb2d716

SHA256
59dccd206efa233584b3e17fd32f6ebb3fb51e5995368253d3bef1abba15d49f

SHA512
edf24516f0a41f20fb8eeee7e92e77bb2af843103b9eba1069130f5d3e3558cf9e9cc697f22af955833e673b92bbc54c3de4d67e1df31ffef7f716217bd0f462

Download Submit
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\identity_proxy\identity_helper.Sparse.Internal.msix.21C81B71B2065CD25C6E7B114605AF1EB22A3A0EA18C25E89D76211890D7A41A

Filesize
55KB

MD5
f92d94c2e1048831fe57c73234c4b14f

SHA1
7faa8e3106cc7996e0b49a51d7d322473e68f545

SHA256
9309a7681aeb87f7844f5b47229d9016967a11271dd02d47998578e055b0e401

SHA512
e47630f77bc2f2c7c454117d1dc58412cd84f68962cdb6c4fdc216e488cea6c6e8d3d501303ffa3219d6d8476da72d93454e207a463de743041ba3b9ed9c370b

Download Submit
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\notification_helper.exe.manifest.21C81B71B2065CD25C6E7B114605AF1EB22A3A0EA18C25E89D76211890D7A41A

Filesize
1KB

MD5
61293942e63ddb50dcb264d6c0c331df

SHA1
9fdaa580d5a17db11678477f13758244b6a443c0

SHA256
8a38cfddf2f1a53abac8407d7e3c3642e32c22a94d256f44998e0b6d46e27b86

SHA512
0aab282aee01de76fff88350322020111d9acb1c461c69ed3c85e6e9adff32d5bb41197971ea33e5cd05843c3c7681bc6b6f7ee0519c6dc7df67a3bbc8b33c9d

Download Submit
C:\Program Files\BlueStacks_nxt\7zr.exe

Filesize
812KB

MD5
fbaba140f30a11e5ff4f97d921de6d45

SHA1
d12360b79d9fe7ddc5380a22539dc7d4768ff5f3

SHA256
4889c0826c633c0291264d37834363be90ee39d07fcea228494ed151386dcb16

SHA512
cd18bb1b057b1b077fde372ca5f98701614b196b692ac42ec56e5b839535022d884a2cd9b6bf644a520c6f48f12f673574a24e60580c70c695067b66442ea7a5

Download Submit
C:\Program Files\BlueStacks_nxt\Assets\checked_gray.png

Filesize
538B

MD5
ce144d2aab3bf213af693d4e18f87a59

SHA1
df59dc3dbba88bdc5ffc25f2e5e7b73ac3de5afa

SHA256
d8e502fab00b0c6f06ba6abede6922ab3b423fe6f2d2f56941dabc887b229ad3

SHA512
0f930edd485a0d49ef157f6cc8856609c087c91b77845adeb5cc8c8a80ebc7ec5416df351ffa1af780caad884dbb49dcc778b0b30de6fb7c85ffef22d7220ebe

Download Submit
C:\Program Files\BlueStacks_nxt\Assets\checked_gray_hover.png

Filesize
412B

MD5
ea22933e94c7ab813b639627f2b38286

SHA1
c5358c5cb7fb1a0744c775f8148c2376928fb509

SHA256
d7c79677d2ef897fa0ad1efc90e916c46da29f571208f78f24505603b7165c20

SHA512
ba447a1aedec49419e2b4a8de85c6047886f1a5ebb94f1c45e205a3780c6826f412a3892e97115b35e43839f43e346f3c72ffbf0c57d57f6d26b360ae61b3964

Download Submit
C:\Program Files\BlueStacks_nxt\Assets\close_red.png

Filesize
15KB

MD5
93216b2f9d66d423b3e1311c0573332d

SHA1
5efaebec5f20f91f164f80d1e36f98c9ddaff805

SHA256
d0b6d143642d356b40c47459a996131a344cade6bb86158f1b74693426b09bfb

SHA512
922a7292de627c5e637818556d25d9842a88e89f2b198885835925679500dfd44a1e25ce79e521e63c4f84a6b0bd6bf98e46143ad8cee80ecdbaf3d3bc0f3a32

Download Submit
C:\Program Files\BlueStacks_nxt\Assets\close_red_click.png

Filesize
15KB

MD5
6db7460b73a6641c7621d0a6203a0a90

SHA1
d39b488b96f3e5b5fe93ee3eecb6d28bb5b03cf3

SHA256
d5a7e6fc5e92e0b29a4f65625030447f3379b4e3ac4bed051a0646a7932ce0cd

SHA512
a0e6911853f51d73605e8f1a61442391fad25ff7b50a3f84d140d510fd98e262c971f130fb8a237a63704b8162c24b8440a5f235f51a5c343389f64e67c1c852

Download Submit
C:\Program Files\BlueStacks_nxt\Assets\close_red_hover.png

Filesize
15KB

MD5
5ceab43aa527bc146f9453a1586ddf03

SHA1
88ffb3cadccb54d4be3aabf31cf4d64210b5f553

SHA256
7c625ae4668cc03e37e4ffc478b87eace06b49b77e71e3209f431c23d98acdd0

SHA512
8a5c81c048fb7d02b246ed23a098ae5f95cdf6f4ca58fd3d30e4fe3001c933444310ca6391096cfaeed86b13f568236f84df4ea9a3d205c0677e31025616f19e

Download Submit
C:\Program Files\BlueStacks_nxt\Assets\installer_bg.jpg

Filesize
78KB

MD5
3478e24ba1dd52c80a0ff0d43828b6b5

SHA1
b5b13bbf3fb645efb81d3562296599e76a2abac0

SHA256
4c7471c986e16de0cd451be27d4b3171e595fe2916b4b3bf7ca52df6ec368904

SHA512
5c8c9cc76d6dbc7ce482d0d1b6c2f3d48a7a510cd9ed01c191328763e1bccb56daeb3d18c33a9b10ac7c9780127007aa13799fa82d838de27fbe0a02ad98119d

Download Submit
C:\Program Files\BlueStacks_nxt\Assets\installer_logo.png

Filesize
14KB

MD5
e33432b5d6dafb8b58f161cf38b8f177

SHA1
d7f520887ce1bfa0a1abd49c5a7b215c24cbbf6a

SHA256
9f3104493216c1fa114ff935d23e3e41c7c3511792a30b10a40b507936c0d183

SHA512
520dc99f3176117ebc28da5ef5439b132486ef67d02fa17f28b7eab0c59db0fa99566e44c0ca7bb75c9e7bd5244e4a23d87611a55c841c6f9c9776e457fb1cbf

Download Submit
C:\Program Files\BlueStacks_nxt\Assets\powered_by_bs.png

Filesize
9KB

MD5
7a2e5c21140aa8269c2aafd207f5dbaa

SHA1
4e0d9e7e1b09e67eba10100d73dc51623517821e

SHA256
3d2afe5236ec813d9e8063bc43eb34b88c2155784e1bce19c6a533c32767af35

SHA512
63f512559f2068a9702c7c527c126f6017cd8d1d16af52e41b884aa9a64ff4294a57243ec78c3a416f70fb6178a79877d68345357725ff92c935709a2ef8adde

Download Submit
C:\Program Files\BlueStacks_nxt\Assets\unchecked_gray.png

Filesize
192B

MD5
e50df2a0768f7fc4c3fe8d784564fea3

SHA1
d1fc4db50fe8e534019eb7ce70a61fd4c954621a

SHA256
671f26795b12008fbea1943143f660095f3dca5d925f67d765e2352fd7ee2396

SHA512
c87a8308a73b17cbdd179737631fb1ba7fdaeb65e82263f6617727519b70a81266bb695867b9e599c1306ee2cf0de525452f77ce367ca89bf870ea3ae7189998

Download Submit
C:\Program Files\BlueStacks_nxt\Assets\unchecked_gray_hover.png

Filesize
176B

MD5
62d7f14c26608f8392537d68f43dece1

SHA1
add4f30e7c3af4f7622e6bc55d960db612f3bb0a

SHA256
a631e26bd5b6ea19c8c65b766a056c92ba8a47e1483768dcf12b05293c9a7a0d

SHA512
e41210a78e6076954f75a2f73c0f7628e8604a09ecbb1d2ee0972741d4ef1d814b366828977c02944736b03ed116bc559a2ae47ddb7cbc6f4e54578c8263edf4

Download Submit
C:\Program Files\BlueStacks_nxt\BlueStacksUninstaller.exe.config

Filesize
392B

MD5
ca0a329097316832e4a6ea5d870c9268

SHA1
4a36b93361d3dc9df9b00313f2c2b394be9e1e72

SHA256
4b7df915d706af6459c38d75b09c5e14f951842ae0678078400f204ad1c7a7c2

SHA512
51f9a874e84f130be4fa29fcc4bc934105318234b5dd9ceedaf569e3f0e6b38e29f3bec056044724476ae24295a510b16d8a737b994fd6f1268609defa315271

Download Submit
C:\Program Files\BlueStacks_nxt\HD-ForceGPU.exe

Filesize
169KB

MD5
6d9d7c7808e35a4c1b740c0141c305db

SHA1
898d2dfdc27c5f7fdadbe9fb223f9d2dda2f3161

SHA256
a051a5a3fd968914a193542491ecb873ba79816bc40a7c5380594881b895f162

SHA512
e003d034bb796c391b86b5a776f955ef66b4fea6ce152ac6de7d883ce949a12355f5c2f2741ea27c30d77e524d778bc45c1e45101889bf8d08bfb0c287321c9a

Download Submit
C:\Program Files\BlueStacks_nxt\HD-GLCheck.exe

Filesize
223KB

MD5
68512b4d108f217e360a3abb800c9fb3

SHA1
4cdf526817b8bb3b9867ef9e5fa6efa74fd1560e

SHA256
1aae3b7c5f54253fd085bae7ccd4876e4a3e7b93b1bd1aaf0ce1a9420a5910d2

SHA512
7db15619ebb6de7efe86e0ccdb8f8574beed44b5b5964cd07604d33da5cd05101935a2d4959f6057c352f5e4e223dacd590f8d9c5700c6cd566fac674d5a6e4a

Download Submit
C:\Program Files\BlueStacks_nxt\ProductLogo.ico

Filesize
131KB

MD5
169706218f98a42594a8c5c5a65771fe

SHA1
b8ded94180212578d86a031eb71ef93dcffe1a26

SHA256
3803045963af064936d7071c178de8e40854968b3d3f9171c57a182c869f3697

SHA512
1c3f18ed0a24ffa78fe938826eb88531eb8be134d6f209b87d7af5d0e8c4829f01947d7b0048996b9755562bbb7f52e000bcd15d07d646cacb2989ac881ce448

Download Submit
C:\Program Files\Cheat Engine 7.5\badassets\scoreboard.png

Filesize
5KB

MD5
5cff22e5655d267b559261c37a423871

SHA1
b60ae22dfd7843dd1522663a3f46b3e505744b0f

SHA256
a8d8227b8e97a713e0f1f5db5286b3db786b7148c1c8eb3d4bbfe683dc940db9

SHA512
e00f5b4a7fa1989382df800d168871530917fcd99efcfe4418ef1b7e8473caea015f0b252cac6a982be93b5d873f4e9acdb460c8e03ae1c6eea9c37f84105e50

Download Submit
C:\ProgramData\BlueStacks_nxt\Client\Assets\exit_close_click.png

Filesize
447B

MD5
b09525b48c0023f893d6b64d06add4b1

SHA1
10ecd439ea04e02eefe17f6c110d0c0a78a1db21

SHA256
caa2a8fe9b282939a21b86f8f61fb0c9452222cc3409f06cbb0dcc45613aca8e

SHA512
c6f5a7014c24133eb576708ca17d15becf2b45ec278b3f94e5275e47c78cf0f2eb8bb1a17d277d1a665039f38f2e25faf830e275f426b0a94c6a3da096b6204f

Download Submit
C:\ProgramData\BlueStacks_nxt\Client\Assets\radio_selected_hover.png

Filesize
577B

MD5
47ff3e4cc15b8c4a07e3ceb6cb619b62

SHA1
0318e54c613b8ff00f54d843e90ef88310c1a96f

SHA256
4786cfb7c98edcf01d6b670abf19c50891d56a4de87b96a5e17be142b1af666a

SHA512
0212bd7f6cee390d3bc221a22189b75407fa660a0951c7f768645bf97e7b61ee86fa9b1de6f546ff1151560dcb3b071db8c14a7b08b0e771b539a817b31b154e

Download Submit
C:\ProgramData\BlueStacks_nxt\Client\Assets\radio_unselected_hover.png

Filesize
480B

MD5
22efccf38e15df945962ac85ac3aa3b7

SHA1
b94a8615dc92982e1637680446896080f97c2564

SHA256
0ec39ed4bf89a341f1b5aea56d0e99ff5c923b9c3a6a81adeb9ff21764136f92

SHA512
41a4dbb57abed1a16aa84c72c202da461ca45cbaf68f69a10cb3e5529e8dff659e89f7f4459d1e2e8f3549c6fd51f23fc8422f86667577ebed5ab5df149c79ee

Download Submit
C:\ProgramData\BlueStacks_nxt\Locales\i18n.ar-EG.txt

Filesize
26KB

MD5
7dc7a16b5e42818c9249db888ca17075

SHA1
42f6b065b90017078fca7161cc4c26ae530dfbdd

SHA256
e696f4f231acef534d62ec9d99a3f4fc7b74a1c1deb3f9bbbeb4e94194bd9747

SHA512
f2706e0bb348a691d3cdc9d05ff4f71979804628547a41386aab068b008fe4933b8689500b5e45abf6afa6b6f1db3024ade2846659b2664b37b724fac5416a74

Download Submit
C:\ProgramData\BlueStacks_nxt\Locales\i18n.ar-IL.txt

Filesize
14KB

MD5
9fb07e066cc2f213a64d35a97a8c2922

SHA1
a70db989f5c562bc69caad89a1402c8ad7c9b80e

SHA256
65e7b0f37b5e2aa805ac8d57969804d803430186f34e9703ca9fa09ba908ef90

SHA512
81680bff55b475a62a4bf29a8c219230b84894c1165f60e372209a5aacdba8e4819c3dfb76f3b55c15d472ababeabf0cd4b30c04e7daa26df63c8a5101970c3c

Download Submit
C:\ProgramData\BlueStacks_nxt\Locales\i18n.de-DE.txt

Filesize
22KB

MD5
defbcf66edf5e18b0b13c8062fdfeff8

SHA1
8c807de19b131831b72325455f1bcc3ead0a09cb

SHA256
a9d87275086fd2d700d588f45c3121eb6a75c64a2e6c4a8714a61032403cdb03

SHA512
a30e142679e942932d82fb8179a9f8ca2cd5882577de64e8e4c38eb84c99e359235346c35b6237133159288261b0f6e9032dc6b14f512e2a431f093187e1447a

Download Submit
C:\ProgramData\BlueStacks_nxt\Locales\i18n.en-US.txt

Filesize
20KB

MD5
a1e3293265a273080e68501ffdb9c2fc

SHA1
add264c4a560ce5803ca7b19263f8cd3ed6f68f0

SHA256
1cb847f640d0b2b363ce3c44872c4227656e8d2f1b4a5217603a62d802f0581f

SHA512
cb61083dc4d7d86f855a4cc3fe7c4938232a55188ad08b028a12445675fbff6188bb40638bd1ce4e6077f5bfc94449c145118c8f9b8929d4e9c47ed74cf7bece

Download Submit
C:\ProgramData\BlueStacks_nxt\Locales\i18n.es-ES.txt

Filesize
22KB

MD5
412ce0feb5a656c908775da52043c31d

SHA1
54a35431dc77d66fde2c828f10372142926b4c47

SHA256
7db48c44d717c50011a2fe2d8f5eb0214c817c7eef5bf1f656feb70270a53458

SHA512
2209d911c91d21ceb44a8e9375fefa9b5ea55cb800f49f709a7baaa56d52a94f5711fce850d880394f6ae78d23d0e3f1a5727514b970f940d0b670e2e978a997

Download Submit
C:\ProgramData\BlueStacks_nxt\Locales\i18n.fr-FR.txt

Filesize
23KB

MD5
3809a8d9df2f73bd1b2cb6a727e3768a

SHA1
78f7f511fb688e49827105109e73affcf0447040

SHA256
a0f88af33c36c2fdb71b4ef157c1fea12eaf4fb30b0c51e4fd2a574d3529fa10

SHA512
d698cd445159fb2ee672f719d99c1feb1a2bf0113f8f5cc17233b2dc01771a8c1cf3a979788a91f02f6e8e299dc7c55e31e5bd3eeac4fa028a7693f945e29f6a

Download Submit
C:\ProgramData\BlueStacks_nxt\Locales\i18n.id-ID.txt

Filesize
20KB

MD5
7e8631459def09a456900fa9d3cba360

SHA1
b5204153e26b303598c473e7e92b01a87818787f

SHA256
9620d50148651dc75d3741eb12a8a23fbdeb5efc29f1be24842fc37d01b71f8a

SHA512
f813863475538f763733b0668f3b5cd7d4b6f7132c1a9df3b4665907fe6280d6d8c9dd4f6e3e06bfee7f90a2a527f7cd66bd647f08b8203664395f31321cf84b

Download Submit
C:\ProgramData\BlueStacks_nxt\Locales\i18n.it-IT.txt

Filesize
21KB

MD5
444e991f12d84ad04baf6c8eeccc7a9d

SHA1
f4bec5e01161d6f5cc9107f2cba325cc9b0ef325

SHA256
4b1f6e0fbc834a783ab8230e678bfd1506ae6c18b0ac0a5bef1d8344b5b2531f

SHA512
ff61397322d86f36a225e9be7444c643e2760a556311c97b230583b0b2788208d11f723e500c3d291d55d076b5cb0a52d92b50a8b1fdfe348fd61341b915f855

Download Submit
C:\ProgramData\BlueStacks_nxt\Locales\i18n.ja-JP.txt

Filesize
25KB

MD5
cb5797745966bfbded96d28cf53e2f93

SHA1
1cdc380338f076c608a4143cb685e4cab2bee916

SHA256
25fbeecfbeec0b2a8ad45f8b7da31c4eb6fdbe413f46e75f40cd22d874c8f7c3

SHA512
f42ef0a3566f02a4487daf50725c186a0cd8c03850c569eb0cf4134ad2c2004135730ff8f672207bf12837980fe722c4581bb0c6c1eea5dcc9014da5719901b7

Download Submit
C:\ProgramData\BlueStacks_nxt\Locales\i18n.ko-KR.txt

Filesize
22KB

MD5
299768cf839ca0926344233731549181

SHA1
773aa661c5bbc1a92a41b2f02e59bf1d78b4b142

SHA256
883cf4af6b2124bb70f51d683c7a1f4b3cecccc4ea61163b8c4ea967155ea839

SHA512
0de4317aa9139b415d4d10aba7f64cbfe39f0417e2d19dd8e69ada7d0915a81f71be242caebf5e019a2638d6d0457c042493c80ea0d24c2dd43c18bfe76dd2c2

Download Submit
C:\ProgramData\BlueStacks_nxt\Locales\i18n.pl-PL.txt

Filesize
21KB

MD5
c61810a689ad52145f3b644b3e4b01e9

SHA1
ee7f7229aeea4a0ec6e18805b69d0ff928afbf87

SHA256
c5cdf3696ccd6e3e600483836c81b290e5270984fd7ca12becafedea42cd64e4

SHA512
79dcf55c6ac864764fa4c614667053c99cd37f408b2b573ce18077fd09ba70877b3cbbd1f57b680ba6e9b5ed5a4d257f11d12c67a0b56dc9a099bf2584e0c393

Download Submit
C:\ProgramData\BlueStacks_nxt\Locales\i18n.pt-BR.txt

Filesize
21KB

MD5
162e3a28c1b32a605d84cc18a2998ec9

SHA1
9c0a2ce21321f56a1ecc61879a9b2c1660cb4238

SHA256
345f2c774e182f1dadf8dacb5539dfa94e33a4d3effb006053f9ba17db6c0f01

SHA512
d2377da38814cfc22950bfcc42545542e33ed6d4939ddb102d1fb11ec2ff019e53fb980e97ce9a9a9926c0d9665d101dc12655a1d67f506a1456e5b244ad50d9

Download Submit
C:\ProgramData\BlueStacks_nxt\Locales\i18n.ru-RU.txt

Filesize
30KB

MD5
a7748f70870a0f2cf2e5804d05f433fb

SHA1
ee74469bbfa6e5d04043dae2a2cdec1a777c5b28

SHA256
f74bceefe2a7e7d39650128096f9b97aca5e929fa67e451bfa8238d7b90cea34

SHA512
122025652c05ba9336b339db79b925b781862a635cdb0c8d5db0adacfeb6e0e43ef85c283d417f119d8622640d0ed15cdc6d915749ee3cc1a4f89b062ae71075

Download Submit
C:\ProgramData\BlueStacks_nxt\Locales\i18n.th-TH.txt

Filesize
35KB

MD5
bfb84603722e804e4697a52285b867b2

SHA1
5840e5e93319f981dc0f6df4c7d7be23547f6655

SHA256
98f156d8184c10d504189eab0077aeac8687e1d6714d0bb228704d660e01446d

SHA512
e26cc6ab7087a252471cd6233e3baa9d9a66c0a7a0b3703987b31ff4f91f89d00854d8d970f3090b2d90155d5eb5f724a096badddbc6a4dca7dd1a53fad6ffd5

Download Submit
C:\ProgramData\BlueStacks_nxt\Locales\i18n.tr-TR.txt

Filesize
21KB

MD5
2ddee14b7986e234a208189d650a2e4d

SHA1
ab60bc9393258e556c7ac20a8d68f632ad44ea6d

SHA256
fd9c690e597fc7d8b3bbcba7e39816087c424227f89bf3107da7d16d444fb3dd

SHA512
116d06a37e836d4f48b59aa9cf4164e1ba4abc081e62adfc6f3c8d112f46b57c060381dd2fc361fb83a162ab12f915408df193bdac405490e3014bc0effecc9c

Download Submit
C:\ProgramData\BlueStacks_nxt\Locales\i18n.vi-VN.txt

Filesize
24KB

MD5
2ffe813470cfedf7384207e61dabf1df

SHA1
1673c446a89a41afff299acd0f74b4df65cc29c1

SHA256
e666975aa6894c7d5230eb44a6ee85564cac7a51188ed05b77059beb60545ac1

SHA512
3288001e68c5533ae092460d7bcb20ca42c37c04fbdfd412c1046ba41f0582ca3a135f136303125f680165c401536b9bacf6d6435e10ec1477d7f9b45942c34c

Download Submit
C:\ProgramData\BlueStacks_nxt\Locales\i18n.zh-CN.txt

Filesize
18KB

MD5
1eee99faa98b0385fd8077acdf53e81e

SHA1
3191f6c03d6fd3b4db1944e3e7b3a8b85ef20dde

SHA256
7d245f9271426eb08f976a83e8b229e9a830f51674e47b6bfc2181716ec0ecf5

SHA512
d2c116c7c56d7fd6154c2ab856adccba5848ba1fe1ce5ae38fd740e388cae77f095feaf90d4161527a4b3c99c129374156f85033c18f3293defde33f78708691

Download Submit
C:\ProgramData\BlueStacks_nxt\Locales\i18n.zh-TW.txt

Filesize
18KB

MD5
3ab7d825111b89950d8ca4b3da1c00c1

SHA1
cdf4ec4344598ca9593665465497d370a35aa178

SHA256
dd286cac4e14fe69877e4c2f35eab8352de125f7dc757f47e4fc8329572460ce

SHA512
ac0c2dfc6a963a88657304c83d9f00cdadb5735f208571e72d43c410d767ff6c2cd05c4fcfeb5d4c7f8882e079608e8eeee8b1aea1e2cb6442f78cafaa8ffd09

Download Submit
C:\ProgramData\Microsoft\Windows NT\MSScan\@[email protected]

Filesize
585B

MD5
4eb1b6f01765d34da694d8444886d428

SHA1
d27e431026e4452a8e5cae3dc0cb89b19a01d811

SHA256
21232fc5eb96aae548a24f4eb8edc896b4e9d37c20974b35b6902f8d5e4077e1

SHA512
c7d151daa17e902baaa2172b8e9f2c7e7522c4b2cb4fb8fc190af61145abbe7ee0a1f5b4ac367783daf7a12756d99742f997539f805e3e5724f5c50f7e5f5998

Download Submit
C:\ProgramData\PopCap Games\PlantsVsZombies\userdata\user1.dat

Filesize
886B

MD5
2c844b93f51059b4a690b4b6f2a56e9b

SHA1
d2a5d8c0ff926ca73477e38146cc45c494bd194c

SHA256
a57d54daa985e6bbd2400d95185e6d50d75441b1ef037adbd9bf91e77191f69d

SHA512
e78f82bb3222391838d7b9f1d79df7e226fd937045f706af38a84fce62942165b7953ee0b952200a2888ffe846ad0ed541591169eaffe4c67f027d25f9102af6

Download Submit
C:\Users\Admin\AppData\Local\!WannaDecryptor!.exe.lnk

Filesize
590B

MD5
4425788c03d87733d44b727718775e4d

SHA1
1c4920dc7dba5a238856a716a169502a8df58fe9

SHA256
a6f0ed3800defc84bd45a882c9b4c6cea9eedc622bd9f006afd795100ddf432d

SHA512
569b70ecee4a15ab73a51c90b867acc727f4ce2eb024300410bf1fd803730d73fef28d8d1d822b0f6f90962b6935f77758d6d36d54d4141187b77d2934af7e57

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\20c60a82-b9ec-4e17-abfa-f6995eddd340.tmp

Filesize
11KB

MD5
a6ecd91e64a6d4b3c57aa29112c8ae7c

SHA1
9bab28176d92aa25433e966a72be710f2e9e9ef1

SHA256
1a68aff7158ea60a9775d8d8118506ad177d6bf7009786f014603ebb843d1c47

SHA512
eca4483575d33adb58573697a3627bed4285a59dae8af05d96483def4b31ab2426a12c886c6fde9692b380fd32d9e126dcd45355ac4a2c6ab50e1ca5ac867a00

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\97544cd4-9cc4-40ba-b995-769f13e79e46.tmp

Filesize
11KB

MD5
593eb44c8e9460c5590ee00ff04f7585

SHA1
203ce757f0f74c814dab7f9c9a6296ef5112ea08

SHA256
67007db07465e776b4bd948c1679a7bd9000dd4c3f7d000d93932e7e3d823f1b

SHA512
20ba65bf92387d92e0611fcd90dd301137742075105655a5e303dd0900b298e98aed6d2492169d55f0dfd723ce10824967a09bb14be222fb01dfd577b78ad02b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
003b92b33b2eb97e6c1a0929121829b8

SHA1
6f18e96c7a2e07fb5a80acb3c9916748fd48827a

SHA256
8001f251d5932a62bfe17b0ba3686ce255ecf9adb95a06ecb954faa096be3e54

SHA512
18005c6c07475e6dd1ec310fe511353381cf0f15d086cf20dc6ed8825c872944185c767f80306e56fec9380804933aa37a8f12c720398b4b3b42cb216b41cf77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7b2e836d92861ba4af47cf1ad49d8db9

SHA1
5bbdb188d0c80a484c3b9eb7c0a63c32fa3ff65e

SHA256
f691ac2bb3608e20ba5797c963fe8d85b00bbb0e44858a88961b8ba13ad5e507

SHA512
2862161bb2b0706c4435387e44490bf48cc029c632ca869186f63a6f02d95bc9856ec3286a418e72dbe8d05dc7aec679f5a2fbbd93f1ef21f9af62d9f9e63071

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4b11f10245ff263d27ad386b0cf77a48

SHA1
8f4f38b3ffdbdd1e877515e5d95afa022bab4e4b

SHA256
3e860bb917d5323d71d6f5139731da01ffb80df3120cc7a78bbf56cf1f6cb188

SHA512
99f901d185164e862c2cfac8b4317c56f2855b1746fe072b092b2fef88806b3e73f5cfa5be8533eed2f01d048f74fac3c14797c53a563fa2c8e4b621e5e66d19

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
051a939f60dced99602add88b5b71f58

SHA1
a71acd61be911ff6ff7e5a9e5965597c8c7c0765

SHA256
2cff121889a0a77f49cdc4564bdd1320cf588c9dcd36012dbc3669cf73015d10

SHA512
a9c72ed43b895089a9e036aba6da96213fedd2f05f0a69ae8d1fa07851ac8263e58af86c7103ce4b4f9cfe92f9c9d0a46085c066a54ce825ef53505fdb988d1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
47KB

MD5
55a93dd8c17e1019c87980a74c65cb1b

SHA1
4b99f1784b2bb2b2cc0e78b88c5d25858ff01c5d

SHA256
4925dd477b8abf082cb81e636f8d2c76f34d7864947114fc9f1db0e68b5a9009

SHA512
f9ade542c593067dbcd13ed94da1ba17a84782575355396db8fd7c28aa70a3120d0c0a22d3ca3d2f0774c1dcb06b9319e243b36001c618c92e0af25cb9c8e46b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
67KB

MD5
fb2f02c107cee2b4f2286d528d23b94e

SHA1
d76d6b684b7cfbe340e61734a7c197cc672b1af3

SHA256
925dd883d5a2eb44cf1f75e8d71346b98f14c4412a0ea0c350672384a0e83e7a

SHA512
be51d371b79f4cc1f860706207d5978d18660bf1dc0ca6706d43ca0375843ec924aa4a8ed44867661a77e3ec85e278c559ab6f6946cba4f43daf3854b838bb82

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
62KB

MD5
c3c0eb5e044497577bec91b5970f6d30

SHA1
d833f81cf21f68d43ba64a6c28892945adc317a6

SHA256
eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb

SHA512
83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
19KB

MD5
76a3f1e9a452564e0f8dce6c0ee111e8

SHA1
11c3d925cbc1a52d53584fd8606f8f713aa59114

SHA256
381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c

SHA512
a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
63KB

MD5
710d7637cc7e21b62fd3efe6aba1fd27

SHA1
8645d6b137064c7b38e10c736724e17787db6cf3

SHA256
c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b

SHA512
19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
25KB

MD5
cd74fa4f0944963c0908611fed565d9b

SHA1
c18033d8679d742e2aab1d6c88c28bd8f8a9e10d

SHA256
e432edfafbd52fcdbd59ef74892aa2e2ab19df6647ae723b368fca529066a804

SHA512
b526216bdbc73a97db41edbec6fdfd09b7b4ae149d415fb5811dde03ad4b1b0247950abd78fef807ae47674ab1b56ff0b971fa5e305b26bc92dc07871313b750

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004d

Filesize
22KB

MD5
2c94356567011c1f0adb3a612862887c

SHA1
d1b4ad460af84cf295466fa9ea2ea729db2200ac

SHA256
36c12126a49c8906be03a79ef75a6172aea983db90fe2f38aed8a58346171a40

SHA512
3139a9ae1dce06aac09ecf2b0adecdd6b411ebaf81d912871c7597a23b51379d76ff5ab227c04120d7e23ff69ff85d06d816b249b862b04a466b7f99559e3c9c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004e

Filesize
67KB

MD5
9a36e47b062c2a7cc98b2c7c60423338

SHA1
a981b814d5b10e4dc0ab86fff926c960f19d756f

SHA256
cd85f4762e736ff87d7184e4a146149df68c9b646be1841aab202e55ccad499e

SHA512
8e4f25e2e4af4a3317e94eb97c580008ac622ba7110f3716e09a15647793921912ce57436c31dd48578185b6cd00edb975a49a21d1684420b07cb98c0f2902ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005c

Filesize
68KB

MD5
0c5b5bea3fd29c88ff993131fc7ae0d9

SHA1
224188bc27ac3d59008827e72f20b3f38c7b3988

SHA256
c413559160cfe7c28aaf98755ef2ef0d1bdfafcfb29111adc0c1ed97d1dd9ac8

SHA512
c69c8aaae859c5673e36abd9bc12b3a8215c62461290d46fb1e6638df159841ef7f7a6b6b2562faeed0844d51312e96cc669da5664f4287c011a986d54623e7b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000060

Filesize
20KB

MD5
4d8b471a2271ac4e3b5d25b5683964d0

SHA1
67b52c3bfabc09bc4f99d259de43213dfebbb5c8

SHA256
d0947470db9c332a7e6abf959a45cbdaa82e6e032e325c512cc9a3cd32dbae65

SHA512
d734faac61756e2fc07821704a9ebc5c5a0e7a7dec601b3c8ac4ad6b1cec59cd6446f38e4df41f9c51cf5a45bc7c6241801fa945023bec1a735c0bf450a0c0f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000067

Filesize
126KB

MD5
807b45c328ca2060f74aadeb41a7de77

SHA1
a3209a7c760a14f3d4af460a45f305495e3d0879

SHA256
11796ea322fc86fdba562ea65529ba9413261601ee2579e29c573dcf699e353d

SHA512
11fd8a302aff968ee3dfd190de554b762e913134f8308d19ae071af740288e86f2d2a2ddcb45cb7a1c0e1a5ebb18bb3275ba8b38e472f976ee19b09f78923754

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000068

Filesize
28KB

MD5
f69261f776508b09f0c8251a3a28fe23

SHA1
13871e4e279dbee01715a95194bd65cdf7344c14

SHA256
9ee279929ae91b1dd55398201f56be41ead3746b339906c7836665d50aca96ed

SHA512
bb3370da6f901733d82844063b04c64df6f29b839019b58a3b89c1248de436341e3aed7b45dc2545479d4ae3c0ea25d13c51e4915a525dd53e1cc39ee003090d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00006a

Filesize
33KB

MD5
76bed69885453ab6844f7b543af7fca5

SHA1
ac5fdbc3f660fc25d3028edea06aba28b4b18177

SHA256
561f2f2d58f377936829154303306dd7cb14516d756a4d41c6e0560124e96c14

SHA512
4506d38a9ae9cfc5bea26a16a3f94470f0a339f6c65fb2e4d53b2c1c9f2897d1e37ffcd27ddc4c5e43c6c42469dae3dc0f40bd33e465e264270b9ca3badb8221

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00006b

Filesize
141KB

MD5
66d809fa6fac2755f95b9f96ca228ca4

SHA1
6035cb99601af3b7605d57a3b3e4e442db95bda9

SHA256
9f6e67afa144563032c1834bef32a8509a192dbdfa8553057071a39617e621fc

SHA512
c75e329b63e787491fde2282164b6e47a7bb6f94ad9f4468e8db367382b98dd439d1366e9781d678671d23872726dc99ba5e3d148d7d44ecd0eaef24d774b9d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00006c

Filesize
17KB

MD5
8ad04f19bf70f5cf330752244dd8a5bf

SHA1
7076e75cfba995209d990ea6436cc1e35efccd2f

SHA256
8f9f6500a484f9c529b47669e78a5672a515ce00f9bd325b3e0d15d1d95de69c

SHA512
4b49abc56fc26aadf5dac9d76ab9a507592a59c797739f39cb5e8d2efdcffd2d37ca4c05c9e362aea17e3cbf16ebd86650baab5b3a672366fac8f5da72d79fb3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00006d

Filesize
19KB

MD5
ac4bff64acd92fa04a0295c4c5e1d30e

SHA1
a85ca5d89f527d89a5dd2c69a8e94cb12f202a30

SHA256
423fab8c2cf78df3cfdf1ca013ddff76dd33aab07968e80189fd12372dc312a6

SHA512
6adb66103bb5c7b171ec62ba1bed7d9c0b3fb663ba6bd27889454f4631d8b30d31bbbef0d0a1dfafd47819633eeb686e82ed89597ca3c5aee2fb3647895dead9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00006e

Filesize
16KB

MD5
bd17d16b6e95e4eb8911300c70d546f7

SHA1
847036a00e4e390b67f5c22bf7b531179be344d7

SHA256
9f9613a0569536593e3e2f944d220ce9c0f3b5cab393b2785a12d2354227c352

SHA512
f9647d2d7452ce30cf100aeb753e32203a18a1aaef7b45a4bc558397b2a38f63bfcfe174e26300317b7df176155ae4ebaee6bdf0d4289061860eff68236fe1bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00006f

Filesize
21KB

MD5
bfd745e46cd48f0bce0a97f45b60b3aa

SHA1
8c282f447d58269d564c2cb44520720b4ba74b92

SHA256
9123fa24b225c2e15d13308040e9ef8fb63bb29c74d014efaea6b9f03a04407d

SHA512
caa2566c55e4df40b90e0bb783db84bf7fa83f218b408389e46b2b3263fde3254830b457b74912ea3fb16fd7370a1f873250d353f8f0343c377e77b38c5cc1fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000070

Filesize
103KB

MD5
c12602b8ebdfd5ea5113f42ee978d526

SHA1
1159db5c354e5c9a73b2e072b3c0c5d02f3ff07b

SHA256
412aad14e7b55e51c4c56a88949c8f5ac81e06bd1d9b23da4378b1d9711a0794

SHA512
00ba76a1f0f08c969a96f4418c158d482eba611fa5984cec234ded9c7a1aa2e9e4dc2a69816c2940783289767212ac729cb7b3ae4cd002f772a5dc5d45bce3db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000071

Filesize
94KB

MD5
5002b600b27f985bc15552ee38e0d125

SHA1
6c9be624a06472c006f309ac50dc772accc387ee

SHA256
7efe0a8b30ef1e9f51de45256e1dfe173578c7320d6adb8c29dbf71579a6935b

SHA512
6a380a6289ba05895520d16a92acdf96320ac57a9ee61839c2e0cbac72de87cc290b1e88405a38f5de33389a7d7149d57289ff734a348fe8c85d9be0ee99561d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000072

Filesize
42KB

MD5
23d5f558755a9d58eef69b2bfc9a5d99

SHA1
fa43092cb330dff8dc6c572cb8703b92286219f6

SHA256
6e5bec69b1c6424972a7f5481ac57049811f0f196535b707613126c11292c5cf

SHA512
9c56c94d059a27dab9f69c9dfd718382a8eb192b8c0ce91cd6db6ec0769b8756acf9c0956a35561474b87d6278b13fbe88a6e4df6260c278b1ae06e9be55dd6d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000073

Filesize
151KB

MD5
ec06b5c892ce64f1ebeeee28c8249ce6

SHA1
d8d24c930af73a02c8e6dda7471b09151b93d37e

SHA256
626e42f5367ebf2321cea47a065da21738c8a358d6ba850bee9309cb422eaabd

SHA512
bb094f84cea7c70be5ab6fd36645cecf2f4176735a999f9ff972599f11b5685b50446e866cf7f6a8056fbe5dfdca113b15aae51ca0c5b93e01f74025af6e691d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000074

Filesize
88KB

MD5
dce5d67866d698aea1230ba22f43aa57

SHA1
47d02485ac47f1cf44858d8fa0e5291309ecc852

SHA256
728ee7b23b09d8aa625977dd3c5fc717274ac5f9c68fd3175bc98be4f26be9a8

SHA512
25dd7f05758259527e4f31e63beee1fb720daafe54ecd5221bfd69f003a5ba56e8666ddfefc549ca77a77fdfef77e0851b42297e5b26bbde985f7b13babcc5da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000075

Filesize
26KB

MD5
bdbca6cd39a21b94af5e37a7d95cd7b1

SHA1
3bbd7a9c40294b9f26a7fda297a07cf68f4274a8

SHA256
fa016fd584f843b1373b82746add6f4ecc0bd88711e9e85546dd9270e77cac50

SHA512
930121da974124d737bfd6971014a2127dd1e5c383eeb643d7eabc822c867068c261f7d978a2c86f2237a98053ae3dd26a00624d8f0233ed04b4d2c0f8ead102

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000076

Filesize
151KB

MD5
a185b0d44053f2bb7fb75cc2050ecdc4

SHA1
4b51ec6a8b5fe8d4f320b812603c547025f44f38

SHA256
12c612f880e10f9729394d83f2b25839a3fe66182ca6d7cbe315c04296ac2e5f

SHA512
002621b4c89c4443e5cfa6fb4c3528cd519987aa8cc10379b98fa22b820b7256d112e9f49084659f0d8a85726839cb790937891e2511ec6309fd389347be40ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000077

Filesize
84KB

MD5
9e97890bd91108cb809b9b49e88ec9fb

SHA1
bf8caf89790557a5b6f293b030d74569cd8e9b66

SHA256
cbff7c9390846cd1ae438d5370ceea2ea92fa89f11452c3be0767cdfe9630abb

SHA512
a2aecebdd1adf39d99c4300d2f70f9912bee360ea1e0d5dab59c9e9eaa5a9e8b1dc3bbae562819200c01f6754e093a540a3f8e7f6c0a58a30d0a73fb2f648ccc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000078

Filesize
20KB

MD5
708c1ca909c6cfc00a7094ed36e568fc

SHA1
d681a1a2ada7b72a9e81beff030209ba05fe88cd

SHA256
f28d10fabcaa7cd96971fceca621d268700b9ac9516a851eace1b7f27002a2c9

SHA512
a0ee17ed6348449fb956a87ce7c2d19abc51994e9e39edff7b48ae0441916e910f4ce90a57299702a7f4468d2a6ce8d696d77d9514ac8c5a3bf5dcd9da7e1371

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00007a

Filesize
88KB

MD5
07a6ffb516e81ad86afe09e53fd0ed0b

SHA1
6ba0fae9d1846970ac631a526ef356f0ce4ab94e

SHA256
f4b7fad0a8b9e649441df7b648caae0c6dfdcf2eb7018eb9a498a9d74c364bff

SHA512
4aba1f1592eeec43463c08c5e63c9ffe1ea37391a652f869d0438dcaee3144ef43cbf039f9bca43c1a581da8a99b658996e00af2e1eec13bb805b943e10f542a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00007c

Filesize
28KB

MD5
5b9c8980823dac139da68f41e2947303

SHA1
2d950568a2e5bca5dd7fed1a5944394dae8e99f1

SHA256
bec8ca4b8be0f5c6f14a8df4872644789819e1cd3c1d11bd448a2ce291716257

SHA512
f819cf34f62a899898c045978d32fcc87e141d963f5c1dbcdc7c17d0809a4f3cb989dc09a328434940b49a99cc2f76a21ad38f34bae107ab174a1f3c2d720616

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00007d

Filesize
43KB

MD5
33a4028245ae97dff21f7ca6895f86b1

SHA1
af35476e02e37105508a9d3cee2ac7f41fa3678e

SHA256
af138b04db8e9355dc93a57a60543288d85fee7dfe72e9c078f5292ef907679d

SHA512
8ae4f349fb49a408eb9d25ce8ff18e32b80782cd6a0aa11ac89954507daedc4014a8cd13e08e415ca95ac206dbf20f3cebbed61bb5e29285c618027cebb0a26d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00007e

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00007f

Filesize
91KB

MD5
79e7d4d500f97eb903f25d9ca9d80138

SHA1
2f4dbb97fcd0e11de41f511a5cebc3157bd21d64

SHA256
baaea657f4cbaceda32c41bd89d2c7614bef8620afacd5c97ecad4c7c0a9e589

SHA512
e8a7c1ec1006c231ac977471a0da99596df3be5ceef6db355abf6b8a8b5f87d520d799286096cc2725700bb1b35e66c4a85875e5af861fde2216885c8e03d1d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000080

Filesize
122KB

MD5
8c54f0b092f72028efe81f2a03c71bb0

SHA1
054bea946ca7f3d8022a5def68e71f770f2d718d

SHA256
27f1886f870776a0a5ce8bc21199583312e942f6e2bad01d83b2849d9baf09f0

SHA512
7a6060f83bcdc9563cf544db5fc21f72f3f43256c479805bf7a4b068a3e9a885776c139b59020cd9c21581969c0caf44d86aa9e787ea91fe1f1aeef0d7aa2064

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000089

Filesize
62KB

MD5
c610514e5756020cfb3c727b77b2c83e

SHA1
4083cc96db7af4deac95b32329baa78b7a584f49

SHA256
0148f8f91e2ef35d38ba66c9e01f3deeab27bfedcddc77cd782908c401ac9ca8

SHA512
039625607b59612a9eefa3bd00a07be62cb531aa201d1413da190ecc9ff33e35a8c7a4d095615dc3d08856de1c0ff6c4e080bee8b7ca53174f78d349a2fc6572

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00008c

Filesize
18KB

MD5
8eff0b8045fd1959e117f85654ae7770

SHA1
227fee13ceb7c410b5c0bb8000258b6643cb6255

SHA256
89978e658e840b927dddb5cb3a835c7d8526ece79933bd9f3096b301fe1a8571

SHA512
2e4fb65caab06f02e341e9ba4fb217d682338881daba3518a0df8df724e0496e1af613db8e2f65b42b9e82703ba58916b5f5abb68c807c78a88577030a6c2058

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00008f

Filesize
52KB

MD5
484315893bef578d9bbb469de173e689

SHA1
fbbfbc2d1b7bf3e3bae423c1b50d92d780e2f33b

SHA256
259e40d2ce9cfbd80516b51e0dcfce4b2d8c8c92c3e8ff3c2cdd173fe1c3d9a3

SHA512
25490f552adabe29e54b91097203fb5902d05a1706c3a1fb51dddef5c44dadddf9b0d1e6e742a50fbf3e4c007f7449a5041a08e82d097a6c8883c69a4e40c206

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000090

Filesize
26KB

MD5
cdb261e65898c83e59100c509805e89d

SHA1
38a7917082dffdddad81123fc77636e29cd61091

SHA256
e8c1781278e593574cd8c4c6c78c720ce38484b84d62d2ff8724962621034074

SHA512
80c8a5ccfbf9328dda51f132a60ec2c651d53915d2939bc2ebc21b2084d9d464b45831f67def3270ae2f749243ed0e03c9374381d2fee890793545d6c17101fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000091

Filesize
24KB

MD5
1210dcadd833d6fc317c451c4a310d67

SHA1
4b00150f53a91219ca93391dc65ad523d749f882

SHA256
29a34dfa54cdbc4e67644345ba83c30eee3fcdcd21ffaf88f89e05c1a077cedb

SHA512
3173b1cd63070ace7975ff3a6dbdc0d3c354ab7c146c46232ca504010792df1c112378503179500e5bdc7fb03014ea2d2c21f9cc6a7098f610d848ab3112ac81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000095

Filesize
54KB

MD5
41ccaaa054d452a23a394c25e1f97d63

SHA1
1a76d7862d81be0d2f88adf28755135420484835

SHA256
7accde3d47dc51b6ca71b28af4de9263870844c2bef0626404026b8089f16883

SHA512
98ef938c10dc5fc7aafdc5162d53c320eaf2e26939245d5511ec8bbd3d3c211954a1530f30b41a657eff92a8ccf1638d8f101aa87cb1be5fd354a442cce609d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000096

Filesize
45KB

MD5
c8b733e1c540c6144236d44898ce66a7

SHA1
690d8925a195e7b632170c96b4bee9b368805d66

SHA256
490d4f366e3173b1fc18fc18ec4c76cd78a8764413e593e57c70e4e8d5fba6d4

SHA512
29527fda53e691492d113cebc4ee95ce3dea629a50b77aebfdbc524adab851730081c05880262f24b452b5e1e627a9d653db3ce33662a38a85a920db3e953de0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000097

Filesize
18KB

MD5
da34c7760c854ba8a36abbe9c1a3f37e

SHA1
aaa73dc73739b9ce4fb638ffe1ce118dd0e2d92d

SHA256
2d58fca6ca8facb44fe163c30bde7a029875fb52429bc12d954fb98d1aef40db

SHA512
7d3ff92707c99e6623903a31c5885b50ac4c8f570ee083aa09ce571bc693610b1ec33dcb46eab13a5d5d333c64dec05cc449e7bd90f078be30a9426b803fb0d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000098

Filesize
28KB

MD5
2eaf1b89e9ce2fb19b307457c51828cb

SHA1
e0a8c2b9fe8739dcde7f28553017ae368b1229a2

SHA256
cd004d6f51e291d0f79f7bf6a24a03e83ad50444a419243a500eee7673cbcba6

SHA512
69b20d206235ad28f4ddabf839b6dcbeaf9269ed864c7b8b0cf6e0c0c3eebda0823691527e26cfddcfdb2fdd01bd3187ddb0f74d4eea9daf49ce865f0896ddbd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000099

Filesize
16KB

MD5
835ea8884e612cb47c3c17e68cd3e62e

SHA1
ae572f9d4f51d6f12c53a87116adcf9741b8ce97

SHA256
29523f974ba043e3e884d480078f71ca713894541d92fc268bf79ff398b08cab

SHA512
47d854ecd584aa3b87145502eab22d17194c484f8dd63c3845ea66e0080b59552ec0ee4efc31ce996c7dc25c40b90358491aef134e85c2755dfabdde3645231d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00009a

Filesize
37KB

MD5
76b2b68ae8452e319ace4029e2a9c3f6

SHA1
00340ebd54e6bb8fa4aacecc84504aca010d3a82

SHA256
6cc3f9f5af81cdb12736f8ebb2a097f25aae8ab5d331b406a96d95c145f45204

SHA512
e91819db9842d6678696f9361da57ee2ed96f27c7506c63abb5f8d0d7b6f1eba3762d08fa4affb434b47a5f31c76b71333278e94f6f19c30603732f13dbffafe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00009b

Filesize
40KB

MD5
1fcfaf87a280adbb1376e50623704ec3

SHA1
23cca0cc112ecc8f980ee478ffd4d47ae814bc1b

SHA256
606e158f41ba4af61d71e439eb29442bf5a4e506f31660b635a1a46625a521dd

SHA512
5549ed4245b39e3388a55ebcc36e3b34d2cba5a5c3ef34d8c61d393349f1e37c54af6653344e9753632236f646a51f99f2b1e040c825ae466ecbb5d595c377d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00009c

Filesize
38KB

MD5
a5691df24c169c24fac1d6b0a528ac3d

SHA1
9f75a59cd8c81d2e2289bd9882b6da6830e84716

SHA256
14b30696a9905090ade34b831d5f48467bef99bd64813f79b0aeffb54059789e

SHA512
9de3f982b0d1f357ac69fca017be4c84e36dbc0023297caac9bb4949100cc85f672f02e84378a6639be96ba7b9e539115235a1db87dd3d59f1a7c7ac50fc7b38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00009d

Filesize
39KB

MD5
75a2b58b8843a108df3628012ad3ae35

SHA1
161c018e24e28402daf6a200bbe1b099467ddb68

SHA256
807debc003063bbfe8f8a72160be2bcaf1f175095f7f72d97e8643c06978ebfc

SHA512
1328e6f29530067960e0b738a05032a46a05bd4e37502d2a1c07faf7454f1e0e94c0bc4e50acb4f2caf126c3676f378d0acfe640f011ed460fa69b9f7f488923

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00009e

Filesize
60KB

MD5
b100307705c311e8ae4d31d8b2a4a93c

SHA1
3b1ec50ed6b09f7b3c14f6e8e201f2a2b1c98975

SHA256
4a9f5d41f5ac4c03f7772f676247d201dadf15f9ac01a31ac26685d2f559c2fc

SHA512
213f7dbe76418eaf912a232d0650215b481674943ed689ed8ea4716caa6f5293b4495597040822a62ed9372f3703245a9498e28b852f00a2256fd28a54899ea0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00009f

Filesize
82KB

MD5
b6f187277f6e090dc2fe6d25f2d70711

SHA1
a1a733b5675d8644a2be5a115326dfc7a3b80212

SHA256
89f1adf2e530b9d8d605902be5cb1a02bddfe19af23268a19a0b9ba245a9bec8

SHA512
90e9bf94d46aaee9453456f7e985cd951b3f09b3a0c0187351e195f5535da3b315f38ca2ddaa7b26393188525478741560394d86aef60f7367df9991a0af0a0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000a0

Filesize
150KB

MD5
01024084641e04424a086e3ea9037552

SHA1
a31d23b8624979837560aa173d6f2ae8179987eb

SHA256
b83c730e809de36d9e495aa1b24530d7ef57e6a76504e92c21415342c718e0c3

SHA512
1d9bb783ed9d349c7294a9717c2b07f41ab9d71a2850c6db420270a7edf212dc1307e814b8a4c05fd3b63d22d2664086a4b99196880a2ca25b44f8da19d30d0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000a2

Filesize
52KB

MD5
a09a0136f65afa4112e3f3f538b236c2

SHA1
d0ad7d5421294d453bbce0125bfd9bfcca8efe77

SHA256
c16c996b1af7f2b70c3abf4e3d9f0411e516f67309dcb0e35be1cf240069f239

SHA512
5db9d7fbaece7ee29b0abe81dba7c85fa352af8aad9a5cddaf4b65dac0d2745a20582f8fa418ce9fb4a1a213ba8468328ddea577df4060fe5750b29c6eb33651

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000a3

Filesize
18KB

MD5
f7883d7a8236fe5b8dc0ce521887f04b

SHA1
2e7c321d0a2993d5560d518611beb7c1b9de4db1

SHA256
1dc15342b151e0c4b4f09fed708dff39e7df65ba1113114364bc169d2a6dd23a

SHA512
7fdcf1f8e38b2fdab357301f90bea33f012ddf0c826cee416921629053377bfec3a892a7c0198a7958befbebd3a13efd449be140ccc21965de1637ca32787a65

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000a6

Filesize
128KB

MD5
0940a1b2b41d29aafc1fd6370e6a257d

SHA1
f6fb70ec1a861912747b96cc91997e4a5d0bf625

SHA256
b2e263dfdf344ef26fff10c6b958aa2a5030f0bcc418f9c1c6be1c128a3a9812

SHA512
1f07d46d642332db6d72070fb254bf1b219bf3fbbe7d519e49384ff712231a26f18cadb6f48c5e5b29926783241bf057fd7ef8f04b7fb62668c32ebeab8478a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000a7

Filesize
34KB

MD5
5ac0a4a9439d2e4dbdb4de7f45ef7423

SHA1
a8b25c40cd7000081dcd152c834843e2653413ab

SHA256
dea39d90d674cce65fcceb039a8a4200c55fda7d098e1ef75caa061e6e775e38

SHA512
a5f44368d9b68f57164fd16bdc9bed28288f728949a25ad910b213f781ea82695504e0233a67f4b50dc7abc1d3d6a8127e5b277b4da378671441646c4c1b8e00

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000a9

Filesize
24KB

MD5
eb0ec8f419ad90d30167f75d63a317d4

SHA1
53a2148b985988965e34a28c7cb21560f4679f50

SHA256
cf650b2da204abd6e8d4837de23cbaf87809dbd916bd0b1e8c41d004ad443a5d

SHA512
7d022b15fca6e7ec3b726c496bb514d3c73c23fa9acf57fd7418b6e2e9978cfc25385da52af56bb70e96e867cb57f8f2792b2158361758bb8949c5ca335d9031

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000aa

Filesize
16KB

MD5
bed91308de82fec8bd902187e6155f9a

SHA1
2d8cd378a2c3551a1d9f9dca5d57cfe531ff4bf6

SHA256
0eca1111333de8b0ef0bffc3c9539c8679f1561c11a3cc05f4dfc6f767e24a48

SHA512
7f67e64472fab9f4d799ca1c63c84f59335b42695531dd7c9a640822fa99059f775d7574630e8b0e26fce225a46f21cddfac11ac219ed210920dfe79d59ac327

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000b1

Filesize
17KB

MD5
1e95fd7f7a01b41b16f99ba181ef72b1

SHA1
06199eabf8903d3e759e93c9f33f5b84cd2c08fd

SHA256
4d0e5a1460020df9e297088a7b462a53f25c5b4d89420e380792db29ce0662a9

SHA512
3d35b1d24d851c8677ab9667ad8d9e33c9afc53c90fd00d8606de293bdebcdc9437945a005257079a9f18259ca26430798f5389c39115da58f4503039f39af8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000b2

Filesize
90KB

MD5
23452779696b81a5847f441ecbc4f314

SHA1
20397bb248250d7169e5d3f76044f221c9ddf281

SHA256
59b848a817b1793d09c0c2f4f10e0c39bc1e6aa83aa66803915a933b2c6148ef

SHA512
52b64b620a47266866254394d2530510d43cb01f229a9b9a546a4b2e8ea69be8015428b2e445b770e6f21fd5c328355f753703989dd903aa07c20ba102252919

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000bf

Filesize
22KB

MD5
311d74c5438e0298b1ddd9eaac1fbe74

SHA1
b69ad159ced0d3e7ef07972da17e98ec213aec3b

SHA256
2791571e1f9c436ea5af8ac9ae8a442a6d35e19f385f6b71fcd70e12e0e854be

SHA512
e8883866cc6ceaea08d8800c73f80de9307981ec8fd23246a50bfb026f49b5583341a7b2d3ffc1968fbbb85bd2d3ba81b12a1ccb3e23dca60b27239acda76342

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000c1

Filesize
27KB

MD5
83cdf728b393b616bfeb24fe18d00595

SHA1
3c6f8eae4b1c9c52f107db699525cc2122e735e8

SHA256
75a89b10bf90bff910b84e0b512cb2aed1f14d7c30bc563aff7d070d8d1d83a0

SHA512
20dc9912455b3c1ee5313a7a0c20d61f61475948cfd805bb5c5686b4ff85b1f0737dd5f4cc898304c4c7b0fd8128e45b89a0d3a70bfb964fcce213c0bf9dc774

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000c6

Filesize
17KB

MD5
e786d96da47d0720f404e753c216897b

SHA1
ad5037120f26e864e7b10c18a51c47cf11282a7f

SHA256
bf3db29896c76e4f1f7db3f3fb950f77085100fe06779cfa35a014bbc19a6cc3

SHA512
a86f29fb49a364c38543caf54b47a135cc10bbee821fb0752ae3110fcf49f70693659dae85f337c5f93f2af5c1602dfe22f807c14a4b5efae53ff7a1aa39089c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000d6

Filesize
19KB

MD5
15892c1ea59fecc3477ba94630fa3ebc

SHA1
bd9379b8f5be8a03a927f6ffa0a0527d7d955c5c

SHA256
d4d2d9365b2332beade04dcd91c11e0b41b232f0e23206261e716db3ee8e349d

SHA512
67c280cecda1fa765bff0c693430dd8a0a9c537650c2753e23420fb53526950175d6759b4dbb495c1945284eb8bba8c1d636428af08234a99cc7daeed032ba1b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000db

Filesize
55KB

MD5
3a58aa9a5b2696e8ff674e6335b9e8ab

SHA1
57e44f9f7963707c5702fe2d1532f0027c3bed33

SHA256
395295548deedca84f28619ecacdc8fba1b6ca44e0da510877509931eef09b22

SHA512
31a8087be7c9b4a0b94c9012a2e430ba03334ed827c3d7f70c8fbcffd7f3d82a53c8ebef1d5b85fcc639053ed8b88f7cf7f6871d4db044fb2c5dcfdb0d1cb216

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000df

Filesize
27KB

MD5
3be9712a70e2d0efcf53e2d77586dda9

SHA1
046a3a67ece565daa5e9e7b9a9c7c6b4001fcf15

SHA256
02518ea676f698897bef20a1e441d0756fbfa4ca85d81bbe80b3b93005076d3c

SHA512
2af96be2c75b7a65745b970bd1ce331b66f4ef482c24cfd2b6dc1c76999dcd8ad9a5157af6df73ca3aa56b0ce3d33bf7c3fc9390a60884150e62e27ae2d532fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000eb

Filesize
46KB

MD5
e1b283ecd774735e8c12015c77cd5bfa

SHA1
6547b6ed457d7c8b72bb18221a48995a2945e3fe

SHA256
c03d99c9407c075f452c83f31aee45389e4e40aed75c4c0fb054ab3a207ebbe9

SHA512
edcbeeed6cec16ccac1bc9c75a3790bd68f88cd74ac8efd869e4d7326b451e439c14b5432938074114241836505d29704a6941ed35fa50d0eb0a65c88b458603

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000ec

Filesize
47KB

MD5
9b8a67befc038209293e721d69138020

SHA1
65627bdf1e6e8be2ba77e8fd84d17a3739991481

SHA256
4e419f106df79d63a3b69774e6eda1a9a651adf11c41eca7ca10844d92ff90ee

SHA512
77ae0387335128f97f67bab6da28fcf249c8d7fa5a330e371bfb51352021a09cfb72834c9b976682d9ea5fc55e5ab2e8292465387990a56b805fe81f2fc86a8e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000f6

Filesize
53KB

MD5
92a2c879f178f929b623d44e09383308

SHA1
743d95fdc9bbb7c41518f2c772cc205e02f26161

SHA256
a6bf407d24d3d8529e7ccb570fb7d48db91c4b7d2482269e207dc085bac4e1ed

SHA512
6c324fbe20c17d78c4898976ecba9f79ce3de6d511fd1ec883e0ae2a2d609afdacfc2850d41895b8b1fe21d5c72cda51a01c454e79d8b7592065b46048e282ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000f7

Filesize
46KB

MD5
dcfae2907d72940c725a985482d0f0b1

SHA1
053c92c84730b591743284a0e69fb1ef639eb701

SHA256
32e775c7b0976213c53a8d1d2f0357957482efa8a9483e068cccfff8503f64d1

SHA512
8b57c84d513a77d837105cd1d56c0531533de74aabd727f581cb5351cf6ac7f16ec0e3dd0097794265f90e1ad0d895b9e1b3991607df48ced2efcd94ed78224e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000f8

Filesize
103KB

MD5
27ee109ac66edda5b60e7b4627bfada5

SHA1
60ebe217227c7938baed54be006fefa4a13e5e76

SHA256
b475593480c015bd81c7af728a8a502d9cd2d03c80d3b015d852d9d1923ccfa3

SHA512
449f4746b285f616fd4add9ccc6d512aa2f05338b338d0ac4bc5a9525f078b26d1e3530e3fd33a150cd6e217516ad54d64e67274c19b29b3b7020c25d86f41f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000f9

Filesize
71KB

MD5
b78b5c4671c26f1509dc6c7ff058398e

SHA1
cdd970d25e7e6a1810e728f4fb6ee35d1b5ae00b

SHA256
94ebe9c247ba14fd314a779358315f3e9dd2356c0e8070f42b208db2d5e21d6a

SHA512
4b07d6f4b9982a24ebcd2d1af65fd34899a8f3144481ad1dc7db7966e4ab9287032e87225359d0e75460dae4bfc2ca7a7434914d665b1cee66c4a559062ef14b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000fa

Filesize
71KB

MD5
143efec25d3e38dadc94a8d828fd38e0

SHA1
1050130c8bcb225ccdd46ffb41a19c9cfc8f77e2

SHA256
d50026ecbb38cb75d05ddcbf0b7b4e176cdeb29f5ea37bf29a75f8a47e567dc1

SHA512
3e575cda1a7a513fd69ee2e0bcdafdcc2ecaef27061f6c9eaa2698833deb6c1a01c44180f5190a8fb911ede5d83f5c168170424862cea3191d5bbec2669d083a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000101

Filesize
20KB

MD5
1dc06492f582bfc9afc32518c5b669a8

SHA1
3ceb77de90dfc8ad8a38e8df30f44ccafc5a074b

SHA256
4cca2caca18dd3689fce9fdb2b27bd6bf9e779967f12ae9c8c0d4666c1e4c2a1

SHA512
80114c72ce7ac3493602db99d3b042c928dafbe7fe2d43e8f5e9d273cec0289c6c4742b9cf55a38df4a0bb9376c68ac9fb0ab3e8a6de292bf62dfb6a0c4f9e78

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000116

Filesize
20KB

MD5
7820868733f40be1532c203ddef29dac

SHA1
b05284788e05da2048eafe2d32ae82d72cc7bf20

SHA256
697fe36c8e350ba203e98a5b319be12ac8c3c4b1b0c7b0659d32b0d8210f5c12

SHA512
34ea94632c42798d74da4bae84839889bb071a6545e20e6732523f1b1f8357a9db9b5002c897307bcbcfcdacaab3a7939f069d8b8c8ab2d04c5bc39ffdcb795c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000117

Filesize
39KB

MD5
faa3a154338e980726fffcb28c948727

SHA1
50d31abf59b099012eed636660d7ad5af04d8a13

SHA256
7d6352d3942114b1f2abfb9daa2d9fe28c6eab5f058b3ae7237ec539aa00004f

SHA512
19307753ac862590c298230e4584d05b57eeeb921b427b434fbf183d5bf43960d749e1a762dc1bd7656090f846d4878a359cd8785920f2c68930d8ab48d031d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000118

Filesize
29KB

MD5
b9ea8edcc3a66a0f7a5f611e3eccb392

SHA1
46b0253cec86db645844939d262a53dd3fd041bb

SHA256
0494e66e1719f846d5b2f7a714601474f662b99377eb8622b3df2abf35734781

SHA512
f08cd0927eec4b9d8e895cc35ca8aa27527e2cffc5a131bf890322b24eb293022f6721726750feb6d0de040d9fe6128c5ea1469213d6a9e78cc7c495bb289023

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000119

Filesize
48KB

MD5
435a0d1cb15b1358433fb8f69fc7200c

SHA1
ef22c3fa0aae71f1421a5d97aa27701d84648e11

SHA256
d8123b8440417637fe34ef5ab66d973c123b3f4590742609dc3355f72527a738

SHA512
06d545d746e123e2c0264ca9169addba1a386050e879545802bdf350be9aeedd8f899fa0b64fb02d02307fcc60e5901ec8a89551057c92e95efb1a13ca341d36

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00011d

Filesize
47KB

MD5
015c126a3520c9a8f6a27979d0266e96

SHA1
2acf956561d44434a6d84204670cf849d3215d5f

SHA256
3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa

SHA512
02a20f2788bb1c3b2c7d3142c664cdec306b6ba5366e57e33c008edb3eb78638b98dc03cdf932a9dc440ded7827956f99117e7a3a4d55acadd29b006032d9c5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00016a

Filesize
67KB

MD5
958e72d173944595320c1377b3015e44

SHA1
ba650126f7d4e739dd399fe8e2ab9939df2e359d

SHA256
0f26af205e088a2d95b5bf8a01905d6beca0acaedca901c6dfab31dfa114ac0b

SHA512
684a460c6f17bfc866d5d3ddd8486f068bb48ddebcc08c99a8117658a9a562fa4e982cd3ea64dcaca2336cd670d058d4be49de477cfe56b7db02014bdef00acb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00016b

Filesize
40KB

MD5
56e6be029d77f578e709c24b614846c9

SHA1
489c375c9f3497c386174d83cad05129e537ba2f

SHA256
25f1d7fee2bd9cf97933b907f627a6ff47534b2ad58fb99676f17b472fb1cbba

SHA512
efe69b930590d01364af98e68539d8bda4538ca7becb19b8b38f6ad6838c3f42778bd5625afb6f76c12aa360b6d3a13d42419bc0a198cd4c043852130a90e8bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00016e

Filesize
27KB

MD5
158a0cc3b8390b268676b3fc3644dbe3

SHA1
bf06cf6e7d96d7808b0c245be28d79c6b963a5e0

SHA256
544c11dc585731e0fb13a885e55fe671f69b9d1adb7d7f9ab3b63d5cd1886b48

SHA512
d41616ba3fd2bafd80926c890621b0bb2b0e50e7625badc6e25d86b26eefa7526451b9f0d3777c54c4cf383cb87e5e2361294b79edf19e9f514d72c4cc0d100b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00016f

Filesize
68KB

MD5
9683150f56749f13e49d5f4bee186679

SHA1
7ffcf01cd35808be98dcb60a35f7135eddaf4efb

SHA256
6c27631e81d8da9963ae6ea22a837860c914b0e636e5228f8c4b4a3b529f4e54

SHA512
b63d4074acceb9b2679309ee446685cf1f7853bf454cf8a26d26eda534ee507939c0f84317539462275886dacd92ece2ba9a6ac276821208d9cc0a41abc54cbf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000170

Filesize
32KB

MD5
ce4c8406732cf8d0d1a4ca15bab70bf6

SHA1
512b0f030b4bbdc35c4600924cc73ab0b6c44fb1

SHA256
c9ed22b21f89f5fa7b613d0aa03590d548ea16537535f4048e0635084dff35e4

SHA512
7555409292207b93f95e53aba460f4c1467b016b8713e6226d01fab8fd4cf148d18bdebea92c61300840bcdb84c17387841ce596d080eac62991584217082cfb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000171

Filesize
81KB

MD5
f69a885a22958d47fc08c81fdba4fe79

SHA1
00a74495e23df23642e338bac6970f56c2b0d8a7

SHA256
a85a45d71f7f46d3fb91971b41344bb2953289972430349f8a0eb6d331552fec

SHA512
1d6b12d5acb0312249edcff1355f0aa8a4a74f77be5fd861cd188ff535aed4d20e7f422cee2ccb29d4544ad6759f4b15c5f9b14350ca7fd76d7ac242bbba8eeb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000172

Filesize
150KB

MD5
e67df36a49432703dd3f5ad8523b0b4c

SHA1
3984e220857483706d789305b14bfbd9df921781

SHA256
59b764b973ea03101ef86b1c93aedadc643295ebfaddda6fcaff204b3a8f77b8

SHA512
e521e8b3708e482fd5468ebbb5a901d51749451939aaecad4e95ddd644157bd32784ec8ba9dd06ffb41b6aa55a4d97676c5b162a25f0c1fb17fd362946684d70

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000174

Filesize
105KB

MD5
ab91f42df198a68d51e271ad3d78b4e7

SHA1
4159f90e7c40bfec4cbf72862cf29d8753e2c522

SHA256
1d46a92c53a25a082c772f15719dcad6f7a75595c69ebc29f7565e7816ab720c

SHA512
317c7a2f415c4570845822034b984166aee5cd7352305d895fdae5245d52d1a377b2988e7c18badfaa119df5b9ea7599ddc9fee60927e84cd1276869d0ea15c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000175

Filesize
105KB

MD5
588eaed02930d894dff269fee52eda34

SHA1
54ace09c750e7168d2fd157612ab7370c7efbd30

SHA256
94a063fd61896de0819b8e9871d0bda5f5d25a31601f6061c24aac0ca0529b02

SHA512
a6d4210be0ac85a91827cdc0265c0811510ea0c8e86a37c81f3946c1553f768b32515a37d804e4d9c4d915439f3e2a00bb9387e3f8d0c69ac8b8dd144d5a0be0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000179

Filesize
62KB

MD5
6b04ab52540bdc8a646d6e42255a6c4b

SHA1
4cdfc59b5b62dafa3b20d23a165716b5218aa646

SHA256
33353d2328ea91f6abf5fb5c5f3899853dcc724a993b9086cab92d880da99f4d

SHA512
4f3b417c77c65936486388b618a7c047c84fb2e2dd8a470f7fe4ffec1ad6699d02fa9c1bbd551414eef0f2e6747a9ee59ca87198b20f9f4a9a01394ae69fa730

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00017a

Filesize
31KB

MD5
c03ff64e7985603de96e7f84ec7dd438

SHA1
dfc067c6cb07b81281561fdfe995aca09c18d0e9

SHA256
0db8e9f0a185bd5dd2ec4259db0a0e89363afa953069f5238a0537671de6f526

SHA512
bb0fd94c5a8944a99f792f336bb8a840f23f6f0f1cb9661b156511a9984f0bb6c96baf05b7c1cf0efb83f43a224ecea52740432e3cfc85e0799428765eefb692

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000185

Filesize
59KB

MD5
f3cbe6769e47805d6fbc5e3a66bcc389

SHA1
a37e325b9f23acaac28d74994b7e53a4c9d63b86

SHA256
06925ce2cf06889742c766d1bc8dd044c859cff437fcc3f1ceba70c548cfc56d

SHA512
55984de79dbb68ec21d0f94ee586d5dc5b795184acee1bbab275d0d46c7809bcfcb2323258f7a67e4d048dde32f8dfa6ee70f984dde1c235693ac08d86dfc647

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0001a0

Filesize
16KB

MD5
a2edb5c7eb3c7ef98d0eb329c6fb268f

SHA1
5f3037dc517afd44b644c712c5966bfe3289354c

SHA256
ba191bf3b5c39a50676e4ecae47adff7f404f9481890530cdbf64252fbb1a57e

SHA512
cc5644caf32302521ca5d6fd3c8cc81a6bbf0c44a56c00f0a19996610d65cf40d5bae6446610f05a601f63dea343a9000e76f93a0680cfbf1e4cf15a3563a62c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\02735674612cbc52_0

Filesize
1KB

MD5
d8e73084c445ca50d72840efc163903b

SHA1
03a884a6cabb395c21d0867177a911f3ee38380d

SHA256
a77aea54bbe67eae3d19c77fe82b88a8a1ca72c16c3c9db0e5a6ad9be81c6328

SHA512
21273d67f39d9452232eb5b294e538741e2eacce6404ec16c51369a481bf557f49ce57de4ae0b4af68742dd7b8e69f1c21dd6cf9da1574c3879624fc165bd220

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\03eef0e77feb64d4_0

Filesize
6KB

MD5
8da6c1a70575b67afef713ed3911e6e8

SHA1
f528784a9c4531a2bb338d0ea78add85916c13f6

SHA256
9e1a82af867c198cf86689bc86ada2e31f0777e6e2eaa3589f4655b3f5aebe64

SHA512
056a6aded748d0dcf845f090e70b926ee2cd3e21083e8e847edcb243ebd9c690ca0010f25864198accb2f6726f90317146bd5de7fa2e740cb66254b54fe3c6b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\05b9489a5d8e2615_0

Filesize
614KB

MD5
2409f7df650ce41459a5aabd83493e7e

SHA1
316cb3b700ef99bd1bb23b282d81d8b82648a635

SHA256
bc96cebdb261d4ba0fb948da3daf36f82365dd0c95339063a8441e3aabc1cfd7

SHA512
2577b6be13ae451aeee88e2b0ab896b5fa9cdd045dff757b6d3a44d77c84c44b6f090a041016ca467c49e08d81aaa9fc4d914f4681ae8c5ace1366686f7608b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0bbe00d9bf7b798e_0

Filesize
2KB

MD5
679763e7662f24b431051dfa7f9b238d

SHA1
57cd866de247c1e03a63317b9ce1697ff6471cb6

SHA256
64ea817e470db590a83a7aafa46e526cb829149b749ffceca4a61b1d1b306356

SHA512
4087a8461e734c74d31a7fd11c5781ae74f0175c26987bdcd49acf50bd17c59a97f065e87a5a6a9aa414cc7226da5734894aa1231eeb2605b9f7a078c6fa6f5d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\10e7f09a1dadfa79_0

Filesize
252B

MD5
4a363ca0f2cd53980c8ae38bd115cd3d

SHA1
3fa6102a383384bd9ac8505efaad972cbb17209a

SHA256
2f9211df501888a1cfc4f2d8efc90352aabbbede6739f77208b59d3cc0478619

SHA512
ff96403bf4eb95eb21551fca420a6a9647e2a748f8debc12fff75e97c35af6a53140524a6e867aa247ec5ca6dc821a73a1c42ebb73a3a949a5d73c792fa150ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\14ff8116b518ca2d_0

Filesize
2KB

MD5
d0841a4c1f3e9aa64934ff5080e83d37

SHA1
65bd6d3f91163087d38af23d24202ea52ebd3adb

SHA256
a4f7248e8bdb7f917f0efb5d78d08ae64067d6dda9f1bf97117712715fba879d

SHA512
c0f050397c40548137d4f08af4329b6c6fad5614438a7ff2b9004199a93fe5ae70536104849d58d0d34393e59398d698d3b8ca1290ebb0c62911b0c63a0e650d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\16f705ce9aad604a_0

Filesize
280B

MD5
b5c51bb29d3e718a76ba3188948ed4f7

SHA1
878b7b743e84923fcc768df1f30b1219d3a859c3

SHA256
481cd233e02e87c5507f1f7dff0ac0bf5b92d26eeaff5a8f9501e0016aa79d05

SHA512
aa5d34dfbea4d27e099fcfe4946858d2ef326291a4ef03a25bf87291b4324d7f3359cb654953b8f6361e58b5f93ad4cdd05773bd746a422a334b609f6a209591

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\17746ca691b67853_0

Filesize
124KB

MD5
7ea1cfbd1d74e060ce7c80002cd30f61

SHA1
57ba803174bbd5bed6539c3c7b0a67d85e8542ec

SHA256
25755c1fbc1968053db379ea41a654d451563c6f2314706d762c50bf8c8e2ce4

SHA512
76e89c8c561c355e62611893ee1bce3bd557096d57f24ef0fad3737a46a8e9efe3db62f754aed6cc847355d05e5c0754fc48fab334e3f209dc5aa6203c61e8ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\1862417560f41a0e_0

Filesize
72KB

MD5
fc76d28ae0f6da6425158c10203c539c

SHA1
9937e543cb9e57db866dc65459908ecc47ec11b4

SHA256
d81114bea9e0ec9370bbbd3df97daa356100665adba618565e5951f1870a6b2c

SHA512
9787da928b356aad868b87f19725818d8c865e1a78b965b3dc78121deabd47d518e70b0b50f02bf3f6a95bc4f4c194d83fe7737111743a68663bebd0f96b8fb8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\1bf979062c48d06b_0

Filesize
252B

MD5
706264ba63ba98625f3f989c025091e6

SHA1
91e0b9cd267f3b0acb0e4d60ebf9ed5d0c02dcfa

SHA256
415ec7ca00057492dc3ae512ce5629811787bb7c168eba3517f8a970773900a4

SHA512
9e77b9f7a5693cb62ca22d05a49c8737352b0c9df08604e74c1b1504455a20de69e2c1569a8064cb84205703143ed6423942abbbabd197e517569ee81aa218a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\24029b20a1b39be0_0

Filesize
263B

MD5
33d767136a64bfd03a6cb1d1c7163ac4

SHA1
e20930de6b862d9b8101115aa5e2f3f0a5ea09d4

SHA256
42ac2717c7e17ba63ae8b57aa4730c5f58e940347ee2ab7909ff3c5f4f552ed1

SHA512
ddf53da765df704b817dcc548c09064bee8b119af1ce0f13be626b5e488a85ff8657f80cca58ecc6f63699bd7cb344971088b8c3bde91824395410b35bfc4d75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\25c90b4fb1c6ef85_0

Filesize
1KB

MD5
9159138365cc28f721f4d53cb285b120

SHA1
8be365b910c2ecb55f52c5700328b76a79a93f5b

SHA256
7896b144b8ddfcaa0562fde407581a2b3079cb0e6b27fd5f928b5290a02ff12d

SHA512
a6d10b69292085fc572d0220317280129cd1b688183c8bfcdac2f5b6a34f9686b2de8ba5f27c6eacdd79f80a886a619e503283bd9df0c83a58dd44c9cb2cc480

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\263ff1da723aa44e_0

Filesize
889KB

MD5
a34a958b5927d27a190c091651b57f1b

SHA1
6b860edd17d4bfa4776bd316c7c7b75a32e0f944

SHA256
1ff2bbeabe814dd5c035da21153ec441ff905ebb13f67fc7dd4fdac7368a9cc4

SHA512
c6d5b4965e38511dca31a89970e56fa9e4bbdd12efc1d417db7b2a4b007b082d9592f68ae651fdd4403e0fe2823cde10b93d57f49aa3e7ed0fbc51049a4564e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\2902961440b10c60_0

Filesize
291KB

MD5
c0dfb6e20b8bf0eb1ce3071db05a2946

SHA1
063a10dae884d13070f221e396d1857db709c055

SHA256
23abbcdee2525f2ca76d56ec7fb0ec540a7ef27138ba398e87cd90dd9cd7f136

SHA512
b9c3e7ca05650227954e107c34c33812eaaed2e2d127ac1ebbd44ca83ea796879a3f531995f058f1d8f273ccf6c6b681f886ffdc9fa6fa220135c13cbc42da0b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\2a9d9d7bd638708c_0

Filesize
302KB

MD5
5193c756c78f4742fcc3b2e48f2dd9ae

SHA1
21ef7e1bc7c71b236d689e05dd5691444b79d204

SHA256
aeae8c4fc3e2a5c4d90e0ae92e7a7199297b2d9a5edac291460f1d6bc6e27ea3

SHA512
dc16c7106bd365f71f2762ae4a12a8756f278829d8adad9a8f9f3872570595e4fc493639b9e18582273e555259c08c47ca2f8bcc5884d5cc07f90b4be73b5a67

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\2afbbb6d14293c46_0

Filesize
154KB

MD5
9d000dcd41e457db211dc255cc00373b

SHA1
839726b9cffe438c8fb11cd0781db8a244e15149

SHA256
f224d5ef803970560efcaf3b05bab343652da8a88fd29750a4da59fb56b82678

SHA512
b113981bcd84ff7401911ea5f6ed017333548b969dfad72ae98c806c4e0510b73bd50fa98f3f45bfc16918a6c7cd3a0f2a6cf3f0573a85bf0350130602c9caf4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\2e726c90fd40efd1_0

Filesize
366KB

MD5
71e92c6acb6939f115968cc0c24ba178

SHA1
84c6a8b2f32256e9cb65a9e12cc8944b7507c6c3

SHA256
81cbabcbf90832d97fb6b280ad570103c6bc979a30b28b583a030911884f09df

SHA512
9ea482859b8b6b53678ca1b1c4827a86bacabb9a9cb5c464f56141f32cdcf25de746800a0751a617c5644ea30a86ed7a82ba20bfedaaad34e9816923956009a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3173062ab46a537e_0

Filesize
241B

MD5
359fe85aa4be1fa634d1e6c85b1964bc

SHA1
d70510325bee78083ee937e4a36fab848c12270c

SHA256
915f62a9374ea6e23ab9bee2e79274b55deb4052b9e4b2cfc81d6c9a2ae82afe

SHA512
b8e49bca4dcc2e0d908d7e0f35c0dcc9aaf1b04b5e6d7e86d75cd40c3765779c52bb7e6d7fa0127b417850d9c06d6d5f6dfa88946a6271558ad134a10fd5d2d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3173062ab46a537e_0

Filesize
32KB

MD5
b35dcb5e7434cbc04a0f12b1cf087bde

SHA1
5a914341a03627faa1b2a650bee7ba4e4011d962

SHA256
b37d5c3aca6ae331f83b2b99d3942cc3565dbb19fda9311c6b897c4eafcc31b3

SHA512
30337d4b37df035ce390ab04982edf72b33d7adca2c9249c40ad8f6976208d6419524e25dcef2ae711e222bda3ea265e39285a3c0011db287b1ad784d1106624

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\336a68eaaf209f48_0

Filesize
309B

MD5
07ab004fcb5e4684dc86bc1deb20a409

SHA1
0f49e29e108be3a305bca9609422a83afc718942

SHA256
f2866facc4626a358179b8c9eef2a2089a69d29a35892397f084ca98f01ae154

SHA512
05e40b17ba8377c7b0732d553e7e3235dfc8ee3bc0c6e011c4791d2240f68d59434174af2a32863046662440be63ddf4a19048502060013bd94006512ade26b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\34685f6e1bcfb0eb_0

Filesize
743KB

MD5
8ff0c8f459983a83e67932561484fb69

SHA1
5477720d6b62d6c73788dfbc445240b18eaf5c78

SHA256
0d33245e523091fc6d1f96424149145b263b5f78a3c1888a47cbb5461a0b78d0

SHA512
f78f0605184ad8fdce0ef22b24c0c2d81b126ff723de67519ca24f501fdd27a2a874b19ffdf2eb4b2845bde0de5f48e3ccf3547afad4223d9641637d06a2dfe6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3b7da355b755077d_0

Filesize
400KB

MD5
c8dd4f30b3cf7b927cd011ad2dddb53d

SHA1
bfd39430e45ca0c2cebbb9ed7bd87def3493160f

SHA256
bf623925a0c33354953de59236b1e9234a9be561cd0021b4e9b87ff31bcd3b49

SHA512
2eed948e9913d079392b373b620e67b61ac5678f4eb3b7f857bdfa8d9980b46c597604e4fe16cca28ddf96e5bfec377ed10e6d60e23a0a2d760a96d4ee3991b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\402c28a0309a95c4_0

Filesize
306B

MD5
38a29fe01717270a87ab39f7f8c9b45d

SHA1
52fd2324b0d6d871993b5fa13aa6b29b37e5b733

SHA256
e75bb8d93bab367a30fd43d621f42ece33aa036191de01b01ba45c3f29c2bf98

SHA512
4092ad3405734d4057f9b4fab4a3b91c08ee77778920decb3789f37e965846a3fdaa4f494178879f0760caface9730f21538057c41acc1a73128510029a4a383

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\40e85c7b0be67e7a_0

Filesize
533KB

MD5
aefccf37bdf551df770985340d0c8335

SHA1
1f392c5fb3059d5f68b0bf59142f8ebb00b7e880

SHA256
0b5962ae3c32272652171aaba802cce17e5a71ab84c7efedd1df74a5e1f2904d

SHA512
9f0d4dd59e6b2723e45c557bca3780f4f6c94d5e54f35f72773a4224f16d0795ba755c9be931c8603e81a292218f4caccbe23508e2823245968dfd37203f79e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\41395e542b19c768_0

Filesize
294B

MD5
d8d5c1fc7ac480a0f19fa73af78ba461

SHA1
b2704cc68b9e4daa7e5b24adf48c97190df6d78c

SHA256
44bca83ddeee13733b38b3bd77ed293a6e9b316f776ea345ee72ab83d7dcae40

SHA512
d7a35804d7165b7bf79c56abd5d49d37e448f0f3870489d95bd8c5a1aa2d9a359acb34cc5884451f35c49f2dcb0fc19e4f19825a3ea1f5b9f35e8335975c0a9b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\45a16ff6d0d9ab5f_0

Filesize
1KB

MD5
c3d12855ae3940855e2828a465da185d

SHA1
723891602813964009cc9e034346b4733f32bbc3

SHA256
09d7ab4d2c044c9936384e0b46782a157cc7a818f85f183f0306e3320b92f414

SHA512
386a67dfd4b1f2ec9f15bb13dabdd237bb22f570f4f54fb986322c97ffc591962166ee668a0ab69041961fa5d1d4753d19183785c3c51f1ece5e8c444c9137c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\4657e05578715dea_0

Filesize
15KB

MD5
4d4acc53a2d35e553f67d1c56dcbad16

SHA1
9e2db6282dbbcf3b24f7d1f8758e6a54759ad3d9

SHA256
b067450f8e03d4e12ed029c4e3d96edf1195d83497392218dfc34abdd01d4d02

SHA512
3ead218e9d20bb1ee6cbc0254d45603175415c9e6d623e09828759022066bdf41930c380074eddb75dc315f4841aff3c1bee91e7a65798cbd5759f5e85023c82

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\46d8591239c0d052_0

Filesize
3KB

MD5
882762358b3635777182178953c2909e

SHA1
5d35339ad9dd32e6c611036969db6b94d944f895

SHA256
d47ed4eef70485da0f7c513bec7d1a2790d1c7036b409216eded47895fab2081

SHA512
7ede5101b20880509ea8918e9bcdc50264df0b64760162376e65c7d545acacba34338fbddfd190342d7117dc9cd10ca9f3fe7b7097f5807a0ac91d417528d039

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\476831ba582729ec_0

Filesize
3KB

MD5
9f3bff078279122ce39c462903c909a8

SHA1
132c4c60a3ac42057d2c7068c30334587ea760cb

SHA256
4dfe5a08a419d1de004e6cfc1d0929c53199773b7cb575877a212bac5c2fa801

SHA512
10e63b6c41f5b325971e9618edcd310961772975c00bbd31cd68134407fa5c90a564ae0a5a09e571231290949baf092b338730b7774e4f79bb163fffa4936f01

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\47d216ac07a87a82_0

Filesize
157KB

MD5
f6edc1c908f5b8fa3c9d28c94df53fc8

SHA1
69f01c614d7ad74d035772b9c96ae7be91602e0c

SHA256
29eb6427659a8c5f4b743f1455bb83fab6f14afcc8c51a43f4149e684a2745b4

SHA512
61d091333d661305d74c95876da9ac2f06172d280d0cd8ffecd43ace0102e7bdb0c66d88c7e2e85fcd6cf92bcaea2880f24007d04a00b2b744475545cf23d2a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\48b1105b4c2874b5_0

Filesize
1KB

MD5
a6e57df559a52f9d2c008a8c73b4fae0

SHA1
a910a9552a53ae4c74666703c94bf1d79200d478

SHA256
691c8163bce264e0092f3013c82f8cefccdc0d0bbd3d550882436cb1935ca35f

SHA512
ff66e6cc6ae3f08bcdcca52b7b7451ddcd87d229689dbf2a649633b4cf147a30896f45a9631dcccf6d64ca4ec6eee7e8e4c83965bee91e65e5ebbd94f07eed41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\4c307b02b4dcc58c_0

Filesize
23KB

MD5
ffb2382644d78d25e399c60c377e33c9

SHA1
4e28fb1cd27dfa4ce91fba49187d1b8150b20dba

SHA256
775e606d9311a648cddb49ba4d8ee6a4fabc0becf3f54805c1c09d6dc1c00e0d

SHA512
bf8dfddb837b9d76d3933a05d47d90b3ce041c5089b7e87b5f566951b15d34bdf11d7b94e065fe9c5c5db7c08cabd69f835541dc491b571fa0581ca9879b5db3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\4fa63f600e2cddea_0

Filesize
249B

MD5
c941a0b329a1569b9427423dd6b8afae

SHA1
59a0ec5280b442fd67c3ed876d694aee2c1f1ff0

SHA256
750957fafee55765dca2e83e270923352cc56ab8309c9a5fc4466ec3e201f721

SHA512
beb3feba3b4ba68466ee78b8bf04afd3e95a56f6b3fef16805f7a868bf894c541a1b1d8742bb3ab1539e63c102c0c1bc3dc86463a569e1c572731cbd367c6946

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\50f5da6e143d64ee_0

Filesize
4KB

MD5
cd0ef2ccf9829178d28e143239e03670

SHA1
3a1d42f229b228e526aac390d8664f24c09af2ac

SHA256
07354bee503e20e7431f23fe6089396e6ca2ab4e47340bb80ba05a111bbcc678

SHA512
cffd7ecf5c40c9d3174a00c5cb12e65a685e5aa324b8233117d24746d1069e5877c6f77abe86a51f1d41c2df877352c62b9ab2e36b6362ae5eff158c904c83a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\534ab76442c26020_0

Filesize
13KB

MD5
81d44257b450c6f6ce57c732295c51d7

SHA1
346a01463cc4b96c86d70057a6ee09d38cb41983

SHA256
032428cb9cb2f0646b0b998f88e4c1e473d69da1e7622d0fe515a4a788e208fe

SHA512
72dde31fe8f1bdf375d3286fe3822158c5ec6b1b438d5afabd93f0bad0978d9c62c71bf50606e78579b2d77bc35635ce5129b2dc83bb2f26e6889a23fb0cb5f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\53ac5abc87e80789_0

Filesize
2KB

MD5
336ef37cc10f945b2666e8c31643be4d

SHA1
8ae0fc332f31a48e38c5c63bfc5e96d02e8aaaf5

SHA256
fe0de7608b58387386eceafd86cae98d7c1966945b27cc43f953e6e1704eff40

SHA512
74fddc3d1fec0e3a381831256660ad11c56cb42158796f50b6c4b45976493c6de5453df5ef1483989816d2761e7445006a5bd03079443cacdbe48e67fc909432

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5801d3329fb36c59_0

Filesize
2KB

MD5
c8159aa917a6eeba54e6a68e8ffc27f4

SHA1
7f52e3b804ebf7fcfb0e6668488d0935e3af9c34

SHA256
84afef6204693d1175ead19925f2c1736fe3fd09f756358be4e583f43a4f8b15

SHA512
b8ed8eb207ecbb244f1f70e81a0903e657ef584dd376ea418e3f421ecfce54a1d8e49f9f128549e990c2a1f1bec891e522a1d6fad00bb2c98d586898780ba7dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\580fd9376c2d4a3e_0

Filesize
5KB

MD5
ec82982e5941b002dccb80c3abef7b3e

SHA1
1a06a381bbe029db7cc3bbda462a8db13dcbe342

SHA256
53c57f9a0cbef717abc010cdcf09b7e084eca3a903b4b91b450e04ca890704cb

SHA512
66b120df743a85f4e4d3c6362b3b4cdf351f853095ca979bf8737515564d8d2259b83d02642e53d1758ccdaea18fd099e6c6b4a114b125726b9be3ee84d79721

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5a994fe24b451732_0

Filesize
4KB

MD5
8b55b1850c06c4bd287dfc7c5d2fba74

SHA1
937113c17725b2bb9c90dd4df5246bf5bbc699cd

SHA256
5e18d05663035a60dd818ba8aa92291c2f8303fe1dc694d75d80451cf35bda1f

SHA512
c604a550edc6065420cf2faba813391f0ed79613847e6865af663cb6c35173ebb557c300e09dcaad8ed7a9585ca5f9a11df1b721265a35fd988f669b6f564601

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5d0c04f9998369cd_0

Filesize
3KB

MD5
548a99aa2c1f8f545ce7b510479cb0b1

SHA1
c3883d454c939971ee8ab778a4f17bdcaf83ec6e

SHA256
ae8cdad3dbbcfa0e1a03a1c3cb090138fb4e78c68834481a76acffe98ce7246b

SHA512
c372460c363b37dfb16f3ad284fed8e76103f8a8e300007525fcdf06b1620110a6aa9785c81dd0f9ae900cc87a673b699495c3091a8bb02824be505fc89ff509

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5dd1e579c9681f95_0

Filesize
2KB

MD5
b79e0bf56532e50b57bceaadf84d0df1

SHA1
86e3155dba43ea79d070844b755841c668bf46b9

SHA256
4a3358349d3649d974b39163bb1ec5f67bcbe80fe4ed6d71eeb9a71305ac2577

SHA512
04eab84065b7095d99ecad93d4d3465b9762d381ccc7b92d65cd3ada35c0c97b0442d4ec6c6704e46251392c9c3f678efa5aa7a02cdff091ce6e4bd3581520c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5de9f44e801f6134_0

Filesize
12KB

MD5
76dfaf285fd39da8499bf47793328795

SHA1
f8c537488c039a50eeda41f024275184d63cef13

SHA256
14376ea5ba9385c3f1c9fab2997320127d5f7aaa0acf0bf68c293251a35d17df

SHA512
26cc8fb4145b23886b876108fe33abb5b5dc80337504dede29424a6b03ed9e3e6cae868a0b07da06bfd28706a68e5f1890e05e3c78ce70c2f0d18826b348cace

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\605167868572c6c4_0

Filesize
27KB

MD5
49b394d665cd12b8be906d37f1ad6a6b

SHA1
ad1d5fbe224c3096a57157aeda1774575eb75397

SHA256
61d87f0fc64a85a1ec428ed25773c5423a1e04a8d381d4f86d207fe141729cef

SHA512
8a2218fa79779ff87eeef41214fb565ceb5f82cbbb8a367b91c7c078619102e25f2328bab063ee8dcc76990169f31dc8e96fc5af24025305a413cf110b525092

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\635e64b37935c888_0

Filesize
1KB

MD5
ee172e99b72e90c0e343d58306e8ac4a

SHA1
2c821451eb6016787029ad4331edf2f3ac484bee

SHA256
317c35fb95a88a41a36a4153e220447e907fc8d7a519aa8ec7cc01b6458f5ed0

SHA512
c686279e1863feb1ccffe22fbcd7fa639e6dfe811d9e3a4a1ce2bd85bb526272a43d9d52ed1aa256d3bb216dea169629b0ae289d9f6062f3f542f7a155df1a67

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\63bab61298dfac24_0

Filesize
26KB

MD5
6a08fc4823b3808e81d7066f08d89625

SHA1
eda0787de2c2f9de8d1d21fa53fad9ba084b99f2

SHA256
3903a7e02c9d7407c5b6e58b84444f53225d42e1a6beb90b109c7336cb63c322

SHA512
d903a2db07de87fd9a80cf0507b45ff29a59e7fb9cdf1bfdbcee2dab158dcf6d28b8742c1e7454ace35f1f165155acdd5c7b3430be082c47076e5ae9cbc02084

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\63d575a3980540c5_0

Filesize
175KB

MD5
0ff1cfb3b856b21331914a602be4eb3c

SHA1
d17615381b2aa355dba1615710cde7cc380d0778

SHA256
19381f1f08815ee07571a5af41b10da2a0ddc5477e27794b4cc338c1b7fdc14b

SHA512
0b3d5d3dd3a2d3a209946ca060d7cb168a4d64fe845dacfd7cf10cfe9f8680acd00c8589bf353727e4e83deae96ef12c0f47c2e54aca5db40039168208250b9b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6a26de030ab5c02f_0

Filesize
21KB

MD5
8040e2296b8d60357b7210f0182fee4c

SHA1
575435921ec3416eb9863ccf8a58b684f3138236

SHA256
a07a8ab8632372979f5e389794d3d0609ef9123b407c7fe730fc26aa1e3f13e0

SHA512
b8af8c2beba8f632af4b837d0c398361d48ba0e086aed6d560dd132391a0295c4c99d9fbd4ec5399210b0a660a97d44f1299431debb8f55196960b829874d748

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6aa9a2943612cce1_0

Filesize
2KB

MD5
617cf0389e9694983711f956af9496c2

SHA1
4d1a85273b09f61f329873a875ff6aee377994e9

SHA256
7af905fe4f803dbfe36264acb222360c76bc01b06ef4532c905b5ca94c3e28e3

SHA512
1c3b0b4e3ff7633fe648b7f3a33f19d77af60cbff52e8f3b42f5d93c1a351778cac9f5f12fab93a4a252568cdc012c2deee47c0cd90bba01a0a02220cacfd66e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6b7644cb858ee390_0

Filesize
2KB

MD5
c8796e81cc27bf7a60f7c049b7b39493

SHA1
25a9813012d803ee5f0196eb28c331381e29a1a5

SHA256
d06605190f5ae071b98b5b46b4767c55e05b135a96926453bc5631ff0da8ed09

SHA512
46c59c56fa4e564927bbecd842ef81831a88b4d61c340c565b264175365a30f9be65df61cadb94b2c714f0c7acb8948695dc9242c281c326085dcc54040ad0fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6d3b0ad57bdf7db9_0

Filesize
1KB

MD5
4688c19d6dfd29e26f970635f421d91e

SHA1
e9bc0e97330d323c98ad1d6e039eaaccb7032ed4

SHA256
de92fe47760cb9c387bf2ce888e2d47147aa7be5e1bccdab9e03934a3b399b5e

SHA512
ff573faa0f02f593bd488e36ee84f67e7272cd5e30ed545015a2807d4b028c61ab83b3d6567732cc097b1383c056a4021803c7b3f7f9035c897f71111dbeee52

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6e1427d19ff38087_0

Filesize
3KB

MD5
3ae7250fb9ee17c266f0fe56aca609f5

SHA1
d74504311385b8681103cc47e9a26a78f31a44f6

SHA256
65637d359ae012ee18a3fc5bf1e9b4ffaf44979746cbe687538a60c88bf7b895

SHA512
c91d6260dceb33cc6bf537a655fd5cc7305d151372114fad22b11cc85a32ba6462525d3f12a07a5404f6188db085a8fb8be47568858ce64e1659d294d6605ad8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7150ae72205ed77a_0

Filesize
351KB

MD5
51e816893ddc3ee5fe1c3152b803cba9

SHA1
77f33a1e20c2b633e848aa093d8f2b7734549e3b

SHA256
b46ab43edf5ba9c489a808aa7f0e3efc6682dc919413e6c4e56b225768c01bfb

SHA512
de534b0353032dc78b5d8e9b4a0474c9e749f7609c2043a1d91016b2393beeb6171d57fd6951b2283268381d08a170023da6360e76152743f8101a2fd708e02b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\718aba49c9504085_0

Filesize
2KB

MD5
4f649d7c559f23f246a6b5ea05a74fd2

SHA1
9ad0e0a32a80166c58ab88b259dca1fbb40bcd69

SHA256
f4e69aff7e5947f58ddce4f09423a2976578633167728bcf2d2956ebf0d9b42d

SHA512
bdbcc2b84c244b32f536e573cda0c90437d2e37939a13c8cc145b18cf0d5873b77c5bfce775a5b6c027e35d51a31da92378d93073d0e7965ec8ce17ade9b3ea9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\749d93ec818dffbd_0

Filesize
462KB

MD5
caf5351576c3203e0faab598a0140c80

SHA1
7fd8c1c03a552f763d5096f1455e6911ffe6410b

SHA256
10c998499a1b33da599aa01cb3db21cdae909decfe2c62293388f6bdcb4010df

SHA512
44ac6499cd398b33362940ca02881574f934c52aa0788fa8a8f94e80be9e842695c68e11989ade6f2b32c316379c4e1ead593decc40e0ca27ed464df63f8f1ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\74b88724f60b0383_0

Filesize
1KB

MD5
4932bff189c1223d93d786f676a50137

SHA1
00fe6c32671e2d45a5df702fb12fd94cb95fca49

SHA256
e8a54874fd4c39094cccdf25d7d5c97c647596c77cbedbb461d5570fa1bc5213

SHA512
f30030f70ec796f438d8f7bdb283d7832c78a77b33fb747beb9e59a0d0f64f0d966ecf5b2996f4abe668decf2bc2323bf1436839f4e511421331b0261733b83e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7899d2b49a9daab3_0

Filesize
262B

MD5
838b935cb701833b136d0dc50e0c0e62

SHA1
781b30c7dccdffd9af18316b805dbaaeed389e3c

SHA256
5a2f4f2ea802039f5ff2757a46f806fbafda0ea7f69ba39f45469cf6e70fd073

SHA512
192f2d4f821c7ec1b8651a9febc64b4912ccf3dbe5117e7beac79d6dad908a206cbdd84578acf9ff9533e60eb5d60272dbe845c7f10948a4964bf84ed97dc917

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\78d3f8695874d167_0

Filesize
306B

MD5
7d45933f0e5c27165b6cf73f2475431a

SHA1
ae42b6267b9bbd1060d967fcd63c75f965fc44dc

SHA256
2f6e8a8a8c09a6ef34552991f2a872e8c238666bdd05ff2beb065d73da2b367a

SHA512
58688f54ad1f970133d1709208dce8cf1f08ab87e3948050600dd84b5864ecbe3bde3802a9e7e3113bcdf887559cde0c5b86ee7f69e7c43a7debbdc5e4963e02

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7a66a1246c4f29f4_0

Filesize
9KB

MD5
94562a2e4fe00d726290d13109345b95

SHA1
395e69a8b2919a9dbb90184cd2b2041eaf9701c8

SHA256
f1bf67df2ee811b61a488f1667f9573c8a90c8ba5ab0bfb97e108bc67870c860

SHA512
67dec610a17936102d6e362ded95b7e572e09c6ad6efb9ddad6df04ceace3c290fec16226afa94f0d2507b51c59fa8248955c00e5b2d0f8e004a7981bbedf6f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7cf9843337c39c04_0

Filesize
1KB

MD5
b91608233099c9375b0017fb30b7c8cb

SHA1
2bcc22b37b6be3e266d5c84a89f117228b5a8bd9

SHA256
ed57bb1ed449da3f9a3244434eea29ca7aa1f73703f75e3c82c0164d0e81a3cd

SHA512
5d1d6afa6ecab05eed77422e7b380c32c36b7b3fe61884d0cfdbfb52c09f14aab0ec22c5447f6ea8d99c417ffe0874d682afe744bfa097399654a518ca64b5b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7d746157386c9b7a_0

Filesize
270B

MD5
45a308e715dc27319f954bf9cc74c3ee

SHA1
b4fd031d79396e2dc369befbb3081f1fe0e8c71a

SHA256
5e6a456d3a9ffa223c3211db756b61446a0f96a79d59add76647a1f4f3a44e10

SHA512
365e7fc3251e15f0eeb9d229802d45880690a68c3500c2935941ac350e5b8ed8f798111a14808858052b41360bfd3dfee5449ded7e46e822772f00ddd4b48ddc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\81764cdb356c9506_0

Filesize
6KB

MD5
1fc706fff6f2fe8f755bad4676161589

SHA1
36f2d6a27a2b47cd3547e50060a747de98123a69

SHA256
36d17c1654f468d2ad44de9824fbb706b3d1b3209a21d29390300c501bbf67db

SHA512
261f0f3d3025a6b5c95661b909e6525c264713704fcd06fbab7f0c325b1b3befb902ad49854df23a81dd274b5bee9c042336fa11596997db2b9c9b1f891e703b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\83d6d3a772bbc707_0

Filesize
5KB

MD5
9d1ba58218cc8f5988dd4f53454877a5

SHA1
4d07b349cabd2885390614e3dc5930aabce5af9e

SHA256
78abb17446fe723151d116faf634e534e5758ebf61d38cbeb956da8bc9dc70f3

SHA512
a036f0cfaf2f37e97703682e70146d11b5570ac775d498e2a24cd6c4577c2c6b67264e85c2417e3c23bf2880d11529a13848b9e4ba76cf925698a8cc04e65617

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\85f98cef1fea4666_0

Filesize
1KB

MD5
06216b2d48a8ed44f9eb0b3dd6966e8a

SHA1
a1de80aa6c182d35e858ded11f450d6a75a289f9

SHA256
79933dbcfe3e99440828780b2ebb9a8803f420d07dfff4e12113859c8af51812

SHA512
d9745105c9c863dde4c0d6955a6b2e7dfcd45e6028fd9a90c72751fe19d4edd5391d7518d22dcfdb21d9447329946e42e6b310948cca784907fe5972e7267283

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\87bfea9426cb2ef3_0

Filesize
2KB

MD5
1a747447d2f7eb038913ee0abe6cfc2d

SHA1
43e9357679c0754d80aa23839a57e11d600f8dd8

SHA256
c2bb7f4414a66a6650f5c07e9b74af94b795e55a8892197cf74b415816173803

SHA512
37b7168e7a7b05c1a1d484ecca33f0c12b57ca78bdd500e66fe4391de0701d0602027909ae0c7a1627be651166ec380739c37129f4ac69ef7eec2d40253dd334

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8908012b8e4a5af1_0

Filesize
11KB

MD5
f1ea5a27d51ddae86b9669978ca1f92a

SHA1
9704c21f2b62366534caa4864a6279e251103f46

SHA256
b5af4c4662a8e962aeee18b62cb11b238f2235c7caace130c4436f400919bbc8

SHA512
62e466ae9d128d620a2ebc2ac55cd6bdc7faa04cd708f95b4a36814c75a44d820134d74269e231793983146a77b9d39dcb039ab0cafc3a2d42e1464a855f6afe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8a693e1c4699eaa4_0

Filesize
56KB

MD5
0f266bff76bdfaad861739e59f0254f1

SHA1
cb2ef49b4676160b1025df1b7eb617978aeae0da

SHA256
5bf49cd39e3da9a409cd2ea5c247bfc0e805213ccf2d293083eb4d831841a6c2

SHA512
1a0ce4e52e93d44b626c8a6fec258f68a01793f75492f7882aa1f6ee8c3a7d9448dcb1b4031241dd3caf7377b6f80de8a3289fac4f4cc5818ec56978a0224e5d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8dd3ecde3239a3d1_0

Filesize
252B

MD5
dd2193cc8cae812c655656b9aeab8366

SHA1
545c06eddc46f255734f17129c1b518fbb3e42ad

SHA256
3354614ddd898b453abcbe48b9439b9e6047625268785ada2061a6b1efe710a0

SHA512
61674311ad68e466f4adb161cb4b3caec023a9dd10a22f79d6296644b8a64968bbc15cfc62abc3948e94811549a21652340994c36705c63ca21afe839d0af75a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8dd3ecde3239a3d1_0

Filesize
6KB

MD5
c403cfc53626e943494c25473ddf39e7

SHA1
4bd75329947e6cb473d4173ad458bb8867b66bd8

SHA256
e0c43db65586921994d3e535e9c7348854d55e3ac3ff951c0b5590cf9fb3eb9d

SHA512
8c2f697eff88c418df2f301498128e3bb54c63b73176da024eef2dee40a55c9dfe7b9a697e645a7644c3e0d72611a7cd23bb028eaf6eeda44395a4f33c38b634

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8e5987d08f7b6e11_0

Filesize
1KB

MD5
6ae686a2ac751ed27b421a13b68efb68

SHA1
5b0cfabb89459909fd9606bb845384eb6243120a

SHA256
d9faae5bea8865ddcf371f33c383f3f07163b320e482874202ee1c748c2269cc

SHA512
799304611ab68328bd07cec5d1be442dc95e449b927d7a9cce81669803caaa28d89fe38a5b59d0bfd9d8715bbcecb13b0eb4820e15aba66cce33739666fd5c65

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8ec4b11de0b23393_0

Filesize
4KB

MD5
ed91e6abdcf6a2962e8d2f6cba459b14

SHA1
b05bf3cd9acac4ebc2b1f113e4d49e2e3d241b1f

SHA256
6afb13d2ac0408b8bce1ab4b55264c7b223b87031e3cb21648ee2aaa78366218

SHA512
f241da3b3739debad069794a05076ecafbc2dd82fec71c9bf79cf192ff422e67178bcef475f0a0e5936a1d6f22c4979dd5ea92d69fc46dae4c7c7de6c40e424f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8ee73a31bd0cce7d_0

Filesize
7KB

MD5
b0e0f2ac22f4ee58d1efc828671abff1

SHA1
a18aa19d55421b2faf5edeb50b8bbc0a814379a8

SHA256
86423f9ceac054ee6b08a02c36b738704a00925c0b13ecc0ea71ee0017d399bc

SHA512
60a1a75e8f537a6eda8d8537752d250825c85b2c4fa13a768c3d8b54246617ccc4876f74b9b254b82a1df8b5b6f4d01e00f8ebc7214067d6312bfad28cbdfb14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9305654871567601_0

Filesize
15KB

MD5
7f1bcd0429701ba9d8cabbcec48c0cdf

SHA1
58e4527835a21f63d8a7caff721a6999f7634909

SHA256
47e82988657eb8680e864fc314775e1d620dfb131e9893aafcb1968e0b80b7ac

SHA512
58cb05cae5f3e061d938037513b306d3637571c22feb9bec80d228cdf822d63d2a8e298aba0415709e20eb2d06c87cdf4dbc27007781e415d14f4b558d8f88bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9412c8b664751f90_0

Filesize
1KB

MD5
1c16ab8c98c47424cfbe78c907665aa2

SHA1
21c1a9e17796ad53fd84cc680c75b0a5efbd4d90

SHA256
aaf0053db5e776c491448e18b5c7ebbc7c3cceec6b491f6f46f169c977ef5a6f

SHA512
09b82662ee66de436454bdfbd40747a2f36d78a1230fd7f2ca6f95f4cf4acc25b62eea0c8362bd3e18b364cf37baca2c40161399f56e3aefad2be36fdaa7a46e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\947360db10aec69f_0

Filesize
128KB

MD5
cf42091cc37a7bb02dfb93464302a2a5

SHA1
206010f4718cc4f965131b610306fdedf228d2f0

SHA256
b86c150205ede2a57d6aba232d83c263b181ebd0894aea84ee24e9c1dcc9bf11

SHA512
9adff899d363627c4256250096fcd0dc4a65eb36a66e533f98c65eeb46567db96d358941930050f8c1ac6a7c936dcbe91d906e09325e333628ecc06c02118bc4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9a267665648440b9_0

Filesize
6KB

MD5
02b0ff0b439f54029be790159a4393a5

SHA1
8c9bce35b258e6769432dc566a281ecd6283b630

SHA256
02ad5899923b858b134dfc53e95b58f154d1f99e157e0c65f3655805eee51b18

SHA512
ef8997428b55cbe2fb113aa206d3a2f4aedff910e996b2f63b62629b7323e47e6dbc0f6d32c5eb84308581db8684df9ec1418f12d2a867e0ffefdb70356f632a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9b603a7990b98d65_0

Filesize
4KB

MD5
2a47f2349c656a9bfec745a06d290be2

SHA1
36bc40a8f244e3fae6e05a397ecc067450da894d

SHA256
7f76f5febaebec836a652689fd2afa386fc03dbbb00bdf06c9e34844f57915b3

SHA512
2a8ce46259874cd41060079c5c3a5d29cdea773cf5aa960b5ff0957bc2b3ce43ccb17be041f9022b62d2566ad62b2784809d212b48cd720a922ab88366d1c075

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9dbb949d27873cbc_0

Filesize
2KB

MD5
172f8bf6e27092ace727f74f3a7c22b8

SHA1
3ec585a43ad2f023a0c19bde09592815e9e2a747

SHA256
090c19e7bdf05766511228b2b1016e4b1ce996cf5646e10bcfeb9d32ee3f475c

SHA512
882d54bb391968bc09c4e3fd7690936f0aa719e9089498b92585942c962e6c2e9d26087527b74bb2ed9ddf4b3859c175f7ecc929bab5efa4448e40da84f0975f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9e04f19de8f5d184_0

Filesize
260B

MD5
4f442a462646937a27d2736ebb81040a

SHA1
63d7b0be1ce8696b722c6172160e8532025f9bcf

SHA256
5768b2a008cd5ba4f97d5b3385ba27d9fcc856a2034616e4d27ce46428edbf36

SHA512
5a3388e5f5de9ebc8fea1b88b21d9dfe54b417bb666267ef6c4ea145482c0ce95f875870e360c44314097c49cb883ce8202da40d409a50ac31458ffca5cf84c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a02f6c11c8d2986b_0

Filesize
21KB

MD5
426ed253c5dbd23a9021de4991da3836

SHA1
108abdda8da427e4725649ce7800d236560a0c10

SHA256
bb894790bb04ef9dbdfa532933aa2b00246fb457b66f93d940adf55e8886a00d

SHA512
bdcfed791032f767e8297bd6557307329928fa750b11a2145d6bc4b84dcfd5cd7be6615417ac701cea10a85fcaafbf9b98b3e62d32bf5e9463a267599def269a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a09f6271ad0c4092_0

Filesize
48KB

MD5
4df215d9fe638024662c51783f0ffdfb

SHA1
fc1ef79b2823eefaf3fa1eff09c6a99681312e80

SHA256
fcd4ef8acb444a853e632a696154bf484c20d1198f4f3ef6d1790fa7ce4bf0b1

SHA512
fdf91a066d8519befa3f956c41c9670bdd7ade4610cf499561367aef8b3cd998d3ccd7621e5dd57df89fc30284af5b5d5a2f6a0e7f447ccf68ca9626ead0d782

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a182d1dfc7b0069e_0

Filesize
306B

MD5
ee8caaa183bd68074d7a18b4494307a6

SHA1
31836c95df793c212166638dc7438a3358adcbde

SHA256
5d2cd5d96ba3ae996f2a42cafef2209af58e5250b3b81b6e12e414adc64d7991

SHA512
16fed1ed47ecb574f25d954fe2f944c7da0d9cf571131e2d0d4819dab61d9cdec56a259547bf3b8a01efb34100ae3196a154d3543d9c43614fe930d3a76de371

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a267b7c21d8b8c9c_0

Filesize
9KB

MD5
ce82da6f65d64c18a82bd0c0abbcd75b

SHA1
34baf17593528f710f0bec16a0c0c8c476aee8b3

SHA256
7e84c0bfae0ae2568b86b2c4c37d3a79d154364ad7a7f604a3c499e46ab4f3c0

SHA512
28fe221863b6ffd039fa6a4e8542ad04714965c4d379166eb6d0dae2adc2839ad93aeb105d2f3a9470785f9b05c5bf603ab487de53d5804b1f25623fcf659bab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a629bad65d1a7d64_0

Filesize
201KB

MD5
68539579c56faa92a73562f8157e8454

SHA1
c7f565d50555fac778b9f30521236cd1742147be

SHA256
95cdb3931f58791fbe8ff00ea4700f8e10972a7995fee69d59b7f8dba76f6d90

SHA512
576d492ec30005ed4b1564c347517520ae2fa128455bc516f46e6cfbe1f09674a011ca6e9413c0212c15fe7c5350b54166664591d4f7607dc7dc22e38dbe00be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a8b90e9c62e1171e_0

Filesize
191KB

MD5
f3efb2c40437e8866f7bd707cfc3920d

SHA1
53e45e229f256a0df8322ef34b8653e3f3dfdb0d

SHA256
2b4d29ae182e13b8f1a9414a98d3f365ae462c9872911417197a276a0f455a14

SHA512
927633c639cb2ff8a52fac237f63624b276a609c52faa6dd08438cfbb87fc98e390773623bc0379dd8496d58356511fe7a8cf047f342101e63e1b66c614c515e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\aa41154d9533d7fe_0

Filesize
560KB

MD5
1a79bd4955147509b346af9002e051c2

SHA1
fd0c545b148b9a8650df4878a106bdbc30b321d2

SHA256
7a99bf2c5789ebeace47a04796486b8da713ea8c0e05920b3b7c6949833f8926

SHA512
20bd6670c4047aa9f1a6a16322b5627c125e3751795037fc02ea0ed69468c21bbbeda8ba0c3c72f0b1ba527c71908e08ae2e56f90aadc735d47b6d8e53193201

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\aa5fe3b36e22e31b_0

Filesize
3KB

MD5
1c7073cc7a91e3ee406cde5ccfce14f3

SHA1
93dfe5e737d862a9be312087355dc4de454fb7d0

SHA256
00e9cef0b0a7d8a6b5bf177d50c721a8abe1097aa6fc75eeadc391483b6d0a72

SHA512
640b2b54039a6fd0efb50f61e1921b89d66bff0e7ee3fcb1c9b6439fa686c30bcdf245210548e80c2dfadadd419baddb3ea8a2c864f933cf3d573641276b5e69

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ae3399935edd9742_0

Filesize
337B

MD5
e5599f97950faa758861edad49e81587

SHA1
ba7bded402d0a2890ddc4fd3c9c781984f2885af

SHA256
4a86187f37ec0f8f0bc9b4b2259e209c87e52134b239b93a64a525e7d7171d59

SHA512
84dd019199e4ef516185d961320645e7f55210785e7ea1b49e7f6e066812ead01886d8decb984a24b420a3bc854545843296608c0a1750f50e3220c41c66c5e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\aead27c05dbdd98f_0

Filesize
4KB

MD5
94dc04eb4b5e09348406582cc232f5d2

SHA1
3e6df6ab2a1285569f4585942e1ed88e0f7b6877

SHA256
29de8556d9012d5612642d7f03c6d9254f2bee5f3c77f745501b69cf087ddc09

SHA512
09a3c0231e37aadf0f6bf85053b6fb35776963c4538f5d31d125fb0971239d77368940698715220d3429d57beeff496a33941a2162c94e31f6066921b48c996c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\af1fe7d5b37e5c26_0

Filesize
224KB

MD5
90135a4742a06d3d0949329de4bdcd72

SHA1
13636b3fa8cff43c95c89f249b0f464da7131bc7

SHA256
7b3c653879fd3797c993ad583d53bfe74639e1abe32f479470a79bca962c3444

SHA512
e79ecaca5eb25031fe08a706b604175476f662f47d6ad63cb3ce187d861d1c3cbbc8a982d351349c2da5728837e2b151b48559142c517bc58b84e3a9aff31909

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b366c7255e5e3c7b_0

Filesize
54KB

MD5
dcc480aa748a08c5716b7d18a2271af3

SHA1
42314b400d3c5799184a2f5a7b1e6af7ee8fa3e4

SHA256
3c2a721e4d8cdbc9101f90e32f0395b1b8d8e634ae5636b6033b3fab44e99b76

SHA512
428c193b3bd563f86cce364868c1912fe45d4c21e99697226f0a4141b1b631441bb3dc706a00549912fbb6cdd509b7628efaf3d420958dc062af44f0a2071923

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b3e82669a81c981d_0

Filesize
2KB

MD5
d891a579acc872dbb491333c28711a0a

SHA1
135a9c082c317067a25bd19134fbaca4aec35ed5

SHA256
f209768a0a5bce1fbd8d3a405f08d483a5696cb2ae15023240f295ae4fd3b229

SHA512
a4caa0734d1de17f36456e852fd7dd974e5362cbada99353f205ad1bb550a0b15fbf548b6860eaae5557de2671e3e8b5744780299107383f6ba7f8bdfeea4d00

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b8fb7f17faf71513_0

Filesize
251B

MD5
69667d16b6e76082d2efb8ecd66b8820

SHA1
d9503ce82a222b801a983bab125e9cf167ce7dbc

SHA256
6f761de39fdfedaa3cad842adadb872bc25433719fdd298b8e024b56cc09ed5d

SHA512
29da2803deaeb2c4306a81c474d2fdafcb67f060cc76e2d1bb03869a95db7e4bc2e69d0b537fcb11fb86735a7fe5be064356d64b8d0dc8f587122a3dbf1511b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\bc0276656709e65b_0

Filesize
259B

MD5
a97b982e4de9adbbf803c1657b8e154c

SHA1
7d3fe834fb73b8aa9686e03e306177820edfcfd8

SHA256
3c36042d07e0785663139514434b22b9ee65a3f0894f522bab82554fdc9f3994

SHA512
0925f23b919cac922f69767f58e3059f421c143804f62a10ebf4058a025b0eaca413ce2d95be74a8d0e9984aa75d3049e7cd180437d38d9fc8f9e5f35fb7af96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\bd6b414df7ecb6ef_0

Filesize
250B

MD5
51c0f732460efb26eab5fa110309a1ff

SHA1
48c551f4844baf90565efcc68318a01c5f6c9510

SHA256
c456cc200e8a51cf2a3baa51fbceb94ad185861893ddacae9460176de8a2570e

SHA512
f7c9f7307686783edcd7cc474300eab47ae4d8ba9c0c708249fcf714dc88b57dd0b9d85a0ff8545919689845a8e43a9b4a6d8f06c6c21bad7c5e44f9ac488bd3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c327897ba0ccf3cf_0

Filesize
931KB

MD5
fc7a2441fe7c65deefe262725d97df64

SHA1
95ac96754abf56d7de229f00a7211faea18492f4

SHA256
265cad38ad05d21d4a91b2aeeaad6058ff99c82ba6e89c8f0871e11b9bf345f1

SHA512
fd262ed3f4dc9f08a1528783798c371945eff73eac4358856d3a4e103accd2fea249ea57b4ddad79a4f665902e6ce30001addb34076b556edd84e9461d6a11b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c40133092d101876_0

Filesize
29KB

MD5
c44bacd960373804dff613b8f33fb67a

SHA1
715e4a37747d8f7862d18371affa4ec1d2e5e17c

SHA256
238b9b50a042cfd66efe92ae69f2bf6f5c4b52c4c88db1207f5d2c04279a7144

SHA512
64daf2b1af2f6317416216f2e96fb7f7cd71d70744f4d9de94e4afe30db44fe83e04ac1c553bfd8144ef7610540eb20937f159b336c084a86efb02741d5646d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c44449928b6297bc_0

Filesize
270B

MD5
3696017013bd5eb659a4aa1ca5c24f4d

SHA1
2e7cc8be0fc38a1769167992db95e251a274a568

SHA256
74cb819bdc52c8805ce1ee12b2a1fb43b3f309280f243382cd4d3323be081c0b

SHA512
fe2f00c6de1ce71ada5346762c4ea3181e0abacd88234d4001f3e3b822946eac45c5ae55d32065437011f62683e59df9ea5b35f227bb236dfc3386479ae16020

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ca5bb3c84b908d6e_0

Filesize
2KB

MD5
b5962b8a431ff3d1edeb35eeb836942b

SHA1
6de09bd6ee78a47fe493b0b3f45a6cb1f553ac77

SHA256
82bdd4e0b9e2cc7f64d976808063996616d614f8b367961b4837a694b4639ba9

SHA512
043fcb071217c4c014e944543b25283296c39b98411a510746e0e2c8596c0990b66ec03504e208f989044713c42c40562e884edec82ff84e11d63a2ed9782f9b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\cbb3ea9d5890b9a2_0

Filesize
308B

MD5
66ea8e1214338f5edb48022c19623562

SHA1
56e4910712a90d8303296ac16edc96480c8c7347

SHA256
11674cba49963c6920a021ad8ab3589ae94cca0ef4818fb2765e9a5dc4682ad6

SHA512
3e8714cf2387b59c1cf94fb0b76d4d2a348f536fdac8118f7529454fb4435488fd13760f99add88b0f0a4f5e5b645101cd6d32bc6cb4f643d688574608699325

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ce06d06eea902fba_0

Filesize
73KB

MD5
e9ee1ed22c4a12cf93eeacdf012261e1

SHA1
8649f45f22d8dbc4ce05e1ea302bd1a22a765133

SHA256
575d12d896ad4c96cb0b46ba4dca3d07dfa2eb8e4b0616d98c74a81c59642743

SHA512
f2c21ce26ec7a189b8e55a54dffeb9214681a223c303d07213d9630ee7e067686d387943c92aef3da285f265a0d06e97b6428638e86808f1e709434d87632baa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\cfaf582632dfbe2f_0

Filesize
151KB

MD5
50cf8cd7992bbd748eb1f9fa610ebd5d

SHA1
e2a41965b1a4dc7696ebd7fac044a6ec8742b23c

SHA256
00424611040cb66c2088f1411742fa73de3c2ae0a55e6ccfc2c4e5d539e9acd0

SHA512
8b227a838b43b2c1e7fd1d045d747255cabafacac22bbb1c94f36814a77e0462463d4da3d94ae8d8ed52d03cc0d07dcfdf87cd8c896f5a2493659fc5ca916dbf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d1b501e4afc0d949_0

Filesize
74KB

MD5
5da8e3e906cb885af4e50e172fba2916

SHA1
4439c6cbef866fcb20c68d46d12e0d79972a64ae

SHA256
168c298bc5ddb45a48d8a259d561a5c63fb347c23ec31ed3b287c701f5e57977

SHA512
fa41acfa4071990b3ae629b2db34757eb81e12a71b06955935c50f50a70f0ee9854f33cdd2fb6d6c138c57002d01d8fd77a8a5955a3def8140176b00fddaee90

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d1d8d8b423256978_0

Filesize
385KB

MD5
ff08c450cbacba9567bf72aa494269e5

SHA1
91c70b35a22a30416822db92c35896746011e8f8

SHA256
323242263d8a339867819570af7f67d00db6c03bb9ea35d7487c8bf0fea62282

SHA512
8a23a574afaa74237714753334716402bbab190f4fd7464955bdde63452bbb677bf95b275611b13ea8be812df4d8b76f3b6b501d35a8fc38c6c8be169dd2b49d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d3dbb3008455b523_0

Filesize
262B

MD5
9212cbbf3e82a041037fda9c76dfb89b

SHA1
df77997c5bb634c8d0a0556dcc870887e637651a

SHA256
438d8679b1b808288de0024fa9547574bd509dbcce7a2f38e39c7e03ae25d3e5

SHA512
2fa8441f72457897d904f56713dd5ffc30196d0b2ebc006f121273334d0a82ad1770d5ed00342478fdbf65f8c89224c64540a81fd0714a8253d8993c962923a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d5515d758c97fc99_0

Filesize
21KB

MD5
be20eef34984700cc25a72e44d27ef63

SHA1
c9f9567a14e3248ffa7fe88440fd7103542f7579

SHA256
9fc7f571eb9a023c58eac03f917c3a4478fb4263a623bd283f42c832c20d171d

SHA512
3827f758c6aec7ef245ab0e18c5219d9f5112f88399c95d569efae0a2ae8eee4b2d72146ef16496602a1aca2860a9b5386b70092ef7306515af0ec65df3a8ef1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d742fe886e4687c5_0

Filesize
252B

MD5
9ead40514b5c812814674099c33b0f85

SHA1
5a77c7bbeed4847f7ae671c419c3575fcd3135f6

SHA256
9ed0950c1c06abdc516175df713ed0577710ba7bf2a0d515d9e5f44341a677ba

SHA512
f3fabaa96a60d3b049a9d70475b55d7727fe0c54d7dc740a8dd57d666923de36efa2956007841ef2be5f7be8831df4e0e2e20d474f615f614ccfc3a5d5122ffe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d782f305bb50c377_0

Filesize
300B

MD5
6c65f944fe658b327de8b6a9c4a2e27f

SHA1
23b07e6a0b0985c6e9f07f2458dbdabb4c3db93f

SHA256
bcfd5938eda08d2949cd8bd80e2ee632f4120264e891a480932619e73fd41b5a

SHA512
5e414f3c335cd3f4e805797916deee47e740afeb5c514bdeb4823c198bfc1029f4bd924935283fea50a46135d6e324f6e1fad204eba2da2f6a9c40b8eaf97294

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d782f305bb50c377_0

Filesize
300B

MD5
bb628543bf464ae5d0b3f617a12b9c55

SHA1
226a38b6b68de6fc9c2788b3c8a7e69ca232b127

SHA256
fbcbea85bdfa5e28ec0a72bb46245fa3776fd9c52b1c1471ba13343a93aeae78

SHA512
fae231999bf29b684ab5f98f93969523141b7ca65d16e31f1658c112a6c94a1a7eaf1de77a713ae34250f2b91d7a203dabc1edecc11e2539e6c2d58059c101ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d7a29efad91a1117_0

Filesize
262B

MD5
2cb66a54428893911257ea9197cee70a

SHA1
b778a7bd14bade96e222e43087560b4d4d78d2c4

SHA256
8a8b93e655ec21fa37b2e64fa056f8ae4eea8f71fe339d1a03f78c02933f8338

SHA512
14648781ca5c49b113a624e5e786dfa071fb8de4dad2f98a9762284669ee6c45432b8a9fc34604a881da7828ad2c3266d128903b3cf3d16f9f83b105d07c2ab6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\daea348421cbc209_0

Filesize
2KB

MD5
6d985fcb86d8da98356da9eed62c6c5b

SHA1
9fed123d0234b40fe1001228ab14e95ff228196e

SHA256
5bd295dc42f1bbac0fdd718600fd10150426a6fed6fb63c623035e03357b5c1e

SHA512
cbbd37065213ca3a8cc6ccc62366df65b2fb1b3f0dac8452f08f7bc5e76c451a1a98f77e926e6d20c7b5039ac97975fd73adaeadcbccfa076b35e3d21f94f241

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\dfe07f2c15075c28_0

Filesize
28KB

MD5
6d6f9597406b495b289e71992fbe61fb

SHA1
df52f7a80779b2e1aa0239a1856c304fe7d77914

SHA256
99fb136faa6047e33ac697b6c2ae412aac268acaf12554f33840f9fceb3db2ea

SHA512
8ab610293d05ae248150c4f00e73720d4b1a9ff641d8b8ff2bb66530362edd45d40605af495734ece6afec0ed576e9b3c4c69e2ae0770e4f352e28b0122d922b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e201db4afc7e2e56_0

Filesize
307B

MD5
e4cd2ae79923efecbfcc372c36fd7d9d

SHA1
75ed4dec0b057bdf1b71859c20166775bf254595

SHA256
071356a7ddd2329ab334eae8c2ef9f198bee3a0ddcfc926389bbd019d0591838

SHA512
52fa2aaddbe105e94a29cee04972a96e8115e459cf8a0cd9eb45d58869e3ee8996a4ea736e40d337ef89cad8b9021b332808451ccc4e589ef89cf638cc8e44bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e4f85019800026a2_0

Filesize
8KB

MD5
1ede26ac96287ee9aa6e01ab8d06ad6c

SHA1
c82f25cc1c7bd314e8713946f32459f2d8e18e54

SHA256
87fc4a14c81dd5f4f9df1834b6091cec26634db0142a64e943e6678ac0598d05

SHA512
f574e36ef694d5e295bc6bfba4f894439171765bdfdc782a7c9d5afdd166f97906c4bd40245496df814c57950d1c8339de7d31efa291a9b677fad1cce1f90774

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e55f0a6d1b533c66_0

Filesize
2KB

MD5
583a6847b31bebe62578e9cfe859e5c4

SHA1
d52ebf44b971414e4e72fb615db6e6a559f1a92c

SHA256
592506256e7bb7af851a7c19388e73c49566096ad3db670debca236bb4737aea

SHA512
4414eabbad8554189768123dfd1fd76b5232895b6ee90538d494878f0e47ce27ae6597c590806d47637edf7bd3e1fd2d202d3d9a7811a2e4464df7c6054d6299

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\eb9aa4691e62ba3e_0

Filesize
269B

MD5
d0fe78d97938f51c8ca6efcd80a21b26

SHA1
b5a9766a4657fd8e49f9229036f7feba0b98bec0

SHA256
0d0ead8ac1eb7da6ab2a044a747af3e170cf621d24fd35b5c94bef457a70310b

SHA512
67dbe10f4916f5c4036b12a1c9944b39b547fa4f5bc7e9275b3c57f1ccb467033210f824bfc544d091b8f6cb3747134f6051d8b037bb369e4d69bb91938f353e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ec9886a56ddfeab4_0

Filesize
417KB

MD5
505658bd169f7e1db374ac073a39351e

SHA1
c32e582c112bb3dbd8f3c5053604431da63848b8

SHA256
797f81ed6740b897bd6af4781ed240ba9e60dcc6d19eeb302ec1b4065dd4e63e

SHA512
55190f8f97cba33ef1e71b3e76edd230d80b072a8fe82dbb3373a341747df192c04d818f2ef9895a7d8be4918ff0a25d617a16c2bba6bf6c192661659604c46d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ecb5c7488d901111_0

Filesize
55KB

MD5
67c69cfdb89e643bcf5c2ff260a4e120

SHA1
b87aec7226c27b4239bdacecc3f4a73226cfc93f

SHA256
3f40c718a6075dca48beba7ae640676ee1969b3a0e946e429fd5b86bd45ca6b7

SHA512
2971d11ad5141209454f2eb0b45e0fb5c7fe4729287c7e3a0f990e06ca8dca298009c9f92b6c23ec4c0d1f221c79355b9a0e56db0b65af57917d773c5ec2a294

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ed29c109a3bae430_0

Filesize
400KB

MD5
ead6510233dc40c51189b81fee055faa

SHA1
a5219b8f2713b38fe37f820e0f0ef75bbdbf69af

SHA256
06600c6b65168f8532a8c679a33cc5d290d3c40c048afd0cbb862c9a017578d4

SHA512
723f891b01fece0479e17f5b72e5ea8e5940a8f382e0a0e16872cfdfc2877259065b4a9919c7bab0f4066c1185659372f3ce0f5f8c088830f3963c86cc24ffd7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f00ce076f01cdf81_0

Filesize
20KB

MD5
3fc58dca2f20fe4946cd7b15856984b6

SHA1
577e63f82c9bfabe6c67d6b36015012645ef3cda

SHA256
7f469ca0abe15fef1eba383f0b0383db66b7490c19ada92cebfa572c6230715f

SHA512
5bb0a66f6d8b7a94f1c93bc9a4f96bdad2b435b41963fd7a082b8458143b16dae41e15951daf361432346c5e33c18c86bfeecc4b2dc422caa39ec06b430ad7c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f1094c25ec107f3d_0

Filesize
55KB

MD5
7f5f140b0d9de2132be25669bf415397

SHA1
39b28351681f7ea12d37d4afa58c2c43757a12b7

SHA256
74ac87efa06182ea4534df2fafeba0b45a7567899f9c0d7fa59aabc85275ad10

SHA512
666409709e4cebb9803d0bb56764d2277484c293dc8b1644175310954df3895e8d5cb45b1712076a3b0f42ac2f9265f7b11e2f7eb9042cd6ddbc258ac2ce6335

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f2e4bbad99a372cc_0

Filesize
2KB

MD5
02ff5b8916b9d1aecf7b0cd13aa8b4a9

SHA1
b6e59a503ab8772c47aae153468ebf9128455fac

SHA256
9e6b4a962fed3c5214be7a012994e342eb7c303f33dc0e626e34b7c93f22b086

SHA512
6a15de84f6542af1fd8762a9f855fe45e2a7d8500e2fa49c1c9f75f496ad4e835a557f00669fecd5770348d0a2d7ce5f5ceff77e4567b9795b173883efb0a2ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f7ad0cfd499e5b97_0

Filesize
253B

MD5
e7b07955631798e9de31e16c75acb15f

SHA1
ff858aedae6433cb69b64f06d8e38ae210392524

SHA256
7630ab597c9bca2a6f6c74fb4d75541a54c6f0416d3fe2eb0f5d3b807575ceef

SHA512
7eef76e35a7350239350b6f1f76b3831ccc9ab2935c85b66aac980b43a44de8edff27108d678cdc763e2da974914db5386fab442f8e84bab48e96b019455b01b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f87d95ace18cbab6_0

Filesize
274B

MD5
43577bef4b10e4ee1ba93a2953ecdf53

SHA1
ccf7cf86286f2944341dbb8fbfbbd46bc7b5a5a2

SHA256
6b5ef01c317e2adb508aa317f516d8753bff22086cec5769d7b123576c50560e

SHA512
f070d8eee3679a070fded7abb8bc640375db0dd17d1f353ca3a3a16287eb8a4f6ffa91cf02d496a8976a570609b89973c2f7c3dcebeff9dd293c7260ca0cfc42

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f9f54d7f2e6cf0b1_0

Filesize
14KB

MD5
17011d54c4309394ce16078b85a928c5

SHA1
624e135be419c6ab166c5d39189f6066cc52affe

SHA256
8f3156b37042342a289470e6a107bc278366841a08867316c9ac1614dc3699c2

SHA512
c388c09e0bd97ee863b0b857368d3c264cd0b5e2e497d373c9646d357c5711a4a16ad68214d04a7fbe2d4a65387b0aa3e323bd4eea68b375bcce134461eca11b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\fc73ed469d22892b_0

Filesize
31KB

MD5
24798992f3d4a96dbbd4914e3d08c542

SHA1
a574de4becfbc7501bf3a5b003d24f28a9705f47

SHA256
3aa0fbf8c06e5187a353a757bfb6fc87c7d9691a801cc67bc2e3a1582f2958f1

SHA512
4d91f0bbe1fd2c531fcb5aa7a9f5470b5c00200c6b0cf4850dccae6ca46bcf9b4e21ef9e08c83e279ac515303d106c8c2a5d959fe7ef5778a4d8e64a9a792797

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\fe3b2b46bc81c832_0

Filesize
82KB

MD5
e72ee330d27687ec7008cf662d3fba5b

SHA1
b2211b9ab7b4b8cd23e85c1632c9602643b5ac5c

SHA256
308e9f6e6987969c782c9c7bd33fae1e52f70f71133d4c5bddac4536f8873108

SHA512
17f13cb76647c83f9ebea4b6fed147eb1411977607e6259b94848e0600bafb1863ba1a0bd21373389ac5221b4f90a0ffd62be304333aee6c5d4c5a497b03c8da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
16KB

MD5
b47b26cfb74540976f09880433718213

SHA1
b1d9e23bf9998e901d51ff0eddf76c352ffa676d

SHA256
cbb4c4449a19496da7dac941f93b8c28e8d3db628325c2ea3b076cbf81419dc6

SHA512
3781d7173e7e6e2b6e9fb8212d9bd2cc8b97dae7efc8f60ba1e408b6d34cd27e919d8d37ebee9d2309b0c211891a4f0626e8878d9d544b5f4129a1cf99b36540

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
14KB

MD5
de37274606fbe34ffe13a68c39cb95f7

SHA1
b1338d3bc483f5f19b5cfcc8625d99d0ca6ba3b0

SHA256
90d68eb446ab0bba2f1bff576138f1c8e64ffa185a8dc24572e210c7ad07f142

SHA512
93e72ea85e2f564b547089d2f655ae94485b5770cb52e1761c612a32b6dcd2fd66a3535186ddc63ec05e5319beef5ba845c3bece967b1db89427c0fd518bd687

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
16KB

MD5
d3b45ab4e282c4ec85892b6bc89dabdc

SHA1
fc72172fa66761e8848a9e9b1478a9a272158b51

SHA256
8a61c5b69222b8a42e9b2510641cec314f493047fea5b768897038c5c41821ae

SHA512
52252e3a59d59dd837827c43ce91b34a6722b70c4c41cf35d89dc81a470fb78f8f5dad923d0f7187a9c17148bd08a99cde4877e19e687613ebf671d79bf62f8e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
13KB

MD5
3ffd749a4e15937a085efe496d16d183

SHA1
97f7d803e308dde8d715e1ba5cdcdb3e5d8b2006

SHA256
4c6734c90349387448a084e71a8cdae896839fbf8214d63a615c76d701201ccc

SHA512
15753bc776a3e6af39eb08ccaa218cacb7ce04fa9a94022c56f2fd3030b3e8a2f68b3001397f64bc6f2b55497f61b5142df10fbeadbc0ac79d0d6f2e5e54f304

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
41e0f6b0a1106a1697791fde60a67e5d

SHA1
bcf0f958744dd7baab9f87309ca7f884549a1be4

SHA256
c17f8d75dc02b20dd8ab40aed08d38efd57eec0cfc01b6e83d0fafe7f3f92322

SHA512
218010efdf0051291cded3930b65669268b6da39d6e74727bf0730f63e6de3921dad22e0ccf4e781e49b74cc7b8cf339ec969d64d28513cc7f1547c217cc9d38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
0f3acddebde11041a64fc6c316571324

SHA1
bb557be4cb1df467a657eedb74bae25798313010

SHA256
2787a83cecc1bf9ca3016ec4898dadeeedec9473a288f50a141bdf7e3f4ea275

SHA512
bdfb47b63a1170739897489d80e64ae507c52c07d33475893f09f10d89b91f8fb012603e8df4d96f27dabcd8f79baf217d03e09c737cf7a83e67e91283676573

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
13KB

MD5
a95d49bb0d48a591c932f8eee99ec599

SHA1
c7251f2c47c2d25c94c3fd1da3cb5dda5ba1e975

SHA256
02181c1c4a6b7a534ce22e7e883d19d91203d3eede3d885fae424ec394388fd3

SHA512
1debfcf0f804b34c7843a6dcd0ee14b913b2e87e22b7e402cd02c87384ebd79d191f275c8ea5541c92b6ebb7655db51fcc2ea2fce55bcc91a607779567947e7d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\Origins\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
26KB

MD5
f5c2d41d6ca272558a43e11b8427a50c

SHA1
a749d0e749a9fd93012ce918f571f772cad83b3b

SHA256
edcd562ba08bb669adbad6808b0a3743ff7f1d194c2c7b51a4bc81955d10a60e

SHA512
94a26dca9520e9089173728093fa8b8032661016a47e1a9b5f5a6a6a9c44fb7ce60d45e37b8a8dec00c74e556824552428cd66bb5a1661b3a694e9fce8e750f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
34KB

MD5
2258b879344ebe1794efe716274a8739

SHA1
2fae89149e9fa86a087d1505e2b9a8db040a92dd

SHA256
dc9880d0aac8dab45a57a91874b34b3a8724fb2ac4fee27b9ca5b73da4f7b8f8

SHA512
65ecb29d716f770f3d0d8d04521840681a8db5ec22af13814ea9aaddb13a39783d7b5124b22b94c39c57fa1ec1743af7d1491901f139ba54b42866a0e4d5204a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
34KB

MD5
a9bd0923943e1070949d0052b4b36250

SHA1
26b40dad3d646841f96bf20d36611efdf82453df

SHA256
36b672a92a4a195841899e254d890576dbbb71bbf6aadfc433231a5c4c994b05

SHA512
df979f080bf6e98fc5b230dd804d835e0c0c57b1510c5930a3dfa4e925b30f03b0458adca664d866ad4e07332260a730161bfd363d1d3a09385b4b2e2588aa7f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
32KB

MD5
deb073ab931ad6143044a512b5948e17

SHA1
6f75a9a863bd440d145cba03ee1d15ae2ba6c2af

SHA256
1bf8aec48ff78c68fbb75163cc57dc374158e838016685058103c298ca7af4c3

SHA512
897778300fa8b3e3a8d4a9f76249e0305f6e80a7128bbecdf0965dfe046d3249793f9a8f6e36bf86ef6b4aaa74ba6f1d8fa316abf0df8595c1ec4a4f239d1886

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
33KB

MD5
a4b4469cfa0c79a85fb886e615a800f3

SHA1
78faa324f53dd3a5224ce9de26cc61c1bf876b14

SHA256
9c6351ed1656565408d0614cc926e6dd7596ea6a5995418755c2501da0a5ae6f

SHA512
ddad3c716487befeb7eebccde12e6d7ecc515f1a4367961fb085b81b79d29081e751e7c9055a11aef224e7d834039fbb04e0fb543ba13ec068ee58f0c09f919e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
55bd261bace387907762fd3991d67f01

SHA1
d89f39d5fdd348159eb74be6e4d23c3b24bbfc3e

SHA256
5b78385c8ab0fbbf8160714e84c1f2277bf18ed54883d1dd7134e23da084e6e4

SHA512
b78b5dd22a6a58f72291095e11293399d796aea9a644755514d79adfedec4be0834e9f7e105d4062113ecc5274bccb7a35fb79193dee453ab930d18d0f305dc8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
29KB

MD5
db6403a2568077156f90eb7469f472f9

SHA1
46da17fcf61f198809c85cd76037a1fb2c600d3b

SHA256
e6c53629c8534175fb4f87776266fcad4f9b117050ba62bc3e509be6156c809c

SHA512
8d7f68692f8ea6befa02b4463d4acd0bfc4eadfff492552352d94e437890c93eb1661152cce49ba64724cef197432ea217f11ec4c553e06a1fbccd3b46b02363

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
a6b0b734df45409a09a8eef5fd732c72

SHA1
9b31f1904838769b1bf609ce941b160d1b611585

SHA256
ba191a66b238095e8b227bc7bf6439f3337b2017f02ad4128aadcabcb8a2ad67

SHA512
17e583618025f695b376954a87c11aaa4524e1d8ed5f2322c66cb015e91886d093c47ae4600b4166b4e5d806dbecff4236742b3b57110466f33366f1d6120e7f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
24KB

MD5
4b20af6c2cabee8e85f8fa37afd6720d

SHA1
b684f34a43c378217b6e18962bdc8d8f0dcc6025

SHA256
a376b7046b7ec9ed43cdc19d048cbf3aaa37b48639e4fcf7eb1378970618886d

SHA512
54d3ff2bb09a2041e9bf159cfd97e0bbc2b1e73ecd21c18989ff80accf6fcba953cbc83643e28442a692070f36b9deb523b22f7f0955bccf465ad0fd17fdfa3b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
28KB

MD5
035d353de563a89012fc0d8f08e380e3

SHA1
68eb4e501d338367679251f24981a6c9e7dfcb9a

SHA256
3e822d1ca266c30434fc4a1895c472a807e49d5b9065e789f7cff40faea3000f

SHA512
48d94582ebcd2b29680cdb528b3360e9cacfac549a4ecb3e1fac44cbe3b55754e8bbb857effb11231b942e94594a04ee9abaeafea229a65cf20607c3a21a477c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
30KB

MD5
39c09e066debba38a4be26444e33ad79

SHA1
31bdce9bc2c9bce243021825dceee3c60d6cda97

SHA256
2a474ff7245f6a96597520405d595c5cf0ec7132231bd01af34d2aac6602b63f

SHA512
8d9f9d4dce1bcec4b1b6c717ed9947cfb351cb98e9ff0fda0bf23bc6c52c0ddb90ff7702568ae83a3db2a82aaa996b285870c11e631d538d8832de7bb6d9e081

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
30KB

MD5
a6b6d0891036f63a16fe753abbacc736

SHA1
1a5d62ec2ae630e49b3402e2b287fcacad539402

SHA256
839d51cda6eb4684c14caa13c4a098b19eba4e7a6d23057b0c959ec7891fa5e8

SHA512
e2d956b847b94242004f502d4428504458ab6089239a61381701fee5cf5c36de7be21f2058c0f00fa869e718d453fccc338cb89e782ed21d7c35045ac71e8801

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
30KB

MD5
eaa66a65249237aafe7d626e6cbc4300

SHA1
17dc9e11387bd496de96e51eb93e757f33ce137e

SHA256
a3cd59f99ae5b09ff98e32a9a09ded8b4cffaecbcf887ac70139f166b797132b

SHA512
7f6cec768ab2bd81802e12a645999a5e621396687b192376bcb718b03b0dddfdd6aa603ade7d950bb5e18c54cb090ae576c065ddbfb1fba0ea1752752d4b04c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
30KB

MD5
6e24295f592c88877d05097f041e7667

SHA1
1428a0b74ee6376ce53ed2dec115ed579329479f

SHA256
8f90dfb7e5c106cb055429159a85bff12ffa4daac12dd6e19a809870d3a4bcc1

SHA512
d66db22a1002691b63cc90f4f9d97ca6b4fb59f7c858ba1ccf74a71fc82599c7af92ff774b609514f07af3a7eaeac02d5800eeb558368fb471739a5007c77dcf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
c95607cfd163f8604ab6e758baed0ea1

SHA1
4b569f36f6bac2146a7a9d943ab21d453a1890ff

SHA256
2ae9c40f9d6a589f9495462a22cbf005c9980f21dda94a27f440ed69c29989e1

SHA512
87c11bd3ea2e7aa259700d616df1a1b179f89cf826e38054b01c35acaa5f1f405ca558f1ccf86cc6598df467a7ff03b8984b8bb2cd05bc6601c0d2664dab8a5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
ea72a9d4b110681481c367ccc2cf0a26

SHA1
410630350ce2e417a7dede15540138ea7eabd353

SHA256
29512b9d353e1bbe9a0d9a58f483084ced654bab8ecbd8cbdf1ef16e4404e2c1

SHA512
a7999d76f8bc2c76076c529753b66b35e3b814ebb5594cedeea6d3ca2c070511ba845c027286940d84e035e1537ac4ed61227d21856b99b69bdeaea9515ac4f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
14KB

MD5
7b1c927d54eecb9a5cef591e34eb74f6

SHA1
48b974634454d80a03ac0c875702049cb0b28eb1

SHA256
219a53e736b04e3da70a1794c628b736ebd602939e8b76d40109c1b53a8cc3b2

SHA512
25ee9b7eb5c952d8448cdf56b53e26a04b92baf81464dc76d6e3dee90961b330d09634e22a6579b880aea1d28306eff840be87b5a30dff95c5ab10ba478818f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
18KB

MD5
578586ee9b6197881c150e60bd08bd8b

SHA1
9f0b9f9969f2601ce8f919f9db17e15a3de3b1ff

SHA256
6ff753e0a018cb10dd5b596947a7a6bede12be8af78c26a41d65a4e0c76fe7ad

SHA512
eac24b57833b900a5a19f677a5bec8fb2c22b1c53319859af63b8b3e7b4a33a89c10f688d4fd101982330c00a60aeea755d2918895114d1b3d9fed8bb29c806d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
22KB

MD5
8a270ae867d6e3f8b535e5eddee0586f

SHA1
b6cc95fd266f7dc44c07b48642f2e92cdf32230b

SHA256
e9962bd4ee1cc22ed02382e7b1769b5e4b187f1caa69a6845049d426ba202caf

SHA512
58755db527efdab4e5bdcf22f671ba4071557558b4fb5a645baa48ab6d29f891721eb4e7a4ee6dfd7846ac4172c90214587c92be0945d46b38c8d4d24522550b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
26KB

MD5
21a4931e0f599fbd587b356f875acefd

SHA1
1da653bc2f5a8389f772741ef61fae796afd5fa4

SHA256
ad9f1617764d51a735b1d8bbcd67500cc1d7db3c0b088890b80e45e615c0554d

SHA512
db327217e39855b47499a0bdd658176c6e349f3c71ce3bd8fa476479b7474eb5d0fc270dbe4ae52b4e8eb667ce4d9172bb9971712df21325d542f29bec95fb84

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
20KB

MD5
88fe363688c0eff5b39c1c10f9119819

SHA1
3c1f212ccdc62af03a393dcba75b98188fc2723e

SHA256
effe7c58cd9626f91c33b424b32c4d035cca82071ea5ee65c2701b1135edd79a

SHA512
cc85603f390d401b72680d67a7cd96178b2ccc65a27fa2428070a3a208cbf80ce02bd6347e809cd8e74aaebd48de8626afa05d4ce64096d488ed7f0d07906e91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
25KB

MD5
74be067e006845515b5804f3fdaf6b38

SHA1
ac1288f43c77d3c4b058117ae285317f65466232

SHA256
15708cae9173064f6d842812bbb7ddc744400646e0eec018f5ed8e38b701ae4e

SHA512
6513ca90e91fc4dd1e573cf084abfe20e80eda100df6772b7d9cc7ee7d622c214d173cc752fab955b3dc77452201fa167ffea7182acda6b23252015b00adc445

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
24KB

MD5
0dd50c986c03532f0607375de2a2a9eb

SHA1
50a0601f68dcb37de447a7642c00037913ec637c

SHA256
54a7932948fb59256141a627850e7d228073e41cfb64b75dbc802bd0b1c88a8c

SHA512
d9aab8f899548c0ffc7b2caba5e63e35acc6e33a7be1ff0614c5984474ae09d1d46895456ec6f3334765ed6d2f4bd4372827effd1bac832c11d7c39cdbefd1b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
30KB

MD5
37767ab02822edb4444ef79069e70c5d

SHA1
b28f52da8d772f1768b30dde2a1edcbd19ef8740

SHA256
3b0ed410f4bd45dc732f8ac741b2a147addf562e5f639810a83a815bef049994

SHA512
6b14a862de064484e90eddfec8073a77fdab20f36570e40010fd3e9af3f32be1f3db8e3c6f8b09dd8d8a3f497303e62305893235aa81b7a6f3c983016d6b5934

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
26KB

MD5
1fb9c8063e66e87d5bf75dadbd13d8a7

SHA1
f44334b256c6a34cd75df54907fccb3fde03c928

SHA256
238617d7833b7c549ef439c90ff795531879e3bc4ee99b16c8179dde06e2eca3

SHA512
3d30e46a8aa390d99c4a2f13f77a71e419113b025fcd65b4c84b9d25af2b4d199814b25ddc71d6ad8014084c599ebc3c73952e02c112d8da1d96124d4260228d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
27KB

MD5
3e5d14b0bc222054f7570d4e2305c597

SHA1
edebe8c367897abf70291bd0d855e040c53d89d2

SHA256
8e5657e9b398f14e6bc9a9b7fc877c4315f1f348ceef63d1eb4c1cf64a182608

SHA512
4759c954577dd4cbc18fa0f4b3f5b4b5721ece8d0d37f45236028be997733a16954b06d4441038fa1f8b89ed295fb1d566200ed492a09fa6f2ced6c1def01135

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
27KB

MD5
9cfa651398d392667678eb3f6ab1d899

SHA1
3a2ad59cc2f37ef49dbb927cbb6745f66639ea5b

SHA256
00cf5768f09d155fac944b37e8e37623c4031258c737b2a7a0d3756ac88152fe

SHA512
23a6e166279b836115aa1e51bf5d15fd26a59647807494035752eef4bc93a23c54382398614d4f8713d38767cdde0ef758661da7a517efcbc1620501213e622d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
26KB

MD5
589b9dcdb3dc2c2b023660d84a666fb0

SHA1
99cb0f40e91b29b6bf2662334a1fba7565e37bf6

SHA256
b964ca0c17189fe313cd2662e3fe1ea1aa255aca8e6c8e7a8213e68c9a5404e4

SHA512
d60c772a3593877c5e4724fc3e9b35b6dcddefdf45be31da50133822559b9b549f6e564501b4572bba2eb178af9ff88ab0ad75d8d70bcef376387abf4fe5b92b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
27KB

MD5
f66f247b4d227420806abd5ca43482eb

SHA1
0e264264d0ad58256dc9435b25eda12ef50e3abe

SHA256
99690ff9633172e51e2c1fe315ff71d1edac2a973d3c19016581375b9f0ab58b

SHA512
5072983b461fc97236cbcf06e4ff8aa4e44dcf3ebbdbd508564b426b5f32269b51359d1d316fd933cd39ecb3b04862b6d64c19f8ae1153697a347fb8d37ed655

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
30KB

MD5
ea7761d26d1925264a95de06482a58c5

SHA1
7c6ff9b49825e9314538d1d8af222b697c5771f3

SHA256
37e0e08ebab732c6141e5c7c76dd9c6e126949ab3811d29d9a934ab360b82151

SHA512
b2d3796f18440e5ed51050dc71e76bb71d586454824ce8d30142ac5cc45bf540b22c5960b3c10157bea343eec0df12d6ad0cb834d10b65c0f0697dec1bb8740c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
6da17a081d161eab15e5db083a952598

SHA1
01d3772a103eafafa58dd1b203d518ee76589248

SHA256
d6de7bd04cc3d07a0ac44e089d6c3678fe0125b21f0a9ac064fd26bf649ed4be

SHA512
4ede4437c8d3caa8618e77388721288e2c60dcb4206cd067b150fb66df7d08a0005ff7f505d4344d310e5a08201e5eed7149eb15d5e7762beb20996bee60cc7e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
b10ad4c02805b081668ca1f1afd510c4

SHA1
da79e36590d6815ef7ff7201d1d0009f182d8b34

SHA256
fc9364e4fa7326ce313871dff2b7a4665a51b8b4fccdbf487634979cc1f388c5

SHA512
1b8bc2aa22a30f5d7dcfed24f22d927d6a6dad8cdb44351eddac859d758627e7d63337a9833d9689a93a102273f0b9c504b09f6aa212050a4edd938d85b7581d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
28KB

MD5
5b2ab9a417f74a8c9d911c0fcf08419e

SHA1
7de709f6d40dfdee58cd88676937eed0e9932af2

SHA256
5a015ee199ff255b3dda07ba940a0e57688a127ac42e6763f4dd83486b65048f

SHA512
9a35b6692141056f318fa1a1f255741c1738f599f3a9d1019f18de1f0b6d55d8710185bbafd99862f75fddfe18b93d85d5556aee07f371b4121ffc22de353489

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
30KB

MD5
c8c2aa95150c9fe94df26337b8617731

SHA1
10faa08b2b7c67995ec8af0ed13e6c7ad389aa92

SHA256
d7bffe6788541f1ae5b4b520981a8923a27b2fc922991e33a455060332a1ce02

SHA512
5ca4a9e9c460a5ec387a170c9827261079649988c2a981d86a95b73145494c474a2a3fc99a21c281f394e022db98d4ac5503db1b860f9c2fa80af5ea391cd3af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
30KB

MD5
205953cd6e4cc437cd39d2faafe630f4

SHA1
012250ef15e959e247e78b897dd1a69dbc9add72

SHA256
914b19f21447f137e9f995db6d105db6ab0ae3face06e3424c89b865c91bc620

SHA512
9f35e9cea67b96b38ce24af44c52b7b3ca984371fa7d82a5e35e5d08b7817f16fd2197e3dbebe67287119009c408bbf00bd7167dd47675098995620410582c5f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
28KB

MD5
f2bb9cda4748cd39125c1c9a244b9a66

SHA1
2d3b4c0fa73958e0951449fd2d599a9b3d6cc8c7

SHA256
c99a3c0db992df6cbafbb04cb9003b30a9d55413728f4be51e7ac0444ede20bc

SHA512
a605e114df811b9052d59decbccfe9dba9a2267bb902dbe4395a5b1d20f6a46e853680b417487a32dcc05b7afb765277f06f7e72e01e2a11212a23ca027d4a7b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
26KB

MD5
cc848a952578051f770a426571f4f8ee

SHA1
cb71a2ec2a791776e21f76d82f18493512ec4ac0

SHA256
761b242f0465bfd87000cc9371eac372bdae0b6086a3e618f07bde6d27135089

SHA512
55aecb7f990475313549bb44953e4513ca5241838dde23eef223222d8ffe6c8b58bd166f3afa6a9998532a667ad73868bb427484deceb6e73b30889c7bb23c8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_0

Filesize
13KB

MD5
825ccd8506f76922f23db621a480a831

SHA1
42bb74442f8dab3bd660b91112b8467249e6830d

SHA256
0fcce7769e6c2b3776a759260364e9036dd00423bf647d0bf69a31fe1d1984b6

SHA512
1bb33cf94b445537f1739bfe3ac758f9b7ae3b93f8782e2686aa640cc324c2efa2ff47e450b21ced1881c0efc8d17bc3c005d902dc1c9a9c4b49758500fc07f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_1

Filesize
22KB

MD5
605ac2684439913982a8de457fe21205

SHA1
ae88bf89c9de4f99b9ea19b520ec15366d6b2244

SHA256
d00e4c9636daa449560ece84248e169a86e34862579145e2b3e0734742ba79e7

SHA512
6bcdd1bdecc4e2784f94ee6fa8f7b2f06a020427f26e984edf24095d1bc43c61e0a7d7ca5689bc48a4595bc49034b6fed759b11dada93fbe9fea3428635eec6c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
120B

MD5
c23544769679f80e6cc0bc3cdfff9dfc

SHA1
edd205e28aedab58acb6744f7b0ace81346d7e54

SHA256
adf6f7943ad39a20b3faf6dd333a62cbcee3386fb749654b758e4386151d8bb3

SHA512
011c57e2d6aaaa67be1d2199c7a695ebb16852ec5f1d0ef5ed56060e198e5cd20f24d3a0194d0d2c2fc97b987d3da145556b5b83eb2df4819539c88ed2bb207e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
144B

MD5
c8ee5bd8a7815153c6b619a60a08396a

SHA1
7922f778a0a60c7bb20f9efe94c14ccb4b20a38f

SHA256
5204da1d5c3993b27ce089c0402e4b669aa2d70188308fe81fcbaa1e0db77e0c

SHA512
26c293b83d7a2860a2b0ccd210f61f49f22e3dc0a877e1f555a277617f43f89ff0ea1bd866aab5acbb7be54bcc4e306f6f9cccc476dec9f8c90276fc5e7bb631

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe59e3ee.TMP

Filesize
48B

MD5
ccf56ca93f7870fc0ed5f8836dcadbf3

SHA1
6bc23f8d9c9fc27e292d386e22cbedd17250bde4

SHA256
e23b42af54eab4f095cae6acbe0eadbc0f1a1cd4a93cef05b380adb9eea356e9

SHA512
c7dd72a6979465d75edb24a0406db4135c7d2a01d73e7d12ea3830e81a5a68a22c4f92c4a1817022301722ae3034c7a2098a46e47490d354c9ac7f773e56e47c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
15KB

MD5
834b95246577c18ef44c37f5d62f5fab

SHA1
c8bf4b6b2c76cf5c7a41bba71e9fee78a6ed1a77

SHA256
a2837bea31bad896321d15c8d478177ef5afb12930a1fbb3b7ef8b948eaa5b46

SHA512
2e4ccc37dad719aaa0c356b038a78d452c9f78d644074c44ce3265d8843ee345df64fa91b793ad1cb83fb9c87f6fae847c7e2ef7dfe984a80058996807c44cd6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
bacca6df6d49efc090e53ad19dd92339

SHA1
4809e6cce50728d1a411ece0902299dbaf3f35b5

SHA256
b30548d566815efe2c6f8a6c96c7848bbef50d6fc51570998549d11b54f2b592

SHA512
448b9ec0da357c7aebbd296b727d24c5bc756749a64716d7c8d0c851af5ab2e91626efd91aea5376c39db7059361580d85d1d882be19278452256745b4e99b38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
15KB

MD5
fd8303f15fbda906c5fb234ca1dfef07

SHA1
4433e74fa4fe2ff5d9471e8a32c969483f7417e2

SHA256
e8df6ad943cbc6e3264d3f6c4d9e05ffbb3e4517a9a3fd825f5cf1fe40000602

SHA512
ce331b26095ba060e62af4a883a2100344520fba119e3c4bff5c2a9c91929df55635b3fb782c0e7bb640fd2946c24cf2793a4a478a93b980b9edabc359afb665

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
10KB

MD5
9716996345c25305b9d2fe31700bed1f

SHA1
8624e5a36f225be531697c0696f94a168ff1d0ac

SHA256
a25716214796dbe37c85975618390d5f8b8f2d0cd864e144aa03e737842ae6f8

SHA512
c794406777adc2ab5859bf2f467154b2296817f2bd5fe5da01dc424eb97b9c97a12ec53a762326de6fc7d73bacda360af84a1b3232db9ecc00e88281daad1a63

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
11KB

MD5
2bc4514e22c1c1745230aa3b2ef2ca30

SHA1
064d038b1972d696b2c3af657bd85eae887ea35c

SHA256
6eb0c142a8f25cbf3d232a17736add80dd738607562552592ca17fac7bc7ff7b

SHA512
322d10a5539dfcb48e87290ceac20ec159e40d17948cf9a1bdcf3568eaffbf74ddff85b1821a4bf872f870d38fc3c93da5002ecad99a4cf33b171f4e7fc02e07

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
11KB

MD5
cad2efdc641ad3f12115f836cb86e799

SHA1
c9befba3cd76b38191b1637480dd0fd6b22202cc

SHA256
3371e1fc71b43a80e6c2e203f20aa6173cb6c75f596bbde2a70dc6a040b274a6

SHA512
c726744a32cb94fe3d4a71d2cecc7ea75eeb8a803e41d1fce4bd52e47fc35def143a42f214a8328210910396255767a252684b979a34d5021698c827c2469770

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
15KB

MD5
1aa275a5e26698a45ff07a60f14d10db

SHA1
90890f5ec8b782c9ab9ddfd8c0559181195ad8d0

SHA256
57c48f02249afe1db68a1c9139b695057547d51782bbc0f1b09991aaeaf74ddb

SHA512
df50a4c46efa977be402b3f094142ba875edd6c9fef66b552975c6f8016b1792f02b2fd3272550251cf1d63616d9f2ce204d75d0c6f8c7c373d2e28ded8c926b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
15KB

MD5
496eb56a101f208105877605438a3118

SHA1
0b00b0ac472ea8fa84048bc0a2e124628532e149

SHA256
ca19eb68d6daaea1803698211776e9a935cfdae4051e3e73b4009d7b31b2bde2

SHA512
bd1fbef4777708fd71daaaf606918e2d21b1a5a5dc500f7a46c84251ed0f14e59d54cfdece83f03801d8af956bf76bde6fd25fa6dbb5be422f9ba11f5e338dbd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
15KB

MD5
2834baf54b94ec3e37d468e4ba7cbc62

SHA1
305405fea9f8f08a6dee948b448e5c0a27b47895

SHA256
ed50e188661d8fe0082e44cf778775c77caec1626fcd454318db63dbc4043af8

SHA512
ba35af250b1b12e1ed8eb072bd14777d8d8bc364852f0293042b1630bb78391c2e5dfd2e7d4bb506e2376cfada9734ab677ff29df858d97c4773c938036ca117

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
15KB

MD5
bc59f16a681163d7af6ab89f09bca1e8

SHA1
82cdf8ce1369edfd08f87f6b89ce789322351c16

SHA256
a5143c8db64d94a88c63144dedd2603d1a16ae52ff0b7416531e57f2edd06caf

SHA512
5cce327e6fedd623a9af6ec76484b6bd4f6628034b6385a72596db0e2248028ba8b9d92c384c3d8c31eec47e68a9c50dcd897cae60e6a544a3c7d172b68a0192

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
15KB

MD5
9b9fe21a50585aedd2b4386ebbd04488

SHA1
d559659c1416fccb797321aa52b4cfe2341541f0

SHA256
e63faa37cdcdeda754a4eac9952f4cf9ed031e69983aa7d1de04cbc8a95e1403

SHA512
6abbb05247172401c5444d2a61428d2d9ff48987460c0895e3715c35f3bf1b9b7a4e8418db491a45f6557d41db2bdd2642ba667dfb74da26045b6eef50fc48ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
15KB

MD5
2a87a008ecf69ef76a4894c717322324

SHA1
6b5512e1fe4cffb4d300eaecd1010a896775ee02

SHA256
2390507a89a5eff350dd3484db3cf877374a88f98b0cc38b3497ef0b8488c33b

SHA512
687b4a367af70abcb3c9d7b9ef1255e69e3dd135d020053f756ac575677da0ff8cb15be78aa49cae451f4dc8bd800786950a717fd775911606407ce6c2a739b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
15KB

MD5
0523d25d962dfc1885c58acbe803899a

SHA1
83f16392a0455e799c7007790d8a18a2cc86150d

SHA256
f3cd835f6d8ba839b184e9286dd02db3672d08db7680c30a61595d631b44ecfc

SHA512
8f669ad0f3f2d9df7e00b4f098fcf4ec22d9bf0632cf1c39702c010eefadb7c16c8a1c21ba226d485b16becac14dd201d78f2ce734e10dbdc128ef6e76f863fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
15KB

MD5
849e30eb42069e45b59fe19d0c2bc1da

SHA1
ad791a3f3a809ed307826126350ab5d6e113135d

SHA256
48707e922f57cb5e28467dd4d4e27831bfa14815ec1d84059afbd803de424061

SHA512
10ed0ea0a7a8a11ce18628e9194269452ace9ad645ac1b50b3ff08715cedb1a76e7062d483ae531b27be62b3eadd9544aa18c5d6b7c7232e1fc107e85c6c2098

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
15KB

MD5
490e35b5ab10e628719416ebc5ce459d

SHA1
464455e504de60856b9d8f7fddba11b2aad1a665

SHA256
582b2bb7af9c27110a9bbb3703ba02a80e74d23c33d0da6acbee68b82eef72af

SHA512
6786672857626b54f595e238f8e0dee120e089b18c8de60ffce4bba7077730716f8187947d02ab2240cd3f80d5f23894b0a1f047695da5415c0421e49fd4f156

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
62586cc38048c2f06846d8b090a71315

SHA1
f51956e2d7fc9a82a89759fe170bbebebbf92aac

SHA256
04ae8d76e9681ad135f7a1433a92586b07dc9175773257f49187e04b498a19fd

SHA512
b31513c9f115076e765f8432f480ef51db1ae705cf66b69d319588d846f2eda1ec15e68e7914af59af2f7801a277b4d51d3b320641cc9c1d475aa1cbad22d4c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
9KB

MD5
9dbd3aebd251035d557ea2f7cb8d5364

SHA1
b54106070515ac07650b068b20dd2f201d07855f

SHA256
082b69df9e6e2807da78a2672003466682f3b8cb088d08092f74e8385d479470

SHA512
15fdae8f3a806522074aeca26523132c77f22b5c5869b56ff1a05d8d3c6d510d3b07f2e860f5788eaad8e9f180c1bb7463067c7c1e0b109556755e5422efd907

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
9KB

MD5
f15b5e29dc44f468aeaf058a49e345c8

SHA1
56ae9c8b85ee507c8e6d85dc17c0c5d3a15097ab

SHA256
11604f791535cd2ea41448caaf2abd0cb215a82ad0074a36e47236a28347ff5c

SHA512
3db304c36cf5391fcec8612fd1dfc30dc89dad44eebab1df670184aa7366e58e16d1862ccaf5220d7e7c2b9a8cefaf8167414ac47a98819e729d8c4feaffbe1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
11KB

MD5
a31601150e1058a4aa9d693e1ac3e594

SHA1
585ccfd2542e8f43f3d8f6f9a8841ea98d28b5c2

SHA256
6e658b6e929b8cc4b606a86a933fe1765305a1b4b8bdef48ad4adda20a5ffe9e

SHA512
32d6c2ced878ecaba672165c2247fd12e59359a9a1dc0bccf8275fc15c4349990b2f0ad47c816af8b2718e6453937d6d21de8363dca9d36a90a01672848ed0aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
7KB

MD5
a31bda78fe67056d3cf24b4126117f5c

SHA1
6e8d0c56b2f2da7ed3915f3b91c4f4796e8c7951

SHA256
bacfbbd82b8c2e0f1e83c631e1ef330d8dcd2467353b66ef63b00c3755ca9a35

SHA512
208bb4a6813b4b2ab1d06e965eb39caf186bdb7f159cdd1610535e8a20333ef7f314e5106e56218806a0c72fb09f3832c3481f6078377c92b197dd72f0a214b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
13KB

MD5
ba7d522fb8e8c01d025d4e9c6abe513d

SHA1
e7a7e29844825bceb2f953e966848a8a0a810a39

SHA256
c0bf79fcf5391e8320e6fe79b3b6db8c701ff8e78ea7eb46d15eadb56a0ade6b

SHA512
38b0e26e2e1e6da7abdf8c7b71cdba3c5d2ff0512e2fa09b4641c08fb857586a04124584c8b44cb566298707c658c774780beaee94a2d14ae6f1d0852ec86df3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
11KB

MD5
923e84d7c567e3bc9cd6782becb97b38

SHA1
31c4e087a1250776668f2a501676f5bd5ae92729

SHA256
76ce5ddb52a2dfdf8d1341ee58fbfc7d294dab6f0c006da3cefb2df38a04ae5f

SHA512
406718f0a498a028f3ce9e88cdef98bc4fe9f3b46075bbbeed35a0d498496c18bd52ee746f31c2526f4eec4389853c3cd82c1e5ffc79b3b935117047cbcd3d0f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
13KB

MD5
e39e05054b2c9cfd119e88e2be285161

SHA1
c1241e0477e9b6c07c453d60bfffa00d8cc7fc58

SHA256
5dc0147566386122d3b88f6c70d5bc0b54f9a60848e1f0a9f191ac5719f62d22

SHA512
ae6f3dbbee25bdaa588a23a82d2eaacd2cf2a3d2d4e5ace9073712a2d9aca8c48d80b3c569cd988bc51a84405abb12950d06037e93261d4cfc66bd02cbc41dee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
14KB

MD5
309ce7480f311078988d60420889d1a2

SHA1
c393864fdb23d7cdc492f681d4acf64fdd7573ba

SHA256
6553f0721c433a15ce48f623c6ca639a27c5eeb0cf381df74fa7073154a86fbe

SHA512
8004e426dc20f4217b1ad1933288b8d17146206944e9a14f2f2b9ef7ede862ba2176c8b4952a281dce5ce7f9fd63d315f9540dea8058d10667d5ffc5cca61aa7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
14KB

MD5
aaad811243dd5e055f8ff66be48be8b1

SHA1
fbcbddb39cb1461028b22f0088b3ab365ac43a94

SHA256
ff6b23a22f4c09667fd34f728552273104230605b253ec45876d54d54561fffe

SHA512
bac6b5a27a4e2a424a3ec7d01d7b8be258f8cb521f217cd9056d27334d7a2c0c69cee484cffd5530d92658d84216e8eecac75ec981bc5eef01743c1fa2355228

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
14KB

MD5
e609ef8b358241cad3c82dc429e076d1

SHA1
50ef577eafab1333cbbf1e65cc3ade053e4cc27f

SHA256
c643a9db8eb1fa5990748504027b336f3217bcf91d0baa3fcdfc098aa6786fa7

SHA512
6c3cf31eb7cbf68f30ba1d1d7048655cc02d5749db7cd9603eecbc0b9a246bc421a8ffc2a22cee9dfb505238509b41ad47fb2aaf19f7e62c37cd89cf2410ad76

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
10KB

MD5
f8228b7655548c827d5ef5c28614fec2

SHA1
6f9a17a0c2524288972810707c57fc2cd6ea3812

SHA256
e0f88c72d37db0ea3d389d2ade46c7b132e66f6bc4355946df974dccab2d29ca

SHA512
23318032b85b183e90b543d56020e6a4fab429ffb691954a837cbf46b1f0d2f6f84e9e945ad7f102d7fa90ed433158a2143726e4a5d7f752890c8b66bed4316d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
14KB

MD5
604b8f4746317e393982fa9780c71000

SHA1
71b34fa5ef9c1aa2cba28cc3122bf82891d15a11

SHA256
4911ca0d79487c07d2278abb29e5531b4d4eec041e1d4e2046c07a36d579f4ec

SHA512
77849dfe504df1517c7fbd86dd51b72507bac9a92eca71558a7ec2023baeee40a42d8cc3787a01b91fd16c62095bea354bd19034029a17814c9ba66b5567572d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
11KB

MD5
9304978df2a097ecb95643bd9a2dcb30

SHA1
d20d7cf2e151d9044d808b1e3483ff159d6a8b28

SHA256
aed9e476e79f2680b733411cd82f83cdd6dcf3adced8d74a5d2984756be7b18b

SHA512
dde313bcde4e07e122d1b46304219d431b09d912d579d2d4f865f2e85b67c490c67b04398bf1bc46199f44afae83c184267febfd144c3111c70a4527b19da3f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
14KB

MD5
4178d13594ac4f94319367e15fbe69c7

SHA1
f1a789f9ae2060b67b3449c8ccdb21592eb086d8

SHA256
26308e678cf8c30735a0ad3166faa3170b4ec63a589bd467dce2b2ddd15e6e56

SHA512
3ce3c7088249782eabf16e710e8c1464826027d4a9376c58890260508105cb20c5be1f3ec5f8951189166c726fefab517c4c66fed9c358b98040b8ac40e8b7d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
15KB

MD5
6ee4ef9618fab32ed421e264c8390109

SHA1
2263b1b1639ccc4615d1f72ec38dde239659e8fe

SHA256
2b62dadd87248d6aa377c77c1b1c48eec409f5c51dbb10dcf299dcb6dcac01cc

SHA512
ff5ee1e8dacd27226d6ffb4d34cb74455a10a25d70b6a6ed7e180b21edd612b7100cd3e6e3cead7ed8c7284b48af5ce4703d5f3d50ccc73a2be1d8782ff366f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58a747.TMP

Filesize
1KB

MD5
c0cb0a053bb03d7571e79c2c578fd261

SHA1
c9306103090db3af461b34897b97567d15925090

SHA256
a757d9f26cce80d4b1c35a80ce133b06dc98b5a06edd5b2cd7993cf4055115a3

SHA512
98879112463e675743c57fbc5238c0e0d2c04d9b894f097316c813d4f54faa1044325afdfd50069baf215fc527a8aa9c09458f94773b05911595aada38d7260c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\d8d7ab7b-04ad-46ec-ad38-e913a95cbf61.tmp

Filesize
5KB

MD5
b2d992b7157c588521ba986f3834a68b

SHA1
67cc3e21333307c95ca5430936506300423debc0

SHA256
e233d42fdb178ac41db606e906c3aa3c851c31c2c2e27293a4a0c652ade82dfb

SHA512
3c07182ac8fba3de904b39b1b5e46f0b469cf58ada3413e33da06239ad798cac30e2f68e039352528473297dab24496820e0e4caa8618a5bc42b1d7ece7cc516

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
533e230f702f538c03d5d0b87d06b27f

SHA1
b21cdfb6eee68df9a64e273052e69dd9357bcd05

SHA256
e6fcc5669f100015f03dc8c97d4c559b9a6f21c7593a296e4abb320ea3822d6b

SHA512
5a8627882f3f9487096fd0f513b7c596ee680294c9982bac783a603f06f082beae193715a3bf282c6c48617f079b84127d85effbf99910baf5915224bcd18b73

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
0a8345462009eaff3ccd31055692c379

SHA1
f2d49e557ab2b46f6a7b49c770b6d321bdcc78a0

SHA256
8e11dac4c6cd37618ea6af178cf8d7e13d34388997b6a3dd86d3ff1b8e367abc

SHA512
ce8aaa9b2ec4fa39b40ee10118e4afab5af5e6d0a2d59b1bbc7f2f81d27b6a4114817f127cd8220cb8201233fe7b17688b677ba5ffaf68d3453a84c7dc482aae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
764f9d2ac07741bef5a16ee5dcb891b0

SHA1
40eaccca0f927548e2ed3cdbb98db380eebe66ff

SHA256
fd52711c1af0c38531e16c2301b46d9585349815af4dc0d6a4a143db1c4449a4

SHA512
1657d2f8f32d86e97365cfae53aeaa68d4df585dabac7e74ece6af6918e92f38ebd20485c2c2ea22e8f4888aef3722f1bdd25fda2a237f96f7043faf99bdcedc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
cca66a76c4aec8b84dafc32910cce11a

SHA1
3bb2b758989760ca12c98008ea2bcba20e4be51c

SHA256
b1789e20271119eab2cd626724c3d0b0e16e4c000b68b144e0c74669fdf5a5d4

SHA512
757d5b37a184fee60236033460ebdecf0dc818633b9edcd3dbe1eac1b20f543b7595599a2b146a78af059f739e5241548fee8c6c0f8dcd0e228cefdd00e43283

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
ec7d58834e9c32f2129fd8f29a970146

SHA1
ee7850ca0c9ff80b764897e5dc291177dc4b2c95

SHA256
d33345601e89db221e24f796ee4b2b86b6efbfb3ae7d80ec680698a28c078475

SHA512
cb16d4f3812c0396c7196c2365cb0675fdde1f3338fd7d1070ac3fc233a215dd6d9e6b9840e6af62ddb38873e9abb2a56478926c07a2b7e205cd701c9c3d5917

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
f5bcd23fc07b8142bc6287b9b9c08276

SHA1
5d385a229a9b19ca97ec4bc93573a52c986a7cb8

SHA256
5c5a079e5f0179005b52ee1496532facd145c602438fbbea0e995adfd3dbe65f

SHA512
33aec4642e4f9f6d2d80c017de2dba0cfb64d8c31dbe3eef548ba04bc3a20e8c9deea428d2123e1bc574750115269dbfed84d207eb6254cf99a88b13089efa0f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
a1eb9a1d9a833a1642d08a7ba4c8d80b

SHA1
418b87fcffd4cf2fd1960b737e0829b663820ed3

SHA256
ed8bb53e91fdf2b33f592e8593c6105bd3743e40c0a42cb5397f7df4680c02a5

SHA512
ba6d91f419154723bf5ecfe6df4eb7a8b4f2b9cc2998f18df8cbb0ec7a68201c8c84278a4a6148e3b7f038ed5698367f2b8968a1bd221b85842a3f906ef38cef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
b4caa2fca9704bd6b40180f20b9e65a4

SHA1
f02a490077c51d5c4e59d6c0de61135622eb8647

SHA256
bb53c33102790e51bea9931158bc642671244f56be78c9ad7c1be9e9ae7589e6

SHA512
3ea1e84d563b6ecfd923a34bff6ba5cc8a6c8a249429c8eeead9bb125453d913881d7f5dba18a158fd75b877ac6266d3844c056b726b30d0947f5753dca6588d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
96decbb7c57b72f0a61417d6ebd65df6

SHA1
bdf8a867c44e6380fa6d5a4bbec40d3f78df11f7

SHA256
4318ecdfaf2e9998a68bbb125aa5ae20e9a77e1ceab219a0838d9eb4f7328377

SHA512
785da03d68fdf757082cd5e4238e9dd3abee4c4edda17fc16c71cb10fa182f5390536c973c7a9dfb5c2951ff02b22194d9843583c01efd663f952a9b4187b903

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
da6336ec52015ea7e0cb98cbe1043666

SHA1
9ee6e48bb58882a01529b9f71fd29de6b52a3ba6

SHA256
fd0db6ceac476391803339808d634a38126839eac3ca5c6a51e2651f18ff267e

SHA512
e928babf17a61b9c8016c26987ce3a067b34b0bbb4275f08f119a5b50c78a08a9a63b1e98f56dc75f59ed5f01e8252dd368c873bc8dbd009df9b68e1fd5b8c82

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
cff92ff44246d5db8a0d3ea58e7098b4

SHA1
b1b746697b5eabfaf6590268b70d3f52770ba8b4

SHA256
4838a0b703b34eb2496411696532898aa60077d22eb1637cb8ab8818b73ef91f

SHA512
f94fc4cccfd6beccc0268a506783d3b916f0adbe23ac7e93ffdb13d9b5b59ef839c38b116f6bb1b089974cc1c81ff5775c66b1a43b201341e5692831f55d4bf3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
cf97d56c1cca2fb5063bce18347bd45e

SHA1
255077420ac94172273d560c3b29f6583c1c638d

SHA256
72fa26697d531085ab8523e35a41a26bb139d06888e416b35174229bb34146b3

SHA512
9645a655aad07e85a70be81ad8b5d6dd3e0b07be2150211c0362ac974402fd873e3ea21a128bbd3ee77f9b99728d50a64aa5257f7a6b4db919e061d7ff449a1b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
270b4738e8c038693290e79b7d5db726

SHA1
f1f9d97cf721cb6470ca9e8a4be684e7b6a59b37

SHA256
c704bcb04d61701078ddeb92cc882c1a5b6f56de89f59562614c4d80bb7ca249

SHA512
01e7e6c22da28734963d12da19fdb037908234a7e1dc165722dad5aab8a66f1108f164b0a0736d2d7e2e3196ac11677892bc04a66e9f8cfd0df4acc41b171fe5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
a792d02ef5e057a90c38d6e2050a8047

SHA1
66be0f349901cdd6124bf9e8826913a346a8e912

SHA256
7ca7ba94d5426513482b957322810d27767098e9e540961eb687c0672da9dcde

SHA512
30811ab13924c4b321438073881e3dbc5c7b2b404ee7e04e25c1c9e713a715ebf6b50425a208528c92dc82c4aa3e243457ef1f3fbfabb2a15df9a57396e19758

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS0A926A7D\Assets\exit_close.png

Filesize
670B

MD5
26eb04b9e0105a7b121ea9c6601bbf2a

SHA1
efc08370d90c8173df8d8c4b122d2bb64c07ccd8

SHA256
7aaef329ba9fa052791d1a09f127551289641ea743baba171de55faa30ec1157

SHA512
9df3c723314d11a6b4ce0577eb61488061f2f96a9746a944eb6a4ee8c0c4d29131231a1b20988ef5454b79f9475b43d62c710839ecc0a9c98324f977cab6db68

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS0A926A7D\Assets\minimize_progress.png

Filesize
212B

MD5
1504b80f2a6f2d3fefc305da54a2a6c2

SHA1
432a9d89ebc2f693836d3c2f0743ea5d2077848d

SHA256
2f62d4e8c643051093f907058dddc78cc525147d9c4f4a0d78b4d0e5c90979f6

SHA512
675db04baf3199c8d94af30a1f1c252830a56a90f633c3a72aa9841738b04242902a5e7c56dd792626338e8b7eabc1f359514bb3a2e62bc36c16919e196cfd94

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS0A926A7D\Bootstrapper.exe

Filesize
153KB

MD5
9de5e5b49340d9fa15f35a8096706409

SHA1
8eafe4dfeed1b4548dd43da982d9bed5502f3eea

SHA256
521dc449417366fea60b2d5284733834383e454baab276e5ca209ec89932ce19

SHA512
72c08f8de757c7ff532c2d2553cdfed2bbdc67859b55f70752b30a3fb7a2094939e13315108c1e86655a270920fc823a315093ab1c04840c750eead45b81a0f3

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS0A926A7D\HD-CheckCpu.exe

Filesize
200KB

MD5
81234fd9895897b8d1f5e6772a1b38d0

SHA1
80b2fec4a85ed90c4db2f09b63bd8f37038db0d3

SHA256
2e14887f3432b4a313442247fc669f891dbdad7ef1a2d371466a2afa88074a4c

SHA512
4c924d6524dc2c7d834bfc1a0d98b21753a7bf1e94b1c2c6650f755e6f265512d3a963bc7bc745351f79f547add57c37e29ba9270707edbf62b60df3a541bc16

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS0E977EAB\Assets\change_hover.png

Filesize
310B

MD5
57092634754fc26e5515e3ed5ca7d461

SHA1
3ae4d01db9d6bba535f5292298502193dfc02710

SHA256
8e5847487da148ebb3ea029cc92165afd215cdc08f7122271e13eb37f94e6dc1

SHA512
553baf9967847292c8e9249dc3b1d55069f51c79f4d1d3832a0036e79691f433a3ce8296a68c774b5797caf7000037637ce61b8365885d2a4eed3ff0730e5e2a

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS0E977EAB\BlueStacksInstaller.exe

Filesize
627KB

MD5
f7d42d16b2415767bb51b38df46650d3

SHA1
cd6e7d6617abf98c6fef8203c69ea838e92b515b

SHA256
ac0686ea443da65d97875c7398487b813d3827f5423160a25219614fb58e152a

SHA512
06f4a0439c29c73f29685c24626050503e46c530a53b69c669ea6412228f66a3ecb09aab5b2b379cc330fec38fe3a1f0ba8ea26064bbf7a4b806ce1ddfe1cb29

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-A9QKO.tmp\WebAdvisor.png

Filesize
47KB

MD5
4cfff8dc30d353cd3d215fd3a5dbac24

SHA1
0f4f73f0dddc75f3506e026ef53c45c6fafbc87e

SHA256
0c430e56d69435d8ab31cbb5916a73a47d11ef65b37d289ee7d11130adf25856

SHA512
9d616f19c2496be6e89b855c41befc0235e3ce949d2b2ae7719c823f10be7fe0809bddfd93e28735b36271083dd802ae349b3ab7b60179b269d4a18c6cef4139

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-A9QKO.tmp\finish.png

Filesize
248KB

MD5
b24e872bd8f92295273197602aac8352

SHA1
2a9b0ebe62e21e9993aa5bfaaade14d2dda3b291

SHA256
41031efc4f7e322dc5ffacc94b9296fb28b9b922b1ce3b3da13bf659a5fd2985

SHA512
f08ac681abc4e0f6d7a1d1f2303169004e67c880f9353c0ed11dfab3eb511ddf841fa056f4090da8201c822c66ae55419c48cd87f11b9866feb46a3fe2c2af99

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-A9QKO.tmp\logo.png

Filesize
248KB

MD5
9cc8a637a7de5c9c101a3047c7fbbb33

SHA1
5e7b92e7ed3ca15d31a48ebe0297539368fff15c

SHA256
8c5c80bbc6b0fdb367eab1253517d8b156c85545a2d37d1ee4b78f3041d9b5db

SHA512
cf60556817dba2d7a39b72018f619b0dbea36fb227526943046b67d1ae501a96c838d6d5e3da64618592ac1e2fa14d4440baa91618aa66256f99ea2100a427b4

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-A9QKO.tmp\zbShieldUtils.dll

Filesize
2.0MB

MD5
3037e3d5409fb6a697f12addb01ba99b

SHA1
5d80d1c9811bdf8a6ce8751061e21f4af532f036

SHA256
a860bd74595430802f4e2e7ad8fd1d31d3da3b0c9faf17ad4641035181a5ce9e

SHA512
80a78a5d18afc83ba96264638820d9eed3dae9c7fc596312ac56f7e0ba97976647f27bd86ea586524b16176280bd26daed64a3d126c3454a191b0adc2bc4e35d

Download Submit
C:\Users\Admin\AppData\Local\Temp\lqj3jau0.eyn\BlueStacks-Installer_5.21.550.1031.log

Filesize
129KB

MD5
12198ff60f2de51eb7b7799ca7894c00

SHA1
09de667013469dca88605a59a4097f41c90fa88b

SHA256
558f1df23b62a799a790e886965b15863c8b1cfd947e8ea8f3cf8946e19cacd7

SHA512
04f1a5135bfefc30ec171ce21699e7a139f4c958aa57bcc86f53f3cad83429009e0adaa2a341e817fe02043d1fa4da66a8b6382436c84d7d1e82e692ce4d0975

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb572C.tmp\Registry.dll

Filesize
24KB

MD5
2b7007ed0262ca02ef69d8990815cbeb

SHA1
2eabe4f755213666dbbbde024a5235ddde02b47f

SHA256
0b25b20f26de5d5bd795f934c70447112b4981343fcb2dfab3374a4018d28c2d

SHA512
aa75ee59ca0b8530eb7298b74e5f334ae9d14129f603b285a3170b82103cfdcc175af8185317e6207142517769e69a24b34fcdf0f58ed50a4960cbe8c22a0aca

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb572C.tmp\StdUtils.dll

Filesize
100KB

MD5
c6a6e03f77c313b267498515488c5740

SHA1
3d49fc2784b9450962ed6b82b46e9c3c957d7c15

SHA256
b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

SHA512
9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb572C.tmp\System.dll

Filesize
12KB

MD5
0d7ad4f45dc6f5aa87f606d0331c6901

SHA1
48df0911f0484cbe2a8cdd5362140b63c41ee457

SHA256
3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca

SHA512
c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb572C.tmp\WinShell.dll

Filesize
3KB

MD5
1cc7c37b7e0c8cd8bf04b6cc283e1e56

SHA1
0b9519763be6625bd5abce175dcc59c96d100d4c

SHA256
9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

SHA512
7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb572C.tmp\nsExec.dll

Filesize
6KB

MD5
ec0504e6b8a11d5aad43b296beeb84b2

SHA1
91b5ce085130c8c7194d66b2439ec9e1c206497c

SHA256
5d9ceb1ce5f35aea5f9e5a0c0edeeec04dfefe0c77890c80c70e98209b58b962

SHA512
3f918f1b47e8a919cbe51eb17dc30acc8cfc18e743a1bae5b787d0db7d26038dc1210be98bf5ba3be8d6ed896dbbd7ac3d13e66454a98b2a38c7e69dad30bb57

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb572C.tmp\nsis7z.dll

Filesize
424KB

MD5
80e44ce4895304c6a3a831310fbf8cd0

SHA1
36bd49ae21c460be5753a904b4501f1abca53508

SHA256
b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592

SHA512
c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi50A9.tmp\BgWorker.dll

Filesize
12KB

MD5
36c81676ada53ceb99e06693108d8cce

SHA1
d31fa4aebd584238b3edc4768dd5414494610889

SHA256
a9e4f7ec65670d2ce375ffaf09b6d07f4cd531132ca002452287a4d540154a38

SHA512
1300de7b3e1ac9e706e0aad0b70e3e2a21db8c860e05b314a52e63dd66b5dffdf6be1e38ab6ede13bfd3a64631cc909486bf4b1403e7d821e3b566edc514c63c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi50A9.tmp\System.dll

Filesize
11KB

MD5
959ea64598b9a3e494c00e8fa793be7e

SHA1
40f284a3b92c2f04b1038def79579d4b3d066ee0

SHA256
03cd57ab00236c753e7ddeee8ee1c10839ace7c426769982365531042e1f6f8b

SHA512
5e765e090f712beffce40c5264674f430b08719940d66e3a4d4a516fd4ade859f7853f614d9d6bbb602780de54e11110d66dbb0f9ca20ef6096ede531f9f6d64

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi50A9.tmp\nsDui.dll

Filesize
3.0MB

MD5
5f57ecfc5bffd7f80391f643085b4a20

SHA1
f77cb73028e1660aa76ecb16d7ae835108bc9317

SHA256
339bd2a03b43d654b0e00886724681c3e9bdd5caea5b86343813c76025df6813

SHA512
0c5fc7d0a2f9cfa931839fbed93147d68ee2f8c09bdb13cc1e83b01b51d1b62771f0974e9b6d9d4e122ff343aa7d1a1198873fa9a1ffdfc17b6782e23550015d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
d932e11f5503fb23704e19384c4779e7

SHA1
2d145481a6d77f884e1b3ce5afe5aba1c9771f93

SHA256
7913a25f3fda526bbfc6afe56840900e453df15a606d27f4fa64bb4ec88b1424

SHA512
def1cbef5e4fe94cf5d9c526b78a95775ae57713b9d6d8859710e5e2d30a75ea6d4742e71cd48dd36f8a5b1420e0a0dcd9965e44a3079b372370f44768e42adb

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
f0693aaaff7032745f4c5449a678e3f3

SHA1
633e8538710409a3486b3579be9d00df3fbcdac0

SHA256
9dd2a418a7192142125d4eb69471edf8286bd8edcb4aa33bfc09667c4b73457c

SHA512
294295b85603aa19eaf4a14172289f1fa29ec94cbe7eaa3bdc8b5f45e48dd802d34ffecab1e282b8943003f3a3f70cf968316facea839f20a5cf90232e323aa0

Download Submit
C:\Users\Admin\AppData\Roaming\bluestacks-services\Network\Network Persistent State

Filesize
614B

MD5
4092f457a6e271a1dcdc33c9e681ff9a

SHA1
79c59fe820d2c6f14c351aea7752fe01d43b43c3

SHA256
9f449f81ec8dff92b7e50c6eb80df19940a7c7009987b03bcfe5dbe5464ce446

SHA512
e4a01fe1e4d9ccf6659933cbb5369704a93364d3f5766d38540240aff4a8b560f2d1719665e9c760732a29bf362e37b20b043438818b2eaa326915b73c7b07dd

Download Submit
C:\Users\Admin\AppData\Roaming\bluestacks-services\Network\Network Persistent State~RFe5e95b6.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Roaming\bluestacks-services\Network\TransportSecurity

Filesize
188B

MD5
b2fa701717dbc063d78a0294322786bc

SHA1
00f61508c1c03789e0c42afcb58892a65aaf7be0

SHA256
f104e6d8910cd0f8b90b1470d9f8458d96a085f57f23ac40f214a573c52cd6b2

SHA512
b743adf477a199cdffd17df9f75bc97f8c18a54cd29a62d4ffd53fa44223171881c0affb6a03c96712792b1143f2efae4c812e438a47cb5cfbb553ddbdfe8149

Download Submit
C:\Users\Admin\AppData\Roaming\bluestacks-services\Network\TransportSecurity~RFe5de8fb.TMP

Filesize
188B

MD5
3a606a34aa41df4444922baafbac0197

SHA1
948f71b9410f9cb08bb939251095210fd85280e4

SHA256
05272506986a67b5560f6a24513442164669cde2c72d4e359de8f1cf1e441dcf

SHA512
2c70820e0c63ab6ef2d979c8d9511eec6f2cf1ef9f0d1809c287d68ec7a22a5aee7667b7bc36ce1a7fafb4eb137a9f85cae6bda4fedce3aeb9b1ee19fa0307ea

Download Submit
C:\Users\Admin\AppData\Roaming\bluestacks-services\config.json

Filesize
92B

MD5
5eb22c09176af61eac510b1bd9e9f920

SHA1
b166259b9e60c3de9edbb30b5d8c8f571e17c60f

SHA256
7ca079d7cdb56b4e0534037f8a2130f060993dd4fdf99b19417c97805b522c47

SHA512
6d59fcf552c5d381c0ede89dbd8fd79f26987a4fad0d5eaad9d2790dd89f0c832cb965d70706569918991ee4c4661b8dc23ed1253da79afd75132c2dfa8553ef

Download Submit
C:\Users\Admin\AppData\Roaming\bluestacks-services\config.json

Filesize
1KB

MD5
4a834cbfcb546b692982c3a452acec18

SHA1
87788fa3cc86975112ac1293e690356f7c0c581f

SHA256
ad122ed71d0bdaa8a989212581949343126cb60540d115f4b4b6af2ccc6e1807

SHA512
e2d4c3b22330194469b9e1aebb059eb8f0d87bfca759d2236c1ed1b360ddb65324527623dbb64329ade093fff8a1ca5bd6b573c9d9094bd97b92186154e87d39

Download Submit
C:\Users\Admin\AppData\Roaming\bluestacks-services\config.json

Filesize
57B

MD5
6d0b6ed781d4e4278a98a3bf564e1152

SHA1
3da52998cde6ff5b76631d4ca14761f60034dc93

SHA256
331d5a1362ca1dfcf82426c58e69e9935eaf3c3bbbdd5dfdb44d07bd032ea4fe

SHA512
2434a478684dc5eea9976774f860d4d169d7a4d3e378003fbf89b730e52189c0f80a255d51ab96c33e260887bd5cd25bfb0c277f84ea7046bffb4fb4506f7a6a

Download Submit
C:\Users\Admin\AppData\Roaming\bluestacks-services\config.json

Filesize
119B

MD5
1da0f1d6fd8782d1b4be079c801d7985

SHA1
6af4bd0103fc209cd6f2f554004b972c6dd3e48b

SHA256
7feda8d7e3938613b6ebbd13f6dfb0e5093f289537b8fc29bc31a75f58bf2397

SHA512
ba232bb0a54125a1ab6246b6b53696385031e7a5b6eece029d0eee7597e084e1b5a50c9d991a2e726086eaf80f6b3cb2e692220a4577289cde8a8959ceba0fe5

Download Submit
C:\Users\Admin\AppData\Roaming\bluestacks-services\config.json.tmp-1377006012ea3923

Filesize
2KB

MD5
ff3e0610b589973755980321138bff3d

SHA1
87512946fe543f9966f757b4dbab7a51a8d08c47

SHA256
f299db89cd48310d98ed8bda8c084789f4c69948b2a902edb14d65b3636af0b5

SHA512
705c70b83be67b1549492e123a3dd56abd6973b13b930242b323224cf1c35c2a912ff87e144a70ace8070a6de5180d0293e09d98c7e9352dfdfb732c48c16621

Download Submit
C:\Users\Admin\Downloads\!Please Read Me!.txt

Filesize
797B

MD5
afa18cf4aa2660392111763fb93a8c3d

SHA1
c219a3654a5f41ce535a09f2a188a464c3f5baf5

SHA256
227082c719fd4394c1f2311a0877d8a302c5b092bcc49f853a5cf3d2945f42b0

SHA512
4161f250d59b7d4d4a6c4f16639d66d21b2a9606de956d22ec00bedb006643fedbbb8e4cde9f6c0c977285918648314883ca91f3442d1125593bf2605f2d5c6b

Download Submit
C:\Users\Admin\Downloads\@[email protected]

Filesize
933B

MD5
7e6b6da7c61fcb66f3f30166871def5b

SHA1
00f699cf9bbc0308f6e101283eca15a7c566d4f9

SHA256
4a25d98c121bb3bd5b54e0b6a5348f7b09966bffeec30776e5a731813f05d49e

SHA512
e5a56137f325904e0c7de1d0df38745f733652214f0cdb6ef173fa0743a334f95bed274df79469e270c9208e6bdc2e6251ef0cdd81af20fa1897929663e2c7d3

Download Submit
C:\Users\Admin\Downloads\@[email protected]

Filesize
240KB

MD5
7bf2b57f2a205768755c07f238fb32cc

SHA1
45356a9dd616ed7161a3b9192e2f318d0ab5ad10

SHA256
b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25

SHA512
91a39e919296cb5c6eccba710b780519d90035175aa460ec6dbe631324e5e5753bd8d87f395b5481bcd7e1ad623b31a34382d81faae06bef60ec28b49c3122a9

Download Submit
C:\Users\Admin\Downloads\CheatEngine75.exe

Filesize
28.5MB

MD5
647a2177841aebe2f1bb1b3767f41287

SHA1
446575615e7fcc9c58fb04cad12909a183a2eb15

SHA256
07c1abb57c4498748c4f1344a786c2c136b82651786ed005d999ecbf6054fb2c

SHA512
f3165aec7a4b7adb7e6ffca56812f769b7b085000d50bf235ca1c7e74d76dfb5549de9561e281623c734c2dec9fc37b54af572c3e97fcb9fb1411102ae3da0c0

Download Submit
C:\Users\Admin\Downloads\CheatEngine75.exe:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 224865.crdownload

Filesize
224KB

MD5
5c7fb0927db37372da25f270708103a2

SHA1
120ed9279d85cbfa56e5b7779ffa7162074f7a29

SHA256
be22645c61949ad6a077373a7d6cd85e3fae44315632f161adc4c99d5a8e6844

SHA512
a15f97fad744ccf5f620e5aabb81f48507327b898a9aa4287051464019e0f89224c484e9691812e166471af9beaddcfc3deb2ba878658761f4800663beef7206

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 372530.crdownload

Filesize
3.4MB

MD5
84c82835a5d21bbcf75a61706d8ab549

SHA1
5ff465afaabcbf0150d1a3ab2c2e74f3a4426467

SHA256
ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa

SHA512
90723a50c20ba3643d625595fd6be8dcf88d70ff7f4b4719a88f055d5b3149a4231018ea30d375171507a147e59f73478c0c27948590794554d031e7d54b7244

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 414439.crdownload

Filesize
211KB

MD5
b805db8f6a84475ef76b795b0d1ed6ae

SHA1
7711cb4873e58b7adcf2a2b047b090e78d10c75b

SHA256
f5d002bfe80b48386a6c99c41528931b7f5df736cd34094463c3f85dde0180bf

SHA512
62a2c329b43d186c4c602c5f63efc8d2657aa956f21184334263e4f6d0204d7c31f86bda6e85e65e3b99b891c1630d805b70997731c174f6081ecc367ccf9416

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 533103.crdownload

Filesize
913KB

MD5
f88ed174d2848207ff096424f705257b

SHA1
2186f6b58eb9cb2b7434071f2719426c43cc004b

SHA256
96bd9c9e7ff547805dce20e583aa95e3a047db2d01c1984549a825fa5f04f7c0

SHA512
4307f8ce28c62758f80bc3f38c096da68ceb0cb444c3b055159eabf408f2ac8ac0dd9bac156d77a454c6c48a7c00cff94c63fb594c0ce5106fbb8df32b379e17

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 867833.crdownload

Filesize
53KB

MD5
87ccd6f4ec0e6b706d65550f90b0e3c7

SHA1
213e6624bff6064c016b9cdc15d5365823c01f5f

SHA256
e79f164ccc75a5d5c032b4c5a96d6ad7604faffb28afe77bc29b9173fa3543e4

SHA512
a72403d462e2e2e181dbdabfcc02889f001387943571391befed491aaecba830b0869bdd4d82bca137bd4061bbbfb692871b1b4622c4a7d9f16792c60999c990

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 867833.crdownload:SmartScreen

Filesize
7B

MD5
4047530ecbc0170039e76fe1657bdb01

SHA1
32db7d5e662ebccdd1d71de285f907e3a1c68ac5

SHA256
82254025d1b98d60044d3aeb7c56eed7c61c07c3e30534d6e05dab9d6c326750

SHA512
8f002af3f4ed2b3dfb4ed8273318d160152da50ee4842c9f5d9915f50a3e643952494699c4258e6af993dc6e1695d0dc3db6d23f4d93c26b0bc6a20f4b4f336e

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 966772.crdownload

Filesize
424KB

MD5
e263c5b306480143855655233f76dc5a

SHA1
e7dcd6c23c72209ee5aa0890372de1ce52045815

SHA256
1f69810b8fe71e30a8738278adf09dd982f7de0ab9891d296ce7ea61b3fa4f69

SHA512
e95981eae02d0a8bf44493c64cca8b7e50023332e91d75164735a1d0e38138f358100c93633ff3a0652e1c12a5155cba77d81e01027422d7d5f71000eafb4113

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 999180.crdownload

Filesize
414KB

MD5
c850f942ccf6e45230169cc4bd9eb5c8

SHA1
51c647e2b150e781bd1910cac4061a2cee1daf89

SHA256
86e0eac8c5ce70c4b839ef18af5231b5f92e292b81e440193cdbdc7ed108049f

SHA512
2b3890241b8c8690aab0aed347daa778aba20f29f76e8b79b02953b6252324317520b91ea60d3ef73e42ad403f7a6e0e3f2a057799f21ed447dae7096b2f47d9

Download Submit
C:\Users\Admin\Downloads\msg\m_finnish.wnry

Filesize
37KB

MD5
35c2f97eea8819b1caebd23fee732d8f

SHA1
e354d1cc43d6a39d9732adea5d3b0f57284255d2

SHA256
1adfee058b98206cb4fbe1a46d3ed62a11e1dee2c7ff521c1eef7c706e6a700e

SHA512
908149a6f5238fcccd86f7c374986d486590a0991ef5243f0cd9e63cc8e208158a9a812665233b09c3a478233d30f21e3d355b94f36b83644795556f147345bf

Download Submit
C:\Users\Admin\Downloads\popcapgame1.CT

Filesize
28KB

MD5
8c8ecbcb015cd3341a59804a4734f3a4

SHA1
b40f3161aa6af3e5f0f50ac7e319acaf9ac1a5ad

SHA256
7090761d9c6d6452d5a06b1a720de000ccc4977bbb59681856019531227ce801

SHA512
0ff9b37358af243e9a0fad8fa17d5c8cb14cf400d451142128ab2afb721336eb0539a2bf113fce299b86d0b8a51841fa65f2f31de6b0280dc1cd1a82f7c01796

Download Submit
C:\Users\Admin\Downloads\u.wry

Filesize
236KB

MD5
cf1416074cd7791ab80a18f9e7e219d9

SHA1
276d2ec82c518d887a8a3608e51c56fa28716ded

SHA256
78e3f87f31688355c0f398317b2d87d803bd87ee3656c5a7c80f0561ec8606df

SHA512
0bb0843a90edacaf1407e6a7273a9fbb896701635e4d9467392b7350ad25a1bec0c1ceef36737b4af5e5841936f4891436eded0533aa3d74c9a54efa42f024c5

Download Submit
C:\Users\Admin\Videos\Captures\desktop.ini

Filesize
190B

MD5
b0d27eaec71f1cd73b015f5ceeb15f9d

SHA1
62264f8b5c2f5034a1e4143df6e8c787165fbc2f

SHA256
86d9f822aeb989755fac82929e8db369b3f5f04117ef96fd76e3d5f920a501d2

SHA512
7b5c9783a0a14b600b156825639d24cbbc000f5066c48ce9fecc195255603fc55129aaaca336d7ce6ad4e941d5492b756562f2c7a1d151fcfc2dabac76f3946c

Download Submit
C:\Users\Default\Desktop\@[email protected]

Filesize
1.4MB

MD5
c17170262312f3be7027bc2ca825bf0c

SHA1
f19eceda82973239a1fdc5826bce7691e5dcb4fb

SHA256
d5e0e8694ddc0548d8e6b87c83d50f4ab85c1debadb106d6a6a794c3e746f4fa

SHA512
c6160fd03ad659c8dd9cf2a83f9fdcd34f2db4f8f27f33c5afd52aced49dfa9ce4909211c221a0479dbbb6e6c985385557c495fc04d3400ff21a0fbbae42ee7c

Download Submit
C:\Windows\System32\storage.json

Filesize
51B

MD5
aa9ab927f7bc1bc84ada9519e58f9650

SHA1
a9515474d15f9cd43c4f1c30b2c7041d6c6b05c4

SHA256
3cb23b535845ddd6fd6160dbb5fb6b14096161d3e632e0dc424a788875c85094

SHA512
b5bb47ea20ec20587e29dd3b6f8f68e7f8ac567e087b1e432320c3264769ae5e03b16693f5c9d4ba38a0c67d2f2a071b3ee7d104e75cbfaa0aa9342515f0085c

Download Submit
memory/536-19062-0x0000000004A50000-0x0000000004AEC000-memory.dmp

Filesize
624KB

Download
memory/536-23756-0x0000000006040000-0x00000000060A6000-memory.dmp

Filesize
408KB

Download
memory/536-19061-0x0000000000010000-0x000000000004C000-memory.dmp

Filesize
240KB

Download
memory/536-19063-0x0000000004CC0000-0x0000000004D16000-memory.dmp

Filesize
344KB

Download
memory/4968-15174-0x00007FFB325B0000-0x00007FFB325B1000-memory.dmp

Filesize
4KB

Download
memory/4968-15173-0x00007FFB30D90000-0x00007FFB30D91000-memory.dmp

Filesize
4KB

Download
memory/4968-16271-0x00000285988D0000-0x00000285989BA000-memory.dmp

Filesize
936KB

Download
memory/5048-26435-0x0000000000600000-0x0000000000672000-memory.dmp

Filesize
456KB

Download
memory/5052-5017-0x0000000000490000-0x0000000000530000-memory.dmp

Filesize
640KB

Download
memory/5052-5023-0x000000001BC80000-0x000000001BC8E000-memory.dmp

Filesize
56KB

Download
memory/5052-5018-0x000000001B370000-0x000000001B3D8000-memory.dmp

Filesize
416KB

Download
memory/5052-5020-0x000000001C7D0000-0x000000001CCF8000-memory.dmp

Filesize
5.2MB

Download
memory/5052-5024-0x000000001F9A0000-0x000000001F9A8000-memory.dmp

Filesize
32KB

Download
memory/5052-5022-0x000000001BCB0000-0x000000001BCE8000-memory.dmp

Filesize
224KB

Download
memory/5208-14432-0x000000001B540000-0x000000001B624000-memory.dmp

Filesize
912KB

Download
memory/5208-14431-0x0000000000910000-0x0000000000938000-memory.dmp

Filesize
160KB

Download
memory/5572-17605-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/5572-16992-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/5736-16218-0x0000000023780000-0x00000000237A2000-memory.dmp

Filesize
136KB

Download
memory/5736-14434-0x000000001CEE0000-0x000000001CF60000-memory.dmp

Filesize
512KB

Download
memory/5736-16217-0x0000000023740000-0x0000000023748000-memory.dmp

Filesize
32KB

Download
memory/5736-14433-0x0000000000BC0000-0x0000000000C16000-memory.dmp

Filesize
344KB

Download
memory/6048-18780-0x0000000000BA0000-0x0000000000C0E000-memory.dmp

Filesize
440KB

Download
memory/6048-18782-0x00000000056E0000-0x0000000005772000-memory.dmp

Filesize
584KB

Download
memory/6048-18781-0x0000000005BF0000-0x0000000006196000-memory.dmp

Filesize
5.6MB

Download
memory/6048-18783-0x0000000005870000-0x000000000587A000-memory.dmp

Filesize
40KB

Download
memory/6124-17604-0x0000000000400000-0x000000000071B000-memory.dmp

Filesize
3.1MB

Download
memory/7536-17609-0x0000000004420000-0x0000000004560000-memory.dmp

Filesize
1.2MB

Download
memory/7536-17621-0x0000000000400000-0x00000000006EE000-memory.dmp

Filesize
2.9MB

Download
memory/7536-16970-0x0000000004420000-0x0000000004560000-memory.dmp

Filesize
1.2MB

Download
memory/7536-16984-0x0000000004420000-0x0000000004560000-memory.dmp

Filesize
1.2MB

Download
memory/7564-17622-0x0000000000400000-0x00000000004CC000-memory.dmp

Filesize
816KB

Download
memory/7564-16936-0x0000000000400000-0x00000000004CC000-memory.dmp

Filesize
816KB

Download
memory/9544-16692-0x0000017C279C0000-0x0000017C279C1000-memory.dmp

Filesize
4KB

Download
memory/9544-16687-0x0000017C279C0000-0x0000017C279C1000-memory.dmp

Filesize
4KB

Download
memory/9544-16688-0x0000017C279C0000-0x0000017C279C1000-memory.dmp

Filesize
4KB

Download
memory/9544-16690-0x0000017C279C0000-0x0000017C279C1000-memory.dmp

Filesize
4KB

Download
memory/9544-16689-0x0000017C279C0000-0x0000017C279C1000-memory.dmp

Filesize
4KB

Download
memory/9544-16691-0x0000017C279C0000-0x0000017C279C1000-memory.dmp

Filesize
4KB

Download
memory/9544-16693-0x0000017C279C0000-0x0000017C279C1000-memory.dmp

Filesize
4KB

Download
memory/9544-16682-0x0000017C279C0000-0x0000017C279C1000-memory.dmp

Filesize
4KB

Download
memory/9544-16683-0x0000017C279C0000-0x0000017C279C1000-memory.dmp

Filesize
4KB

Download
memory/9544-16681-0x0000017C279C0000-0x0000017C279C1000-memory.dmp

Filesize
4KB

Download
memory/10148-16915-0x0000000010000000-0x0000000010041000-memory.dmp

Filesize
260KB

Download
memory/10148-17623-0x0000000010000000-0x0000000010041000-memory.dmp

Filesize
260KB

Download
memory/10148-17646-0x0000000010000000-0x0000000010041000-memory.dmp

Filesize
260KB

Download
memory/10148-17652-0x0000000010000000-0x0000000010041000-memory.dmp

Filesize
260KB

Download
memory/10148-17656-0x0000000010000000-0x0000000010041000-memory.dmp

Filesize
260KB

Download
memory/10148-17665-0x0000000010000000-0x0000000010041000-memory.dmp

Filesize
260KB

Download
memory/10148-17770-0x0000000010000000-0x0000000010041000-memory.dmp

Filesize
260KB

Download
memory/10148-16727-0x0000000010000000-0x0000000010041000-memory.dmp

Filesize
260KB

Download
memory/10148-17903-0x0000000010000000-0x0000000010041000-memory.dmp

Filesize
260KB

Download
memory/10148-17951-0x0000000010000000-0x0000000010041000-memory.dmp

Filesize
260KB

Download
memory/10148-16962-0x0000000010000000-0x0000000010041000-memory.dmp

Filesize
260KB

Download
memory/10148-17987-0x0000000010000000-0x0000000010041000-memory.dmp

Filesize
260KB

Download
memory/10148-16932-0x0000000010000000-0x0000000010041000-memory.dmp

Filesize
260KB

Download
memory/10148-16923-0x0000000010000000-0x0000000010041000-memory.dmp

Filesize
260KB

Download
memory/10148-18020-0x0000000010000000-0x0000000010041000-memory.dmp

Filesize
260KB

Download
memory/10148-16916-0x0000000010000000-0x0000000010041000-memory.dmp

Filesize
260KB

Download