hxxps://discord[.]gg/pg3d

Analysis

max time kernel
1199s
max time network
1200s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
14/11/2024, 20:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://discord.gg/pg3d

Score

8^/10

microsoft defense_evasion discovery execution motw phishing

Malware Config

Signatures

Downloads MZ/PE file
A potential corporate email address has been identified in the URL: [email protected]
phishing
A potential corporate email address has been identified in the URL: [email protected]
phishing
A potential corporate email address has been identified in the URL: [email protected]
phishing
A potential corporate email address has been identified in the URL: usersOID0003bffe8af657980000000000000000@84df9e7fe9f640afb435aaaaaaaaaaaa
phishing

Executes dropped EXE 4 IoCs

pid	Process
2624	windowkill-vulkan.exe
1536	windowkill-vulkan.exe
656	windowkill-vulkan.exe
1056	windowkill-vulkan.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 13 IoCs

Using powershell.exe command.

execution

PowerShell

T1059.001

pid	Process
1708	powershell.exe
4160	powershell.exe
4528	powershell.exe
4816	powershell.exe
516	powershell.exe
3132	powershell.exe
4224	powershell.exe
3440	powershell.exe
4748	powershell.exe
4020	powershell.exe
232	powershell.exe
392	powershell.exe
1332	powershell.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs

Web Service

T1102

flow	ioc
384	discord.com
497	discord.com
12	discord.com
14	discord.com

Mark of the Web detected: This indicates that the page was originally saved or cloned. 1 IoCs

phishing motw

flow	ioc
909	https://storage.googleapis.com/script.aniview.com/ssync/62f53b2c7850d0786f227f64/ssync.html

Obfuscated Files or Information: Command Obfuscation 1 TTPs
Adversaries may obfuscate content during command execution to impede detection.
defense_evasion

Command Obfuscation
T1027.010
Detected potential entity reuse from brand MICROSOFT.
phishing microsoft

Launches sc.exe 36 IoCs

Sc.exe is a Windows utlilty to control services on the system.

pid	Process
2604	sc.exe
3164	sc.exe
3232	sc.exe
4996	sc.exe
2228	sc.exe
3980	sc.exe
3932	sc.exe
1080	sc.exe
4348	sc.exe
3264	sc.exe
4596	sc.exe
1196	sc.exe
1428	sc.exe
4672	sc.exe
4348	sc.exe
4248	sc.exe
1448	sc.exe
1488	sc.exe
4948	sc.exe
1704	sc.exe
2564	sc.exe
4992	sc.exe
3308	sc.exe
4888	sc.exe
4672	sc.exe
3244	sc.exe
3264	sc.exe
1956	sc.exe
3500	sc.exe
1976	sc.exe
1660	sc.exe
4156	sc.exe
1748	sc.exe
956	sc.exe
3884	sc.exe
3096	sc.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	powershell.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	PowerShell_ISE.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 4 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
3868	PING.EXE
2472	cmd.exe
2868	cmd.exe
5036	PING.EXE

Checks SCSI registry key(s) 3 TTPs 12 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	Clipup.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	Clipup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000	Clipup.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	clipup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000	clipup.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs	clipup.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\CompatibleIDs	Clipup.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	Clipup.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs	Clipup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	clipup.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\CompatibleIDs	clipup.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	clipup.exe

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies registry class 8 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe\Children	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3756129449-3121373848-4276368241-1000\{6A40D57B-A465-4D2A-8BC0-A31821497F19}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\DisplayName = "Chrome Sandbox"	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Moniker = "cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Children	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage	msedge.exe

Modifies registry key 1 TTPs 48 IoCs

Modify Registry

T1112

pid	Process
228	reg.exe
228	reg.exe
4548	reg.exe
1676	reg.exe
656	reg.exe
5080	reg.exe
2804	reg.exe
740	reg.exe
4024	reg.exe
4896	reg.exe
3548	reg.exe
4824	reg.exe
4348	reg.exe
1196	reg.exe
4640	reg.exe
4748	reg.exe
1708	reg.exe
4644	reg.exe
2468	reg.exe
1260	reg.exe
1684	reg.exe
4304	reg.exe
1704	reg.exe
4992	reg.exe
3088	reg.exe
4508	reg.exe
4028	reg.exe
4764	reg.exe
3104	reg.exe
2856	reg.exe
3368	reg.exe
3644	reg.exe
2200	reg.exe
1956	reg.exe
2228	reg.exe
4172	reg.exe
3732	reg.exe
3920	reg.exe
4876	reg.exe
2972	reg.exe
2296	reg.exe
3540	reg.exe
2124	reg.exe
4448	reg.exe
4296	reg.exe
4596	reg.exe
2852	reg.exe
4116	reg.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 5489.crdownload:SmartScreen	msedge.exe

Runs ping.exe 1 TTPs 2 IoCs

Remote System Discovery

T1018

pid	Process
3868	PING.EXE
5036	PING.EXE

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
1344	msedge.exe
1344	msedge.exe
1968	msedge.exe
1968	msedge.exe
2936	msedge.exe
2936	msedge.exe
4528	identity_helper.exe
4528	identity_helper.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
2012	msedge.exe
1964	PowerShell_ISE.exe
1964	PowerShell_ISE.exe
1964	PowerShell_ISE.exe
516	powershell.exe
516	powershell.exe
516	powershell.exe
4020	powershell.exe
4020	powershell.exe
4020	powershell.exe
232	powershell.exe
232	powershell.exe
232	powershell.exe
392	powershell.exe
392	powershell.exe
392	powershell.exe
1332	powershell.exe
1332	powershell.exe
1332	powershell.exe
2228	powershell.exe
2228	powershell.exe
2228	powershell.exe
3132	powershell.exe
3132	powershell.exe
3132	powershell.exe
4224	powershell.exe
4224	powershell.exe
4224	powershell.exe
2348	powershell.exe
2348	powershell.exe
2348	powershell.exe
1708	powershell.exe
1708	powershell.exe
1708	powershell.exe
4748	powershell.exe
4748	powershell.exe
4748	powershell.exe
2544	powershell.exe
2544	powershell.exe
2544	powershell.exe
2200	powershell.exe
2200	powershell.exe
2200	powershell.exe
4436	powershell.exe
4436	powershell.exe
4436	powershell.exe
1428	powershell.exe
1428	powershell.exe
1428	powershell.exe
3440	powershell.exe
3440	powershell.exe
3440	powershell.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
244	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs

pid	Process
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: 33	4252	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4252	AUDIODG.EXE
Token: 33	3712	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3712	AUDIODG.EXE
Token: SeDebugPrivilege	1964	PowerShell_ISE.exe
Token: SeDebugPrivilege	516	powershell.exe
Token: SeDebugPrivilege	4020	powershell.exe
Token: SeDebugPrivilege	232	powershell.exe
Token: SeDebugPrivilege	392	powershell.exe
Token: SeDebugPrivilege	1332	powershell.exe
Token: SeIncreaseQuotaPrivilege	464	WMIC.exe
Token: SeSecurityPrivilege	464	WMIC.exe
Token: SeTakeOwnershipPrivilege	464	WMIC.exe
Token: SeLoadDriverPrivilege	464	WMIC.exe
Token: SeSystemProfilePrivilege	464	WMIC.exe
Token: SeSystemtimePrivilege	464	WMIC.exe
Token: SeProfSingleProcessPrivilege	464	WMIC.exe
Token: SeIncBasePriorityPrivilege	464	WMIC.exe
Token: SeCreatePagefilePrivilege	464	WMIC.exe
Token: SeBackupPrivilege	464	WMIC.exe
Token: SeRestorePrivilege	464	WMIC.exe
Token: SeShutdownPrivilege	464	WMIC.exe
Token: SeDebugPrivilege	464	WMIC.exe
Token: SeSystemEnvironmentPrivilege	464	WMIC.exe
Token: SeRemoteShutdownPrivilege	464	WMIC.exe
Token: SeUndockPrivilege	464	WMIC.exe
Token: SeManageVolumePrivilege	464	WMIC.exe
Token: 33	464	WMIC.exe
Token: 34	464	WMIC.exe
Token: 35	464	WMIC.exe
Token: 36	464	WMIC.exe
Token: SeIncreaseQuotaPrivilege	464	WMIC.exe
Token: SeSecurityPrivilege	464	WMIC.exe
Token: SeTakeOwnershipPrivilege	464	WMIC.exe
Token: SeLoadDriverPrivilege	464	WMIC.exe
Token: SeSystemProfilePrivilege	464	WMIC.exe
Token: SeSystemtimePrivilege	464	WMIC.exe
Token: SeProfSingleProcessPrivilege	464	WMIC.exe
Token: SeIncBasePriorityPrivilege	464	WMIC.exe
Token: SeCreatePagefilePrivilege	464	WMIC.exe
Token: SeBackupPrivilege	464	WMIC.exe
Token: SeRestorePrivilege	464	WMIC.exe
Token: SeShutdownPrivilege	464	WMIC.exe
Token: SeDebugPrivilege	464	WMIC.exe
Token: SeSystemEnvironmentPrivilege	464	WMIC.exe
Token: SeRemoteShutdownPrivilege	464	WMIC.exe
Token: SeUndockPrivilege	464	WMIC.exe
Token: SeManageVolumePrivilege	464	WMIC.exe
Token: 33	464	WMIC.exe
Token: 34	464	WMIC.exe
Token: 35	464	WMIC.exe
Token: 36	464	WMIC.exe
Token: SeDebugPrivilege	2228	powershell.exe
Token: SeIncreaseQuotaPrivilege	3980	WMIC.exe
Token: SeSecurityPrivilege	3980	WMIC.exe
Token: SeTakeOwnershipPrivilege	3980	WMIC.exe
Token: SeLoadDriverPrivilege	3980	WMIC.exe
Token: SeSystemProfilePrivilege	3980	WMIC.exe
Token: SeSystemtimePrivilege	3980	WMIC.exe
Token: SeProfSingleProcessPrivilege	3980	WMIC.exe
Token: SeIncBasePriorityPrivilege	3980	WMIC.exe
Token: SeCreatePagefilePrivilege	3980	WMIC.exe
Token: SeBackupPrivilege	3980	WMIC.exe
Token: SeRestorePrivilege	3980	WMIC.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1964	PowerShell_ISE.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
3340	7zG.exe
1536	windowkill-vulkan.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
4440	chrome.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2624	windowkill-vulkan.exe
1536	windowkill-vulkan.exe
656	windowkill-vulkan.exe
244	msedge.exe
244	msedge.exe
1056	windowkill-vulkan.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1968 wrote to memory of 2996	1968	msedge.exe	83
PID 1968 wrote to memory of 2996	1968	msedge.exe	83
PID 1968 wrote to memory of 4300	1968	msedge.exe	84
PID 1968 wrote to memory of 4300	1968	msedge.exe	84
PID 1968 wrote to memory of 4300	1968	msedge.exe	84
PID 1968 wrote to memory of 4300	1968	msedge.exe	84
PID 1968 wrote to memory of 4300	1968	msedge.exe	84
PID 1968 wrote to memory of 4300	1968	msedge.exe	84
PID 1968 wrote to memory of 4300	1968	msedge.exe	84
PID 1968 wrote to memory of 4300	1968	msedge.exe	84
PID 1968 wrote to memory of 4300	1968	msedge.exe	84
PID 1968 wrote to memory of 4300	1968	msedge.exe	84
PID 1968 wrote to memory of 4300	1968	msedge.exe	84
PID 1968 wrote to memory of 4300	1968	msedge.exe	84
PID 1968 wrote to memory of 4300	1968	msedge.exe	84
PID 1968 wrote to memory of 4300	1968	msedge.exe	84
PID 1968 wrote to memory of 4300	1968	msedge.exe	84
PID 1968 wrote to memory of 4300	1968	msedge.exe	84
PID 1968 wrote to memory of 4300	1968	msedge.exe	84
PID 1968 wrote to memory of 4300	1968	msedge.exe	84
PID 1968 wrote to memory of 4300	1968	msedge.exe	84
PID 1968 wrote to memory of 4300	1968	msedge.exe	84
PID 1968 wrote to memory of 4300	1968	msedge.exe	84
PID 1968 wrote to memory of 4300	1968	msedge.exe	84
PID 1968 wrote to memory of 4300	1968	msedge.exe	84
PID 1968 wrote to memory of 4300	1968	msedge.exe	84
PID 1968 wrote to memory of 4300	1968	msedge.exe	84
PID 1968 wrote to memory of 4300	1968	msedge.exe	84
PID 1968 wrote to memory of 4300	1968	msedge.exe	84
PID 1968 wrote to memory of 4300	1968	msedge.exe	84
PID 1968 wrote to memory of 4300	1968	msedge.exe	84
PID 1968 wrote to memory of 4300	1968	msedge.exe	84
PID 1968 wrote to memory of 4300	1968	msedge.exe	84
PID 1968 wrote to memory of 4300	1968	msedge.exe	84
PID 1968 wrote to memory of 4300	1968	msedge.exe	84
PID 1968 wrote to memory of 4300	1968	msedge.exe	84
PID 1968 wrote to memory of 4300	1968	msedge.exe	84
PID 1968 wrote to memory of 4300	1968	msedge.exe	84
PID 1968 wrote to memory of 4300	1968	msedge.exe	84
PID 1968 wrote to memory of 4300	1968	msedge.exe	84
PID 1968 wrote to memory of 4300	1968	msedge.exe	84
PID 1968 wrote to memory of 4300	1968	msedge.exe	84
PID 1968 wrote to memory of 1344	1968	msedge.exe	85
PID 1968 wrote to memory of 1344	1968	msedge.exe	85
PID 1968 wrote to memory of 3060	1968	msedge.exe	86
PID 1968 wrote to memory of 3060	1968	msedge.exe	86
PID 1968 wrote to memory of 3060	1968	msedge.exe	86
PID 1968 wrote to memory of 3060	1968	msedge.exe	86
PID 1968 wrote to memory of 3060	1968	msedge.exe	86
PID 1968 wrote to memory of 3060	1968	msedge.exe	86
PID 1968 wrote to memory of 3060	1968	msedge.exe	86
PID 1968 wrote to memory of 3060	1968	msedge.exe	86
PID 1968 wrote to memory of 3060	1968	msedge.exe	86
PID 1968 wrote to memory of 3060	1968	msedge.exe	86
PID 1968 wrote to memory of 3060	1968	msedge.exe	86
PID 1968 wrote to memory of 3060	1968	msedge.exe	86
PID 1968 wrote to memory of 3060	1968	msedge.exe	86
PID 1968 wrote to memory of 3060	1968	msedge.exe	86
PID 1968 wrote to memory of 3060	1968	msedge.exe	86
PID 1968 wrote to memory of 3060	1968	msedge.exe	86
PID 1968 wrote to memory of 3060	1968	msedge.exe	86
PID 1968 wrote to memory of 3060	1968	msedge.exe	86
PID 1968 wrote to memory of 3060	1968	msedge.exe	86
PID 1968 wrote to memory of 3060	1968	msedge.exe	86

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://discord.gg/pg3d
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xe0,0x108,0x7ffce88746f8,0x7ffce8874708,0x7ffce8874718
  2⤵
  PID:2996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,506805960949725290,11090788484279990072,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2224 /prefetch:2
  2⤵
  PID:4300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2172,506805960949725290,11090788484279990072,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2580 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2172,506805960949725290,11090788484279990072,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2492 /prefetch:8
  2⤵
  PID:3060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,506805960949725290,11090788484279990072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:3420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,506805960949725290,11090788484279990072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:4156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,506805960949725290,11090788484279990072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5012 /prefetch:1
  2⤵
  PID:4456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2172,506805960949725290,11090788484279990072,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5264 /prefetch:8
  2⤵
  PID:680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2172,506805960949725290,11090788484279990072,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=4168 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:2936
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2172,506805960949725290,11090788484279990072,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5868 /prefetch:8
  2⤵
  PID:4692
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2172,506805960949725290,11090788484279990072,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5868 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,506805960949725290,11090788484279990072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=188 /prefetch:1
  2⤵
  PID:2332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,506805960949725290,11090788484279990072,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3512 /prefetch:1
  2⤵
  PID:1452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,506805960949725290,11090788484279990072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5016 /prefetch:1
  2⤵
  PID:4292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,506805960949725290,11090788484279990072,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6016 /prefetch:1
  2⤵
  PID:688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,506805960949725290,11090788484279990072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3884 /prefetch:1
  2⤵
  PID:3712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,506805960949725290,11090788484279990072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6280 /prefetch:1
  2⤵
  PID:4260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,506805960949725290,11090788484279990072,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6560 /prefetch:1
  2⤵
  PID:4176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,506805960949725290,11090788484279990072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6484 /prefetch:1
  2⤵
  PID:3528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,506805960949725290,11090788484279990072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6708 /prefetch:1
  2⤵
  PID:1512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,506805960949725290,11090788484279990072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6716 /prefetch:1
  2⤵
  PID:3896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,506805960949725290,11090788484279990072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3972 /prefetch:1
  2⤵
  PID:4820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,506805960949725290,11090788484279990072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6300 /prefetch:1
  2⤵
  PID:1276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,506805960949725290,11090788484279990072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5064 /prefetch:1
  2⤵
  PID:5064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,506805960949725290,11090788484279990072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6248 /prefetch:1
  2⤵
  PID:5112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,506805960949725290,11090788484279990072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6812 /prefetch:1
  2⤵
  PID:2176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,506805960949725290,11090788484279990072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6916 /prefetch:1
  2⤵
  PID:3308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,506805960949725290,11090788484279990072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7080 /prefetch:1
  2⤵
  PID:808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,506805960949725290,11090788484279990072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7128 /prefetch:1
  2⤵
  PID:4296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2172,506805960949725290,11090788484279990072,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=1700 /prefetch:8
  2⤵
  PID:1376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,506805960949725290,11090788484279990072,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6056 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,506805960949725290,11090788484279990072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3732 /prefetch:1
  2⤵
  PID:448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaFoundationService --field-trial-handle=2172,506805960949725290,11090788484279990072,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=4908 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,506805960949725290,11090788484279990072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6620 /prefetch:1
  2⤵
  PID:4412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,506805960949725290,11090788484279990072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4940 /prefetch:1
  2⤵
  PID:4896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,506805960949725290,11090788484279990072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5152 /prefetch:1
  2⤵
  PID:3260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,506805960949725290,11090788484279990072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6532 /prefetch:1
  2⤵
  PID:4732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,506805960949725290,11090788484279990072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6032 /prefetch:1
  2⤵
  PID:3156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,506805960949725290,11090788484279990072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6960 /prefetch:1
  2⤵
  PID:2932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,506805960949725290,11090788484279990072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7224 /prefetch:1
  2⤵
  PID:3892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,506805960949725290,11090788484279990072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7468 /prefetch:1
  2⤵
  PID:3208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,506805960949725290,11090788484279990072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7164 /prefetch:1
  2⤵
  PID:4408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,506805960949725290,11090788484279990072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6020 /prefetch:1
  2⤵
  PID:4836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,506805960949725290,11090788484279990072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6916 /prefetch:1
  2⤵
  PID:1636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,506805960949725290,11090788484279990072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7668 /prefetch:1
  2⤵
  PID:2340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,506805960949725290,11090788484279990072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6076 /prefetch:1
  2⤵
  PID:624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,506805960949725290,11090788484279990072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1480 /prefetch:1
  2⤵
  PID:3108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,506805960949725290,11090788484279990072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7324 /prefetch:1
  2⤵
  PID:2296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,506805960949725290,11090788484279990072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7180 /prefetch:1
  2⤵
  PID:2444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,506805960949725290,11090788484279990072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7792 /prefetch:1
  2⤵
  PID:4152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,506805960949725290,11090788484279990072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6288 /prefetch:1
  2⤵
  PID:4080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,506805960949725290,11090788484279990072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6088 /prefetch:1
  2⤵
  PID:3088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,506805960949725290,11090788484279990072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4856 /prefetch:1
  2⤵
  PID:2648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,506805960949725290,11090788484279990072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7732 /prefetch:1
  2⤵
  PID:4612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,506805960949725290,11090788484279990072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8296 /prefetch:1
  2⤵
  PID:3128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,506805960949725290,11090788484279990072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6756 /prefetch:1
  2⤵
  PID:3868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2172,506805960949725290,11090788484279990072,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5864 /prefetch:8
  2⤵
  PID:4476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,506805960949725290,11090788484279990072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7280 /prefetch:1
  2⤵
  PID:1248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,506805960949725290,11090788484279990072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7624 /prefetch:1
  2⤵
  PID:1096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,506805960949725290,11090788484279990072,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8316 /prefetch:1
  2⤵
  PID:4436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,506805960949725290,11090788484279990072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7976 /prefetch:1
  2⤵
  PID:2140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,506805960949725290,11090788484279990072,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5984 /prefetch:1
  2⤵
  PID:2016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,506805960949725290,11090788484279990072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3460 /prefetch:1
  2⤵
  PID:3132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,506805960949725290,11090788484279990072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5204 /prefetch:1
  2⤵
  PID:2636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,506805960949725290,11090788484279990072,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7488 /prefetch:1
  2⤵
  PID:748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,506805960949725290,11090788484279990072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7748 /prefetch:1
  2⤵
  PID:3596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,506805960949725290,11090788484279990072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4688 /prefetch:1
  2⤵
  PID:1952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,506805960949725290,11090788484279990072,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7892 /prefetch:1
  2⤵
  PID:1224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,506805960949725290,11090788484279990072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4672 /prefetch:1
  2⤵
  PID:556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,506805960949725290,11090788484279990072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
  2⤵
  PID:4720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,506805960949725290,11090788484279990072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7912 /prefetch:1
  2⤵
  PID:3132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,506805960949725290,11090788484279990072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1988 /prefetch:1
  2⤵
  PID:4500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,506805960949725290,11090788484279990072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7976 /prefetch:1
  2⤵
  PID:3716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2172,506805960949725290,11090788484279990072,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=7344 /prefetch:8
  2⤵
  PID:2708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,506805960949725290,11090788484279990072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6240 /prefetch:1
  2⤵
  PID:6096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,506805960949725290,11090788484279990072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7448 /prefetch:1
  2⤵
  PID:2312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,506805960949725290,11090788484279990072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7312 /prefetch:1
  2⤵
  PID:5516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,506805960949725290,11090788484279990072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
  2⤵
  PID:5624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,506805960949725290,11090788484279990072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8208 /prefetch:1
  2⤵
  PID:5420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,506805960949725290,11090788484279990072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1988 /prefetch:1
  2⤵
  PID:6112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,506805960949725290,11090788484279990072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4904 /prefetch:1
  2⤵
  PID:2476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,506805960949725290,11090788484279990072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=82 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1700 /prefetch:1
  2⤵
  PID:5868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2172,506805960949725290,11090788484279990072,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7692 /prefetch:8
  2⤵
  PID:1960

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1108

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1040

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x534 0x510
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4252

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3044

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x534 0x510
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3712

C:\Windows\syswow64\WindowsPowerShell\v1.0\PowerShell_ISE.exe
"C:\Windows\syswow64\WindowsPowerShell\v1.0\PowerShell_ISE.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:1964
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\system32\cmd.exe" /c ""C:\Windows\Temp\MAS_fb4156c9-ee23-4ad8-8cea-8946124b4640.cmd" "
  2⤵
  - System Location Discovery: System Language Discovery
  PID:4660
- - C:\Windows\system32\cmd.exe
    C:\Windows\Sysnative\cmd.exe /c ""C:\Windows\Temp\MAS_fb4156c9-ee23-4ad8-8cea-8946124b4640.cmd" re1"
    3⤵
    PID:1532
  - - C:\Windows\System32\sc.exe
      sc query Null
      4⤵
      Launches sc.exe
      PID:4156
  - - C:\Windows\System32\find.exe
      find /i "RUNNING"
      4⤵
      PID:2868
  - - C:\Windows\System32\findstr.exe
      findstr /v "$" "MAS_fb4156c9-ee23-4ad8-8cea-8946124b4640.cmd"
      4⤵
      PID:2496
  - - C:\Windows\System32\cmd.exe
      C:\Windows\System32\cmd.exe /c ver
      4⤵
      PID:1684
  - - C:\Windows\System32\reg.exe
      reg query "HKCU\Console" /v ForceV2
      4⤵
      PID:2624
  - - C:\Windows\System32\find.exe
      find /i "0x0"
      4⤵
      PID:2308
  - - C:\Windows\System32\cmd.exe
      C:\Windows\System32\cmd.exe /S /D /c" echo "AMD64 " "
      4⤵
      PID:1428
  - - C:\Windows\System32\find.exe
      find /i "ARM64"
      4⤵
      PID:4472
  - - C:\Windows\System32\cmd.exe
      C:\Windows\System32\cmd.exe /c echo prompt $E | cmd
      4⤵
      PID:920
    - - C:\Windows\System32\cmd.exe
        
        C:\Windows\System32\cmd.exe /S /D /c" echo prompt $E "
        5⤵
        
        PID:2440
    - - C:\Windows\System32\cmd.exe
        
        cmd
        5⤵
        
        PID:4612
  - - C:\Windows\System32\cmd.exe
      C:\Windows\System32\cmd.exe /S /D /c" echo "C:\Windows\Temp\MAS_fb4156c9-ee23-4ad8-8cea-8946124b4640.cmd" "
      4⤵
      PID:392
  - - C:\Windows\System32\find.exe
      find /i "C:\Users\Admin\AppData\Local\Temp"
      4⤵
      PID:2856
  - - C:\Windows\System32\cmd.exe
      cmd /c "powershell.exe "$f=[io.file]::ReadAllText('C:\Windows\Temp\MAS_fb4156c9-ee23-4ad8-8cea-8946124b4640.cmd') -split ':PowerShellTest:\s*';iex ($f[1])""
      4⤵
      PID:4624
    - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell.exe "$f=[io.file]::ReadAllText('C:\Windows\Temp\MAS_fb4156c9-ee23-4ad8-8cea-8946124b4640.cmd') -split ':PowerShellTest:\s*';iex ($f[1])"
        5⤵
        Command and Scripting Interpreter: PowerShell
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:516
  - - C:\Windows\System32\find.exe
      find /i "FullLanguage"
      4⤵
      PID:4380
  - - C:\Windows\System32\fltMC.exe
      fltmc
      4⤵
      PID:2936
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell.exe "$TB = [AppDomain]::CurrentDomain.DefineDynamicAssembly(4, 1).DefineDynamicModule(2, $False).DefineType(0); [void]$TB.DefinePInvokeMethod('GetConsoleWindow', 'kernel32.dll', 22, 1, [IntPtr], @(), 1, 3).SetImplementationFlags(128); [void]$TB.DefinePInvokeMethod('SendMessageW', 'user32.dll', 22, 1, [IntPtr], @([IntPtr], [UInt32], [IntPtr], [IntPtr]), 1, 3).SetImplementationFlags(128); $hIcon = $TB.CreateType(); $hWnd = $hIcon::GetConsoleWindow(); echo $($hIcon::SendMessageW($hWnd, 127, 0, 0) -ne [IntPtr]::Zero);"
      4⤵
      Command and Scripting Interpreter: PowerShell
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:4020
  - - C:\Windows\System32\find.exe
      find /i "True"
      4⤵
      PID:4432
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell.exe "$t=[AppDomain]::CurrentDomain.DefineDynamicAssembly(4, 1).DefineDynamicModule(2, $False).DefineType(0); $t.DefinePInvokeMethod('GetStdHandle', 'kernel32.dll', 22, 1, [IntPtr], @([Int32]), 1, 3).SetImplementationFlags(128); $t.DefinePInvokeMethod('SetConsoleMode', 'kernel32.dll', 22, 1, [Boolean], @([IntPtr], [Int32]), 1, 3).SetImplementationFlags(128); $k=$t.CreateType(); $b=$k::SetConsoleMode($k::GetStdHandle(-10), 0x0080); & cmd.exe '/c' '"""C:\Windows\Temp\MAS_fb4156c9-ee23-4ad8-8cea-8946124b4640.cmd""" -el -qedit'"
      4⤵
      Command and Scripting Interpreter: PowerShell
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:232
    - - C:\Windows\System32\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /c ""C:\Windows\Temp\MAS_fb4156c9-ee23-4ad8-8cea-8946124b4640.cmd" -el -qedit"
        5⤵
        
        PID:3880
      - C:\Windows\System32\sc.exe
        
        sc query Null
        6⤵
        Launches sc.exe
        
        PID:3244
      - C:\Windows\System32\find.exe
        
        find /i "RUNNING"
        6⤵
        
        PID:2804
      - C:\Windows\System32\findstr.exe
        
        findstr /v "$" "MAS_fb4156c9-ee23-4ad8-8cea-8946124b4640.cmd"
        6⤵
        
        PID:3884
      - C:\Windows\System32\cmd.exe
        
        C:\Windows\System32\cmd.exe /S /D /c" echo "-el -qedit" "
        6⤵
        
        PID:4392
      - C:\Windows\System32\find.exe
        
        find /i "/"
        6⤵
        
        PID:1496
      - C:\Windows\System32\cmd.exe
        
        C:\Windows\System32\cmd.exe /c ver
        6⤵
        
        PID:4172
      - C:\Windows\System32\reg.exe
        
        reg query "HKCU\Console" /v ForceV2
        6⤵
        
        PID:4040
      - C:\Windows\System32\find.exe
        
        find /i "0x0"
        6⤵
        
        PID:2868
      - C:\Windows\System32\cmd.exe
        
        C:\Windows\System32\cmd.exe /S /D /c" echo "AMD64 " "
        6⤵
        
        PID:4456
      - C:\Windows\System32\find.exe
        
        find /i "ARM64"
        6⤵
        
        PID:1684
      - C:\Windows\System32\cmd.exe
        
        C:\Windows\System32\cmd.exe /c echo prompt $E | cmd
        6⤵
        
        PID:2624
        
        C:\Windows\System32\cmd.exe
        
        C:\Windows\System32\cmd.exe /S /D /c" echo prompt $E "
        7⤵
        
        PID:4348
        
        C:\Windows\System32\cmd.exe
        
        cmd
        7⤵
        
        PID:2604
      - C:\Windows\System32\cmd.exe
        
        C:\Windows\System32\cmd.exe /S /D /c" echo "C:\Windows\Temp\MAS_fb4156c9-ee23-4ad8-8cea-8946124b4640.cmd" "
        6⤵
        
        PID:4508
      - C:\Windows\System32\find.exe
        
        find /i "C:\Users\Admin\AppData\Local\Temp"
        6⤵
        
        PID:4092
      - C:\Windows\System32\cmd.exe
        
        cmd /c "powershell.exe "$f=[io.file]::ReadAllText('C:\Windows\Temp\MAS_fb4156c9-ee23-4ad8-8cea-8946124b4640.cmd') -split ':PowerShellTest:\s*';iex ($f[1])""
        6⤵
        
        PID:1808
        
        C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell.exe "$f=[io.file]::ReadAllText('C:\Windows\Temp\MAS_fb4156c9-ee23-4ad8-8cea-8946124b4640.cmd') -split ':PowerShellTest:\s*';iex ($f[1])"
        7⤵
        Command and Scripting Interpreter: PowerShell
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:392
      - C:\Windows\System32\find.exe
        
        find /i "FullLanguage"
        6⤵
        
        PID:5108
      - C:\Windows\System32\fltMC.exe
        
        fltmc
        6⤵
        
        PID:2216
      - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell.exe "$TB = [AppDomain]::CurrentDomain.DefineDynamicAssembly(4, 1).DefineDynamicModule(2, $False).DefineType(0); [void]$TB.DefinePInvokeMethod('GetConsoleWindow', 'kernel32.dll', 22, 1, [IntPtr], @(), 1, 3).SetImplementationFlags(128); [void]$TB.DefinePInvokeMethod('SendMessageW', 'user32.dll', 22, 1, [IntPtr], @([IntPtr], [UInt32], [IntPtr], [IntPtr]), 1, 3).SetImplementationFlags(128); $hIcon = $TB.CreateType(); $hWnd = $hIcon::GetConsoleWindow(); echo $($hIcon::SendMessageW($hWnd, 127, 0, 0) -ne [IntPtr]::Zero);"
        6⤵
        Command and Scripting Interpreter: PowerShell
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:1332
      - C:\Windows\System32\find.exe
        
        find /i "True"
        6⤵
        
        PID:4028
      - C:\Windows\System32\cmd.exe
        
        C:\Windows\System32\cmd.exe /c ping -4 -n 1 updatecheck.massgrave.dev
        6⤵
        System Network Configuration Discovery: Internet Connection Discovery
        
        PID:2472
        
        C:\Windows\System32\PING.EXE
        
        ping -4 -n 1 updatecheck.massgrave.dev
        7⤵
        System Network Configuration Discovery: Internet Connection Discovery
        Runs ping.exe
        
        PID:3868
      - C:\Windows\System32\cmd.exe
        
        C:\Windows\System32\cmd.exe /S /D /c" echo "127.69.2.8" "
        6⤵
        
        PID:1448
      - C:\Windows\System32\find.exe
        
        find "127.69"
        6⤵
        
        PID:4020
      - C:\Windows\System32\cmd.exe
        
        C:\Windows\System32\cmd.exe /S /D /c" echo "127.69.2.8" "
        6⤵
        
        PID:916
      - C:\Windows\System32\find.exe
        
        find "127.69.2.8"
        6⤵
        
        PID:4248
      - C:\Windows\System32\cmd.exe
        
        C:\Windows\System32\cmd.exe /S /D /c" echo "-el -qedit" "
        6⤵
        
        PID:4448
      - C:\Windows\System32\find.exe
        
        find /i "/S"
        6⤵
        
        PID:4148
      - C:\Windows\System32\cmd.exe
        
        C:\Windows\System32\cmd.exe /S /D /c" echo "-el -qedit" "
        6⤵
        
        PID:624
      - C:\Windows\System32\find.exe
        
        find /i "/"
        6⤵
        
        PID:2256
      - C:\Windows\System32\cmd.exe
        
        C:\Windows\System32\cmd.exe /c reg query "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders" /v Desktop
        6⤵
        
        PID:4896
        
        C:\Windows\System32\reg.exe
        
        reg query "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders" /v Desktop
        7⤵
        
        PID:4440
      - C:\Windows\System32\mode.com
        
        mode 76, 33
        6⤵
        
        PID:4944
      - C:\Windows\System32\choice.exe
        
        choice /C:123456789H0 /N
        6⤵
        
        PID:4672
      - C:\Windows\System32\mode.com
        
        mode 110, 34
        6⤵
        
        PID:2564
      - C:\Windows\System32\reg.exe
        
        reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\taskcache\tasks" /f Path /s
        6⤵
        
        PID:4528
      - C:\Windows\System32\find.exe
        
        find /i "AutoPico"
        6⤵
        
        PID:2308
      - C:\Windows\System32\find.exe
        
        find /i "avira.com" C:\Windows\System32\drivers\etc\hosts
        6⤵
        
        PID:4876
      - C:\Windows\System32\find.exe
        
        find /i "kaspersky.com" C:\Windows\System32\drivers\etc\hosts
        6⤵
        
        PID:4952
      - C:\Windows\System32\find.exe
        
        find /i "virustotal.com" C:\Windows\System32\drivers\etc\hosts
        6⤵
        
        PID:3540
      - C:\Windows\System32\find.exe
        
        find /i "mcafee.com" C:\Windows\System32\drivers\etc\hosts
        6⤵
        
        PID:1260
      - C:\Windows\System32\sc.exe
        
        sc start sppsvc
        6⤵
        Launches sc.exe
        
        PID:1196
      - C:\Windows\System32\cmd.exe
        
        C:\Windows\System32\cmd.exe /S /D /c" echo "1056" "
        6⤵
        
        PID:3368
      - C:\Windows\System32\findstr.exe
        
        findstr "577 225"
        6⤵
        
        PID:4640
      - C:\Windows\System32\cmd.exe
        
        cmd /c "wmic path Win32_ComputerSystem get CreationClassName /value"
        6⤵
        
        PID:2832
        
        C:\Windows\System32\Wbem\WMIC.exe
        
        wmic path Win32_ComputerSystem get CreationClassName /value
        7⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:464
      - C:\Windows\System32\find.exe
        
        find /i "computersystem"
        6⤵
        
        PID:3156
      - C:\Windows\System32\cmd.exe
        
        C:\Windows\System32\cmd.exe /c "powershell.exe $AssemblyBuilder = [AppDomain]::CurrentDomain.DefineDynamicAssembly(4, 1); $ModuleBuilder = $AssemblyBuilder.DefineDynamicModule(2, $False); $TypeBuilder = $ModuleBuilder.DefineType(0); [void]$TypeBuilder.DefinePInvokeMethod('SLGetWindowsInformationDWORD', 'slc.dll', 'Public, Static', 1, [int], @([String], [int].MakeByRefType()), 1, 3); $Sku = 0; [void]$TypeBuilder.CreateType()::SLGetWindowsInformationDWORD('Kernel-BrandingInfo', [ref]$Sku); $Sku"
        6⤵
        
        PID:4724
        
        C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell.exe $AssemblyBuilder = [AppDomain]::CurrentDomain.DefineDynamicAssembly(4, 1); $ModuleBuilder = $AssemblyBuilder.DefineDynamicModule(2, $False); $TypeBuilder = $ModuleBuilder.DefineType(0); [void]$TypeBuilder.DefinePInvokeMethod('SLGetWindowsInformationDWORD', 'slc.dll', 'Public, Static', 1, [int], @([String], [int].MakeByRefType()), 1, 3); $Sku = 0; [void]$TypeBuilder.CreateType()::SLGetWindowsInformationDWORD('Kernel-BrandingInfo', [ref]$Sku); $Sku
        7⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:2228
      - C:\Windows\System32\cmd.exe
        
        C:\Windows\System32\cmd.exe /c reg query "HKLM\SYSTEM\CurrentControlSet\Control\ProductOptions" /v OSProductPfn 2>nul
        6⤵
        
        PID:4444
        
        C:\Windows\System32\reg.exe
        
        reg query "HKLM\SYSTEM\CurrentControlSet\Control\ProductOptions" /v OSProductPfn
        7⤵
        
        PID:2544
      - C:\Windows\System32\cmd.exe
        
        C:\Windows\System32\cmd.exe /c "wmic Path Win32_OperatingSystem Get OperatingSystemSKU /format:LIST" 2>nul
        6⤵
        
        PID:1704
        
        C:\Windows\System32\Wbem\WMIC.exe
        
        wmic Path Win32_OperatingSystem Get OperatingSystemSKU /format:LIST
        7⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:3980
      - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell.exe "$f=[io.file]::ReadAllText('C:\Windows\Temp\MAS_fb4156c9-ee23-4ad8-8cea-8946124b4640.cmd') -split ':winsubstatus\:.*';iex ($f[1])"
        6⤵
        Command and Scripting Interpreter: PowerShell
        Suspicious behavior: EnumeratesProcesses
        
        PID:3132
      - C:\Windows\System32\find.exe
        
        find /i "Subscription_is_activated"
        6⤵
        
        PID:4448
      - C:\Windows\System32\cmd.exe
        
        C:\Windows\System32\cmd.exe /c "powershell.exe $AssemblyBuilder = [AppDomain]::CurrentDomain.DefineDynamicAssembly(4, 1); $ModuleBuilder = $AssemblyBuilder.DefineDynamicModule(2, $False); $TypeBuilder = $ModuleBuilder.DefineType(0); $meth = $TypeBuilder.DefinePInvokeMethod('BrandingFormatString', 'winbrand.dll', 'Public, Static', 1, [String], @([String]), 1, 3); $meth.SetImplementationFlags(128); $TypeBuilder.CreateType()::BrandingFormatString('%WINDOWS_LONG%')"
        6⤵
        
        PID:4996
        
        C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell.exe $AssemblyBuilder = [AppDomain]::CurrentDomain.DefineDynamicAssembly(4, 1); $ModuleBuilder = $AssemblyBuilder.DefineDynamicModule(2, $False); $TypeBuilder = $ModuleBuilder.DefineType(0); $meth = $TypeBuilder.DefinePInvokeMethod('BrandingFormatString', 'winbrand.dll', 'Public, Static', 1, [String], @([String]), 1, 3); $meth.SetImplementationFlags(128); $TypeBuilder.CreateType()::BrandingFormatString('%WINDOWS_LONG%')
        7⤵
        Command and Scripting Interpreter: PowerShell
        Suspicious behavior: EnumeratesProcesses
        
        PID:4224
      - C:\Windows\System32\cmd.exe
        
        C:\Windows\System32\cmd.exe /S /D /c" echo "Windows 10 Pro" "
        6⤵
        
        PID:4596
      - C:\Windows\System32\find.exe
        
        find /i "Windows"
        6⤵
        
        PID:2604
      - C:\Windows\System32\sc.exe
        
        sc start sppsvc
        6⤵
        Launches sc.exe
        
        PID:3308
      - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell.exe "$job = Start-Job { (Get-WmiObject -Query 'SELECT * FROM SoftwareLicensingService').Version }; if (-not (Wait-Job $job -Timeout 30)) {write-host 'sppsvc is not working correctly. Help - https://massgrave.dev/troubleshoot'}"
        6⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2348
        
        C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile
        7⤵
        Command and Scripting Interpreter: PowerShell
        Suspicious behavior: EnumeratesProcesses
        
        PID:1708
      - C:\Windows\System32\Wbem\WMIC.exe
        
        wmic path SoftwareLicensingProduct where (LicenseStatus='1' and GracePeriodRemaining='0' and PartialProductKey is not NULL AND LicenseDependsOn is NULL) get Name /value
        6⤵
        
        PID:2228
      - C:\Windows\System32\findstr.exe
        
        findstr /i "Windows"
        6⤵
        
        PID:956
      - C:\Windows\System32\cmd.exe
        
        C:\Windows\System32\cmd.exe /c reg query "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Environment" /v PROCESSOR_ARCHITECTURE
        6⤵
        
        PID:3980
        
        C:\Windows\System32\reg.exe
        
        reg query "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Environment" /v PROCESSOR_ARCHITECTURE
        7⤵
        
        PID:4440
      - C:\Windows\System32\cmd.exe
        
        C:\Windows\System32\cmd.exe /c ver
        6⤵
        
        PID:1496
      - C:\Windows\System32\cmd.exe
        
        C:\Windows\System32\cmd.exe /c ping -n 1 l.root-servers.net
        6⤵
        System Network Configuration Discovery: Internet Connection Discovery
        
        PID:2868
        
        C:\Windows\System32\PING.EXE
        
        ping -n 1 l.root-servers.net
        7⤵
        System Network Configuration Discovery: Internet Connection Discovery
        Runs ping.exe
        
        PID:5036
      - C:\Windows\System32\reg.exe
        
        reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\taskcache\tasks" /f Path /s
        6⤵
        
        PID:624
      - C:\Windows\System32\find.exe
        
        find /i "AutoPico"
        6⤵
        
        PID:1488
      - C:\Windows\System32\find.exe
        
        find /i "avira.com" C:\Windows\System32\drivers\etc\hosts
        6⤵
        
        PID:4944
      - C:\Windows\System32\find.exe
        
        find /i "kaspersky.com" C:\Windows\System32\drivers\etc\hosts
        6⤵
        
        PID:1456
      - C:\Windows\System32\find.exe
        
        find /i "virustotal.com" C:\Windows\System32\drivers\etc\hosts
        6⤵
        
        PID:5000
      - C:\Windows\System32\find.exe
        
        find /i "mcafee.com" C:\Windows\System32\drivers\etc\hosts
        6⤵
        
        PID:1364
      - C:\Windows\System32\sc.exe
        
        sc start sppsvc
        6⤵
        Launches sc.exe
        
        PID:4672
      - C:\Windows\System32\cmd.exe
        
        C:\Windows\System32\cmd.exe /S /D /c" echo "1056" "
        6⤵
        
        PID:4580
      - C:\Windows\System32\findstr.exe
        
        findstr "577 225"
        6⤵
        
        PID:1080
      - C:\Windows\System32\sc.exe
        
        sc query Null
        6⤵
        Launches sc.exe
        
        PID:3232
      - C:\Windows\System32\sc.exe
        
        sc start ClipSVC
        6⤵
        Launches sc.exe
        
        PID:4348
      - C:\Windows\System32\sc.exe
        
        sc query ClipSVC
        6⤵
        Launches sc.exe
        
        PID:4996
      - C:\Windows\System32\reg.exe
        
        reg query HKLM\SYSTEM\CurrentControlSet\Services\ClipSVC /v DependOnService
        6⤵
        Modifies registry key
        
        PID:4596
      - C:\Windows\System32\reg.exe
        
        reg query HKLM\SYSTEM\CurrentControlSet\Services\ClipSVC /v Description
        6⤵
        Modifies registry key
        
        PID:4508
      - C:\Windows\System32\reg.exe
        
        reg query HKLM\SYSTEM\CurrentControlSet\Services\ClipSVC /v DisplayName
        6⤵
        Modifies registry key
        
        PID:1196
      - C:\Windows\System32\reg.exe
        
        reg query HKLM\SYSTEM\CurrentControlSet\Services\ClipSVC /v ErrorControl
        6⤵
        Modifies registry key
        
        PID:2852
      - C:\Windows\System32\reg.exe
        
        reg query HKLM\SYSTEM\CurrentControlSet\Services\ClipSVC /v ImagePath
        6⤵
        Modifies registry key
        
        PID:4640
      - C:\Windows\System32\reg.exe
        
        reg query HKLM\SYSTEM\CurrentControlSet\Services\ClipSVC /v ObjectName
        6⤵
        Modifies registry key
        
        PID:4116
      - C:\Windows\System32\reg.exe
        
        reg query HKLM\SYSTEM\CurrentControlSet\Services\ClipSVC /v Start
        6⤵
        Modifies registry key
        
        PID:5080
      - C:\Windows\System32\reg.exe
        
        reg query HKLM\SYSTEM\CurrentControlSet\Services\ClipSVC /v Type
        6⤵
        Modifies registry key
        
        PID:4748
      - C:\Windows\System32\sc.exe
        
        sc start wlidsvc
        6⤵
        Launches sc.exe
        
        PID:1748
      - C:\Windows\System32\sc.exe
        
        sc query wlidsvc
        6⤵
        Launches sc.exe
        
        PID:3264
      - C:\Windows\System32\reg.exe
        
        reg query HKLM\SYSTEM\CurrentControlSet\Services\wlidsvc /v DependOnService
        6⤵
        Modifies registry key
        
        PID:4028
      - C:\Windows\System32\reg.exe
        
        reg query HKLM\SYSTEM\CurrentControlSet\Services\wlidsvc /v Description
        6⤵
        Modifies registry key
        
        PID:4024
      - C:\Windows\System32\reg.exe
        
        reg query HKLM\SYSTEM\CurrentControlSet\Services\wlidsvc /v DisplayName
        6⤵
        Modifies registry key
        
        PID:3540
      - C:\Windows\System32\reg.exe
        
        reg query HKLM\SYSTEM\CurrentControlSet\Services\wlidsvc /v ErrorControl
        6⤵
        Modifies registry key
        
        PID:4876
      - C:\Windows\System32\reg.exe
        
        reg query HKLM\SYSTEM\CurrentControlSet\Services\wlidsvc /v ImagePath
        6⤵
        Modifies registry key
        
        PID:2972
      - C:\Windows\System32\reg.exe
        
        reg query HKLM\SYSTEM\CurrentControlSet\Services\wlidsvc /v ObjectName
        6⤵
        Modifies registry key
        
        PID:4304
      - C:\Windows\System32\reg.exe
        
        reg query HKLM\SYSTEM\CurrentControlSet\Services\wlidsvc /v Start
        6⤵
        Modifies registry key
        
        PID:1956
      - C:\Windows\System32\reg.exe
        
        reg query HKLM\SYSTEM\CurrentControlSet\Services\wlidsvc /v Type
        6⤵
        Modifies registry key
        
        PID:228
      - C:\Windows\System32\sc.exe
        
        sc start sppsvc
        6⤵
        Launches sc.exe
        
        PID:4248
      - C:\Windows\System32\sc.exe
        
        sc query sppsvc
        6⤵
        Launches sc.exe
        
        PID:1448
      - C:\Windows\System32\reg.exe
        
        reg query HKLM\SYSTEM\CurrentControlSet\Services\sppsvc /v DependOnService
        6⤵
        Modifies registry key
        
        PID:2228
      - C:\Windows\System32\reg.exe
        
        reg query HKLM\SYSTEM\CurrentControlSet\Services\sppsvc /v Description
        6⤵
        Modifies registry key
        
        PID:4172
      - C:\Windows\System32\reg.exe
        
        reg query HKLM\SYSTEM\CurrentControlSet\Services\sppsvc /v DisplayName
        6⤵
        Modifies registry key
        
        PID:1704
      - C:\Windows\System32\reg.exe
        
        reg query HKLM\SYSTEM\CurrentControlSet\Services\sppsvc /v ErrorControl
        6⤵
        Modifies registry key
        
        PID:4896
      - C:\Windows\System32\reg.exe
        
        reg query HKLM\SYSTEM\CurrentControlSet\Services\sppsvc /v ImagePath
        6⤵
        Modifies registry key
        
        PID:3548
      - C:\Windows\System32\reg.exe
        
        reg query HKLM\SYSTEM\CurrentControlSet\Services\sppsvc /v ObjectName
        6⤵
        Modifies registry key
        
        PID:2804
      - C:\Windows\System32\reg.exe
        
        reg query HKLM\SYSTEM\CurrentControlSet\Services\sppsvc /v Start
        6⤵
        Modifies registry key
        
        PID:4548
      - C:\Windows\System32\reg.exe
        
        reg query HKLM\SYSTEM\CurrentControlSet\Services\sppsvc /v Type
        6⤵
        Modifies registry key
        
        PID:2124
      - C:\Windows\System32\sc.exe
        
        sc start KeyIso
        6⤵
        Launches sc.exe
        
        PID:1488
      - C:\Windows\System32\sc.exe
        
        sc query KeyIso
        6⤵
        Launches sc.exe
        
        PID:4948
      - C:\Windows\System32\reg.exe
        
        reg query HKLM\SYSTEM\CurrentControlSet\Services\KeyIso /v DependOnService
        6⤵
        Modifies registry key
        
        PID:4448
      - C:\Windows\System32\reg.exe
        
        reg query HKLM\SYSTEM\CurrentControlSet\Services\KeyIso /v Description
        6⤵
        Modifies registry key
        
        PID:3104
      - C:\Windows\System32\reg.exe
        
        reg query HKLM\SYSTEM\CurrentControlSet\Services\KeyIso /v DisplayName
        6⤵
        Modifies registry key
        
        PID:1676
      - C:\Windows\System32\reg.exe
        
        reg query HKLM\SYSTEM\CurrentControlSet\Services\KeyIso /v ErrorControl
        6⤵
        Modifies registry key
        
        PID:2296
      - C:\Windows\System32\reg.exe
        
        reg query HKLM\SYSTEM\CurrentControlSet\Services\KeyIso /v ImagePath
        6⤵
        Modifies registry key
        
        PID:4824
      - C:\Windows\System32\reg.exe
        
        reg query HKLM\SYSTEM\CurrentControlSet\Services\KeyIso /v ObjectName
        6⤵
        Modifies registry key
        
        PID:4992
      - C:\Windows\System32\reg.exe
        
        reg query HKLM\SYSTEM\CurrentControlSet\Services\KeyIso /v Start
        6⤵
        Modifies registry key
        
        PID:1684
      - C:\Windows\System32\reg.exe
        
        reg query HKLM\SYSTEM\CurrentControlSet\Services\KeyIso /v Type
        6⤵
        Modifies registry key
        
        PID:4348
      - C:\Windows\System32\sc.exe
        
        sc start LicenseManager
        6⤵
        Launches sc.exe
        
        PID:1428
      - C:\Windows\System32\sc.exe
        
        sc query LicenseManager
        6⤵
        Launches sc.exe
        
        PID:2604
      - C:\Windows\System32\reg.exe
        
        reg query HKLM\SYSTEM\CurrentControlSet\Services\LicenseManager /v DependOnService
        6⤵
        Modifies registry key
        
        PID:4764
      - C:\Windows\System32\reg.exe
        
        reg query HKLM\SYSTEM\CurrentControlSet\Services\LicenseManager /v Description
        6⤵
        Modifies registry key
        
        PID:2856
      - C:\Windows\System32\reg.exe
        
        reg query HKLM\SYSTEM\CurrentControlSet\Services\LicenseManager /v DisplayName
        6⤵
        Modifies registry key
        
        PID:3368
      - C:\Windows\System32\reg.exe
        
        reg query HKLM\SYSTEM\CurrentControlSet\Services\LicenseManager /v ErrorControl
        6⤵
        Modifies registry key
        
        PID:3644
      - C:\Windows\System32\reg.exe
        
        reg query HKLM\SYSTEM\CurrentControlSet\Services\LicenseManager /v ImagePath
        6⤵
        Modifies registry key
        
        PID:4644
      - C:\Windows\System32\reg.exe
        
        reg query HKLM\SYSTEM\CurrentControlSet\Services\LicenseManager /v ObjectName
        6⤵
        Modifies registry key
        
        PID:740
      - C:\Windows\System32\reg.exe
        
        reg query HKLM\SYSTEM\CurrentControlSet\Services\LicenseManager /v Start
        6⤵
        Modifies registry key
        
        PID:2468
      - C:\Windows\System32\reg.exe
        
        reg query HKLM\SYSTEM\CurrentControlSet\Services\LicenseManager /v Type
        6⤵
        Modifies registry key
        
        PID:2200
      - C:\Windows\System32\sc.exe
        
        sc start Winmgmt
        6⤵
        Launches sc.exe
        
        PID:4888
      - C:\Windows\System32\sc.exe
        
        sc query Winmgmt
        6⤵
        Launches sc.exe
        
        PID:3264
      - C:\Windows\System32\reg.exe
        
        reg query HKLM\SYSTEM\CurrentControlSet\Services\Winmgmt /v DependOnService
        6⤵
        Modifies registry key
        
        PID:3088
      - C:\Windows\System32\reg.exe
        
        reg query HKLM\SYSTEM\CurrentControlSet\Services\Winmgmt /v Description
        6⤵
        Modifies registry key
        
        PID:3732
      - C:\Windows\System32\reg.exe
        
        reg query HKLM\SYSTEM\CurrentControlSet\Services\Winmgmt /v DisplayName
        6⤵
        Modifies registry key
        
        PID:3920
      - C:\Windows\System32\reg.exe
        
        reg query HKLM\SYSTEM\CurrentControlSet\Services\Winmgmt /v ErrorControl
        6⤵
        Modifies registry key
        
        PID:1260
      - C:\Windows\System32\reg.exe
        
        reg query HKLM\SYSTEM\CurrentControlSet\Services\Winmgmt /v ImagePath
        6⤵
        Modifies registry key
        
        PID:4296
      - C:\Windows\System32\reg.exe
        
        reg query HKLM\SYSTEM\CurrentControlSet\Services\Winmgmt /v ObjectName
        6⤵
        Modifies registry key
        
        PID:656
      - C:\Windows\System32\reg.exe
        
        reg query HKLM\SYSTEM\CurrentControlSet\Services\Winmgmt /v Start
        6⤵
        Modifies registry key
        
        PID:1708
      - C:\Windows\System32\reg.exe
        
        reg query HKLM\SYSTEM\CurrentControlSet\Services\Winmgmt /v Type
        6⤵
        Modifies registry key
        
        PID:228
      - C:\Windows\System32\sc.exe
        
        sc start ClipSVC
        6⤵
        Launches sc.exe
        
        PID:1956
      - C:\Windows\System32\sc.exe
        
        sc start wlidsvc
        6⤵
        Launches sc.exe
        
        PID:956
      - C:\Windows\System32\sc.exe
        
        sc start sppsvc
        6⤵
        Launches sc.exe
        
        PID:2228
      - C:\Windows\System32\sc.exe
        
        sc start KeyIso
        6⤵
        Launches sc.exe
        
        PID:3980
      - C:\Windows\System32\sc.exe
        
        sc start LicenseManager
        6⤵
        Launches sc.exe
        
        PID:1704
      - C:\Windows\System32\sc.exe
        
        sc start Winmgmt
        6⤵
        Launches sc.exe
        
        PID:3500
      - C:\Windows\System32\sc.exe
        
        sc query ClipSVC
        6⤵
        Launches sc.exe
        
        PID:3884
      - C:\Windows\System32\find.exe
        
        find /i "RUNNING"
        6⤵
        
        PID:3548
      - C:\Windows\System32\sc.exe
        
        sc start ClipSVC
        6⤵
        Launches sc.exe
        
        PID:3164
      - C:\Windows\System32\sc.exe
        
        sc query wlidsvc
        6⤵
        Launches sc.exe
        
        PID:3932
      - C:\Windows\System32\find.exe
        
        find /i "RUNNING"
        6⤵
        
        PID:624
      - C:\Windows\System32\sc.exe
        
        sc start wlidsvc
        6⤵
        Launches sc.exe
        
        PID:3096
      - C:\Windows\System32\sc.exe
        
        sc query sppsvc
        6⤵
        Launches sc.exe
        
        PID:1976
      - C:\Windows\System32\find.exe
        
        find /i "RUNNING"
        6⤵
        
        PID:4448
      - C:\Windows\System32\sc.exe
        
        sc start sppsvc
        6⤵
        Launches sc.exe
        
        PID:2564
      - C:\Windows\System32\sc.exe
        
        sc query KeyIso
        6⤵
        Launches sc.exe
        
        PID:4672
      - C:\Windows\System32\find.exe
        
        find /i "RUNNING"
        6⤵
        
        PID:1616
      - C:\Windows\System32\sc.exe
        
        sc start KeyIso
        6⤵
        Launches sc.exe
        
        PID:1080
      - C:\Windows\System32\sc.exe
        
        sc query LicenseManager
        6⤵
        Launches sc.exe
        
        PID:4992
      - C:\Windows\System32\find.exe
        
        find /i "RUNNING"
        6⤵
        
        PID:2476
      - C:\Windows\System32\sc.exe
        
        sc start LicenseManager
        6⤵
        Launches sc.exe
        
        PID:4348
      - C:\Windows\System32\sc.exe
        
        sc query Winmgmt
        6⤵
        Launches sc.exe
        
        PID:4596
      - C:\Windows\System32\find.exe
        
        find /i "RUNNING"
        6⤵
        
        PID:2604
      - C:\Windows\System32\sc.exe
        
        sc start Winmgmt
        6⤵
        Launches sc.exe
        
        PID:1660
      - C:\Windows\System32\cmd.exe
        
        C:\Windows\System32\cmd.exe /c reg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\State" /v ImageState
        6⤵
        
        PID:2852
        
        C:\Windows\System32\reg.exe
        
        reg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\State" /v ImageState
        7⤵
        
        PID:4640
      - C:\Windows\System32\reg.exe
        
        reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinPE" /v InstRoot
        6⤵
        
        PID:4116
      - C:\Windows\System32\cmd.exe
        
        C:\Windows\System32\cmd.exe /c powershell.exe "$f=[io.file]::ReadAllText('C:\Windows\Temp\MAS_fb4156c9-ee23-4ad8-8cea-8946124b4640.cmd') -split ':wpatest\:.*';iex ($f[1])" 2>nul
        6⤵
        
        PID:4380
        
        C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell.exe "$f=[io.file]::ReadAllText('C:\Windows\Temp\MAS_fb4156c9-ee23-4ad8-8cea-8946124b4640.cmd') -split ':wpatest\:.*';iex ($f[1])"
        7⤵
        Command and Scripting Interpreter: PowerShell
        Suspicious behavior: EnumeratesProcesses
        
        PID:4748
      - C:\Windows\System32\cmd.exe
        
        C:\Windows\System32\cmd.exe /S /D /c" echo "6" "
        6⤵
        
        PID:4612
      - C:\Windows\System32\find.exe
        
        find /i "Error Found"
        6⤵
        
        PID:2972
      - C:\Windows\System32\cmd.exe
        
        C:\Windows\System32\cmd.exe /c "wmic path SoftwareLicensingProduct where (ApplicationID='55c92734-d682-4d71-983e-d6ec3f16059f' AND LicenseDependsOn is NULL AND PartialProductKey IS NOT NULL) get LicenseFamily /VALUE" 2>nul
        6⤵
        
        PID:728
        
        C:\Windows\System32\Wbem\WMIC.exe
        
        wmic path SoftwareLicensingProduct where (ApplicationID='55c92734-d682-4d71-983e-d6ec3f16059f' AND LicenseDependsOn is NULL AND PartialProductKey IS NOT NULL) get LicenseFamily /VALUE
        7⤵
        
        PID:1040
      - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell.exe "try { $null=([WMISEARCHER]'SELECT * FROM SoftwareLicensingService').Get().Version; exit 0 } catch { exit $_.Exception.InnerException.HResult }"
        6⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2544
      - C:\Windows\System32\cmd.exe
        
        cmd /c exit /b 0
        6⤵
        
        PID:3932
      - C:\Windows\System32\Wbem\WMIC.exe
        
        wmic path Win32_ComputerSystem get CreationClassName /value
        6⤵
        
        PID:4948
      - C:\Windows\System32\find.exe
        
        find /i "computersystem"
        6⤵
        
        PID:3096
      - C:\Windows\System32\cmd.exe
        
        C:\Windows\System32\cmd.exe /S /D /c" echo "0" "
        6⤵
        
        PID:2564
      - C:\Windows\System32\findstr.exe
        
        findstr /i "0x800410 0x800440 0x80131501"
        6⤵
        
        PID:5104
      - C:\Windows\System32\reg.exe
        
        reg query "HKU\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform\PersistedTSReArmed"
        6⤵
        
        PID:1616
      - C:\Windows\System32\reg.exe
        
        reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ClipSVC\Volatile\PersistedSystemState"
        6⤵
        
        PID:2624
      - C:\Windows\System32\reg.exe
        
        reg query "HKU\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion"
        6⤵
        
        PID:4992
      - C:\Windows\System32\reg.exe
        
        reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SppExtComObj.exe"
        6⤵
        
        PID:1428
      - C:\Windows\System32\reg.exe
        
        reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sppsvc.exe"
        6⤵
        
        PID:3308
      - C:\Windows\System32\reg.exe
        
        reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sppsvc.exe\PerfOptions"
        6⤵
        
        PID:4596
      - C:\Windows\System32\cmd.exe
        
        C:\Windows\System32\cmd.exe /c reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform" /v "SkipRearm" 2>nul
        6⤵
        
        PID:1984
        
        C:\Windows\System32\reg.exe
        
        reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform" /v "SkipRearm"
        7⤵
        
        PID:3644
      - C:\Windows\System32\reg.exe
        
        reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform\Plugins\Objects\msft:rm/algorithm/hwid/4.0" /f ba02fed39662 /d
        6⤵
        
        PID:4640
      - C:\Windows\System32\cmd.exe
        
        C:\Windows\System32\cmd.exe /c reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform" /v TokenStore 2>nul
        6⤵
        
        PID:5064
        
        C:\Windows\System32\reg.exe
        
        reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform" /v TokenStore
        7⤵
        
        PID:3156
      - C:\Windows\System32\cmd.exe
        
        C:\Windows\System32\cmd.exe /c "wmic path SoftwareLicensingProduct where (ApplicationID='55c92734-d682-4d71-983e-d6ec3f16059f' and PartialProductKey is not null) get ID /VALUE" 2>nul
        6⤵
        
        PID:3440
        
        C:\Windows\System32\Wbem\WMIC.exe
        
        wmic path SoftwareLicensingProduct where (ApplicationID='55c92734-d682-4d71-983e-d6ec3f16059f' and PartialProductKey is not null) get ID /VALUE
        7⤵
        
        PID:1952
      - C:\Windows\System32\cmd.exe
        
        C:\Windows\System32\cmd.exe /c powershell.exe "(Get-ScheduledTask -TaskName 'SvcRestartTask' -TaskPath '\Microsoft\Windows\SoftwareProtectionPlatform\').State" 2>nul
        6⤵
        
        PID:2468
        
        C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell.exe "(Get-ScheduledTask -TaskName 'SvcRestartTask' -TaskPath '\Microsoft\Windows\SoftwareProtectionPlatform\').State"
        7⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2200
      - C:\Windows\System32\cmd.exe
        
        C:\Windows\System32\cmd.exe /S /D /c" echo "
        6⤵
        
        PID:3868
      - C:\Windows\System32\find.exe
        
        find /i "Ready"
        6⤵
        
        PID:4156
      - C:\Windows\System32\reg.exe
        
        reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform" /v "actionlist" /f
        6⤵
        
        PID:1496
      - C:\Windows\System32\reg.exe
        
        reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask"
        6⤵
        
        PID:3164
      - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell.exe "$acl = (Get-Acl 'C:\Windows\System32\spp\store\2.0' | fl | Out-String); if (-not ($acl -match 'NT SERVICE\\sppsvc Allow FullControl') -or ($acl -match 'NT SERVICE\\sppsvc Deny')) {Exit 2}"
        6⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:4436
      - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell.exe "$acl = (Get-Acl 'HKLM:\SYSTEM\WPA' | fl | Out-String); if (-not ($acl -match 'NT SERVICE\\sppsvc Allow QueryValues, EnumerateSubKeys, WriteKey') -or ($acl -match 'NT SERVICE\\sppsvc Deny')) {Exit 2}"
        6⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1428
      - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell.exe "$acl = (Get-Acl 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform' | fl | Out-String); if (-not ($acl -match 'NT SERVICE\\sppsvc Allow SetValue') -or ($acl -match 'NT SERVICE\\sppsvc Deny')) {Exit 2}"
        6⤵
        Command and Scripting Interpreter: PowerShell
        Suspicious behavior: EnumeratesProcesses
        
        PID:3440
      - C:\Windows\System32\reg.exe
        
        reg query "HKU\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion"
        6⤵
        
        PID:1448
      - C:\Windows\System32\reg.exe
        
        reg query "HKU\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform\Policies"
        6⤵
        
        PID:4432
      - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell.exe "$netServ = (New-Object Security.Principal.SecurityIdentifier('S-1-5-20')).Translate([Security.Principal.NTAccount]).Value; $aclString = Get-Acl 'Registry::HKU\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform\Policies' | Format-List | Out-String; if (-not ($aclString.Contains($netServ + ' Allow FullControl') -or $aclString.Contains('NT SERVICE\sppsvc Allow FullControl')) -or ($aclString.Contains('Deny'))) {Exit 3}"
        6⤵
        
        PID:2444
      - C:\Windows\System32\cmd.exe
        
        C:\Windows\System32\cmd.exe /c "wmic path SoftwareLicensingProduct where (ApplicationID='55c92734-d682-4d71-983e-d6ec3f16059f') get ID /VALUE" 2>nul
        6⤵
        
        PID:1456
        
        C:\Windows\System32\Wbem\WMIC.exe
        
        wmic path SoftwareLicensingProduct where (ApplicationID='55c92734-d682-4d71-983e-d6ec3f16059f') get ID /VALUE
        7⤵
        
        PID:1488
      - C:\Windows\System32\cmd.exe
        
        C:\Windows\System32\cmd.exe /S /D /c" echo "040fa323-92b1-4baf-97a2-5b67feaefddb 0724cb7d-3437-4cb7-93cb-830375d0079d 0ad2ac98-7bb9-4201-8d92-312299201369 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5 221a02da-e2a1-4b75-864c-0a4410a33fdf 291ece0e-9c38-40ca-a9e1-32cc7ec19507 2936d1d2-913a-4542-b54e-ce5a602a2a38 2c293c26-a45a-4a2a-a350-c69a67097529 2de67392-b7a7-462a-b1ca-108dd189f588 2ffd8952-423e-4903-b993-72a1aa44cf82 30a42c86-b7a0-4a34-8c90-ff177cb2acb7 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf 3502365a-f88a-4ba4-822a-5769d3073b65 377333b1-8b5d-48d6-9679-1225c872d37c 3df374ef-d444-4494-a5a1-4b0d9fd0e203 3f1afc82-f8ac-4f6c-8005-1d233e606eee 49cd895b-53b2-4dc4-a5f7-b18aa019ad37 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c 4f3da0d2-271d-4508-ae81-626b60809a38 60b3ec1b-9545-4921-821f-311b129dd6f6 613d217f-7f13-4268-9907-1662339531cd 62f0c100-9c53-4e02-b886-a3528ddfe7f6 6365275e-368d-46ca-a0ef-fc0404119333 721f9237-9341-4453-a661-09e8baa6cca5 73111121-5638-40f6-bc11-f1d7b0d64300 7a802526-4c94-4bd1-ba14-835a1aca2120 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69 82bbc092-bc50-4e16-8e18-b74fc486aec3 8ab9bdd1-1f67-4997-82d9-8878520837d9 8b351c9c-f398-4515-9900-09df49427262 90da7373-1c51-430b-bf26-c97e9c5cdc31 95dca82f-385d-4d39-b85b-5c73fa285d6f a48938aa-62fa-4966-9d44-9f04da3f72f2 b0773a15-df3a-4312-9ad2-83d69648e356 b4bfe195-541e-4e64-ad23-6177f19e395e b68e61d2-68ca-4757-be45-0cc2f3e68eee bd3762d7-270d-4760-8fb3-d829ca45278a c86d5194-4840-4dae-9c1c-0301003a5ab0 d552befb-48cc-4327-8f39-47d2d94f987c d6eadb3b-5ca8-4a6b-986e-35b550756111 df96023b-dcd9-4be2-afa0-c6c871159ebe e0c42288-980c-4788-a014-c080d2e1926e e4db50ea-bda1-4566-b047-0ca50abc6f07 e558417a-5123-4f6f-91e7-385c1c7ca9d4 e7a950a2-e548-4f10-bf16-02ec848e0643 eb6d346f-1c60-4643-b960-40ec31596c45 ec868e65-fadf-4759-b23e-93fe37f2cc29 ef51e000-2659-4f25-8345-3de70a9cf4c4 f7af7d09-40e4-419c-a49b-eae366689ebd fa755fe6-6739-40b9-8d84-6d0ea3b6d1ab fe74f55b-0338-41d6-b267-4a201abe7285 " "
        6⤵
        
        PID:1080
      - C:\Windows\System32\find.exe
        
        find /i "4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c"
        6⤵
        
        PID:5104
      - C:\Windows\System32\Wbem\WMIC.exe
        
        wmic path SoftwareLicensingService where __CLASS='SoftwareLicensingService' call InstallProductKey ProductKey="VK7JG-NPHTM-C97JM-9MPGT-3V66T"
        6⤵
        
        PID:3644
      - C:\Windows\System32\cmd.exe
        
        cmd /c exit /b 0
        6⤵
        
        PID:4640
      - C:\Windows\System32\Wbem\WMIC.exe
        
        wmic path SoftwareLicensingService where __CLASS='SoftwareLicensingService' call RefreshLicenseStatus
        6⤵
        
        PID:4888
      - C:\Windows\System32\cmd.exe
        
        C:\Windows\System32\cmd.exe /c reg query "HKCU\Control Panel\International\Geo" /v Name 2>nul
        6⤵
        
        PID:2604
        
        C:\Windows\System32\reg.exe
        
        reg query "HKCU\Control Panel\International\Geo" /v Name
        7⤵
        
        PID:1660
      - C:\Windows\System32\cmd.exe
        
        C:\Windows\System32\cmd.exe /c reg query "HKCU\Control Panel\International\Geo" /v Nation 2>nul
        6⤵
        
        PID:4284
        
        C:\Windows\System32\reg.exe
        
        reg query "HKCU\Control Panel\International\Geo" /v Nation
        7⤵
        
        PID:1332
      - C:\Windows\System32\cmd.exe
        
        C:\Windows\System32\cmd.exe /c powershell.exe [convert]::ToBase64String([Text.Encoding]::Unicode.GetBytes("""OSMajorVersion=5;OSMinorVersion=1;OSPlatformId=2;PP=0;Pfn=Microsoft.Windows.48.X19-98841_8wekyb3d8bbwe;PKeyIID=465145217131314304264339481117862266242033457260311819664735280;$([char]0)"""))
        6⤵
        
        PID:1040
        
        C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell.exe [convert]::ToBase64String([Text.Encoding]::Unicode.GetBytes("""OSMajorVersion=5;OSMinorVersion=1;OSPlatformId=2;PP=0;Pfn=Microsoft.Windows.48.X19-98841_8wekyb3d8bbwe;PKeyIID=465145217131314304264339481117862266242033457260311819664735280;$([char]0)"""))
        7⤵
        
        PID:4148
      - C:\Windows\System32\cmd.exe
        
        C:\Windows\System32\cmd.exe /S /D /c" echo "TwBTAE0AYQBqAG8AcgBWAGUAcgBzAGkAbwBuAD0ANQA7AE8AUwBNAGkAbgBvAHIAVgBlAHIAcwBpAG8AbgA9ADEAOwBPAFMAUABsAGEAdABmAG8AcgBtAEkAZAA9ADIAOwBQAFAAPQAwADsAUABmAG4APQBNAGkAYwByAG8AcwBvAGYAdAAuAFcAaQBuAGQAbwB3AHMALgA0ADgALgBYADEAOQAtADkAOAA4ADQAMQBfADgAdwBlAGsAeQBiADMAZAA4AGIAYgB3AGUAOwBQAEsAZQB5AEkASQBEAD0ANAA2ADUAMQA0ADUAMgAxADcAMQAzADEAMwAxADQAMwAwADQAMgA2ADQAMwAzADkANAA4ADEAMQAxADcAOAA2ADIAMgA2ADYAMgA0ADIAMAAzADMANAA1ADcAMgA2ADAAMwAxADEAOAAxADkANgA2ADQANwAzADUAMgA4ADAAOwAAAA==" "
        6⤵
        
        PID:4644
      - C:\Windows\System32\find.exe
        
        find "AAAA"
        6⤵
        
        PID:3440
      - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell.exe "Start-Job { Restart-Service ClipSVC } | Wait-Job -Timeout 20 | Out-Null"
        6⤵
        
        PID:4156
        
        C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile
        7⤵
        Command and Scripting Interpreter: PowerShell
        
        PID:4160
      - C:\Windows\System32\ClipUp.exe
        
        clipup -v -o
        6⤵
        
        PID:2228
        
        C:\Windows\System32\clipup.exe
        
        clipup -v -o -ppl C:\Users\Admin\AppData\Local\Temp\tem3C7C.tmp
        7⤵
        Checks SCSI registry key(s)
        
        PID:1364
      - C:\Windows\System32\cmd.exe
        
        C:\Windows\System32\cmd.exe /c "powershell.exe $AssemblyBuilder = [AppDomain]::CurrentDomain.DefineDynamicAssembly(4, 1); $ModuleBuilder = $AssemblyBuilder.DefineDynamicModule(2, $False); $TypeBuilder = $ModuleBuilder.DefineType(0); $meth = $TypeBuilder.DefinePInvokeMethod('BrandingFormatString', 'winbrand.dll', 'Public, Static', 1, [String], @([String]), 1, 3); $meth.SetImplementationFlags(128); $TypeBuilder.CreateType()::BrandingFormatString('%WINDOWS_LONG%')"
        6⤵
        
        PID:3368
        
        C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell.exe $AssemblyBuilder = [AppDomain]::CurrentDomain.DefineDynamicAssembly(4, 1); $ModuleBuilder = $AssemblyBuilder.DefineDynamicModule(2, $False); $TypeBuilder = $ModuleBuilder.DefineType(0); $meth = $TypeBuilder.DefinePInvokeMethod('BrandingFormatString', 'winbrand.dll', 'Public, Static', 1, [String], @([String]), 1, 3); $meth.SetImplementationFlags(128); $TypeBuilder.CreateType()::BrandingFormatString('%WINDOWS_LONG%')
        7⤵
        Command and Scripting Interpreter: PowerShell
        
        PID:4816
      - C:\Windows\System32\cmd.exe
        
        C:\Windows\System32\cmd.exe /S /D /c" echo "Windows 10 Pro" "
        6⤵
        
        PID:4924
      - C:\Windows\System32\find.exe
        
        find /i "Windows"
        6⤵
        
        PID:4380
      - C:\Windows\System32\Wbem\WMIC.exe
        
        wmic path SoftwareLicensingProduct where "ApplicationID='55c92734-d682-4d71-983e-d6ec3f16059f' AND PartialProductKey IS NOT NULL AND LicenseDependsOn is NULL" call Activate
        6⤵
        
        PID:4992
      - C:\Windows\System32\cmd.exe
        
        cmd /c exit /b 0
        6⤵
        
        PID:1568
      - C:\Windows\System32\Wbem\WMIC.exe
        
        wmic path SoftwareLicensingProduct where (LicenseStatus='1' and GracePeriodRemaining='0' and PartialProductKey is not NULL AND LicenseDependsOn is NULL) get Name /value
        6⤵
        
        PID:1748
      - C:\Windows\System32\findstr.exe
        
        findstr /i "Windows"
        6⤵
        
        PID:3096
      - C:\Windows\System32\reg.exe
        
        reg delete "HKU\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform\PersistedSystemState" /v "State" /f
        6⤵
        
        PID:4000
      - C:\Windows\System32\reg.exe
        
        reg delete "HKU\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform\PersistedSystemState" /v "SuppressRulesEngine" /f
        6⤵
        
        PID:2468
      - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell.exe "Start-Job { Stop-Service sppsvc -force } | Wait-Job -Timeout 20 | Out-Null; $TB = [AppDomain]::CurrentDomain.DefineDynamicAssembly(4, 1).DefineDynamicModule(2, $False).DefineType(0); [void]$TB.DefinePInvokeMethod('SLpTriggerServiceWorker', 'sppc.dll', 22, 1, [Int32], @([UInt32], [IntPtr], [String], [UInt32]), 1, 3); [void]$TB.CreateType()::SLpTriggerServiceWorker(0, 0, 'reeval', 0)"
        6⤵
        
        PID:3088
        
        C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile
        7⤵
        Command and Scripting Interpreter: PowerShell
        
        PID:4528

C:\Windows\system32\Clipup.exe
"C:\Windows\system32\Clipup.exe" -o
1⤵
PID:2348
- C:\Windows\system32\Clipup.exe
  "C:\Windows\system32\Clipup.exe" -o -ppl C:\Windows\TEMP\tem348C.tmp
  2⤵
  - Checks SCSI registry key(s)
  PID:4012

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefaulte8a081cahe6ebh4128hbbf7h4ad8df244e11
1⤵
PID:1532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x12c,0x130,0x134,0xfc,0x138,0x7ffce88746f8,0x7ffce8874708,0x7ffce8874718
  2⤵
  PID:1096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2036,11469676426403462181,16670625136846407271,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2028 /prefetch:2
  2⤵
  PID:1660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2036,11469676426403462181,16670625136846407271,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2352 /prefetch:3
  2⤵
  PID:5128

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:428

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\win-v2.0.3b\" -spe -an -ai#7zMap8015:84:7zEvent16175
1⤵
- Suspicious use of FindShellTrayWindow
PID:3340

C:\Users\Admin\Downloads\win-v2.0.3b\windowkill-vulkan.exe
"C:\Users\Admin\Downloads\win-v2.0.3b\windowkill-vulkan.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2624

C:\Users\Admin\Downloads\win-v2.0.3b\windowkill-vulkan.exe
"C:\Users\Admin\Downloads\win-v2.0.3b\windowkill-vulkan.exe"
1⤵
- Executes dropped EXE
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:1536

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:1956

C:\Users\Admin\Downloads\win-v2.0.3b\windowkill-vulkan.exe
"C:\Users\Admin\Downloads\win-v2.0.3b\windowkill-vulkan.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:656

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffce2aacc40,0x7ffce2aacc4c,0x7ffce2aacc58
  2⤵
  PID:5640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1900,i,15247515783842118389,1815176979011778357,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1896 /prefetch:2
  2⤵
  PID:3220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2172,i,15247515783842118389,1815176979011778357,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2428 /prefetch:3
  2⤵
  PID:1420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2228,i,15247515783842118389,1815176979011778357,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2436 /prefetch:8
  2⤵
  PID:3824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3148,i,15247515783842118389,1815176979011778357,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3168 /prefetch:1
  2⤵
  PID:1976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3412,i,15247515783842118389,1815176979011778357,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3420 /prefetch:1
  2⤵
  PID:1708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4492,i,15247515783842118389,1815176979011778357,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4552 /prefetch:1
  2⤵
  PID:2824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4684,i,15247515783842118389,1815176979011778357,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:6028

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:5864

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffce88746f8,0x7ffce8874708,0x7ffce8874718
  2⤵
  PID:4468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,2284266893722210931,3886026338661832481,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
  2⤵
  PID:4564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,2284266893722210931,3886026338661832481,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2408 /prefetch:3
  2⤵
  PID:2852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,2284266893722210931,3886026338661832481,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2776 /prefetch:8
  2⤵
  PID:5392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2284266893722210931,3886026338661832481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3544 /prefetch:1
  2⤵
  PID:3324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2284266893722210931,3886026338661832481,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3560 /prefetch:1
  2⤵
  PID:3652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2284266893722210931,3886026338661832481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2284266893722210931,3886026338661832481,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5028 /prefetch:1
  2⤵
  PID:3920
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,2284266893722210931,3886026338661832481,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5260 /prefetch:8
  2⤵
  PID:4652
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,2284266893722210931,3886026338661832481,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5260 /prefetch:8
  2⤵
  PID:6112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2284266893722210931,3886026338661832481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5428 /prefetch:1
  2⤵
  PID:3820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2284266893722210931,3886026338661832481,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4404 /prefetch:1
  2⤵
  PID:1988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2284266893722210931,3886026338661832481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:3336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2284266893722210931,3886026338661832481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5740 /prefetch:1
  2⤵
  PID:5740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2284266893722210931,3886026338661832481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6020 /prefetch:1
  2⤵
  PID:2304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2284266893722210931,3886026338661832481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
  2⤵
  PID:1696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2284266893722210931,3886026338661832481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5828 /prefetch:1
  2⤵
  PID:5272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2284266893722210931,3886026338661832481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5440 /prefetch:1
  2⤵
  PID:1752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2284266893722210931,3886026338661832481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5952 /prefetch:1
  2⤵
  PID:6028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2284266893722210931,3886026338661832481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6212 /prefetch:1
  2⤵
  PID:2628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2284266893722210931,3886026338661832481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6208 /prefetch:1
  2⤵
  PID:4464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2284266893722210931,3886026338661832481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6236 /prefetch:1
  2⤵
  PID:2468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2284266893722210931,3886026338661832481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6744 /prefetch:1
  2⤵
  PID:948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2284266893722210931,3886026338661832481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6484 /prefetch:1
  2⤵
  PID:5684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2284266893722210931,3886026338661832481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6944 /prefetch:1
  2⤵
  PID:3272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2284266893722210931,3886026338661832481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6312 /prefetch:1
  2⤵
  PID:3180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2284266893722210931,3886026338661832481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6288 /prefetch:1
  2⤵
  PID:4372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2284266893722210931,3886026338661832481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3536 /prefetch:1
  2⤵
  PID:2320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2284266893722210931,3886026338661832481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7260 /prefetch:1
  2⤵
  PID:5000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2284266893722210931,3886026338661832481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6996 /prefetch:1
  2⤵
  PID:4392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2284266893722210931,3886026338661832481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6664 /prefetch:1
  2⤵
  PID:3340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2284266893722210931,3886026338661832481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6260 /prefetch:1
  2⤵
  PID:5448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2284266893722210931,3886026338661832481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6316 /prefetch:1
  2⤵
  PID:2092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2284266893722210931,3886026338661832481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5460 /prefetch:1
  2⤵
  PID:3388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2284266893722210931,3886026338661832481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8428 /prefetch:1
  2⤵
  PID:2836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2284266893722210931,3886026338661832481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8040 /prefetch:1
  2⤵
  PID:1988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2284266893722210931,3886026338661832481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7992 /prefetch:1
  2⤵
  PID:1540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2284266893722210931,3886026338661832481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6988 /prefetch:1
  2⤵
  PID:3136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2284266893722210931,3886026338661832481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8768 /prefetch:1
  2⤵
  PID:3436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2284266893722210931,3886026338661832481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6180 /prefetch:1
  2⤵
  PID:1708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2284266893722210931,3886026338661832481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8664 /prefetch:1
  2⤵
  PID:3020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2284266893722210931,3886026338661832481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8716 /prefetch:1
  2⤵
  PID:5104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2284266893722210931,3886026338661832481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2772 /prefetch:1
  2⤵
  PID:4500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2284266893722210931,3886026338661832481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6564 /prefetch:1
  2⤵
  PID:5936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2284266893722210931,3886026338661832481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5444 /prefetch:1
  2⤵
  PID:1640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2284266893722210931,3886026338661832481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7088 /prefetch:1
  2⤵
  PID:668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2284266893722210931,3886026338661832481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1992 /prefetch:1
  2⤵
  PID:3444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2284266893722210931,3886026338661832481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8020 /prefetch:1
  2⤵
  PID:4292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2284266893722210931,3886026338661832481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7976 /prefetch:1
  2⤵
  PID:5068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2284266893722210931,3886026338661832481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6984 /prefetch:1
  2⤵
  PID:1504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2284266893722210931,3886026338661832481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7992 /prefetch:1
  2⤵
  PID:5740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2284266893722210931,3886026338661832481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7984 /prefetch:1
  2⤵
  PID:5264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2284266893722210931,3886026338661832481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9140 /prefetch:1
  2⤵
  PID:3820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2284266893722210931,3886026338661832481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8868 /prefetch:1
  2⤵
  PID:4928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2284266893722210931,3886026338661832481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6580 /prefetch:1
  2⤵
  PID:5180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2284266893722210931,3886026338661832481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6584 /prefetch:1
  2⤵
  PID:4260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2284266893722210931,3886026338661832481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7692 /prefetch:1
  2⤵
  PID:724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2104,2284266893722210931,3886026338661832481,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=7840 /prefetch:8
  2⤵
  PID:4008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,2284266893722210931,3886026338661832481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9156 /prefetch:1
  2⤵
  PID:4960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2104,2284266893722210931,3886026338661832481,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5360 /prefetch:8
  2⤵
  PID:1984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2104,2284266893722210931,3886026338661832481,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9900 /prefetch:8
  2⤵
  PID:3248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,2284266893722210931,3886026338661832481,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=9916 /prefetch:2
  2⤵
  PID:2124

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5704

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:760

C:\Users\Admin\Downloads\win-v2.0.3b\windowkill-vulkan.exe
"C:\Users\Admin\Downloads\win-v2.0.3b\windowkill-vulkan.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1056

C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe"
1⤵
PID:2144

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Obfuscated Files or Information

T1027

Command Obfuscation

T1027.010

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

Remote System Discovery

T1018

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Microsoft\Windows\ClipSVC\GenuineTicket\GenuineTicket

Filesize
1KB

MD5
67a8abe602fd21c5683962fa75f8c9fd

SHA1
e296942da1d2b56452e05ae7f753cd176d488ea8

SHA256
1d19fed36f7d678ae2b2254a5eef240e6b6b9630e5696d0f9efb8b744c60e411

SHA512
70b0b27a2b89f5f771467ac24e92b6cc927f3fdc10d8cb381528b2e08f2a5a3e8c25183f20233b44b71b54ce910349c279013c6a404a1a95b3cc6b8922ab9fc6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
895d2ef1f801252236979fbc238e64da

SHA1
95d637b4fa274043b39294626a599074140b98d9

SHA256
5f16788c9cb9c2a550586f4547fbee764eb6e588f7e78c2269d43740efed3436

SHA512
693b32f478b0de1e8acaea2a6feda142df6baae703da938ddf044640c144986f9095e09cb310619d152827c9254bec306f5b5ac7da1998d5c8f11ea8036c0f87

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
12b07a0caa3a083ff491a83549469e1a

SHA1
764e9b5186acca346bf4ac0030b3007686f6f82a

SHA256
eb00e7dd259c389d36887b162c23a7abf158403cd95001c7ff056454e07ef480

SHA512
5b16b38f46a2fc1ad92a310e4e656b43cd34b137e91241d2729728c4dfea8f2b2c793321666d253e07e03521c291c71ef217499a87971d22c7d8daa32d2dbc17

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GraphiteDawnCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
bd1895c825361b58ff89c8c338021e71

SHA1
4ebc208deba7cc5e2985747a4b7d1d52245ac930

SHA256
3b2e431b3fa8628cf7c030e7b28a57d315e34e8832ad7181f499c01c117f39b8

SHA512
bccbf7168c35536d9933d072795d6a7b6c2d685eaaae407c1d85e92e13aca9b72437c241d5bf08935995d6d882b62671cc123e74db116c5f6f5c33a198ac5b4f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a0486d6f8406d852dd805b66ff467692

SHA1
77ba1f63142e86b21c951b808f4bc5d8ed89b571

SHA256
c0745fd195f3a51b27e4d35a626378a62935dccebefb94db404166befd68b2be

SHA512
065a62032eb799fade5fe75f390e7ab3c9442d74cb8b520d846662d144433f39b9186b3ef3db3480cd1d1d655d8f0630855ed5d6e85cf157a40c38a19375ed8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
dc058ebc0f8181946a312f0be99ed79c

SHA1
0c6f376ed8f2d4c275336048c7c9ef9edf18bff0

SHA256
378701e87dcff90aa092702bc299859d6ae8f7e313f773bf594f81df6f40bf6a

SHA512
36e0de64a554762b28045baebf9f71930c59d608f8d05c5faf8906d62eaf83f6d856ef1d1b38110e512fbb1a85d3e2310be11a7f679c6b5b3c62313cc7af52aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
098c0409edf65fadfdf07b8d21c9e675

SHA1
1b2083f8d981fb3c2b987c4381f706eeb7285034

SHA256
52cf4fb74dc620bfa4563ccc697e79539287b92bf5bfdf9bbbf8325973e57625

SHA512
ca50501240ed5208486005c4c83da53cbe180d98cc4b570c3896d3ce22fd004ae57e616a2a9ba790a045cb5deff90efff3a9fb5012a1889d6d42c91587aa3d1a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\4b4f91a3-8f60-4771-a28b-95f5effd0168.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
186KB

MD5
095b1de0dd4d65f447f50c05395f970c

SHA1
64f9b73c4fdb6cbf8def677143323b4d74777b8c

SHA256
3bcc24fc32309d05da6bc37b4985176d06dd40905cdd3ef21a02505a0295ecbc

SHA512
79763d120ed2fb7b7ca2a85cc62459d0e45f4e475c5e4d7ed28c3f35923d32f1140d2369e871dcae0cb5290bf369e6c936669e1eb5066506f298b84dc9e44958

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
282KB

MD5
dc091dc5d76d04d0dbaa93abf7c8f648

SHA1
77be666f7b899fb524f4e72d1ade0a6cc1489ad0

SHA256
a401233f80a4ec068f1294e660579046b743a4c5946f8c40106fb678d3b79905

SHA512
8e994b38f9cd6771fa2e42b03b7059b8018346c8af0a2c1d6b847252d369d51df309c1f07267ea3a0f0e42b610caf1aeac2e693464b9f08144bcb368514a36c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
3.3MB

MD5
8c8917119c14fe2dc69c9a9bbdff1b38

SHA1
3f7dc8cdae24a62e57342a6310ae10436271b4df

SHA256
e3c1453d5a942f0336da6f82884e19e7ed45106ec9bc3359c9d3b92aac5957f5

SHA512
732fbb43e952eddf37b59f5773783032dcfcf720761c8ba883ab44494c187b2928d1191e15d45bfa4380f736ad04315857e5e7105a388f0d4a055fc6d2aafcfb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
405KB

MD5
e201f0d574d9ce2b7864d2d513196522

SHA1
37b783e5cefa23fb123ae3b38dc86dbd2f2110ac

SHA256
2cb3cae50503d30fee77603bd45dba82dd65d541da6c22d9cdef8d4e068c5a1d

SHA512
145acedd4f107da5561fdf941644eac749296a2c6a08bad97c20b4bf96a29fc4afb9ef6c0584ccd45f82d7734f9bb2391e5fae8e893e8657174336f7f4f26cbe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
31KB

MD5
1e71a8430a7c17d68c0ed324bdd08cff

SHA1
4225805ad18f854fc2f81cca8944a749720f81e0

SHA256
3ec795451212352394064e380eac15e204a602ac6783f9e43c01f6820d07b7d7

SHA512
7d6cdd26b28688e656f3fde090dba17be5ca0da9c004af45f023c334d26a2f567fb8e1105fe07d2a82b31716bca1a8aa8b3dec4f0a75fcaccf292245d1132d21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
136KB

MD5
db985aaa3c64f10506d96d876e350d47

SHA1
aad4a93575e59643fed7617e2feb893dd763d801

SHA256
234feb9a8a2c759d00a4959506a3b9cb94c772186a2d117aed973347c7ef1891

SHA512
300d0d35ebb9e27d66489ffb3e5502a4dcd3af032fb0f672d4f004e3846fb795772b6938c99dafed6fad0c25da8412d6f6a7b0221eb2540e84527703db5b7073

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
49KB

MD5
4b579b35a33fe99f043280968c562289

SHA1
484b7c0f29591e343779ec840968b9c7a412d156

SHA256
f556f10c066b753e46bf09fa44a8a69090dc7d9623822ede872f58059873b440

SHA512
2ff7e46654275a760f3287a2eebfa88c2e403a654aff395e67355631852f3846f0b1a28dcc1705c5e2e2953014b0f7dfbffc75d45050843aafdec55c4b5e0b66

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
42KB

MD5
281bba49537cf936d1a0df10fb719f63

SHA1
4085ad185c5902afd273e3e92296a4de3dc19edd

SHA256
b78fb569265b01789e7edd88cfe02ecb2c3fee5e1999678255f9b78a3b2cc4e8

SHA512
af988371db77831f76edf95a50b9ddf1e957f0230404c8307914f11211e01cc95c61e0768d55aa4347f24e856d226f7e07ac21c09880e49dbd6346d1760b8bff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
44KB

MD5
d295c40af6fca08f8e0eb5425351f431

SHA1
1d246a1e54b3a1f2428883d8c911af73eddffca6

SHA256
5d225b25d66b30563a00f395476ed701130d3f749620a63531cea09fc537164e

SHA512
9c9f23cb775244eb10f83f964b36224ad2cd5152cfa5ab82928f68ed1cb49be4156f887cc40a857b72efd0833014e4366bf136689a717dd58828a1b195ed486e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
38KB

MD5
ff5eccde83f118cea0224ebbb9dc3179

SHA1
0ad305614c46bdb6b7bb3445c2430e12aecee879

SHA256
13da02ce62b1a388a7c8d6f3bd286fe774ee2b91ac63d281523e80b2a8a063bc

SHA512
03dc88f429dd72d9433605c7c0f5659ad8d72f222da0bb6bf03b46f4a509b17ec2181af5db180c2f6d11c02f39a871c651be82e28fb5859037e1bbf6a7a20f6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
133KB

MD5
f9bf0f65660d23c6f359d22720fc55ae

SHA1
9fa19ab7ea56165e2138c443816c278d5752dd08

SHA256
426ae06cd942849ab48b84c287c760f3701b603ebcc5c9aaa4a89923ef5f058e

SHA512
436019a96e47848533684a34e3c360f516c29b2aa2473d0a05d50c0fd3ad19eac39df2de12b6ec1c6760493efb5abf58e6a54d32080226fa1765983435634d88

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
175KB

MD5
7cf1be7696bf689b97230262eade8ad8

SHA1
8eb128f9e3cf364c2fd380eefaa6397f245a1c82

SHA256
a981989aee5d4479ffadf550d9ecff24a4ac829483e3e55c07da3491f84b12ba

SHA512
7d7c7dc08001079d93ef447122dee49abd2b7a84d1619a055ff3e7ec0009261ab6add018560bfd82ed22b29c1915bfd059f02cd83fed2e15e9af05a5d0654e06

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
20KB

MD5
a073983e44a8e227f7affd4f53fecd60

SHA1
0faa664fa6d01739dfb5926d29a0c1105637aec9

SHA256
123c9b01530e0ef6afa769c38be5168c762884293935e402ffa8d4d98232e9f7

SHA512
ec7627a63f6a92a0279ac733900890a2442e269f5ea97f6d649a52e02049a88efac6a7868346b3535f2915169db39a80d186fce3e1e4f0728f8a5c7a5b2f3338

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
38KB

MD5
71d3e9dc2bcb8e91225ba9fab588c8f2

SHA1
d7e38ee4c245f64b78eb18e6ecd7b9f53b3254a8

SHA256
ae99aaede2f373187a4fe442a2cb0ab9c2945efbab01cf33e01be517c0c4f813

SHA512
deda05ebd575d413aa2277876991ecc2ea238907390753485ba1b487ede2f432363c46daad5f3f240eaaf8d3258150829a3ae3d2d9c420ea59567cfd440361a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
37KB

MD5
3d6549bf2f38372c054eafb93fa358a9

SHA1
e7a50f91c7ec5d5d896b55fa964f57ee47e11a1b

SHA256
8e401b056dc1eb48d44a01407ceb54372bbc44797d3259069ce96a96dfd8c104

SHA512
4bde638a4111b0d056464ce4fd45861208d1669c117e2632768acd620fcd924ab6384b3133e4baf7d537872166eb50ca48899b3909d9dbf2a111a7713322fad4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
156KB

MD5
3b0d96ed8113994f3d139088726cfecd

SHA1
1311abcea5f1922c31ea021c4b681b94aee18b23

SHA256
313818d6b177a70fbe715a5142d6221ac1a1851eff5a9f6df505670ddcd73074

SHA512
3d78c250029069e1850b1e302a6d8a5154f6e7bc5cd58f449b8824ccf418e80dba2d5569a9cff72f51ccc9de140dc91148f93ec4717f4a880e2ba94898fbdb24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
38KB

MD5
7f63813838e283aea62f1a68ef1732c2

SHA1
c855806cb7c3cc1d29546e3e6446732197e25e93

SHA256
440ad8b1449985479bc37265e9912bbf2bf56fe9ffd14709358a8e9c2d5f8e5b

SHA512
aaea9683eb6c4a24107fc0576eb68e9002adb0c58d3b2c88b3f78d833eb24cecdd9ff5c20dabe7438506a44913870a1254416e2c86ec9acbbcc545bf40ea6d48

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

Filesize
107KB

MD5
6116b78da50a95c197f55dba7737e356

SHA1
4a1b8d78d03e3553e6be201baad8e8ae443ccc81

SHA256
1f7be13c35deaa7545aca4524af971f7049600ff11420a0b1433977c319562ac

SHA512
979eea89ea9088a83e81904b98d1c4fcbbff486acc8d2992a6fb1558b4b858efc7c98c075e3459553689382f2d9bbc8a22a2d72c40aeda66746618d324f29e25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

Filesize
47KB

MD5
2b5a35fbd77d40bce698500285e9b2a5

SHA1
d3e59cad582008c83d2850dcc57aa36b5345d16c

SHA256
8fdc4368a527330d4276cd2487da547361ba880790935f2f9602428b7cc3fdb1

SHA512
9972cde48f136140b77690a01a5c112116eb60f8b8f4c46a69529f79aef9af3dc158f9c6d6bfb5a0cb754d9958d1741784e100f29cb3c7cfd336da6829edaa89

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

Filesize
99KB

MD5
3037c0077b941dc351df78fd549ac9fc

SHA1
7aa416ed095359fc1140b5fab3c55754650961bf

SHA256
72994185cb2873448f157cbf8cf0b6230abee6886060fdbf6d814be95e1e92a3

SHA512
27ed138b8cad4f3e1b768714a72c833dad25475ac5619fd74dfbee779683a6500e0b726d53c703d08a13983347a5dd472eafdd674c12857df058c0b775b6f61c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

Filesize
433KB

MD5
c8b8f176d5e6de2b51d7fcf4f507ade7

SHA1
20bee888cce7453c6c289a9b98ff59de6bb9919e

SHA256
d327d6445df871cecbcce76a8fc8a4c1998d82315122222314911e8412acab3c

SHA512
b0bef3531b3437b9b6056dc911b534346440a141e01bb66a4ee28823d1e237e46d8d9b27e89c896c03df164311a086750b25c4f4e78f1954fc02435d280fe764

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

Filesize
32KB

MD5
e7eb40a17f017e7b0651dec263c01ffc

SHA1
26fea5c5c688b2ecf33bb6892c9905159b6d48d9

SHA256
afb8e284cacb33c4d52af3a501a871cf560e4ec94358761743c02f3a21cb1810

SHA512
d7af8ff7adb71dd5ed1620efd913673e108846e02a7775d012825357fa81ab28dde7bce06592256e9f9c2e91ede6a249a7e6bce91a392f6f7ac0b53ac3ca0123

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a

Filesize
186KB

MD5
f564e43a6dcb52b5882e9740afbf33aa

SHA1
8df457f1e4a6564c60d8139df55ad9bcbe077e8d

SHA256
6b7deb8ee87bfbb728226ccba80b82f45c519163b383052c01f18c4ff5acdc45

SHA512
6005f20253d7a6b98e78b5cf89eaa2212d512e2930c15d9a8a4a6f640b6e2fc08cedd525d5e4fccc79ac2670c92465a366f657badae0e1172b4fdc6dad818edb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001c

Filesize
16KB

MD5
7b17bad5654dc2524381f54965dac938

SHA1
7fa82d95ea1070593e70b0ebc112ce48f6bc3b3c

SHA256
a2f7a1315deb8dade48bd46519e407a5e86905548d24239a7462ceb43f64feff

SHA512
b562329686b25128c836b416df235e197c09e17b893ab5a329505f4d952b3febc9b8d5b4ae56933cf98b83a81c55785845256cd017dcbddf68b2b82c91d1312c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d

Filesize
66KB

MD5
4b339905d35b17448a721dac1cca3466

SHA1
f3032fbc027d7c75971bd84056861231ba348125

SHA256
b7bde2feedf998c70f5ce8965e8adc4a78903503d0f532a0b3715002063fc2de

SHA512
55250d7b063a59c639aa5861026eced7042f3fd0f492ecdd861dad7a45fc5b1c78ba71f817a16a6a3c51a23e7d5c913b9b29866e506a1d06589feb4469d911bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001e

Filesize
76KB

MD5
76114b9eeaafb4fcf695f80082b11ebe

SHA1
39c697f2cc881a494a1aa2af562ad226a1499ddb

SHA256
270ce068847eeb1af3742e98e59add932cf4a7f6388db91035a6defef26e7a7b

SHA512
00868b61daa8e955e8bda6ff25fa0d878830dc7df736c9e77478344d941b2895ee1ccc6b3a93b8242a41dcf024bfe218e65d6b3047a7b29d0a6027558b4e1bd6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001f

Filesize
19KB

MD5
6761e695a221a4a95a3d87a32b1fac90

SHA1
464964f7f6f7355d64d6d26b31f8fa42b4f8b413

SHA256
daefa9a8795ea468b4c892568b624b6bc1cd376a4fdffa84b535e1dd71eaf6b5

SHA512
99e50456c44d71886f9f336f2359acb0d0a481d1f9598aa700f9c4afe7ad7449f3bc67f45ba63cf849534ba0d142c74941dbaf21a429f236186ed7a50f50f882

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000020

Filesize
16KB

MD5
bec3b8f5c06dfa085d17f198054e7211

SHA1
fe396fdcaee5aa150c69a58ad0f010613cb5b5fa

SHA256
d8166869ad29eb1a04db811b30dec80789e46791d4720f8b7937eb9bc7d77dee

SHA512
30133bac74951619694cbaededa63bd0550bab2c36e10312eb1acdc1782bfbad50ff5e0d6effd57f4206ef8a617d2ca34151079bda85168393d878f536e87eba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000021

Filesize
23KB

MD5
288dbf9234e955af4b4afa18af3b52f0

SHA1
23ec4efac2d9d8e8bed94df0e06134729b9749bd

SHA256
e6196f2902ab1e073eebbe1c65709eeee6a1b988961f5d2c99e3060d56db718c

SHA512
4399a5ed382b4e2ea6eefb277ed5cc5836212a7698de59372bdc8c8a126e890daf139e90ef57bee955480d679578a360a86b98644f2692157b1b65116b658d52

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022

Filesize
26KB

MD5
0317cf94b0f355898680410bcfa3e960

SHA1
c906c26c3d969a89b5598afad00200845a26cf7a

SHA256
1346db7f69f9d948d8145e985611302cb4b1d1b5cb9825b88bf4e7a253932803

SHA512
955d65a1f84dc20b4d77a7aa15cc5aef9913bf6f2c747eabf80b03784e342a42d96ebe82704812865eaca272af3b1b9e66ace036cd244432fc2c3343a6b68508

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023

Filesize
30KB

MD5
0d71132aeaeb4140eb1002989dae9c52

SHA1
8a71c1a97acb873d2596bcf1c11d3fd69eb9722d

SHA256
a8d268891f2e66ee9a40bb337b553d15369961df9ce20ae06954553cf60f69e7

SHA512
59b7c351e03b66e4fd428e21f2ae07aefc284e361f6f93efaeb9f21045a9c3416be9312ceb4e1c566935e2e4be15daed07d02d922d5896486bbd3626d50ac805

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000024

Filesize
32KB

MD5
0f33ee73dbf7b97e0d56883e5d970ff3

SHA1
e7cb6d33550a173a75a2036d298b6ff1e46de464

SHA256
110b874fc5503aa48473af406bbea7c4b50e9bc407377b5972791ff9c6a22e0c

SHA512
25a29adb8ff687cc0811108549eb04563f148a86a358113c77636475ca47038b9835d1ec0a4b2496055feeef00ed05cba2056ffcc5c97c26a022c809f8a09038

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000025

Filesize
159KB

MD5
eafccb9a916c6e7d9655e6a974429af3

SHA1
6eebb08d25b643dbffa846ffbe18b8b5a2e9ea5e

SHA256
bb0259bdc90368f96f0e86cb6d19e52dea5b15b14f5338cee55df2acb2c804cf

SHA512
cef056f840514b1dc939c54db1af2d444f2a39ea638b6a11f70d7c32b0b1a15137981c7e6650a7a65eb6e5346681fa1b3a0953ddcc96deb15a3743d7fd1c719c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000026

Filesize
46KB

MD5
48efb2f5ff23261fda88699bf5002714

SHA1
a1f5da499ea35d0a0c923dcf605dca09977cc48a

SHA256
527c42b1cbf11d6887b7d6e2443130b891b91baa1213a397938e5f963a706ad5

SHA512
b1a6ccd003632192018fab0bb2819cac8208925cac5fd605e64cb6c5c7e6b222352e2dffc52054cbcfb7ae9789478cfe9f5ca497f9add9269263c2693b9a3672

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000027

Filesize
24KB

MD5
f21d188dcc724973c33764442a477c1b

SHA1
02cf76e52fed1014b67b3dbfe7b049a60596e6ae

SHA256
56dff9c0dfaf863878b091545a4210b65b02eb990c26f914f363cd2e6225f913

SHA512
ef90450b1068cad9d1af5658e1b9a7aa055398788b21974cce6e9d6be3baeca2b8df21d61d7f9b6b8b0ecc36985ff30198012588cd385f58961afeecc132a14f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000028

Filesize
22KB

MD5
3c7757aa04e477cc85e75cc99646f988

SHA1
3f918c1d7c6ed75117b45111b6d6fcc6f4ac6e0b

SHA256
0d1122bf7b42a07df7eaa5f6b6a22d28a066ef1b60936e918bcba5f609ab2b99

SHA512
16a5f9aa7d3a9eebd663825d2323469d81e5dc055881a350bc275041d77472a7b00f667b99fe9613a96ea3d3dc5b742b9108463db8a92f9ef8bfb8e0df792cbb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000029

Filesize
20KB

MD5
3c4677717923d8b4117f884a852fab19

SHA1
e6009918e1579bc54feedb574b462c679a88cb92

SHA256
1a4a8ad78fde69988ea66472fdb21fcdeacfb308e7cbf92b834b84face3450e4

SHA512
c95f9703cfb55858a5a1713cecad0c6812d885092df2b913ce93583cf34c2182f8d6fd491049406f8f91b8917ea2c543e3bc573e2af2123ee550cdf7797b3b26

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002a

Filesize
17KB

MD5
3cd377fa6dece47f9fdaf6340510f71a

SHA1
dad225da4e869109025fe8057532b2902fc3c407

SHA256
6110c8ccda6c15ba90208d9aef63d148d42d5f54a98b8889c986e0d7fcd5337a

SHA512
7bc19626e7dd866e6c19d7e723bc12cc3f9a1bf89e07303c99eb5496b4dbb3f09182cd7e39fde5a4997ee7735865a28e5243931bb1ffce866f361eb0704f334a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002b

Filesize
30KB

MD5
4a0afffe3e0dda5d14052dcc65e8fecf

SHA1
93a3de429312cf0d41c0b8183c61ba76a9211643

SHA256
d2f98b203678f55b56530a18d511179988f4421fd6c3220127887c9341271cd2

SHA512
69b70bd9610479252d120003ac8018fb686e7513d0f825c61cecac62074e7d38456befb0ce03b185c7fc4d10f078e3fce1a0e74ae97b3a4d5192a607b6bec351

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002c

Filesize
34KB

MD5
cde29df4b491218f3933813db6267707

SHA1
3464155eb8e8f4111470f31184a91533eef719b7

SHA256
2d943a96811efc1bb6a1ec1984b410a12a41858a2796ccd03c5fee09b10a0ebe

SHA512
7385711b8fb34c35ab7da7c1a3d2b2043eea57aec110b2c77797b02e6c9ecbe3d97f4ed4dfd243b48854ce938257865b7a6e7b16e8c66eab2a2d8b57c5fe5335

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002d

Filesize
34KB

MD5
e52a34ea87dd404d2923ee9a4faa2f31

SHA1
f2303ed75fb24e75af4803378c9cd498c24dd4dd

SHA256
4d220a4bda24e259ace50ada626945d5da30b8dc6b03561f80b80929a0077f8a

SHA512
07acd615a4612b77cb8518554d545d36ccf5f427ca16a8413141e58855610e1636dae6af17facbaaf8d848b13252226ffa0e272b6b269fdf84b404cd36ed82ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002e

Filesize
72KB

MD5
277e410c1961de9dad9da9fe9069ea5e

SHA1
7664d7c85b13a1a4aae47962706118806c92566a

SHA256
f6383765d816f2fadb17162847992d4e3343956a060b34a0e98ce3a658299d0a

SHA512
3a563cac6aebc39d93ea74eeb1e6e7fbca7f363f1dbab986f345acb97ae4c3232de80d8ebcb6d6da1eb39e56eec1392eba9bc4b0efadeae696919f4e6c19919b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002f

Filesize
212KB

MD5
4c0e4a7bbac1450c64ef04eba6549d14

SHA1
f441c19ab3fd237ebf2d8883734c7ddf15fa72ef

SHA256
68badc2722903bf28efd45908bdd0eafe2b988b3b107901ed5d2c98bb6516537

SHA512
5007f2a6fefedceec0a341a67cc93bab00afb5c69842880256290e42c6cc42dbf0fd78892a1fedb4c246576360d38bff0a7aa792b046d9dd970db52d66977b5d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000030

Filesize
97KB

MD5
20767d96b606fb87c352333a3ba62635

SHA1
b85399f205bc428db1bc491cf7c1084aaaf5f621

SHA256
256ed0862b27ee0e388dff89ac691521cfdcdbf39e25ede4022ffdcca61b58be

SHA512
caedde5703daf5ef8b6f92f71150bd54e8643910d4bdf573eb3bbb23fdc14618d4ddab842bead131cf84726264e11f123ace5a08f04de21e5e880954d7ee9088

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000031

Filesize
240KB

MD5
109d91d4299020acbbec9ef7560032e1

SHA1
f5998e01674a49e21f453cfa6b87a5301bab476f

SHA256
a55bf685429a27c834fdefe2f0665bb899836d582c466f279e656c9de01f15f9

SHA512
83997a20b5d5c14ad026d7dc5cd44ac5164a221d4b5f6b36b0358f49a41155729dccc3abab42ec00b0f846cb3f236996504fd8657cf546ad4c4cd3079f1ccc48

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000032

Filesize
248KB

MD5
55b26f8ed4d85c93560ac9422f116a47

SHA1
40f042cc7677ae17cf05ee54121871ea59f67aea

SHA256
d2bbe9c519f79268ea61f510505f67d4d7d35bcab652f816007f1e607b3a998e

SHA512
87c77d26f77ba46c98fdeb948aefec58502949f74b446c731d0f970dd2bfceb061059c1a7dc07e2c87e8f352e2b316c74325a6c572ca44310d0112262684c1e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000033

Filesize
19KB

MD5
ae7d16bb2eea76b9b9977db0fad66658

SHA1
4c058e3962a59788b413f7d6be3ec59a2c4078fb

SHA256
1e7f6ea1298758403297e8f9049b072db59dceb3518186164ffc16550c5c5ac3

SHA512
177f7ab63e2f8e185b4d4efd0bd9d15963fe316701219a6127f1d68a72bfc130eb1e46bfc1f213a06299328864778ecd9ca0718eb3c2acc45abb22c74e2ea6b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000034

Filesize
39KB

MD5
f5aba5511523dcae97748a1b35bbffe8

SHA1
cc89cd152b4e036ccc2ff1b80d17fe4fe7e678cc

SHA256
80ea5f1aabbe41c65a0352b56d2be8c409d44b8ab475a14997b7d9986de0029b

SHA512
6fa08d14177558a5af176a4698fcdad42111b1d83423ca200257a71eaaebcc38a9ec777dcca7c7612d11c40c51bf6f5df0ec28c2c63c187b13fb4fd4247e87b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000035

Filesize
29KB

MD5
540ae57d114a1053b4c210220911d635

SHA1
0dda4fe29c1fbc65046e966594d95751cf768ae3

SHA256
dd18716c7fd5b81f5b4a801947a2df2477137783c10de76d8fd6ad86511cbadf

SHA512
ad316aeba448a93bdfb5595ae6f1645b6749acdc0beb70b90d0fd40ef7380c0db7e4f6f4dc17532106b69e01c8ce0e43416f44a2f833d4780a7b47de8c4259fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000038

Filesize
19KB

MD5
2227a244ca78dc817e80e78e42e231d7

SHA1
56caeba318e983c74838795fb3c4d9ac0fb4b336

SHA256
e9d7b93bae57eebd7019ac0f5f82bac734b7ac3534d1fa9bdba6b1fc2f093a24

SHA512
624cc23d4a18185ae96941cf8a35d342e048476b0384f0595ec1f273e19163ca49b17b14760628eb9da9a5f5519d4671544669fb08985c4945faf663faf92e12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000039

Filesize
47KB

MD5
0d89f546ebdd5c3eaa275ff1f898174a

SHA1
339ab928a1a5699b3b0c74087baa3ea08ecd59f5

SHA256
939eb90252495d3af66d9ec34c799a5f1b0fc10422a150cf57fc0cd302865a3e

SHA512
26edc1659325b1c5cf6e3f3cd9a38cd696f67c4a7c2d91a5839e8dcbb64c4f8e9ce3222e0f69d860d088c4be01b69da676bdc4517de141f8b551774909c30690

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003a

Filesize
62KB

MD5
c3c0eb5e044497577bec91b5970f6d30

SHA1
d833f81cf21f68d43ba64a6c28892945adc317a6

SHA256
eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb

SHA512
83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003b

Filesize
67KB

MD5
fb2f02c107cee2b4f2286d528d23b94e

SHA1
d76d6b684b7cfbe340e61734a7c197cc672b1af3

SHA256
925dd883d5a2eb44cf1f75e8d71346b98f14c4412a0ea0c350672384a0e83e7a

SHA512
be51d371b79f4cc1f860706207d5978d18660bf1dc0ca6706d43ca0375843ec924aa4a8ed44867661a77e3ec85e278c559ab6f6946cba4f43daf3854b838bb82

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003c

Filesize
63KB

MD5
710d7637cc7e21b62fd3efe6aba1fd27

SHA1
8645d6b137064c7b38e10c736724e17787db6cf3

SHA256
c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b

SHA512
19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003d

Filesize
19KB

MD5
76a3f1e9a452564e0f8dce6c0ee111e8

SHA1
11c3d925cbc1a52d53584fd8606f8f713aa59114

SHA256
381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c

SHA512
a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003e

Filesize
25KB

MD5
cd74fa4f0944963c0908611fed565d9b

SHA1
c18033d8679d742e2aab1d6c88c28bd8f8a9e10d

SHA256
e432edfafbd52fcdbd59ef74892aa2e2ab19df6647ae723b368fca529066a804

SHA512
b526216bdbc73a97db41edbec6fdfd09b7b4ae149d415fb5811dde03ad4b1b0247950abd78fef807ae47674ab1b56ff0b971fa5e305b26bc92dc07871313b750

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000c9

Filesize
27KB

MD5
f9f5c08532746eb8dbb651c04f4377bf

SHA1
0ed6b5e1348becd4ca048e482ed6dc6583ecfcb6

SHA256
6c0fd820c15009c6fcc97301ccd217d783e43a8e5425b6d91f43fce3b95f3bcf

SHA512
43b78872700d9287bc6efc4d339fbfe022659cd8af69d4c40ab529ce5114fa3882e44d28d60e24bb8080c4d99cf110b9819ecfa758e2986aeff0fa4562f3a62b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000cb

Filesize
36KB

MD5
6d08ff4f36771456b447137905151406

SHA1
8eee103d7f57667fcb71afc516d291cc6bca9661

SHA256
d93fb092d54627b08e5374c7215c392ab8cd5502c4f5e8666a5f63ecbf731292

SHA512
14c4aed7452ce89efe8063092f72d16355998bcdad4c09fcc69ebdc579688f88500b4c6d4f04c3f43be0a2972db1c02c8dbc70bf04f01b642f58102beeec6a7e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000cd

Filesize
16KB

MD5
9c6b5ce6b3452e98573e6409c34dd73c

SHA1
de607fadef62e36945a409a838eb8fc36d819b42

SHA256
cd729039a1b314b25ea94b5c45c8d575d3387f7df83f98c233614bf09484a1fc

SHA512
4cfd6cc6e7af1e1c300a363a9be2c973d1797d2cd9b9009d9e1389b418dde76f5f976a6b4c2bf7ad075d784b5459f46420677370d72a0aaacd0bd477b251b8d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000d2

Filesize
20KB

MD5
ea35549990f54b349e6508f4f4cac0e0

SHA1
8efdec385374e1a3b51bfd29c3cc9315e7dc2df7

SHA256
4a1c17a1326271540f84968f43e9f55f936ae9085e99a6d06592a53f98aeff2f

SHA512
67c956058c45810b4d06f4c3f2974c3b264289be435a06ca219df51cd51f9e25bbdf1db42c20d9f435f1689431b5106c21dff8a400ed6263a6b102dfb51ba7ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000da

Filesize
68KB

MD5
02aab3e961e2938c020e34517324fc23

SHA1
2b293a8d9076405874b5b43cb0c97bee75548e02

SHA256
6cab3741fa18362802d95dd7d1fd49b53ffc4972a8f52f5d6aff41e5b33cfa19

SHA512
e181f591fd83a7d19d868e72a4bf122bd2e18ba3e95cdfc566e3762f41f3e41c4914101461a91722c8ab39325fb075cbaa74bbc08d1409d89847ce492135e36c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000102

Filesize
71KB

MD5
86d2e26b2c835279db04949f235924c6

SHA1
8f0a4d081c9350fb06bf903bbbac0f38bde2e742

SHA256
18ab49f1eda065e24115e65e33cfad6bc4c2dd283dd38c0bea6f5d9775cfb2b5

SHA512
38333126183867afc55345a0f2c46d0ab9594343de7491aa0930db75b7632da64782290d571d4ed71c98e6d8eed5542bddab51459cb03cdb33bfdfd32979ba32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00014e

Filesize
67KB

MD5
05cb4b9f101e025994f9686f3999fd43

SHA1
7450f129ea39792645b56de215eaab1d91182fbe

SHA256
07fba84e209fffc2a8eea1a88ec8c77cc92644c9050b7669b212bf1db30663b3

SHA512
9fbf0e99a1f19b362d9e7e31dc0b6f0d49177cea922d9d6acbc1b5a84d1bfce40c3a07e123b5b47ed9a531befc9a2372be3393502b5f00221d74ae23fe80efeb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0001d5

Filesize
215KB

MD5
e579aca9a74ae76669750d8879e16bf3

SHA1
0b8f462b46ec2b2dbaa728bea79d611411bae752

SHA256
6e51c7866705bf0098febfaf05cf4652f96e69ac806c837bfb1199b6e21e6aaf

SHA512
df22f1dff74631bc14433499d1f61609de71e425410067fd08ec193d100b70d98672228906081c309a06bcba03c097ace885240a3ce71e0da4fdb8a022fc9640

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
5KB

MD5
8f4c9ac1c76753b79ca9766efc008639

SHA1
9c2b33f88c6f113fb11753055619f529419b9665

SHA256
9e8d12e8534d0e62b3463420e39c31921bb7258e3fa2ce2488be292d64ac4b58

SHA512
3ee7545a0506601ba0d10926fa9dc2b491e17dcdf650006561c4e133029a1e77a928b356653edb1ad0c9ce93ffaf6334333a9ed5ed369c0db4352110b20b38cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
18KB

MD5
8dfcd8725ec5a57012a65b256d6b194b

SHA1
1b9f5ba9384715b251d8c792804accdaeb9dc27e

SHA256
b3e5f02a93386d0425d9806d88fb0084d1fb8014c23dcc029f5017d743ef75bc

SHA512
3a5b9a8888df1aace29991c167f40c86bc8f3734e7f1131b7fef18e968c9fd635f761710526ed360660f5c97167d7cf361e1151c3fce61c40699734bdc31a015

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
0ee5fef38afb24a1fe24d709e51f2463

SHA1
01f99f7bba9e4f3f1f37f4f550cf71c98f6da5d1

SHA256
29dfebe394680f1d197fc4408912747c46e484573f4b663636079286ef46d89e

SHA512
a7467e2337e2d93c288a19fb436850be5ff72622b8e99d996e643d3578045650aa03244ea07e4606160cc5071d6158dacf1ea9d3d191f7245b5cdc6d92928f06

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
16KB

MD5
33a2fe2b44a3e901821cf9b14275406f

SHA1
d13aa5d1f93231badac2eb2075b6ba92bda4b120

SHA256
ef3ec3a5887d409fc20d04f535ceccfc7e6cb05fc39962dc8dddbe27ccc71735

SHA512
9b55e6f4c6461b099c2f10f633ba5d6e52d9185e01b7b2726eb97759cacffdf8f20647856aa55d11b5bc26885f13a75699f53c8808e73170c17a119315d81f90

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
16KB

MD5
7d66937bff3ebea4ce05542adc13e615

SHA1
6d5137d2af62f0d42f4421c3faae51be4c34cac7

SHA256
9a166862a4a1317e0c5c915165d94f92054dba4a139ee8fb17d9bfd75be14454

SHA512
9d03cfeeec1b45aded4c2e38d989cf6aabab0f858c7ad5e821098c033fee4cc2f4dcf00d2159c58add71a402146700eef229758a33ec67a4ae3a52f1f9d5e984

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
16KB

MD5
f6360a6ab55801eecd1a613f4ccf3c97

SHA1
eb0681f2789e829e8ca4827f933eee8f755d9f30

SHA256
607fea932a05f45a053f527d202d439b1ed8ae1d4cfc11a0ea6ef094e64951c5

SHA512
ffaad8d1f533ecd29ad500509bb2269c58ab1332fc74ee2bbb9ff738efc1371ba549b6433cf859cc7efa006c7ff3811deac894cb6665a06dc6d3f29cb12a31c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
15KB

MD5
63d88f07b5a73d538a5f21326e5b7c1b

SHA1
b0f9efb30c0e11a029e5702de965152498607e69

SHA256
842b22c4b81647c57f54e6360ca99d8bcffad3edc575792d0b4c3c8b3b1d82b1

SHA512
d025f166af7e9e002c90df67136201af16b5d388ddfbece232caf623da67fbbab990e2bf62ef6ba882842d3fe49131b1ca42f282094ccc21012f3a17ccd2dc72

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
16KB

MD5
6131ed56a233ddcc71a6a198c005ecf9

SHA1
fb1467688f03a8e13371d5f89bb2cbd0f450a7ce

SHA256
261da5f9b008b626b11b4a3eaf3a27c59416cb70c023152c0eea61bd639e5c15

SHA512
b8ff1cc46fa3243981dc36ad477b2673c592aa2863c92541342a264a6d528a496b9659716b8f621c502669c9dfb2ea32e46f40dee3845e608673ba6f79e3be94

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
16KB

MD5
02b3d87b249c404220b7a32f88cecb2f

SHA1
5341acddb2584e2e728e250f49ec915de2ca0b79

SHA256
47bc604d565dc602a596059e538cc683c2a1fc60ad71eb168101357e48ba643e

SHA512
e3e2351fcab8196eef4cad0f05987d3614ae9f28b5c8cd41f879c6c8e7ca62bd3215ae3dbe5850423808be56bd17d450e0358912cd0a4afcf6f5f57901e06133

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
a336a1069f7bf5a5630994036a1f0eb2

SHA1
f3ee382d36afd4c1c0138a01ce44c199cabcc737

SHA256
b9d4d0a1703eef0671d6e754e6b07ae0dd6e5e67c20595870b61524115cd8b90

SHA512
adb2a524fe8425f2d4b575da3a75587de65a5af1a61378a5942661785f2b57515f9671354ae10ab55a1af9c903ad7f1b13927cf26ec1ff193e34d758845f0106

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
2a3a1e253b026d70eebd3696758dbc44

SHA1
d7de0a568f2fb47dfe1f07cd4df98b3146d0a996

SHA256
63d9cd0515bdc8b2678b1736adf740c06fd2789cf30253392fe4c775d3dbbfc0

SHA512
623faf7430b44ba5f999bcb5637a3643b1dbef1be22d1eb13403d2961f7da9484f0dee5d7cfabca2545307c91ed1cecaf937a5efafb4b1f4f1f709d0f1eb4ea0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
15KB

MD5
9b4f430c6e8c6ef7c89fcb9ea0c61fc1

SHA1
03c8c345bcb1ae0ee51e8a6339d80a21921a5eb1

SHA256
c9541de37bdf405b8d949cfebe3f07e12b144ae726e8b063f07d4015f311a758

SHA512
84df5b3b8dc24b2787b94056ededfe613d6f7d0007d541a37bf130eb8d1e7b38757c0635dd47d4588834472692e2dde1f364d3fe95d97cd79ecc46531840c076

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
18KB

MD5
bb1189fcb5603fdb6962dd47c73b5a67

SHA1
0b438e6d693f9552a4ac116570820a4af3158f84

SHA256
0f0740772380ff468ba21193768af7e3311f9dfe7383b76e84f6de709d25d61c

SHA512
95dd2873cc82ad2050590e3bfa770b4498c6aa14c3e7fa0b33321f733d20da6cb529adcd83a28d10ab4ed90e6bfd15b3984b0f0fd78da88235340b7b47b7fae9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_outlook.live.com_0.indexeddb.leveldb\LOG.old

Filesize
1KB

MD5
4072a0f904266f3a64d24fa59ed685fe

SHA1
2ae4ba9960dc04c8ca6b46c2a424838d3a3f9ad1

SHA256
8c7ce08b91454fe7717a4465ab45817ae16a13f08fd752fd6ceb2412b78e2720

SHA512
1b283c6ee267909533d24aa28f39b9301259b28431f5d7b45ba17a91f4a911f470f10660878cd3947663251c72b0e071e0f242c48fd39780bce21024243b8b12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_outlook.live.com_0.indexeddb.leveldb\LOG.old~RFe5f62e9.TMP

Filesize
676B

MD5
b0dcba6b55b33f23edd18e388432811f

SHA1
92199de64460a7156ddfc9f46b1f1acbfb6abfbd

SHA256
41774087d1c33ed5bc48d1a5c688b04794f45435cbaaf82c27240e1142e14936

SHA512
cb0c43b14b81fb8ce9fd74f2fcfe62c7d23f38e2417155d7a106fe1f5c1a0426afa72c3d2d41ba916a3138bc4239956b7abd4c374a5f25e60b3e39caea17f58d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
836B

MD5
9e38ea1e3bfe1697b8a9eb12f821a44a

SHA1
4d4088d8bbf817aa23c737f36b9fce0525950761

SHA256
df3ff54e135455b8f7925d9f0f6aea3cec4df9e169d4a7e2959009f5190c5a8b

SHA512
7b5b377d71afb052ba592db40aed3327651eb259126aca28aabb75e929ce3bf784b0ff55af8a3de9effaad031a72ccd0940e36b873370c4fda88b8da55eb76ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
eb9752a363ffb812beb07c46c652cb4f

SHA1
707e349555f4ba5de391893d2a3442fdaceb703e

SHA256
c38ae43de3312bdac4fb205b5464562826c0d8ccd0115c299fb392c8498045d5

SHA512
0d6be445b8a4c33e94b995477361ec5e01779ff7089ba224c0e5ffbcd685afe8daf1595f40f5810362ffe2a877dfeba01df5aa4a30d0cd80b2061578c6c30da3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
585dc561769f947d2a3b2e0169667eed

SHA1
dd0b46f3adfa7714bc15b3c5670d237140ec4093

SHA256
e31dfdcbd112f9140d99c2435e3f2b8868fc74ce9e3661f57e0f9b9987625f28

SHA512
0df84eb8a603224c753072a1dee09baa9249d5304a383a8364655d92187eabcc3829bd9dcee18e4a73fe6d4b99b7a1c48fbeacd1e6ed94cc3796c2b2ca40e153

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
521f9973021fbaf894f8eb8f3e779127

SHA1
37212d396702b28c544a3fd0aa0110d43f034039

SHA256
f57a9faf18dc94f5ec5aeb1d8a45bbcd2aa01f50c8ec8703e315104e448ec505

SHA512
a0d6ee23c22ae1ba0f5611048cc98342c7d910d9c73111da92246f5ca4dc259c8973dc448c4a797d4f912f5b84076f3b09cb54de113eaa540254b0ec47ca9631

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
6KB

MD5
1501e12b32460a01498d51a31440b0c1

SHA1
a163b918ac720b5c5fe75acbeea29d489890c006

SHA256
b93f586503bf7f6712986b335e8feef32a52cb6fe7dbac0d8c75cb2412c9985e

SHA512
a637bbfa60e69aba359917ac1d9db761580232df328ca3bf21d88b0e564588d075eb9f2a0d7d35f378bb0bf87daf5387b78af36f7f3e73a9efb280d66ac142a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
8KB

MD5
a86852869e7b7d06927b096677de2af2

SHA1
4e27cb749dea0384baae70abf75bbfa62e07eb7d

SHA256
d524135807222fa0d18c1e98b03bdc63f03ac0263b4b50c1db00e374b42124a0

SHA512
44453b7b14da1fe0249b7a700379c34dd6de5ea2516f4568d1bf3530562d3c4f76bdfc44fa3315fe5b8350ac09a670c2ac218ed155a61990f25a289b75b79640

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
8KB

MD5
8ef7168e57174bff7742e4c272cda2bb

SHA1
cc696f182d257711c6d0cc4ce0573e505e53a91d

SHA256
56bc28a8708235b30b31a02bbfc017c196049267ecc147f2aa3c93d80db8b3e2

SHA512
d6876a18543e86848a21807ba8b0762e2d86f8a5632b2b74779af5920d667ca57a439d349281c07e902ed64d6fcb97f3694984bd5e2facd6357873d8642ff96c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
8KB

MD5
e2d74bc9f14ec0ea3c4f18462793283e

SHA1
d613cf8e754e6c0476232d60183f2c90fd860e89

SHA256
2ed6b65d661733e0d59c23f5f74a874a5060e053badb5123bef20f6e27a290cb

SHA512
fb1dc40bf2a7a4d8b82cba151d706f35bca3d830a641745ff106918245d550f33089f307bdd8616a505b82337f69cb4694e9de7151c0da94847f551465dad479

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
26KB

MD5
806997a9ec12a27171dcb86b23c612a2

SHA1
45bb87bcb450a1f6fcebbf1b2e19952c3c4671fa

SHA256
321801112be69e5d2e9a322f7b32f3c5481b6e0da111b092130efa3519d38866

SHA512
e5aeea696276b8b63b20035b612105f3814af6f7a063d73de581c4bf6a54bcefbf00dfe8bf72d858c31d02b3d8ef9f8d5c893f5934b535c8437bd3c45fbc4d24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4df9f570a30fedc52928dbf600215f08

SHA1
fc16608f9151ef15bcba02625adf96e30619d943

SHA256
27a6f366ae3e7008abacdf5574d23733b856c2bc9b3389e282be25130ee27368

SHA512
1738749665a4a5c9e09f361e3112cf5129dc745430fd8cf32837111448be3a807eac26756cde1cb9946ad0b4d5ca8a367322e4deceea045e668ab98d10f2f35e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
e0721e7c028831407bd8cdfba8b352f9

SHA1
e000fd23aa8121c3c9a1bac771f1790f9edfcb50

SHA256
58f8b488e1877363510ac0b15a82efd8b856980f98d20ede57e67813d1305cb5

SHA512
68aeddb1239ea74898db0bfe23846d28e834432bce0d0613fa9fb27e48bea03463d963006fb53c84d872d552df90a0b4bc741a58b4ec21208c59afb1288c5dfd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3e97cc8adda120ed39abcd94d67210c7

SHA1
abc94f8d8d7ef41f7d508a2882aefe495d2895f3

SHA256
50940f72090ad309a4490955ba8f4e5c3983434eda73b33d14dd811f1641afa2

SHA512
87548a7e41a98dcbb502c282f0de7cd31510df07cebf59533688b7f5ecac5bd6f0a29298cbb4f28a2174cd1d7fda25a249f2bd450f669c95d5616acd369722c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
350ff109a5baca96f76f0ff6070f9ffb

SHA1
3781dae9b8952cfcaa7562dacf05734b38545d07

SHA256
3b9b7b6fc6faf688cbcaf0b5ee8eca9ac5fc22dc7d092f3418fd4955e7f98bfd

SHA512
f42f2605b4368dac2d8d6782b7d2f3be3a20d922fb28381799c1a1ef8662cd5e88099d8b4b7d65bd0962beae11af2bdd4a2e34705f6ffe2ea5fb8b0acf1f2329

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
fbb6bd13074a250b6ac80f573fd39b2b

SHA1
1dd5811e8a84aa75f6c05b78b8938a7714cefe9a

SHA256
846790051a76569cb5ffb2e8c4ca30d48c06dff822d8723fad47b6c2072e7ad8

SHA512
8d7b7b7fac61c959ce75f856cd5e7f681d56be6879df8d354054ce1a4a6d58a50b3850088ba4476a4d831e5fc24b39ca00a14ad49f059f320217d2f2a2ab0220

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
a21d52a42b6de5430a5479a8f154ba5b

SHA1
5d642da62741d0faa2574c18f6ec1e2bbaff1298

SHA256
7f973f5e3738cef42135fbc81f114f6d90d093026fc0dc97b36a86cdb2cf0e94

SHA512
344feacf8fdf8b42808a3416e0732c44f4c8d269bacadf3973b787e5cb2d816120abf03db079b0f5f6f1dcc586434b0153556caa736a6934d6e306cb8f68aaf7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
ad2ba9951942cdf1c299abb5012cc560

SHA1
d45847a747e11312f3d55bf7cb1b6f90fb56ac69

SHA256
fd213e7ef26ef0720b179e101d5df27fb0b0ad06fb2c04c7bd36c1dc21ed0778

SHA512
62be327ba851a1e59d9386d72d5f85e6bc5a3d9ac759947802e7142dc3b8b86a4bc4c408de9423fbe123bf3db5686e8bc0b30c0d5ddb0319ffecad65abd9132d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
5aafbfbaa4223e49056319e62ac43b91

SHA1
85a7e92fc5a8dbed6008e99e2cad54100c3f2192

SHA256
263bb5571cc6caa778992a867143342221ee431dab66188f4a06e9db01db3414

SHA512
4c99298d4ca91c1f6b3ac5fd8eafddf60e370a6a1a631e6130e8322298d7d333fc42f7cdb06ebd921bdda93d42bf1ffc2096a884ad2a9dc128f30451243fcf0b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
8ae0d51b38f1db60023e56d406048eb6

SHA1
893561bacdffe00d5edf2fd3b6f9c00056206a34

SHA256
1281e165962deb0902c0c3ce20cc914ee672cbf70d8dbd115dd82b80cf86903f

SHA512
c3db4a6a4a2935ab74c862f70fc286897b027a399029a5b4fa58891196bee87b779f3163802664562fdbb63d5e54cf544f970ad0885e70c06f1e7fc09a2408a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
c61fa90e1cfd75ea3156340008b7269c

SHA1
8eae0e4b7139beb1e1ca1480cec04822b01a1c3c

SHA256
4b9b3329da0fc3a4e8babbbb34b680d7585222a83f5c7c441955d319fbbcf5b2

SHA512
53ef47fc3006a226d863d4665e1dbab0abd47ba4b6730eb597ae11733011945e65079ed14dfc2e46ddcb09ba069067298f4f0e756b191fd0200a5b26b672a80c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
14KB

MD5
64e85e818ffcfa564cf2f9d0c04283f2

SHA1
743376a544e08fbeee2d5df2c75b14d126ade940

SHA256
718caced0e2704671355c01b61a5cfea20dce051ff0ac80a371a6fb8a1ca71fa

SHA512
06db4d210777fdc39f36d5d91ac36d3ba22a738c4d6dea664ab6955d2759cdd09e8a8c7b1e2510275b9ef8cb06f825d02d96b78774f0fde79b979f10f844887f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
15KB

MD5
4df54efb066ec2c9ec077af9847195cf

SHA1
1c56f2191df548a3eeaaaa0b6bb79aacd7e08e95

SHA256
39b787a10dfc0cda936ca498930bcfaf30aa2852464b300e23265167d0b4a0e5

SHA512
82517b81bd3180a28e5c72f542dd2b9521b0e006bf889b22375f90d573ddd5c1e885ed06a99bce6d60229e722e18e213e1bf7a93e84f47a29fd39202cdbb66c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
22KB

MD5
6460a171b5a4980ff60fd4b4b330ab22

SHA1
88552f1e64058a3f1534676388f25d77f8b7bc24

SHA256
5c81dbd7236796b939a39bf47cdbe59574f1572d358a101fdc05d297c262ed19

SHA512
ee32a69471ff8dec21c101a6eb4996632d526da7291f349b26f529a1ee44e082b0929806cc8a9304a351ce3d11de518e0d1904e3321b10efd1dcec5fb5796228

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
243e72afa096f59b461fb445dc836127

SHA1
3415a4878abcd78a06e873a0db06d2dc64098f03

SHA256
2034286dcecb8730a02390a45eecbe29d173bdc5b3f934a0466ae74f14b0b789

SHA512
981a1d84409de161654a41534fc23faad279cb9919ed77f4ee3772fe27cffb221857a1d6ad8aea66a5e326a43152ba41e35f2f01f2aca93ee7eaf724581f5593

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
d32ae28824759c4dbbc0896a39bf7e6d

SHA1
82839297a2bfe3730619b0aab49543fb69c5ce5c

SHA256
b1e1af798f9e708670d1d209bc460b42b22143eb7ec38923e95247bb097dfdf6

SHA512
a2db7f3082ff9cdc7084d350689014e05426422773e528ead978ad8b3a075bbaabcf7028d0da62c1fa0048754184c0aa201a740bfcaf401141f8a52d7bfbb8f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
4838c2d149e176afe63cc6dc62001f15

SHA1
2823f552d0e64b374609f364d068e0041283e131

SHA256
ae1f6b2f5c0f4d6d22d6dd7fe5fda6e4699a619238f8c358c3ba02ba8d9296fe

SHA512
656eb89329f09bd0b4dd201113f9df1c5577d5a2d0c0bda32f882eee56175a1e517a16ba59c9a6f6d0ec7ea20c138a521f59ab3ba03be46c39b751a1cdea98f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
14KB

MD5
6e77d33da2f13aa4f319264710681f91

SHA1
8058f7c4d44cff4f6ecd9a063d39dc9d36151e9a

SHA256
ef8190da1a14c9a22b8c6ba7b8ba862b1c9d4f17c3a1e37d3d9b96a7d9e28236

SHA512
a5142752707b9b090fb27edcacda52d55fe617d3b90ac433eb711fa3efa619431620bcd587649135838a42a8cac66058e998e9579b618c0d821c459fd68ba464

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
14KB

MD5
dc7b645b18f3e4f09fc7f146b5861597

SHA1
2ef4140f59dade2ae80509b3c0163238cfa3b5b7

SHA256
c57304d403d6d9cafe248e14f04a236b7d538634780fc8b30392b482e0550281

SHA512
dbcec8ea105a69caea50d11ed2221e4791e3d962d7f4d84e727c811da32d937bdff2401c1bf5f42b6436c4c1aff5408dbb0f580d5d0ee1a47dabc3b6dbfd1eef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
14KB

MD5
94d4ddee34fd9d60b88b584bd8d416b3

SHA1
2a9ae34f9aa460470cb4a55760f6744cee4586e5

SHA256
1dce721fc6947a81dfc0a0dd4cd31efd3a4dcd112988569a8ce24462a1520de1

SHA512
406a9c85d6222f7b13340a794d860d7ee3a13e1092ca01ca07841b0f883df6e4e74728714b630c63ce7dd240329bcd24380cd708f5093bdfd30ba204831f9cb9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
23KB

MD5
f8382546b0c99e9179e75e831783713a

SHA1
39d14947d515897e02738edef540587ebe52f2b3

SHA256
66e33e4b8a8d45bc4ea1ab02352758fb90602f703a01a9539bd7296d1b755bdc

SHA512
329e471a45419534088e027aa3a38e0a660a2384e60b9a903b735bd8a63a6546c78149ca615d7fefb43fcfadf2d89a40f610fca353afb1f115f291130518459d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
4ee616d4a1dd1f2a984a21e2240ffdc7

SHA1
5ad8d908bbdb3197b0e01de2a765a6242df3dfd4

SHA256
2d6bd09ecddbf86f2c3213c5939ddade72f5abefaae22cdbc7a6414e9144d56b

SHA512
2d6738ab521d949db3f777a7e56c1dc84ac31baba487f7c9cd48381d97ed5b279f32d56eb0830cfec52bf1f851e83f7c388f31492a2371501fed0b39857c9314

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
10f57cc4461e7e92dfba7cd9f533e71b

SHA1
7db38a774eafdde632056ba18bd15351aff18928

SHA256
feccea46a7a94c079ccca72a9de9bfec333e0352cc5a124d2a52dc305965266c

SHA512
316380e67dbe34b625ef26b10be6a5dedb72fab094f1115225fd37fad20a87cf9e309b74522580d5968c4717fa278d464f133b7bf55f3c9aa8b21d6948a3f546

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
23KB

MD5
cb15c410873f6c504add4aa0ce07c77c

SHA1
84bcd6e9654205ea7b0e324c3555cbb8112031c0

SHA256
ebe63232dfe099ca59991756bbd6580a21ac3c8f5c534085ee9bce6c95098a65

SHA512
b9a5308961f039bf7311d88b6886d5c7a6c7dd8a08d6ec3ec83ae29bdb4b32e305be6e451e9c18d60aeaf476264a6e33268eed0636efbefb704b511489e711ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
dac65357b34ad730de6897f15a27ba49

SHA1
1fbd72f6f1fbed069a10e8d5fcdfc74fae33afbc

SHA256
601c4c6954549eeaadb36ff98d33cd0992a59b821353d8cb4279dfad32ab3881

SHA512
2af36f5b580bafc057c5a32f9312837a80049976f5f5fec93edb0afd1dfd6c8f3d1e5cb1196260c080101d6d571a0500406239eadf74edbed912dbe66bc17119

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
14KB

MD5
fc4202bc62adffbceb03a6e09132f032

SHA1
580917d6a7b0cad4495710416c945e83183555a5

SHA256
61e18d6a162293c0df5ddacf9f2add15b7eaa4f0d91912b89ffe59e972724f1e

SHA512
f8f177edcffce8c4d561b8aa4e2b0e445f3a8a0cd51d99904e7a44cfcdebee9ed321d5a4fc39db1ecba978eb1c8798a64a8ec0543cb3091082d8c8f5b0264c63

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
a9aad1ae3b2e806808c6a463510c5e3d

SHA1
3bea82362771831eec04c2a08c8d39e9dfe690b5

SHA256
27a15f9da26e1c3d00342a1df32ae37e6b9d3d3ae27bae03ba1b068f779059c3

SHA512
1b93c8702e9f04afe4715b9e8a842f9e7b407795f99898471d941fa37c46551471f212ac3a3d49504937d9df846e315a89c273fd8c2ad4fb716f71a33b8deff0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
ca659eecf7cd9d4028235edf8d8a33a3

SHA1
9189a9ae07f2d55d0e591949f1daf96a3057056c

SHA256
3dd0e382170d038d9388d6770d702a32715e3b1bca1eb3ff627b8ad0a95fd0c4

SHA512
6a0032381582dfd0f6697120a5f865bcf7dbb97ca409c71bde2cdb5296965640fb35dcb421bde10180d6ab7ca8bd3c19c3a1533f96707bbbbbd883880a8230e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
d83d51bd09f864310390c879a0bd8103

SHA1
f4313a8ef48690b09a00d1fc15dd0573f5c7801c

SHA256
24173631e1166b0355acdeb0d6ee9e26533d9cc41f07d41313a5e01031969eba

SHA512
f8664b8c226455a87c5c8db93eb44f1afd7dac5abfadb9f2805503fe714ad40740194fc625714fa45787b08bf51a5dbb7ca5e8b85fdddc8b69d868d5dfd09f8e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
bd7597454fd1497b9acb95f5b2efff88

SHA1
48317a3c69c5dbb1f2260a2f5a9796474c7d2424

SHA256
7261b7d5f5f4888ca1bea0cf1600a5cb3adbae29230045f0e78867f96d655da8

SHA512
4f39e8a615a18ad30a5131e2d9b41887e2dbb25550868a72c91e0257798bcc0e48e6a136d7f6b721d1c49ff3de7a919f8acd5c49ab2db2a8c040618183d2f66d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
4f856b107cbbb729d1fde68fe044f82c

SHA1
bde5dfd409180c17c6b7a42ac4f0f5417d02550c

SHA256
99968889eb6900e2261f6eafdb640e48e1813692819c3f266e00a7bc8140a57e

SHA512
e21eb8bbf0637546105aeba8080a83e371f27c267dd43bcbff0bf2a62402df807a3fda8f1a05f66503c95c5ba38c8e6c08c4abc7aaf2d14e47b81d5076e49418

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
23KB

MD5
9fdc1e6ccbafb2af865cf6853a29451b

SHA1
ebfa3c72632f60c99dda4d03d20f15d4e158c73d

SHA256
43ad412656c4b7ed1550b005c44b1d68fa4b2e60791ecdae301374b4d9f0ec10

SHA512
6cc3ad0d43fbc934c14859af5d04b46e4381454a252d1b73798e8ef1153d8e6ea43e6ec33fcc93960a697f95db9afdc01963c2ad693c22018a409fed5462cc5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f48a22277f64c442756e922770a3faedfa75bed\1c00e45c-9b48-4e71-b16c-4ed724d914a5\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f48a22277f64c442756e922770a3faedfa75bed\1c00e45c-9b48-4e71-b16c-4ed724d914a5\index-dir\the-real-index

Filesize
72B

MD5
cc3c54fc93fb46db92252230d8607705

SHA1
f0f725c875f053027f54f49057f3e2e48bf1b392

SHA256
991ba0c26fd15dfcc73655e6ddab72e9e2efa21db3422c610630b39b4c76c0bc

SHA512
7193ffa2fb8631daa6fed54f4df3f8652e762a134158151741babee7df58f8a04c51a4fcb17054cf7c7e51157382880e45a461da7bd706440655eb0d7f19a4ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f48a22277f64c442756e922770a3faedfa75bed\1c00e45c-9b48-4e71-b16c-4ed724d914a5\index-dir\the-real-index~RFe5d665e.TMP

Filesize
48B

MD5
16b76b74f1fd2e37f045cfb240097c96

SHA1
953564e5d3f44dd9e8091a15ada83d67ff655e89

SHA256
610ecee870f59031fc4d1574f82b2ab6170bbd36e6cfee649ede1f077fe39a35

SHA512
b22a8e1a0abf785b3c38c1485be52fdad1b54b3f7509195fa80a0f34edcf93d37c6576efc68f2e789326a2114620f44ddc13ddbf55b6b79eb146de04bd438c5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f48a22277f64c442756e922770a3faedfa75bed\6258b41e-0b6e-4c15-90c3-cef8204ccc04\index-dir\the-real-index

Filesize
72B

MD5
0b0a0a43ca0cdb6eab8d1b1870986152

SHA1
da2ca787f416e8bd1031e9d892956d48edd0a941

SHA256
2e42e90b39b639c209f0df4c598bae6e814b470da556efa5b734cb279a931875

SHA512
2c79ecc9de8d83fb309a8ea3f6b6ea72b36f2ba1607202cde9393a237d65b90faa9c37fbf639923e91538d4edd6430cc54d0a0859c7a138df85051c24685110f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f48a22277f64c442756e922770a3faedfa75bed\6258b41e-0b6e-4c15-90c3-cef8204ccc04\index-dir\the-real-index~RFe5d790b.TMP

Filesize
48B

MD5
fe9982223569e43e517800d0833efc70

SHA1
9fcfddb29a24412bb5fe2637bc282aa25185b77a

SHA256
18ef338d1d30af1f445ee52c5735b31ca9e17d216cc556c0f4e33e3da8eea2fc

SHA512
23980f897844b38809d3049a0bb95242d73d7c7d71cc78be94eede71d13f7e225fc2ceec6a980c5feb6b5975ca01b2bd216c74251da69a350580ef1ff11e504d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f48a22277f64c442756e922770a3faedfa75bed\6258b41e-0b6e-4c15-90c3-cef8204ccc04\todelete_322ae1bdab361352_0_1

Filesize
11KB

MD5
b099234a00f237d4b9b0d2d417d0ba53

SHA1
bc8c256187d283c9842b80550f0b40cce3f503a4

SHA256
2258aec0443913c11094ba65f128153149750766f23dc14a3bb3877da14fd4f4

SHA512
e49f000d2c1a9518bd36cd4c67286cfb1e038315d92d6cffeaefa211cba22cdd9a7014270440b5ae4bb55cf3440c4c0b506d2b812740b016ee0a33a12e246aaf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f48a22277f64c442756e922770a3faedfa75bed\839ea330-7a8c-4285-898e-8b74d7608544\index-dir\the-real-index

Filesize
14KB

MD5
4dfb729a6201e46f65ec8e51fd6905ba

SHA1
98ab1bd47c946acf7c9ed0a52b400f6c871179ab

SHA256
c824a5afd92ad29ef6ed1a31486b12b1c09a306e6227c6373010d9f5465628ee

SHA512
007d7ae0e7b323d821132930e16980091fc20e99e12810621507271c42fcdbdee31afc606d1b6511806861444b5cd6e70d45ea420d026621d5a36d72a8ff3539

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f48a22277f64c442756e922770a3faedfa75bed\839ea330-7a8c-4285-898e-8b74d7608544\index-dir\the-real-index~RFe5d7d31.TMP

Filesize
48B

MD5
df44a80eba244e95ebde3bde803c54f2

SHA1
f63b13d579b5d87d86f2f27ff4d9fdae2e66de1b

SHA256
d0b14896f223fe0040fa5dd0db0b499c68ad3a760bcb975ba5639aacaf15bf09

SHA512
eb5316e7fc6a2d6b66f06cd84b1b30098abb2a049383597bc913d00f6e9af3c26536d1d05b41248ed6c48e62e0dcca1dadf00679a17a04316212f5b30168de3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f48a22277f64c442756e922770a3faedfa75bed\9ca1e25a-2fcc-4f1c-859a-fc23cff697c6\index-dir\the-real-index

Filesize
96B

MD5
16229197fb9b5f65d6bd7844ff040de4

SHA1
dc8191a02b7732e00d3d065d670f54f3490cbe15

SHA256
b08278ebcdc768bd2d5d66dfff1bd2b2df52bbee2879efebb9cc3e3bce9fea8e

SHA512
b671ca89fc57a07f83cc157e9a18dc897cf63fcfe2e547f0a4f32044a40b12c7b8a3859a5e896c8d78491edea504ab9960016eacf91c18829ef0d471fc9d8221

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f48a22277f64c442756e922770a3faedfa75bed\9ca1e25a-2fcc-4f1c-859a-fc23cff697c6\index-dir\the-real-index~RFe5d4326.TMP

Filesize
48B

MD5
55334498659ba52591c8850e48c41c46

SHA1
45135bf2f1719ec6fbedae07c65fd9b2b339863f

SHA256
6c8c714191051c3529d28712901f0a4527f4d410fcf958edc3c98700efecd42f

SHA512
1814ee1dbe7948c8fecf1a9943ae86e51600575b1687a1ff7be607a33ea46495561fb3f4881a8f30f389fc00456e1ed1f082a4e23191dd245a9eb8d8f8d7ff94

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f48a22277f64c442756e922770a3faedfa75bed\9fed3c71-de98-413d-9b28-5e124f4f7bce\index-dir\the-real-index

Filesize
72B

MD5
e36200bc5eca28eda3fe678b73b28f4c

SHA1
f9cb2231ebbc984095003446aea8377ba1a0bf10

SHA256
a7a3bc916e51b6ad8c7f8577a42096118abd9a93f02b9be69ac108aa9f31911a

SHA512
f936328d88783a6535e300a1b62ed4dd77d3de8fadd3b936b0526cc24161bc9b1c2af727b5c723e484977ad855145e2d671bd1ee21b601e8411052c36e817b31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f48a22277f64c442756e922770a3faedfa75bed\9fed3c71-de98-413d-9b28-5e124f4f7bce\index-dir\the-real-index~RFe5d792a.TMP

Filesize
48B

MD5
321ff439a84d2ba5cdd6ba07451fe92f

SHA1
7000e1b36bde2ba762049ab4558502a5cb50757e

SHA256
211993c29d0dfe13e0aad979d8374e7139da77f187308bd600f647c0dc4ed253

SHA512
263bc6f720ed6a18aa9b54bb32b0f58883141f63479b13eedd0b7e17d9f657ca73fbec0b99b642922c7fe54f4b2854952721af117eac1c0d76a3bee0816b7be3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f48a22277f64c442756e922770a3faedfa75bed\index.txt

Filesize
160B

MD5
525c88ca6efd9154a471d761364dc073

SHA1
6a1e34e9ef499cbde805aefc1060919293646877

SHA256
519b0b120e480231acf6e691d3f18da712c8f7d91d4664fd17c7bf43324c063a

SHA512
202d611fcb50440135937b0e9eb9cefc2d466d3a1c0b8590e39d915200e2a8965fc5ca528b85aa72d57210cc3dd8b6470c14a848e6b1f2dbe5e58b741ae1ad67

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f48a22277f64c442756e922770a3faedfa75bed\index.txt

Filesize
161B

MD5
579154c21b22b9b541305053f856abca

SHA1
b50b473adbd29f6054cf92a2b6fc87243b475f36

SHA256
c52752557cdb72b72079fc6755e5644f8395cc643bb5344cdaeea78426d22c28

SHA512
97aa4ffa542ca145fcaa7a89692ddb229cf08b3772011fe8b5bc0127e3220d853fe8f5d71ed3a9720c9d054884b258d0047c813054c52115f5f489d0e6de07cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f48a22277f64c442756e922770a3faedfa75bed\index.txt

Filesize
242B

MD5
0a2d9233e68101e6aa5499f8864b07b6

SHA1
db82a8800db86660ad50b54657bb311be6aff554

SHA256
3d3c1c0b4534d22d3bbc49c562a48165c92a1e13722a5659f17321b489ce657b

SHA512
977bb601c87da055ac33d7812a2fe3025107b56a50877e158bb693b7964cb68c0c761c25824e0ae6e98290dd8c31c2e63b137ca04d1f1c91170376456dba4560

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f48a22277f64c442756e922770a3faedfa75bed\index.txt

Filesize
301B

MD5
513ad08980c56b59e31ebf221a532c43

SHA1
5b7eefb5b6148bacadba328e5f9e798ec9afa708

SHA256
0ca4af4b3b1f57d6236c07daf1c4285f7c229b0ae6e57020d3428fd799e79a79

SHA512
8c8da3172a5b6f261c5eb9ea4efced2e642f74cc50e9438496d4e757204c8d609e6dd5b6ab27ac412147d1ac5b2500c7703969b604b35c37d3f9383b1ed7d270

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f48a22277f64c442756e922770a3faedfa75bed\index.txt

Filesize
367B

MD5
e0d8833c6e80acda59ae68be83b20329

SHA1
3f9692554e70bbf9b706b9294479683849010437

SHA256
9193c7f1421d5821d803db8049e16e77eee91e0c57094eef0c10bd5f2ec3a399

SHA512
b78d77a65613b8e762f64b86c84b6cba62326792211a053764eb52a3ba1cfdb15f5bfaff7aacde1a188e3b621afaaf33d90510f01e5625d12833c409e63e77b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f48a22277f64c442756e922770a3faedfa75bed\index.txt

Filesize
94B

MD5
91e9a5c672b861641f460a9745487612

SHA1
384d6ed6b05ca1a9d96c9faadd9a0361e363dcb9

SHA256
6c5b988964ef2f7913d7ee9279a504ed0110a35d30192e713755a517d5519c58

SHA512
61e86888eb9a774bc8e87264a7851aeca10729b9b7bc493297d0133d13de12a278485dbff26a36c88e3fdbf9b1c61d204a50b539d620eb1ded8318ebe1ca5010

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f48a22277f64c442756e922770a3faedfa75bed\index.txt

Filesize
27B

MD5
97d5f65881dcf1370e0f450c74916071

SHA1
8356aa6595b01f1b3d60df82686d78c6b573c033

SHA256
3ac8ef666dc310ef3a2a6f90247aab7bcbdaf26b21147f7b06f1bd39bdf848cc

SHA512
7e5da137492e2d0f42cd6a7f1b36fdef012af3282eeaca25b3da50eeb5420b199fa65bcc6d3f67da371c31173a10ff06804a368872cbf4b63f9beb44a2d30f4f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f48a22277f64c442756e922770a3faedfa75bed\index.txt

Filesize
101B

MD5
231b84ec5002764ef2651986e6185472

SHA1
6820cf66813e3ec14f690010675138d5720181b3

SHA256
22bd3e455ce9f0b049e0ddfcc3614eae6654f7c4e38de32dcad8be8ee02eb0dc

SHA512
ba0c2306b28de06631ab34deb3e380d1740064a975382ab28aec84fc79174e6b49c1a2c3930874ea9bad8f1584f50cd24d2f9a5900acf0860efc9ceeac29591c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f48a22277f64c442756e922770a3faedfa75bed\index.txt

Filesize
362B

MD5
5520c2292733fa9b570d324d7a2edac1

SHA1
4764c6a412d99cc309577ca68217c346c9e4e3cc

SHA256
181becaecd13c54c3beaf4f0a48da0cd029d11cc1e2aab6979c325c3ccb04612

SHA512
51f5a24cf719a5c39557f4d8d4148d2798fb4347301855a4fc28490ffce203b1c78930a24ac8068c37894aedaede479911be8ab42a6f2d96df1c31145efd3605

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f48a22277f64c442756e922770a3faedfa75bed\index.txt~RFe5cf4c8.TMP

Filesize
93B

MD5
4c508f641679828f51f0c0980483a207

SHA1
a99972593e954463690f8836e3d3b78f10a10d0d

SHA256
5561e885539e96b85e306863b8dea3d339908c2027a9554b0703e0ae28bfe8b8

SHA512
6405a637136bb5403937852b13e9e5d3b9e03326fb40189e3b042aa66197cf6f92af7733f4343fe3383956d80b717dfa441de010a48855548565bbb0f010e961

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\72978804e7724d1ec1769a0999d234ab4b7b3fc4\d92c655b-3c80-4375-8542-1c0e5a89ff42\index-dir\the-real-index

Filesize
48B

MD5
d3ede37321a740c2d14d35084f58a99f

SHA1
135f27ed656350c3a0bcaeaa9967627a4038a263

SHA256
1502c167539ba95b4b6b30aef61b44cb820f00dc93e8cb2aed97f599e30e2f94

SHA512
4c1accf8851a575dd24a7c3da0ac89541c7c71da5edd4e2afce5afe5c800076bbdc429e86978761b1519d7e24c9274b8d2cbd0de26b34edb572cd1613a9cc9e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\72978804e7724d1ec1769a0999d234ab4b7b3fc4\d92c655b-3c80-4375-8542-1c0e5a89ff42\index-dir\the-real-index~RFe5d376e.TMP

Filesize
48B

MD5
42c15bd7fc6d11096ca0927f98d3a6d6

SHA1
da1edd452f868756a25cd01c6c8d05b2cfb37d15

SHA256
086509f66a5bf159e380cb5635521d5ad95cfef7ba2ad3dbdbe3e0cd6269023c

SHA512
3f5cdc209dc4658524b4639e7e29c91969a0d50e08ddf7a5507579795bdfe98b6e691f0592f384bab19143abdb0971f4af0b04537b13dd8ade3d98dee2f9cbad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\72978804e7724d1ec1769a0999d234ab4b7b3fc4\index.txt

Filesize
97B

MD5
8d37d9edcc72349037e827057d94053c

SHA1
6736100d9b516e8c4ab661cda2a122c9f816f4fe

SHA256
dae165d84eedd11b9e8dce818ef1f13fcfd5dd220e1bca950c235d1612a07438

SHA512
e90bedd9d009200e345fb07e5b7bfcddf5bc79c7f4f334c8a76f13a2bd9296935245d7081bedc271e42e527f6f02ceebce0532fde1531b27742c214448f3d8c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\72978804e7724d1ec1769a0999d234ab4b7b3fc4\index.txt

Filesize
90B

MD5
140b03868c0344cbddae3f051345b0f7

SHA1
b124a1676381a9edb5c9c304635213a94cdad467

SHA256
5ac69eb6370fc3e1f001d08c1c5b1435b233e5f29a6b637984e0fc8e9140a854

SHA512
5e60c480496d541bd63f7748796ec9fcedf54633659b2ca9d0bc7a0d6c223b54dc33b57a26a267bb3159a1ca621440c334bb3b4ff2b5bab82b79535603ec55cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\000001.dbtmp

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_0

Filesize
5KB

MD5
88478e8ac25443fc4fbe692b19d27b8e

SHA1
dd62be276d44a7a7e34120623a28601bb60cf46d

SHA256
77f326912dfb9aeeef30da0f43c6a2f4bfcf7c2cb9a9f21153a0cb07f4d1097c

SHA512
6e281099a1695e77d0141606e79d524fb91b21af60ead5ba51acecdab04e380a4dea6333f767f0abbed7a1b4061457d564fe73b4d75cf07a86361b6f793b0328

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\4cb013792b196a35_0

Filesize
198KB

MD5
1afefe340ac7c3c004261d1a06a45144

SHA1
3cc30669d9becc1fb635522f6b073340b75e581e

SHA256
05eec0216dc53d88dee5ccfa4506fe53da2d65ff25a21b19eb69bb9a0bbc4328

SHA512
edca425fba3b60d8e264f6761a239cb244daa5103b60c26791e0ae5e86ea61ec6962134d8e34c11a39428b57b0a8bad946b418106cd347b3acd1b6d0010fa37b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\4cb013792b196a35_1

Filesize
555KB

MD5
d54d7334511f65dc81e256f07147e369

SHA1
17c461d2edb0529d50ab894accbcc81a73e2cea7

SHA256
e654edadf6fd22f3b490a5b800e5140cad9b915e2737a6ca04df029c96b15a4f

SHA512
272ab41faffc12a2f7357750eae0564d9fe19d6748d05aa720bbfd1be72c45df2ef8e70167059e3367ef7b7dfcbec1ef598f5ac03bf68a6317d230b82d94aa49

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
144B

MD5
026b463e7093652ed3bb6563eee02ade

SHA1
6fee25d3137f5424e2b15e20b5f31ebb22da6c68

SHA256
d03ebc29392dd4d21a2a6eaeaae72bc598d8a83a5ecac9eab60805bb76a3b8e1

SHA512
7868232aea68686bf99345aad9e30116cc5137b08bde305076c17052608f06bc9c2934daa993569357e1dab351af9225e30f4395ce4217a75b9f21f016eef03d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
303de172ece2a7cf6259e7fb61b98ae8

SHA1
b1e243ec3c024de14faed08eb09e2f98f55e2e94

SHA256
6760fab4be9585aa617223be8242d2ea77c52709e03f5687ca6d771e9eae9a8f

SHA512
f0e4e65f864591ee6bb337fbe63e8bd44a6f9e844bb7453a0b77b0ce78f257c0ede88a3e96f00c998da205ceb1ad7e461172e18652865b5a5c37aab18a1b870f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5d42e8.TMP

Filesize
48B

MD5
f377cef9df725bd3ded4050b0e8b4993

SHA1
137ee1492e2c7c9c437c619b2f8c53c9807e030a

SHA256
5f7bd1f587f9b459fb05fd4c62a40340351a68d47e0680554a1b9faa9061aabe

SHA512
95495395fd3d922054f46c0862cf23f171fe9b47d6055f712720300461777e4bb02ab639496ef51ed35f36f2107b4cd61e1051b6bd3640bbc6acd5ce68cf3234

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
60892603e882490e29cbc0b44bb14879

SHA1
248bebb008ea4cd8b273f60ee0113adecc872c5c

SHA256
4f09e24769e5f9a7f320eb2ae5b8a440c913d2c70ce0685a23aa2e5282519a08

SHA512
6d0e5561a34eb55ef25ab34d51f17cc741b67d9139a6a36d5e1929a7df7144fa1b2b71632a20e309f778962cfada087313e4c51517387a69705b5fd613a92175

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
96c86fc3e9abce3bc67995c18115a1e5

SHA1
43fd649c1b3c29c9fbe49c2a9c209c7419972ae1

SHA256
8ca4ed44bc8abee72b00caccd201dca412def56690a18b48f0f393bfefad8da9

SHA512
e1ba0ef1e3fa25f690ba45bd3ecfb7a755aa8ac27b2d9dad5a78399747cf1959d9700a56d0cec6fb1e955bc14d381e178542ff631b32e9c03d519d6d482d1b85

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
4873b7a0659c5d67b93d915617764b36

SHA1
8fbc1a1645e3720f23114486cc0bda474c74f0b3

SHA256
4cec31c8eaae578729d8099b0239723dc3d581830f43a8bd50d1b47c12b1a654

SHA512
94081583c805e26b54498c89f82f98079d7b20b0dd617e33fe9ece2434c503b39e03b553ca9ed17406064f8c7c42589212adbf3ca2b9590fd0bd0f545f89494a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
af936c385602c87bafd3ddada34621c8

SHA1
4660b1fa5a0513ec9e1d00486caad38c8c42056e

SHA256
b54b8b6107955b2bdbb87fefad1f7edca6874387b47ef762a5edc5611ec59e56

SHA512
cf18175cf7befe1e9d1cdf4eb56ce3bb1a0f2da7559f629fc8d69b1a7b0d2d4bac1ef4ba44a2202114252970865390c416bc6089bd67e1ba819bd9315e160ce5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
8KB

MD5
04dc2cd5f90e4f3246087eb3e67738e5

SHA1
6ca98ec1fb3d3b970d25252ec268e48a28a52793

SHA256
f6c13cb279bd9462bb3074e6ab776b7258dc35b9ff04455ecdf64a767d8b1309

SHA512
b8bdb5d8b9753a9d95649a7e4d317402bfb145801b5bf185a77a93dc1730b8f62345cf54cb7743a2ffd6c844c81b4e95e5ea13b3f1c92ffd02ad417247a995a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a4305bbb4083345ea04718480bd9434b

SHA1
4ed2bd98fda835d6ee42f0a7bfe16cb36aa94f3c

SHA256
caf6b6b0db51d9559aff13ea9f9cfd281ee01191421005ea2c7a5bfb9efa8b79

SHA512
7ae13269016b4523ed9c024cfd36026405fa25ae08b9f16a28285592376e4fa545619f0217b183763feb911e64c1ae8cf8fa0b41f3802ebc94592a70d28f8e11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
0afed478aaa538551552d095ecc143d5

SHA1
77cfcae161fff83a1cded8af9a6f05f1fe132836

SHA256
e63cb812df8933456275e022200466264c160af7ccdce1f57b0c440704db02c6

SHA512
3994d233c89b53ee8c9b4c316d1945051b1d3d1aa46d0955ead80165f04993736e7686023ac414a00df7cf8cd9c6ccf934cd4dc1ac58bdbdd26576e2bd2a998f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
a2d2425d6dab3b8b51b7d9d74690599d

SHA1
18ceb820353e3ddaaec3fdffde650102db1cd384

SHA256
97373dc1dccbee9369a8c3465835867aa0f8694d9ae7a8e1955be496bd90313c

SHA512
42215a54abe308877f45ab2a0063a84e72fc2c56db4c1b90873475505f70bd90a9bc793b7b051e5da62a6b30bf6712e90895f73a133b920da31feb218d5eb157

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
37e6bb852b619c94c7b2371d0313542b

SHA1
171103d960de79295d755d10ee476c3ad69f630b

SHA256
258f6b5c858ed4d96d7f2b260e918cc2555c4c67cd99757452f34e8a4ba346d3

SHA512
684060dd1df7d3704a47f63934bb36fe8844af42022e63ecd54fb21fb71fa673a9591d38a4f4a7fa8aebd66274876e852ee78be9683b7557a5dcfd363e94e367

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
0de8349763445c4223ea1b08b50e8b7c

SHA1
02125988b921a8fde662bb7e9c3b6f280b4b07e5

SHA256
2a08a3b53506fab092ede7c1f581e545857c5c7c5b407f5c95fd249333aed8e3

SHA512
12f395f27746076fea2774998439bd3cc3e4727e1e5051c02183b01e7fc78328e8fe0020b7b887ab7a03a99c7986f266efe3282dcca9e38b1acfb8659703917b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
cd4725f85a7396307df084ab92aab51a

SHA1
461b5816810741a9ce6f9762f0b86a8fbf76aa21

SHA256
7bd50876d03b8cd206bf5e5bd7729ffb10c79756bb69f5d5b68d1831f04dbdab

SHA512
a77d1407c27968c0385e5d19661af2dbd01f5e185d992703695ba17b93da3e98109eeaf1e9c99ffce9974e6d92453f742300fe5274e57fa15e680aecc5ef73de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
4e1f859fc8f0ae5cfd36175d3a9565c6

SHA1
b2fa28266da45eecb408e6ea072e278fd9587f8f

SHA256
0c7ab37637184deadfefb04aecb749df19290dac48e2a4f62f915c0caa536414

SHA512
09b1eae8ea0927e00b41b1d4f511780f573838407dfc0729c028406b42e2fa6429b871036cecd3c7fe0ea4dd645dac74648f3d6ba406004553bdaede196abc31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
e68c413eb770f86f1a24be53f5925bd8

SHA1
77ff637e31d1a6fb0cc4ed1959aa1127a23d0361

SHA256
a10b63abc48e5453935566484692755c0b8488b7a354364f238138c0ed4d809f

SHA512
57f34303a2748062f661bedec4f8a37e5fd0751d00acaa5a2e044f564ae0a478dd136b1a17237628fbda9fd50392ea63f2b813172e5dcc723d0e5a3225d0a2d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
36bf0a101c4ffb9c595f39fcaefc698e

SHA1
52bb5508e435c700443941ccc2e9e9029777d6d1

SHA256
24701ad13fc49768a4a41f4a233a20364a462780c020570067777236eea22047

SHA512
223b60d7e490db1388f09bbf72a49a1b2e775c85ddfb4432e06b73d16bd0981bb18f88ec55cc741aa130e6fce629dc013da2b953e0bf6989038d30bed8ca6a80

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
8KB

MD5
39250c224ebd72ffde6bb3a95d838a51

SHA1
ba9e0e4e8913ec6b13794c4cc028cffa38112e2a

SHA256
1d94589db77d7d2e99f0aa1f30298b6c54b8dd5510513788f0afe8a04719f8ad

SHA512
98dd7910bd0045011a4a737ba43a844059d09eec9dbe4199ec68b30032362f7fbaae08a20aa7254a8cc320ee80020fa55467474648edce1e6c5215e3709819e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
12KB

MD5
da8cdba7e00ec9a83a4f6069cb7c25ba

SHA1
fed1316844cdc384322ea854c291d52428bbdc63

SHA256
d90d817b625231f2391428f30796a533c2509dfbdfb40c24158a99172fef03ea

SHA512
925f69e3a6fcf3ac3b1330e9d1e2be165b5aa76ba3c3544e9f1eda1b3321dde6297632160111d2fc14cb6f732bb176a135f0deef19d3c61c79993d2fdb992010

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
7c91af95c571eb2a563b852d76826048

SHA1
3572885334c041c22ac82b11cccfb6f3083b2962

SHA256
f4dcf8d9cc7eed3656526005e7b35946d039a594de6d24e7ec6761cafe5868e5

SHA512
d316da9e2b87e55590cc18d31ebad1820660c8288a3b43ca4f91c2a5ea13d6b489058a1c0aed4316e1d4a3e2ec25ed4f9fc9607077e2103822c2ec980b83d53e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
14a3d15a516b7f7cc2060f03f2702976

SHA1
900feccf13bd895693c4d122ac0982d2d12d19eb

SHA256
f382199623a2e604c1ce7e190254045768d6adff95a48641e9e16aafe4b1d020

SHA512
47b5b163b803687eca1344905f41b00bce9173e7ed460b9968be49d17269250dc2b8d0dcbcc2850aa5b578472c118dc87501aad5ee272542bf7e6ea966c1fd9d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
a7ba9344b0b3fc4f8d7051edb7d628b8

SHA1
c53a98bf0c65e47eaf55119e6e4714b6f9d63c74

SHA256
1e133abe8fc24e39ba45dd4c12dbedece57f85f93d08db8285dcb69ea3794028

SHA512
f23a0423ac991fc5da1dd31e4a7ff335ff903704e6d4bb5a6232635a54bd8a217267418f1ec0f49e3f19c727d633996a0a8c7e55edafb97b87d4360e3a925309

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
8KB

MD5
71d936a4ee84099b31e0daeef5c94553

SHA1
47fb1db2e939e1b34c6923e92eb8078fc56e99f0

SHA256
40a60273c34610660c6654caa04ea958ae18d7701fa7f62ceea2011543d62e85

SHA512
80fda27c18c7df233ebc8b5158bb373dc7c3fb4314faff76c47a606bbd08dc17706dee6fcec6981b9be144336d1c4a64d5942330044f09f87a32f3d8fa6a937b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
8KB

MD5
f9bc77a56acdcc5b0c8e56e318666b99

SHA1
b1106e3ff846ebeb07e00e91e88f5850e7eb3616

SHA256
2b4d3fa449ccc817731ee60d8cc2e04fe0f6e31c911a267186c67a9c5ccdc7c9

SHA512
192cb4cfa3c7740d26b83f8daa4b0ab5f48ad5a8df0a1563db934eba5303ce1169547d5fafecfadac663118d5a0e695a9bb4511f71d45d7525355bc2dffdc0d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
7KB

MD5
5d3ec18462b18bc40cdd2eaca72c0660

SHA1
212cad1aedbd3f54407a73edfe36674c865886e9

SHA256
5c58ff812373321e35a7b1e45b37492c627979311afe7e3bbdb95de8367585fe

SHA512
70509c112e8f44299805c4766db7a15011a52241a45fca4e2f10122c19644972103d5ad3b854a1e90797b5c4f50896554963b4b429bae1ccfedb7dc222e848bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
8KB

MD5
418c21736fe30c138e703aa4eb856582

SHA1
9a391da42eea01e3f0924caf2f8c6f149e9bf759

SHA256
85c05ccf8be24655cd5859eba36c0127a6fe02604ebfcfc8e8932c2c8a05055d

SHA512
c2cffde15ff71964174fda3438ab396bcf22a2fcb4d81d1c928be583c7c27dd0e9ec59c3222c9709b26ef0bcd99023349741269e2f1bfd535f269f67d966a0a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
8KB

MD5
ad453181e7c32397a938afe569811463

SHA1
44b520102bd0c190b39103f2e5670328538b7518

SHA256
369828b1a6bfad9a0ca3949bfff96df3ae5f287bb1e012733badcc485ab2f63f

SHA512
f4abe130e6fb7ec7e5495e588eb3ff0e3d6e38783be0b13d9dfad096e6470c9336d1b7a6d20805dfa3fc0aa353acc1a1d1722be88d382d0db3b711ca655bc01c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
2d61f3332a34da692c05b27317902102

SHA1
2cdad18bb4c67291b6d3ba59c4e3f73a867b3b0f

SHA256
6aaf3a7ed53c51116baac8e3ca86748315401a9c6208795190a8edf01001a0a0

SHA512
5f53c95cb0e9a32e81ba34bc68a643133e0835de03c28eacfc2d0b8f3dd3dee41900842dfe390a6d0fd4c4b4ca390255d93b24837edf5398fb950b0af81d7424

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e0dd3d574b5fa7b540b6808fd97760cf

SHA1
fee2eebb1d3c625b3911ed2c03eb3c44d28f4c54

SHA256
76d81abbcb838cfed51299d08e1f9e91ce3fe0cb8c79a43075109bac1d7bf0e1

SHA512
12eca49cc3233b42162aad86e2987617f904f03056edf0ded02656e5d88a3dc3ea51f0ca481f37ec0d6b8a6c7d9fe6ff8c74541d874a9bdb32c8a40a9c43c850

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
3ceecba708c0ad595186098433ea5fee

SHA1
412af742d1c9a017f4422675654a6e2ee0b9849b

SHA256
1e8990dd040e18fd1202ec992d6c787e80d4c7f58e022279b574915b588f77e8

SHA512
892edd36564de07553daee1f1e05625d26728caad6b7f1d3dffe8115bdb1a596402bd164aa5aeb08660919417c1598df5a896ec38844f2f938e4825f3c6531c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
61afe7c700e495065f14161524e304a3

SHA1
710a2826a020de029ea5bbe86dc3cd0de508bb43

SHA256
77966429634946c66f80d7e6fe32cbaaed2d8830e8ccde78b1c0fe32774fbc78

SHA512
149ee1fed2a6b4122a80e293fbe52cae95f4ddd66eceead4ab97063a2c1b9a4195f9fe7a085f9bafa1bf2138fe24dc07cb2c0d46d746c24e5ae95ef028b1c46d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
8KB

MD5
2b209337643e2255ddc44129561706e4

SHA1
710fe87f74edc7714a7fe784de8b870200c7536f

SHA256
c8d7c7b5aa30f2d685bddecdd0878f2d1b70fa297293830e37adcd6d67a31916

SHA512
9780cf2a110e2f61431d352615f9087f8454e6d318d846c9dec155a55da3ea21affe6cb223bfe4a9fe51dc88f6a914cd8a662cd59e039cd8eb94e03c0159c181

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
8KB

MD5
2f7c848d4e18ee976f38cb0548cb8bfa

SHA1
890a1465f90aee522104064f7c2c9019a322ae0d

SHA256
03bc61fe8f48e4fb13657ad0a11443866de75e3bde9f12010da20e90af6120fc

SHA512
ada89d407ab617f29aba99a0ed99f6d1ac4d14c085231596891c43aaa1347ccede430f14238bfb4baab12f2a8daafc160bab7d2b0436f471e9093cba97724361

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
7KB

MD5
171a5d35b5e6fa86615724027dc08029

SHA1
ca782353a246cf60fc6f77af836868add8e3f55b

SHA256
981a45dc596d3f64891a0da1befb3932477d532a32d85177f8b291e2d3079c26

SHA512
045bb6e4ef964a233d261778c631b172e140a0556b25ba23d2e53c7d09e36ed906b22df5609f4d1e39a747b8341c49d1cdd7be785b6c1cf4f88dc952246d5835

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
8KB

MD5
6b2204e722a20f353f56f4657b55543d

SHA1
1d074a007c8fdecd38cd0d0258acfe102900b634

SHA256
a821b5bbcf5f2a4de936c043e2a8c0f3a3c3594e2c51772024fa35df571137c9

SHA512
af720bfd7cc13fd08bbeac6fa03bed5ed9e494e81726feec5f81b13cc1df30d193f85b1aaec7a199f795af4cac9d0d7424482e01ad780c642fc0d08860e5c212

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
10KB

MD5
f7cfb26813dafb084570f0edfeedec24

SHA1
9f29469631bd8c88ec29db3804cac969ff2188e6

SHA256
09a5b4f2163d5fe0a2f7834bebafe3608120b4a788ebcc612d586950665d0d84

SHA512
4dc92e1d50020ffe7cab8a50c3be0b3b23d21b737494f3c615039cd46408af017409799d367da7a63a233abe7f902a8eb535a0dedccacc9871652bb26023e8ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
8KB

MD5
b1888c30cfb508fa207043ed13dbdde5

SHA1
bb2a74cc5dba0c9b1277f3ccd530a83837db4d0c

SHA256
947ba3aad49da551d5eb15fd0d115fb91003c671164a41089f501651b87bd396

SHA512
90426ec56aac8ab67c17e1a3c07311b78c5546b4a446461713874827589bcbd9a768842d6f7e894ff2d8548d204f102d70c842f0e81e4e4d38522c3c3ac8b328

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
8KB

MD5
eb4163d8657ca8acc7c20a2ca6ca648f

SHA1
bff0c982708cae6b1335a8ab8f51b6d53dc12671

SHA256
e0fae16ded0a4a6a0ef57335153093e2b358baad067ffe90b0f4ea2916e5221c

SHA512
6488a34876d2bc933945d72283873473c7f969218e350939ba11639ce6df7da28a2c1a5d30bbd9b6a2f6191510a324009b03d9466d31a562c046bbe7de0c072f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
8KB

MD5
5304e9ec731d2ee966f68196c7fede34

SHA1
ec176e2b926416cfb6b0bc087c192131b7a70495

SHA256
ce7c129cde53d3d4912702f541d78593d19d2bdc25beeb05c08aa1091675900c

SHA512
77f7b3f7af241a48698461096276460b71b484d725d8e235b143f6b218930180320150d438433fd8f2490b5a66fc3d2c30e0408e8d7ebb72497b414cbd8ceea0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
8KB

MD5
20768e7caad977ec10ef8d07727744fb

SHA1
527b61f64e3fc225539d6edcda7c6dbb6803ac43

SHA256
0e58010b4ad5a8cdd0ca3d0c1f06b5a2bb2a74438129150ba2e395361da5bcf6

SHA512
dba0ee961b92c6c9e858ccdbff3f0ab4f05a9f02c5d8e2cde6b959acffca3923324eb193654f2b7610e5331fa366db2728fc11f86681f6460201859fd50b5b8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
c2f3b522db0e1dbe158d43fd6a9a5a43

SHA1
ca2d405f04572c451f0c75b48756bf22d627d86e

SHA256
067606fccd5273e79962aaed32e13a3ee79e60f3ed1b85c3398bf9a1255ade2d

SHA512
baff5b4e6e5e01dc0e7526da1c848556cff2181167738e1d9f7a20fcbd8ada3e1351e11dea624671266a6d148d43c9bfe86ace55f5129c3000f54cea65acd07c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
0758efbcfdd02618b37859850044d9da

SHA1
ec62f048a3a9feafa78163c272aa2bf840913c01

SHA256
0025673adf36b0ed33f16ba9eea970ec08169df8bca4a633587ef40edc9a3285

SHA512
224828a4f4bc6c3143ddb2295e5f500082459bdce052ff5530bb2a901a43c58caa0a43108dc8e04b0f6f04c0df618baf1eb26b8319985eae08fb32836eb9afc5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
f587a51181ace58926eeee2429d9994f

SHA1
ed21940303ae30e4d4befadf9c855573b53228c2

SHA256
97a9d238f47395e7c3a749fa9861db521428ffeaa6af24cf6ed2518936ce812f

SHA512
75d7ea6c316e5a47959ad64d739533ef470c82a919c483c168949b71aaa573c8c862fc1d49a84c80791a2bc702c5d2a66dbb9edcec11d24b6e2e445244434269

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57e714.TMP

Filesize
370B

MD5
839569f93dd059b6dee326ba26d59570

SHA1
088e829862c43af8b2ac0677068b3142654e1cdc

SHA256
e607cc04ff4360c7183d205bce3ecf8fe7a727cfe0f5020a2c093acc9fb35d82

SHA512
1815b3f18b9c48931b104fc7d55ae79c09cf9d8807f91354a77f4b609fa39c55b36078892bc9397f3c41b7661dad5ae1ca757c470bffd55d64a01f6ca4ed9068

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
4104ca95575c80b3cd7897e0e4895a50

SHA1
804d035fd14fa8345f1f50a58d5b87a58b6f0d50

SHA256
a2fd8218b658f4756eabf5140173f61badf27743abf003746484dbc39c630cd4

SHA512
f7cc5780b4123fb57693a68459fd43c4c8c4781663aa5da543e497aa6af30db845544886c1a970dda25d4a98f9424109d8c4d1442e63cf4e2e6e05b7b538b944

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
d382747aac206fe76f3985f49e2013bd

SHA1
5dbf46580502bfc3970a3186bd492364f3d947d8

SHA256
50779c457eabfb3ac6e20a978b37017fdecbf921da4fdb3b552521508f876ea2

SHA512
9d3d530b18eb4175070de42e83ff44dc57d125f0365c29ddda46ffe0fc02049a8919e36bcded869304b0c092361054bb24f9590667c1a711c887b550aa22f644

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
2d46c9c6360ad6887212771eb79cbb60

SHA1
8fe71d48cb5d60d3cd2bacab465aeaadd482f5e2

SHA256
9ec5a974277318d09a4b980e159e82c590aa8807b3f17854ee7149d063ae1992

SHA512
c8ac8c8fed1560196dca2acf80be5ead073cf6398b35b753d48bfd8aff29e2e22cc29db7edd47201d9fc93390d8b7afdfeeec19c8495e0a10b618d11f6daec30

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
b7adbea9c2ca706cb066a0ab057e617b

SHA1
def9e8fb56672d93575d9705296ea50739bd1c67

SHA256
b1479674bf24a71954c1d56e4e81fa42c96c4867ffe5f66215827506a7dd7c90

SHA512
7488c55a2ec4cd7aca202ef43a7420b7fd49be82350b99201cbb92fe036a23675761a6ac74c7970ebad2dec47e239e99b92b607660f299366bda35c6879aa710

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
ee8f0a69cda21f2e544249eea74bef32

SHA1
7f372cda1c4f2769357787ce8f633195b3c21ca0

SHA256
ad66e4ab508665cae7e5f7d8050342c1345048b31d99825d5df7db127cd0ed02

SHA512
ca6f62b11ecf3ad71cfa1c9d1b6ca96a3b691ad01f2d939febdadd5865cfc1ed75b1a76f33c95cb1bfd7de4339a26731aa7780837983df974adb2bc773b24e86

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
78e675e84a2c5103dba227d9e0b71495

SHA1
d0b78ab51708fd3bb22dbe81f29c2c77f1786176

SHA256
e4c7fb0b2d15160aabd9d9670c2455b46a04862136cee3b032432738791175e3

SHA512
86fce5d9270bda497542709fba7cfa483b8e716548a3ae6c9c80cbd1b06e48991af267866e5f3151534a9428cf9fcad0b84b799117b0fb041c7740ba75482d71

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
0404003939a38cf20ab05d1b5ca968b8

SHA1
d9b4a4f9660d9b7f467330bfe1908ba3b3b74fb9

SHA256
d1c116679028f6d071c2035ff6c7ec1d0391977da8c48d56335b28ef6d864355

SHA512
769e83f5c0b53bdbd2ddbd462104c725273bc64fe9abfdeffd8dbfe86db0b2ef5acc95c7766b1872853fd93d647d0cf5dff21ad3efcb38aaf1caee4ee0087a57

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_kzuqehp5.weh.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Roaming\Godot\app_userdata\windowkill\logs\godot.log

Filesize
184B

MD5
d7500b462752f529e5a9d616ed96ec72

SHA1
3e133ad8a2294a7f5c38afd8b32c8ce7bb91a131

SHA256
67557a22aeb7372bf76a077e3c78851e54f1a7a4d2985c4b9effb7cee3f4758c

SHA512
5556861ae8a2335d8363d0bfb608bf4eb31c50abbe8e08a5912073556f7ad8e7f8a80134f09e2a714490df9c63a6424d6c1c86562a48768a70040ddd0bf304cd

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
4c08d91c0ca3620bba1f97d3a69b0074

SHA1
ae0d8c619e1734469017d63c9e17525ce185c47c

SHA256
226bd4bf7f84ddbd20dd88a82e0f1d106f1471b51aea37c6089bc548c97f8848

SHA512
7a02880ef993d1cd77851d7580f10f6e877fc6ea7c3f7262e99626118042528e19ff861debf839d62f8a28503feea1782e9b811ea606a0818a9fd7e6685d9c32

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
923b9be8ad49d85262f1622c09b92f4f

SHA1
a37dfdd4027401b7d48eee4cb82c32fc0a802348

SHA256
018d0a4df2178fbf1307da685ba3d2c5746d31f002fd5f0baeac97b91b6a006b

SHA512
a772267ef59a65dd27fceaa5d9bf8870b13e8f3290ac60a89dee483cd17d6b955cbffc9ded0714c4a0fbdcc3c4988ea92345360a60de5f0e5fee080c251b30c3

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
8739a2b1f2493d6884f284a9d0c30069

SHA1
24dcf04f24a75404752532eab376b4796118d471

SHA256
1bd6b61174ceac3229e930c586daa00a6d8ce477ce7eb990158195a0b82438e4

SHA512
f7a0d2b1c958f9ccf8693b8684a886fe5f6ae8183e601f32b890d705f56b3fe237ee64c1c80d9fa386fbd67085a27d1500e4332b68bfc17a13f809b9dc1a887d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
39630a6fb7fad8158361b7c26a6e637c

SHA1
5f4e327d21d31ef2853527637b443d4c03d567e8

SHA256
95ca8b18c0753cc9e0cedd7bce6303d94f1efe68b40b50fa65e6bb89ea71ceaf

SHA512
aca032cabbb02b5de8badc1b98c26066888a8f1ca9bcd503d485bcee10bf242aa669e0356012f27ea1075f396154797134ec13516d51a03b572a690f0d9b116b

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 5489.crdownload

Filesize
483KB

MD5
edb0a9c371be828d2b5d2e90c5c89cb3

SHA1
77bd14205694ef7901f2c19757e0b5abf51c489c

SHA256
a84f934eff0f0950b8e6f6df6f121f5107983df68ef42dd3e12671944e95c6b7

SHA512
072738012ba60faff263c5670cb6f653833abdbd5673fc1aa96fed5aee8ff7edd8995052e1c779847406232a6457083ac2ee58e6666c479e33e4cf035c9c08be

Download Submit
memory/516-4882-0x0000022A541E0000-0x0000022A54202000-memory.dmp

Filesize
136KB

Download
memory/1364-5156-0x000001BB4B240000-0x000001BB4B250000-memory.dmp

Filesize
64KB

Download
memory/1364-5157-0x000001BB4B240000-0x000001BB4B250000-memory.dmp

Filesize
64KB

Download
memory/1364-5160-0x000001BB4B240000-0x000001BB4B250000-memory.dmp

Filesize
64KB

Download
memory/1956-5867-0x0000000006680000-0x00000000066C4000-memory.dmp

Filesize
272KB

Download
memory/1956-5855-0x0000000002E00000-0x0000000002E36000-memory.dmp

Filesize
216KB

Download
memory/1956-5865-0x0000000005D30000-0x0000000006084000-memory.dmp

Filesize
3.3MB

Download
memory/1956-5866-0x0000000006700000-0x000000000674C000-memory.dmp

Filesize
304KB

Download
memory/1956-5868-0x0000000007600000-0x0000000007676000-memory.dmp

Filesize
472KB

Download
memory/1964-4771-0x00000000095D0000-0x0000000009924000-memory.dmp

Filesize
3.3MB

Download
memory/1964-4780-0x000000000EBB0000-0x000000000F22A000-memory.dmp

Filesize
6.5MB

Download
memory/1964-4825-0x0000000008150000-0x00000000081E6000-memory.dmp

Filesize
600KB

Download
memory/1964-4835-0x0000000008100000-0x0000000008111000-memory.dmp

Filesize
68KB

Download
memory/1964-4845-0x000000000A2F0000-0x000000000A2FE000-memory.dmp

Filesize
56KB

Download
memory/1964-4744-0x00000000006B0000-0x00000000006EA000-memory.dmp

Filesize
232KB

Download
memory/1964-4745-0x0000000005690000-0x0000000005C34000-memory.dmp

Filesize
5.6MB

Download
memory/1964-4855-0x000000000A340000-0x000000000A354000-memory.dmp

Filesize
80KB

Download
memory/1964-4746-0x0000000005180000-0x0000000005212000-memory.dmp

Filesize
584KB

Download
memory/1964-4814-0x000000006D160000-0x000000006D4B4000-memory.dmp

Filesize
3.3MB

Download
memory/1964-4747-0x0000000006270000-0x0000000006898000-memory.dmp

Filesize
6.2MB

Download
memory/1964-4748-0x0000000002D70000-0x0000000002D7E000-memory.dmp

Filesize
56KB

Download
memory/1964-4813-0x0000000007FB0000-0x0000000008053000-memory.dmp

Filesize
652KB

Download
memory/1964-4803-0x0000000007DD0000-0x0000000007DEE000-memory.dmp

Filesize
120KB

Download
memory/1964-4749-0x0000000005600000-0x000000000560A000-memory.dmp

Filesize
40KB

Download
memory/1964-4865-0x000000000A3B0000-0x000000000A3CA000-memory.dmp

Filesize
104KB

Download
memory/1964-4793-0x000000006D160000-0x000000006D4B4000-memory.dmp

Filesize
3.3MB

Download
memory/1964-4752-0x00000000086B0000-0x0000000008804000-memory.dmp

Filesize
1.3MB

Download
memory/1964-4792-0x000000006D110000-0x000000006D15C000-memory.dmp

Filesize
304KB

Download
memory/1964-4791-0x0000000007F70000-0x0000000007FA2000-memory.dmp

Filesize
200KB

Download
memory/1964-4781-0x0000000007F20000-0x0000000007F3A000-memory.dmp

Filesize
104KB

Download
memory/1964-4753-0x0000000008370000-0x000000000837E000-memory.dmp

Filesize
56KB

Download
memory/1964-4779-0x0000000007D00000-0x0000000007D26000-memory.dmp

Filesize
152KB

Download
memory/1964-4778-0x0000000007B90000-0x0000000007B98000-memory.dmp

Filesize
32KB

Download
memory/1964-4777-0x0000000008FA0000-0x0000000008FA8000-memory.dmp

Filesize
32KB

Download
memory/1964-4776-0x0000000008F50000-0x0000000008F58000-memory.dmp

Filesize
32KB

Download
memory/1964-4751-0x00000000082C0000-0x000000000830A000-memory.dmp

Filesize
296KB

Download
memory/1964-4750-0x00000000083D0000-0x0000000008548000-memory.dmp

Filesize
1.5MB

Download
memory/1964-4880-0x000000000C680000-0x000000000C6A2000-memory.dmp

Filesize
136KB

Download
memory/1964-4879-0x0000000011600000-0x0000000011B2C000-memory.dmp

Filesize
5.2MB

Download
memory/1964-4878-0x0000000010F00000-0x00000000110C2000-memory.dmp

Filesize
1.8MB

Download
memory/1964-4775-0x000000000A0E0000-0x000000000A14E000-memory.dmp

Filesize
440KB

Download
memory/1964-4774-0x0000000009D70000-0x0000000009D92000-memory.dmp

Filesize
136KB

Download
memory/1964-4773-0x0000000009C80000-0x0000000009CCC000-memory.dmp

Filesize
304KB

Download
memory/1964-4772-0x00000000099D0000-0x00000000099EE000-memory.dmp

Filesize
120KB

Download
memory/1964-4824-0x00000000080B0000-0x00000000080BA000-memory.dmp

Filesize
40KB

Download
memory/1964-4875-0x000000000A3F0000-0x000000000A3F8000-memory.dmp

Filesize
32KB

Download
memory/1964-4761-0x0000000009010000-0x0000000009018000-memory.dmp

Filesize
32KB

Download
memory/1964-4757-0x0000000008A60000-0x0000000008AC6000-memory.dmp

Filesize
408KB

Download
memory/1964-4756-0x0000000008980000-0x00000000089E6000-memory.dmp

Filesize
408KB

Download
memory/1964-4754-0x0000000008550000-0x0000000008588000-memory.dmp

Filesize
224KB

Download
memory/2200-5026-0x000002A9E8E10000-0x000002A9E8E1A000-memory.dmp

Filesize
40KB

Download
memory/2200-5027-0x000002A9E8E40000-0x000002A9E8E5C000-memory.dmp

Filesize
112KB

Download
memory/2200-5025-0x000002A9E8EC0000-0x000002A9E8F75000-memory.dmp

Filesize
724KB

Download
memory/2200-5024-0x000002A9E8DF0000-0x000002A9E8E0C000-memory.dmp

Filesize
112KB

Download
memory/2228-5161-0x0000015617010000-0x0000015617020000-memory.dmp

Filesize
64KB

Download
memory/2228-5154-0x0000015617010000-0x0000015617020000-memory.dmp

Filesize
64KB

Download
memory/2228-5155-0x0000015617010000-0x0000015617020000-memory.dmp

Filesize
64KB

Download
memory/2348-4974-0x0000018CDB6D0000-0x0000018CDB8DA000-memory.dmp

Filesize
2.0MB

Download
memory/2348-5140-0x000001D652B80000-0x000001D652B90000-memory.dmp

Filesize
64KB

Download
memory/2348-4973-0x0000018CDB340000-0x0000018CDB4B6000-memory.dmp

Filesize
1.5MB

Download
memory/2348-5141-0x000001D652B80000-0x000001D652B90000-memory.dmp

Filesize
64KB

Download
memory/2348-5147-0x000001D652B80000-0x000001D652B90000-memory.dmp

Filesize
64KB

Download
memory/4012-5146-0x0000017EEB680000-0x0000017EEB690000-memory.dmp

Filesize
64KB

Download
memory/4012-5142-0x0000017EEB680000-0x0000017EEB690000-memory.dmp

Filesize
64KB

Download
memory/4012-5143-0x0000017EEB680000-0x0000017EEB690000-memory.dmp

Filesize
64KB

Download