cryptolocker | hxxp://reddit[.]com

Analysis

max time kernel
854s
max time network
856s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
17-11-2024 16:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://reddit.com

Score

10^/10

cryptolocker defense_evasion discovery evasion execution impact persistence phishing ransomware spyware stealer

Malware Config

Signatures

CryptoLocker
Ransomware family with multiple variants.
ransomware cryptolocker
Cryptolocker family
cryptolocker

Process spawned unexpected child process 1 IoCs

This typically indicates the parent process was compromised via an exploit or macro.

description	pid	pid_target	Process	procid_target
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process	4276	2572	cmd.exe	219

Deletes shadow copies 3 TTPs
Ransomware often targets backup files to inhibit system recovery.
ransomware defense_evasion impact execution

File Deletion
T1070.004

Inhibit System Recovery
T1490

Windows Management Instrumentation
T1047

Modifies boot configuration data using bcdedit 1 TTPs 2 IoCs

ransomware evasion

Inhibit System Recovery

T1490

pid	Process
4816	bcdedit.exe
3932	bcdedit.exe

Downloads MZ/PE file
A potential corporate email address has been identified in the URL: Robotowght@500
phishing

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Control Panel\International\Geo\Nation	SporaRansomware.exe

Drops startup file 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\US967-65XET-XTZTX-HTETX.HTML	SporaRansomware.exe

Executes dropped EXE 15 IoCs

pid	Process
3116	CryptoLocker.exe
5196	{34184A33-0407-212E-3320-09040709E2C2}.exe
5184	{34184A33-0407-212E-3320-09040709E2C2}.exe
5408	CryptoLocker.exe
4808	CryptoLocker.exe
3820	CryptoLocker.exe
6028	CryptoLocker.exe
2452	SporaRansomware.exe
1168	Satana.exe
5528	Satana.exe
5572	Satana.exe
5812	Satana.exe
2108	Satana.exe
4728	Satana.exe
5292	DesktopPuzzle.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\CryptoLocker = "C:\\Users\\Admin\\AppData\\Roaming\\{34184A33-0407-212E-3320-09040709E2C2}.exe"	{34184A33-0407-212E-3320-09040709E2C2}.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
375	raw.githubusercontent.com
376	raw.githubusercontent.com

Suspicious use of SetThreadContext 3 IoCs

description	pid	Process	procid_target
PID 1168 set thread context of 5528	1168	Satana.exe	239
PID 5572 set thread context of 5812	5572	Satana.exe	245
PID 2108 set thread context of 4728	2108	Satana.exe	249

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 3 IoCs

pid	pid_target	Process	procid_target
3052	5528	WerFault.exe	239
1884	5812	WerFault.exe	245
3208	4728	WerFault.exe	249

System Location Discovery: System Language Discovery 1 TTPs 13 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	CryptoLocker.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	CryptoLocker.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	CryptoLocker.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	CryptoLocker.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SporaRansomware.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WMIC.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	{34184A33-0407-212E-3320-09040709E2C2}.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	{34184A33-0407-212E-3320-09040709E2C2}.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	CryptoLocker.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Satana.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Satana.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DesktopPuzzle.exe

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Interacts with shadow copies 3 TTPs 1 IoCs

Shadow copies are often targeted by ransomware to inhibit system recovery.

ransomware

File Deletion

T1070.004

Inhibit System Recovery

T1490

Direct Volume Access

T1006

pid	Process
6100	vssadmin.exe

Modifies Internet Explorer settings 1 TTPs 33 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Software\Microsoft\Internet Explorer\GPU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "2727955519"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Software\Microsoft\Internet Explorer\VersionManager	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "2727984869"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\""	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Software\Microsoft\Internet Explorer\IESettingSync	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f0bfcfa50f39db01	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 9099d8a50f39db01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31144207"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31144207"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000013dbeb74f69550459d232b3693c378ca00000000020000000000106600000001000020000000b69490e795637d69f98072eca2b4a86a40da58fb24ff734e8da691c9b1cc2cd4000000000e8000000002000020000000a22e038658eef703b517b1cc5cf492b18ae2691f759f4e1600d9c67a85a5f6d42000000070aff53dc0a1042b9aca7391ae17315662269305156c4a8a57d7aa38594e7ddc400000009e5bb9ba1a9e7bc0301a5cfc81b31de47d06d696b0dcbe1ef70b2314809f69037d7309bf16896cfaddd2fc7e6967bf7fae8168d91d0f000275304e866eefaa77	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{CE2D9B02-A502-11EF-BDBF-DA67B56E6C1B} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\SOFTWARE\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000013dbeb74f69550459d232b3693c378ca00000000020000000000106600000001000020000000a47ae7179114aa5e04be3b3dfa0a16374a551a705ced33f6a15087f2359b0664000000000e800000000200002000000029e58a30e015f1df729cb90d7d71ef2820edcc1973de9d305dbe9de44c6437b720000000f44c6e5030e23b8ba144fd695ecc5b034a7f7f79b88a0c7ec9f1453603379017400000006ead84566b2e59eb78ece5bc75038082cec6c00f0411e9ee358288e0980bf38e6ebd09f93be786cd782f5e2b313cb72160693c416266d57d02ed4e291d15728b	iexplore.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133763353140971437"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings	OpenWith.exe

NTFS ADS 7 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 393226.crdownload:SmartScreen	msedge.exe
File created	C:\Users\Admin\AppData\Roaming\{34184A33-0407-212E-3320-09040709E2C2}.exe\:SmartScreen:$DATA	CryptoLocker.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 796795.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 263328.crdownload:SmartScreen	msedge.exe
File created	C:\28eb45fa-7ecf-3f5e-17a3-f4caf2c67a35.exe\:SmartScreen:$DATA	SporaRansomware.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 819471.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 139218.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4000	msedge.exe
4000	msedge.exe
2852	msedge.exe
2852	msedge.exe
672	identity_helper.exe
672	identity_helper.exe
5232	chrome.exe
5232	chrome.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
2788	msedge.exe
5308	msedge.exe
5308	msedge.exe
5904	msedge.exe
5904	msedge.exe
5704	msedge.exe
5704	msedge.exe
5920	msedge.exe
5920	msedge.exe
3772	taskmgr.exe
3772	taskmgr.exe
3772	taskmgr.exe
3772	taskmgr.exe
3772	taskmgr.exe
3772	taskmgr.exe
3772	taskmgr.exe
3772	taskmgr.exe
3772	taskmgr.exe
3772	taskmgr.exe
3772	taskmgr.exe
3772	taskmgr.exe
3772	taskmgr.exe
3772	taskmgr.exe
3772	taskmgr.exe
3772	taskmgr.exe
3772	taskmgr.exe
3772	taskmgr.exe
3772	taskmgr.exe
3772	taskmgr.exe
3772	taskmgr.exe
3772	taskmgr.exe
3772	taskmgr.exe
3772	taskmgr.exe
3772	taskmgr.exe
3772	taskmgr.exe
3772	taskmgr.exe
3772	taskmgr.exe
3772	taskmgr.exe
3772	taskmgr.exe
3772	taskmgr.exe
3772	taskmgr.exe
3772	taskmgr.exe
3772	taskmgr.exe
3772	taskmgr.exe
3772	taskmgr.exe
3772	taskmgr.exe
3772	taskmgr.exe
3772	taskmgr.exe
3772	taskmgr.exe
3772	taskmgr.exe
296	msedge.exe
296	msedge.exe
3772	taskmgr.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
5964	OpenWith.exe
3772	taskmgr.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 52 IoCs

pid	Process
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
5232	chrome.exe
5232	chrome.exe
5232	chrome.exe
5232	chrome.exe
5232	chrome.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	5232	chrome.exe
Token: SeCreatePagefilePrivilege	5232	chrome.exe
Token: SeShutdownPrivilege	5232	chrome.exe
Token: SeCreatePagefilePrivilege	5232	chrome.exe
Token: SeShutdownPrivilege	5232	chrome.exe
Token: SeCreatePagefilePrivilege	5232	chrome.exe
Token: SeShutdownPrivilege	5232	chrome.exe
Token: SeCreatePagefilePrivilege	5232	chrome.exe
Token: SeShutdownPrivilege	5232	chrome.exe
Token: SeCreatePagefilePrivilege	5232	chrome.exe
Token: SeShutdownPrivilege	5232	chrome.exe
Token: SeCreatePagefilePrivilege	5232	chrome.exe
Token: SeShutdownPrivilege	5232	chrome.exe
Token: SeCreatePagefilePrivilege	5232	chrome.exe
Token: SeShutdownPrivilege	5232	chrome.exe
Token: SeCreatePagefilePrivilege	5232	chrome.exe
Token: SeShutdownPrivilege	5232	chrome.exe
Token: SeCreatePagefilePrivilege	5232	chrome.exe
Token: SeShutdownPrivilege	5232	chrome.exe
Token: SeCreatePagefilePrivilege	5232	chrome.exe
Token: SeShutdownPrivilege	5232	chrome.exe
Token: SeCreatePagefilePrivilege	5232	chrome.exe
Token: SeShutdownPrivilege	5232	chrome.exe
Token: SeCreatePagefilePrivilege	5232	chrome.exe
Token: SeShutdownPrivilege	5232	chrome.exe
Token: SeCreatePagefilePrivilege	5232	chrome.exe
Token: SeShutdownPrivilege	5232	chrome.exe
Token: SeCreatePagefilePrivilege	5232	chrome.exe
Token: SeShutdownPrivilege	5232	chrome.exe
Token: SeCreatePagefilePrivilege	5232	chrome.exe
Token: SeShutdownPrivilege	5232	chrome.exe
Token: SeCreatePagefilePrivilege	5232	chrome.exe
Token: SeShutdownPrivilege	5232	chrome.exe
Token: SeCreatePagefilePrivilege	5232	chrome.exe
Token: SeShutdownPrivilege	5232	chrome.exe
Token: SeCreatePagefilePrivilege	5232	chrome.exe
Token: SeShutdownPrivilege	5232	chrome.exe
Token: SeCreatePagefilePrivilege	5232	chrome.exe
Token: SeShutdownPrivilege	5232	chrome.exe
Token: SeCreatePagefilePrivilege	5232	chrome.exe
Token: SeShutdownPrivilege	5232	chrome.exe
Token: SeCreatePagefilePrivilege	5232	chrome.exe
Token: SeShutdownPrivilege	5232	chrome.exe
Token: SeCreatePagefilePrivilege	5232	chrome.exe
Token: SeShutdownPrivilege	5232	chrome.exe
Token: SeCreatePagefilePrivilege	5232	chrome.exe
Token: SeTcbPrivilege	4528	svchost.exe
Token: SeRestorePrivilege	4528	svchost.exe
Token: SeIncreaseQuotaPrivilege	1736	WMIC.exe
Token: SeSecurityPrivilege	1736	WMIC.exe
Token: SeTakeOwnershipPrivilege	1736	WMIC.exe
Token: SeLoadDriverPrivilege	1736	WMIC.exe
Token: SeSystemProfilePrivilege	1736	WMIC.exe
Token: SeSystemtimePrivilege	1736	WMIC.exe
Token: SeProfSingleProcessPrivilege	1736	WMIC.exe
Token: SeIncBasePriorityPrivilege	1736	WMIC.exe
Token: SeCreatePagefilePrivilege	1736	WMIC.exe
Token: SeBackupPrivilege	1736	WMIC.exe
Token: SeRestorePrivilege	1736	WMIC.exe
Token: SeShutdownPrivilege	1736	WMIC.exe
Token: SeDebugPrivilege	1736	WMIC.exe
Token: SeSystemEnvironmentPrivilege	1736	WMIC.exe
Token: SeRemoteShutdownPrivilege	1736	WMIC.exe
Token: SeUndockPrivilege	1736	WMIC.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
5520	iexplore.exe
5232	chrome.exe
5232	chrome.exe
5232	chrome.exe
5232	chrome.exe
5232	chrome.exe
5232	chrome.exe
5232	chrome.exe
5232	chrome.exe
5232	chrome.exe
5232	chrome.exe
5232	chrome.exe
5232	chrome.exe
5232	chrome.exe
5232	chrome.exe
5232	chrome.exe
5232	chrome.exe
5232	chrome.exe
5232	chrome.exe
5232	chrome.exe
5232	chrome.exe
5232	chrome.exe
5232	chrome.exe
5232	chrome.exe
5232	chrome.exe
5232	chrome.exe
5232	chrome.exe
5232	chrome.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
5232	chrome.exe
5232	chrome.exe
5232	chrome.exe
5232	chrome.exe
5232	chrome.exe
5232	chrome.exe
5232	chrome.exe
5232	chrome.exe
5232	chrome.exe
5232	chrome.exe
5232	chrome.exe
5232	chrome.exe
5232	chrome.exe
5232	chrome.exe
5232	chrome.exe
5232	chrome.exe
5232	chrome.exe
5232	chrome.exe
5232	chrome.exe
5232	chrome.exe
5232	chrome.exe
5232	chrome.exe
5232	chrome.exe
5232	chrome.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
5520	iexplore.exe
5520	iexplore.exe
6036	IEXPLORE.EXE
6036	IEXPLORE.EXE
6036	IEXPLORE.EXE
5964	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2852 wrote to memory of 4236	2852	msedge.exe	83
PID 2852 wrote to memory of 4236	2852	msedge.exe	83
PID 2852 wrote to memory of 3264	2852	msedge.exe	84
PID 2852 wrote to memory of 3264	2852	msedge.exe	84
PID 2852 wrote to memory of 3264	2852	msedge.exe	84
PID 2852 wrote to memory of 3264	2852	msedge.exe	84
PID 2852 wrote to memory of 3264	2852	msedge.exe	84
PID 2852 wrote to memory of 3264	2852	msedge.exe	84
PID 2852 wrote to memory of 3264	2852	msedge.exe	84
PID 2852 wrote to memory of 3264	2852	msedge.exe	84
PID 2852 wrote to memory of 3264	2852	msedge.exe	84
PID 2852 wrote to memory of 3264	2852	msedge.exe	84
PID 2852 wrote to memory of 3264	2852	msedge.exe	84
PID 2852 wrote to memory of 3264	2852	msedge.exe	84
PID 2852 wrote to memory of 3264	2852	msedge.exe	84
PID 2852 wrote to memory of 3264	2852	msedge.exe	84
PID 2852 wrote to memory of 3264	2852	msedge.exe	84
PID 2852 wrote to memory of 3264	2852	msedge.exe	84
PID 2852 wrote to memory of 3264	2852	msedge.exe	84
PID 2852 wrote to memory of 3264	2852	msedge.exe	84
PID 2852 wrote to memory of 3264	2852	msedge.exe	84
PID 2852 wrote to memory of 3264	2852	msedge.exe	84
PID 2852 wrote to memory of 3264	2852	msedge.exe	84
PID 2852 wrote to memory of 3264	2852	msedge.exe	84
PID 2852 wrote to memory of 3264	2852	msedge.exe	84
PID 2852 wrote to memory of 3264	2852	msedge.exe	84
PID 2852 wrote to memory of 3264	2852	msedge.exe	84
PID 2852 wrote to memory of 3264	2852	msedge.exe	84
PID 2852 wrote to memory of 3264	2852	msedge.exe	84
PID 2852 wrote to memory of 3264	2852	msedge.exe	84
PID 2852 wrote to memory of 3264	2852	msedge.exe	84
PID 2852 wrote to memory of 3264	2852	msedge.exe	84
PID 2852 wrote to memory of 3264	2852	msedge.exe	84
PID 2852 wrote to memory of 3264	2852	msedge.exe	84
PID 2852 wrote to memory of 3264	2852	msedge.exe	84
PID 2852 wrote to memory of 3264	2852	msedge.exe	84
PID 2852 wrote to memory of 3264	2852	msedge.exe	84
PID 2852 wrote to memory of 3264	2852	msedge.exe	84
PID 2852 wrote to memory of 3264	2852	msedge.exe	84
PID 2852 wrote to memory of 3264	2852	msedge.exe	84
PID 2852 wrote to memory of 3264	2852	msedge.exe	84
PID 2852 wrote to memory of 3264	2852	msedge.exe	84
PID 2852 wrote to memory of 4000	2852	msedge.exe	85
PID 2852 wrote to memory of 4000	2852	msedge.exe	85
PID 2852 wrote to memory of 1780	2852	msedge.exe	86
PID 2852 wrote to memory of 1780	2852	msedge.exe	86
PID 2852 wrote to memory of 1780	2852	msedge.exe	86
PID 2852 wrote to memory of 1780	2852	msedge.exe	86
PID 2852 wrote to memory of 1780	2852	msedge.exe	86
PID 2852 wrote to memory of 1780	2852	msedge.exe	86
PID 2852 wrote to memory of 1780	2852	msedge.exe	86
PID 2852 wrote to memory of 1780	2852	msedge.exe	86
PID 2852 wrote to memory of 1780	2852	msedge.exe	86
PID 2852 wrote to memory of 1780	2852	msedge.exe	86
PID 2852 wrote to memory of 1780	2852	msedge.exe	86
PID 2852 wrote to memory of 1780	2852	msedge.exe	86
PID 2852 wrote to memory of 1780	2852	msedge.exe	86
PID 2852 wrote to memory of 1780	2852	msedge.exe	86
PID 2852 wrote to memory of 1780	2852	msedge.exe	86
PID 2852 wrote to memory of 1780	2852	msedge.exe	86
PID 2852 wrote to memory of 1780	2852	msedge.exe	86
PID 2852 wrote to memory of 1780	2852	msedge.exe	86
PID 2852 wrote to memory of 1780	2852	msedge.exe	86
PID 2852 wrote to memory of 1780	2852	msedge.exe	86

Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://reddit.com
1⤵
- Enumerates system info in registry
- Modifies registry class
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8736146f8,0x7ff873614708,0x7ff873614718
  2⤵
  PID:4236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1424,14170122826464222346,16870118966233275722,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2236 /prefetch:2
  2⤵
  PID:3264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1424,14170122826464222346,16870118966233275722,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2336 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1424,14170122826464222346,16870118966233275722,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2940 /prefetch:8
  2⤵
  PID:1780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1424,14170122826464222346,16870118966233275722,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:3952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1424,14170122826464222346,16870118966233275722,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
  2⤵
  PID:4028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1424,14170122826464222346,16870118966233275722,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4692 /prefetch:1
  2⤵
  PID:2040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1424,14170122826464222346,16870118966233275722,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4704 /prefetch:1
  2⤵
  PID:4268
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1424,14170122826464222346,16870118966233275722,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5696 /prefetch:8
  2⤵
  PID:4144
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1424,14170122826464222346,16870118966233275722,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5696 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1424,14170122826464222346,16870118966233275722,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:5512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1424,14170122826464222346,16870118966233275722,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2652 /prefetch:1
  2⤵
  PID:5520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1424,14170122826464222346,16870118966233275722,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4140 /prefetch:1
  2⤵
  PID:5696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1424,14170122826464222346,16870118966233275722,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5896 /prefetch:1
  2⤵
  PID:5704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1424,14170122826464222346,16870118966233275722,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5396 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1424,14170122826464222346,16870118966233275722,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5104 /prefetch:1
  2⤵
  PID:5552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1424,14170122826464222346,16870118966233275722,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4684 /prefetch:1
  2⤵
  PID:5184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1424,14170122826464222346,16870118966233275722,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3668 /prefetch:1
  2⤵
  PID:5224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1424,14170122826464222346,16870118966233275722,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4716 /prefetch:1
  2⤵
  PID:3588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1424,14170122826464222346,16870118966233275722,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3660 /prefetch:1
  2⤵
  PID:5404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1424,14170122826464222346,16870118966233275722,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2976 /prefetch:1
  2⤵
  PID:4356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1424,14170122826464222346,16870118966233275722,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1820 /prefetch:1
  2⤵
  PID:4592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1424,14170122826464222346,16870118966233275722,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5104 /prefetch:1
  2⤵
  PID:5980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1424,14170122826464222346,16870118966233275722,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4764 /prefetch:1
  2⤵
  PID:416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1424,14170122826464222346,16870118966233275722,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5924 /prefetch:1
  2⤵
  PID:5348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1424,14170122826464222346,16870118966233275722,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6088 /prefetch:1
  2⤵
  PID:2824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1424,14170122826464222346,16870118966233275722,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5372 /prefetch:1
  2⤵
  PID:5144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1424,14170122826464222346,16870118966233275722,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6792 /prefetch:1
  2⤵
  PID:2804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1424,14170122826464222346,16870118966233275722,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6992 /prefetch:1
  2⤵
  PID:5536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1424,14170122826464222346,16870118966233275722,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7152 /prefetch:1
  2⤵
  PID:1828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1424,14170122826464222346,16870118966233275722,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:1
  2⤵
  PID:4428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1424,14170122826464222346,16870118966233275722,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5092 /prefetch:1
  2⤵
  PID:6080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1424,14170122826464222346,16870118966233275722,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6696 /prefetch:8
  2⤵
  PID:1260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1424,14170122826464222346,16870118966233275722,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6608 /prefetch:1
  2⤵
  PID:5292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1424,14170122826464222346,16870118966233275722,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1012 /prefetch:1
  2⤵
  PID:3048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1424,14170122826464222346,16870118966233275722,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6504 /prefetch:1
  2⤵
  PID:2548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1424,14170122826464222346,16870118966233275722,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7208 /prefetch:1
  2⤵
  PID:5468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1424,14170122826464222346,16870118966233275722,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3796 /prefetch:1
  2⤵
  PID:1524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1424,14170122826464222346,16870118966233275722,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3092 /prefetch:1
  2⤵
  PID:964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1424,14170122826464222346,16870118966233275722,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3468 /prefetch:1
  2⤵
  PID:4616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1424,14170122826464222346,16870118966233275722,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7360 /prefetch:1
  2⤵
  PID:1300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1424,14170122826464222346,16870118966233275722,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=7300 /prefetch:8
  2⤵
  PID:1196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1424,14170122826464222346,16870118966233275722,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6336 /prefetch:1
  2⤵
  PID:2668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1424,14170122826464222346,16870118966233275722,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7872 /prefetch:1
  2⤵
  PID:5080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1424,14170122826464222346,16870118966233275722,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7368 /prefetch:1
  2⤵
  PID:2020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1424,14170122826464222346,16870118966233275722,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=1184 /prefetch:8
  2⤵
  PID:2488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1424,14170122826464222346,16870118966233275722,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4812 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5308
- C:\Users\Admin\Downloads\CryptoLocker.exe
  "C:\Users\Admin\Downloads\CryptoLocker.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - NTFS ADS
  PID:3116
- - C:\Users\Admin\AppData\Roaming\{34184A33-0407-212E-3320-09040709E2C2}.exe
    "C:\Users\Admin\AppData\Roaming\{34184A33-0407-212E-3320-09040709E2C2}.exe" "/rC:\Users\Admin\Downloads\CryptoLocker.exe"
    3⤵
    - Executes dropped EXE
    - Adds Run key to start application
    - System Location Discovery: System Language Discovery
    PID:5196
  - - C:\Users\Admin\AppData\Roaming\{34184A33-0407-212E-3320-09040709E2C2}.exe
      "C:\Users\Admin\AppData\Roaming\{34184A33-0407-212E-3320-09040709E2C2}.exe" /w00000224
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      PID:5184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1424,14170122826464222346,16870118966233275722,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7044 /prefetch:1
  2⤵
  PID:4324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1424,14170122826464222346,16870118966233275722,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:2748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1424,14170122826464222346,16870118966233275722,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5260 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5904
- C:\Users\Admin\Downloads\CryptoLocker.exe
  "C:\Users\Admin\Downloads\CryptoLocker.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:5408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1424,14170122826464222346,16870118966233275722,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7660 /prefetch:1
  2⤵
  PID:5908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1424,14170122826464222346,16870118966233275722,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3092 /prefetch:8
  2⤵
  PID:2288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1424,14170122826464222346,16870118966233275722,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2372 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1424,14170122826464222346,16870118966233275722,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6260 /prefetch:1
  2⤵
  PID:1516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1424,14170122826464222346,16870118966233275722,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4824 /prefetch:1
  2⤵
  PID:2904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1424,14170122826464222346,16870118966233275722,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
  2⤵
  PID:2908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1424,14170122826464222346,16870118966233275722,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6836 /prefetch:1
  2⤵
  PID:1952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1424,14170122826464222346,16870118966233275722,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6356 /prefetch:1
  2⤵
  PID:2448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1424,14170122826464222346,16870118966233275722,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7928 /prefetch:1
  2⤵
  PID:4064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1424,14170122826464222346,16870118966233275722,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=1732 /prefetch:8
  2⤵
  PID:1236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1424,14170122826464222346,16870118966233275722,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8184 /prefetch:1
  2⤵
  PID:4300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1424,14170122826464222346,16870118966233275722,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8088 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5920
- C:\Users\Admin\Downloads\Satana.exe
  "C:\Users\Admin\Downloads\Satana.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetThreadContext
  - System Location Discovery: System Language Discovery
  PID:1168
- - C:\Users\Admin\Downloads\Satana.exe
    "C:\Users\Admin\Downloads\Satana.exe"
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:5528
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 5528 -s 376
      4⤵
      Program crash
      PID:3052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1424,14170122826464222346,16870118966233275722,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7368 /prefetch:1
  2⤵
  PID:5304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1424,14170122826464222346,16870118966233275722,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2808 /prefetch:8
  2⤵
  PID:3236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1424,14170122826464222346,16870118966233275722,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8140 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:296

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3012

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4212

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:6128

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -nohome
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:5520
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5520 CREDAT:17410 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:6036

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:5232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff865fccc40,0x7ff865fccc4c,0x7ff865fccc58
  2⤵
  PID:5116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1852,i,11732683584277927949,5938361925053381004,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1884 /prefetch:2
  2⤵
  PID:4316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2216,i,11732683584277927949,5938361925053381004,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2092 /prefetch:3
  2⤵
  PID:4292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2220,i,11732683584277927949,5938361925053381004,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2300 /prefetch:8
  2⤵
  PID:4472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3144,i,11732683584277927949,5938361925053381004,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3172 /prefetch:1
  2⤵
  PID:3760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3240,i,11732683584277927949,5938361925053381004,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3416 /prefetch:1
  2⤵
  PID:3060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3700,i,11732683584277927949,5938361925053381004,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4512 /prefetch:1
  2⤵
  PID:2404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4760,i,11732683584277927949,5938361925053381004,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4772 /prefetch:8
  2⤵
  PID:3772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3716,i,11732683584277927949,5938361925053381004,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4948 /prefetch:8
  2⤵
  PID:5124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5016,i,11732683584277927949,5938361925053381004,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4848 /prefetch:8
  2⤵
  PID:1760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4804,i,11732683584277927949,5938361925053381004,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5072 /prefetch:8
  2⤵
  PID:3080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5064,i,11732683584277927949,5938361925053381004,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5012 /prefetch:8
  2⤵
  PID:3320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5040,i,11732683584277927949,5938361925053381004,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5052 /prefetch:8
  2⤵
  PID:2824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=4792,i,11732683584277927949,5938361925053381004,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5008 /prefetch:2
  2⤵
  PID:736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=4776,i,11732683584277927949,5938361925053381004,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5112 /prefetch:1
  2⤵
  PID:5536

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2828

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1416

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x498 0x2d0
1⤵
PID:1392

C:\Users\Admin\Downloads\CryptoLocker.exe
"C:\Users\Admin\Downloads\CryptoLocker.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:4808

C:\Users\Admin\Downloads\CryptoLocker.exe
"C:\Users\Admin\Downloads\CryptoLocker.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:3820

C:\Users\Admin\Desktop\CryptoLocker.exe
"C:\Users\Admin\Desktop\CryptoLocker.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:6028

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DeviceAssociationService
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4528
- C:\Windows\system32\dashost.exe
  dashost.exe {89d9cae4-be12-4c87-bd2251ade6a65a7e}
  2⤵
  PID:5352

C:\Users\Admin\Downloads\SporaRansomware.exe
"C:\Users\Admin\Downloads\SporaRansomware.exe"
1⤵
- Checks computer location settings
- Drops startup file
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- NTFS ADS
PID:2452
- C:\Windows\SysWOW64\wbem\WMIC.exe
  "C:\Windows\System32\wbem\WMIC.exe" process call create "cmd.exe /c vssadmin.exe delete shadows /all /quiet & bcdedit.exe /set {default} recoveryenabled no & bcdedit.exe /set {default} bootstatuspolicy ignoreallfailures"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of AdjustPrivilegeToken
  PID:1736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\Desktop\US967-65XET-XTZTX-HTETX.HTML
  2⤵
  PID:4716
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8736146f8,0x7ff873614708,0x7ff873614718
    3⤵
    PID:3440

C:\Windows\system32\cmd.exe
cmd.exe /c vssadmin.exe delete shadows /all /quiet & bcdedit.exe /set {default} recoveryenabled no & bcdedit.exe /set {default} bootstatuspolicy ignoreallfailures
1⤵
- Process spawned unexpected child process
PID:4276
- C:\Windows\system32\vssadmin.exe
  vssadmin.exe delete shadows /all /quiet
  2⤵
  - Interacts with shadow copies
  PID:6100
- C:\Windows\system32\bcdedit.exe
  bcdedit.exe /set {default} recoveryenabled no
  2⤵
  - Modifies boot configuration data using bcdedit
  PID:4816
- C:\Windows\system32\bcdedit.exe
  bcdedit.exe /set {default} bootstatuspolicy ignoreallfailures
  2⤵
  - Modifies boot configuration data using bcdedit
  PID:3932

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
PID:4640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 5528 -ip 5528
1⤵
PID:4392

C:\Users\Admin\Downloads\Satana.exe
"C:\Users\Admin\Downloads\Satana.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:5572
- C:\Users\Admin\Downloads\Satana.exe
  "C:\Users\Admin\Downloads\Satana.exe"
  2⤵
  - Executes dropped EXE
  PID:5812
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 5812 -s 340
    3⤵
    - Program crash
    PID:1884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 5812 -ip 5812
1⤵
PID:4784

C:\Users\Admin\Downloads\Satana.exe
"C:\Users\Admin\Downloads\Satana.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:2108
- C:\Users\Admin\Downloads\Satana.exe
  "C:\Users\Admin\Downloads\Satana.exe"
  2⤵
  - Executes dropped EXE
  PID:4728
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4728 -s 340
    3⤵
    - Program crash
    PID:3208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4728 -ip 4728
1⤵
PID:2360

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault26aa84d0h81b8h4948ha8e6h45a7c32e07fb
1⤵
PID:624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7ff8736146f8,0x7ff873614708,0x7ff873614718
  2⤵
  PID:1968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,3134367224153185454,16927773260135445063,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
  2⤵
  PID:2032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,3134367224153185454,16927773260135445063,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3
  2⤵
  PID:4844

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
PID:3772

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:5964

C:\Users\Admin\Downloads\DesktopPuzzle.exe
"C:\Users\Admin\Downloads\DesktopPuzzle.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:5292

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Windows Management Instrumentation

T1047

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Direct Volume Access

T1006

Indicator Removal

T1070

File Deletion

T1070.004

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Inhibit System Recovery

T1490

Replay Monitor

Loading Replay Monitor...

Downloads

C:\28eb45fa-7ecf-3f5e-17a3-f4caf2c67a35.exe:SmartScreen

Filesize
7B

MD5
4047530ecbc0170039e76fe1657bdb01

SHA1
32db7d5e662ebccdd1d71de285f907e3a1c68ac5

SHA256
82254025d1b98d60044d3aeb7c56eed7c61c07c3e30534d6e05dab9d6c326750

SHA512
8f002af3f4ed2b3dfb4ed8273318d160152da50ee4842c9f5d9915f50a3e643952494699c4258e6af993dc6e1695d0dc3db6d23f4d93c26b0bc6a20f4b4f336e

Download Submit
C:\US967-65XET-XTZTX-HTETX.HTML

Filesize
8KB

MD5
8fc2f396cf2780a5aec6da4880a3b275

SHA1
4ecd0b3dadf9a8bad2dab326e8c838eb907751d9

SHA256
b03751426a647234ef5b980d2c696930c9d18d956f8cb356cd86d5ff288b906a

SHA512
6a5ec7cc863540f2a61068c375f4c8d4f786d3e62f8d7786250c7b02262384f59aa3886855d5009440ec6bd9824dc20dd300e2ea33f4ab99035a563900fd229f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

Filesize
1KB

MD5
55540a230bdab55187a841cfe1aa1545

SHA1
363e4734f757bdeb89868efe94907774a327695e

SHA256
d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

SHA512
c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
d2c33b1ef9facda42dee42e43ffe1ddb

SHA1
777fbc04ea519d199b27f9983dc8a9c714af6cd2

SHA256
e072509dd9ae34d55c2662349fe18cf1b2c940b2024fc3b72e87171a9a394488

SHA512
eab870b945a79e780605e808d9cd908f3d7bb2ddddfea15a9381f2f4b68c64c4dfdb02271aeaa06df271c5ab47bef01d92e672cf594116afd7458e0b40c83474

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

Filesize
41KB

MD5
503766d5e5838b4fcadf8c3f72e43605

SHA1
6c8b2fa17150d77929b7dc183d8363f12ff81f59

SHA256
c53b8a39416067f4d70c21be02ca9c84724b1c525d34e7910482b64d8e301cf9

SHA512
5ead599ae1410a5c0e09ee73d0fdf8e8a75864ab6ce12f0777b2938fd54df62993767249f5121af97aa629d8f7c5eae182214b6f67117476e1e2b9a72f34e0b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
fa086a968301a6fcd20d33905337a350

SHA1
0846552d9644f70ce1cbf5fb9e344be9c25a653f

SHA256
6342d6e6dfc29ad7aa3d4e3eb86c9dee57b90e0af20def85d224ab0e5a087f2a

SHA512
9f46946402a4bdba9ec39dcf654732218ce3c7dce153899e6f61adf530820faf52496905786778171a77d466494fb669990ca87ac614dd12c25c30b30709e693

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.83.1_0\_locales\en_CA\messages.json

Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.83.1_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
e0796dcfbc3021bae42742c9d126d55f

SHA1
c9ef6321c5c7389ffc382925a3bd6146879dd06d

SHA256
cc96d629fc9246b9d99b3b9c43a58d2e3c7fd8e43894f4396f770143bbf5d00b

SHA512
2728bc28bc65758daa7c06fde654b03f255a12109bd32cd1bb46312623512b190cd7e12d5db19a955df2ff8c89e5e677fb46e00b657a45667f5702fe5cb93363

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
8cb7848d7b4cc629046e713e0bc146b8

SHA1
c088496ab61f31a03e622028fd3c010170cedf5f

SHA256
3425d5be766265526d838dd0c5d8729f96d56fb407951ed2457b01d8febe0e73

SHA512
c65958bb4cbf561503ad3f366e0d28e706a293f271c8cc823ba868b6723794333ccda9d87a0a464bd6897a923a0b3bf438a2fbd80b0dd8d00dc94c5b0a86c1f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
621bac77da78dedd6893b90c1e23688c

SHA1
df2fcd0b1ea94cb3e9937ffcbf9e2732e26d0b51

SHA256
2d81bc09f6085f2c4f937f4058f73afaacc769cd120f7d7c4e39439123d95215

SHA512
7a51f14325e63ad4394c983052e6fc893c124b2f007e9aa9d89d447de8b6d6f7eddcac310d63cbb941d6e19fc27f210fda56df1f84304d433c546a201697aef1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
84ac2124b72f1640d0425e23af885b41

SHA1
55c30c0007f163771a55de09373c8a7533f6ed71

SHA256
73a9435332f6afe6bd700e7a02b5f55f1d9acfa658cf344502e2ff4294887935

SHA512
3cd34f83bcf28e079eacfdd39c3737b74e073d6799b24fac2c09fcbaed96529d207f1c0478cff8840dfb05970f520b927183ad1b9f160bd76519e35287eedecf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
cb64914fc4ab7473d725c86ec9dac2b6

SHA1
67ec4ae5dbb36e1a5875f9216ead6b13a6c765c5

SHA256
eb73de5c642a33a35eb3674f6c4c0f0fd5d762aafc6f1478001a91af30f69863

SHA512
c0f0865aa8ed06e6aa92cf142cca019da8effb401564207de7efab20acc91754aec504488a37775d8104ad573c228122a54532e7b5d2688ab5cbae9bc58975a9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
a7c19ce03a5d5817c47d03623be2041d

SHA1
4fd46f3bd45d29ce61efe6281bd1231ee80af890

SHA256
db94f2b69d80657260cf91f588aec29448734c29f051fda7be0f74398375c055

SHA512
b641d8ef26c58fdcff5b3f1e114e2dee8fbe457e9e2a043ca306b04d12a03af5b78e23e68b150d8ae3f4368a781e30ca1e62b8d1d62538842e276a7d21fc8475

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\a4d242ce-029d-4890-84ab-916f013cbb85.tmp

Filesize
9KB

MD5
9d809a2c45d402b032e51431026f564c

SHA1
c12744a096db4fe208b0490fa31af2ea4f7b0a37

SHA256
0e3f3276210057fdbdcba4e88a0f4b118a15d6f8448e54fd104c4fdc54cefa17

SHA512
9f119db1961a2fb4ac2a059f0181d0d7a4d912804df38be582f845cb4f67cc74fdc711cf5aea739f35ad53228542a79b692399cbffaddb9202c9da6c382e6fc4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
232KB

MD5
276b56e18260de645db7b0ad7b312b60

SHA1
4649ce23ddc978c2efc1bac658a223821caf3621

SHA256
b55b7ba4df3afd009fbe0880c264287f0c22ebfd64aab31238d9d64b80d3bc25

SHA512
e97e8b3eee58b624366e2cf6d34b2609d51ddb9fe5898e111dfe534acbd1c3b0e0857284b86b380fb26d1c48f181acddc19f376a0140c4d9ea95afc67cf272ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
232KB

MD5
ac16f70aca51f6f80b7d370752520c11

SHA1
a17188c04c8d716720707308a645a79bc5167098

SHA256
f2e96940957ed3b89d5affb083086f107899bb38023d7509355da99375cb855d

SHA512
ddaa8bda8add77e72fdda7c024a575adb27c892c28df61510e35218134363a9db2669df57c57901cefff2a6915a4ef7264800d707b2aa31316ef602f2d3dd73c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
99afa4934d1e3c56bbce114b356e8a99

SHA1
3f0e7a1a28d9d9c06b6663df5d83a65c84d52581

SHA256
08e098bb97fd91d815469cdfd5568607a3feca61f18b6b5b9c11b531fde206c8

SHA512
76686f30ed68144cf943b80ac10b52c74eee84f197cee3c24ef7845ef44bdb5586b6e530824543deeed59417205ac0e2559808bcb46450504106ac8f4c95b9da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
443a627d539ca4eab732bad0cbe7332b

SHA1
86b18b906a1acd2a22f4b2c78ac3564c394a9569

SHA256
1e1ad9dce141f5f17ea07c7e9c2a65e707c9943f172b9134b0daf9eef25f0dc9

SHA512
923b86d75a565c91250110162ce13dd3ef3f6bdde1a83f7af235ed302d4a96b8c9ed722e2152781e699dfcb26bb98afc73f5adb298f8fd673f14c9f28b5f764d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
215KB

MD5
e579aca9a74ae76669750d8879e16bf3

SHA1
0b8f462b46ec2b2dbaa728bea79d611411bae752

SHA256
6e51c7866705bf0098febfaf05cf4652f96e69ac806c837bfb1199b6e21e6aaf

SHA512
df22f1dff74631bc14433499d1f61609de71e425410067fd08ec193d100b70d98672228906081c309a06bcba03c097ace885240a3ce71e0da4fdb8a022fc9640

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
47KB

MD5
0d89f546ebdd5c3eaa275ff1f898174a

SHA1
339ab928a1a5699b3b0c74087baa3ea08ecd59f5

SHA256
939eb90252495d3af66d9ec34c799a5f1b0fc10422a150cf57fc0cd302865a3e

SHA512
26edc1659325b1c5cf6e3f3cd9a38cd696f67c4a7c2d91a5839e8dcbb64c4f8e9ce3222e0f69d860d088c4be01b69da676bdc4517de141f8b551774909c30690

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
62KB

MD5
c813a1b87f1651d642cdcad5fca7a7d8

SHA1
0e6628997674a7dfbeb321b59a6e829d0c2f4478

SHA256
df670e09f278fea1d0684afdcd0392a83d7041585ba5996f7b527974d7d98ec3

SHA512
af0d024ba1faafbd6f950c67977ed126827180a47cea9758ee51a95d13436f753eb5a7aa12a9090048a70328f6e779634c612aebde89b06740ffd770751e1c5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
67KB

MD5
b275fa8d2d2d768231289d114f48e35f

SHA1
bb96003ff86bd9dedbd2976b1916d87ac6402073

SHA256
1b36ed5c122ad5b79b8cc8455e434ce481e2c0faab6a82726910e60807f178a1

SHA512
d28918346e3fda06cd1e1c5c43d81805b66188a83e8ffcab7c8b19fe695c9ca5e05c7b9808599966df3c4cd81e73728189a131789c94df93c5b2500ce8ec8811

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

Filesize
19KB

MD5
1bd4ae71ef8e69ad4b5ffd8dc7d2dcb5

SHA1
6dd8803e59949c985d6a9df2f26c833041a5178c

SHA256
af18b3681e8e2a1e8dc34c2aa60530dc8d8a9258c4d562cbe20c898d5de98725

SHA512
b3ff083b669aca75549396250e05344ba2f1c021468589f2bd6f1b977b7f11df00f958bbbd22f07708b5d30d0260f39d8de57e75382b3ab8e78a2c41ef428863

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

Filesize
25KB

MD5
e938739b12a56769d93009345d4044ab

SHA1
5c566c0dbdb6aa805538b3f7d80c693072e0289f

SHA256
0d5a83909375a9139c60d36dfe1f580344321ce7c38e7ac9463b17396b44d5d8

SHA512
0f133f2e6a918909f00bd1220f5afd05a26177aa17cbe29da35ca60f92f5bcc780f8f396e2123908f33e57c8301bfeb219423869b5f687acbe60d5b022c3fc6a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001c

Filesize
93KB

MD5
59e0b1e5cc3176084c06fe74ae02a415

SHA1
afe71a29d34e5cf115cd71a1280a47def404bd5f

SHA256
5e1cb7f7a43a33bd33db8d82235acc7bb4ef896f3c16bf2463908c13ac4a4f29

SHA512
522d3598fc97e9b8000f70dc7d0ce39986d27d86f66a3d137a6dd90465d1b3040c1ec65ecf3895e84f6f0b3d9540ff993d656b2894956f7a86e5fc89766cd0f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000039

Filesize
83KB

MD5
95ad70b0720495f26f4b7dc7aa152c13

SHA1
d325d177460b579980d6b36a4da2defbc709d6ce

SHA256
7d40765179bc45d7b2a36b9f0d49d12c2048abb154ed0ecfaa2433417fd0cdbc

SHA512
ca9f7e4fd11ce28a5eacee9cda062c8418b4d6cb440ed82328c03d7c1d1835d7aa175a2ac5e35ce2ec3ab6a37ed2fae0bf2eb61c7b08199299b6dae9e5194fc6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003f

Filesize
2.2MB

MD5
d18997b5ff59cfb789d8b9e92ddf3908

SHA1
1fd2433bad1822f88605f963ab66d3c6da0796ec

SHA256
20afbaf4324ae695154d8e6841b8112491a6029b337c4794ad7589e3b1d65ef5

SHA512
992379e4ce24d5a71708232b4453e7823be7b92d1d883445d3de825d6294810b87b5d0f3f10f8f3628ef0fa8911e2ba1db68947e8674fa253cd6b6991bc80081

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000056

Filesize
18KB

MD5
2e23d6e099f830cf0b14356b3c3443ce

SHA1
027db4ff48118566db039d6b5f574a8ac73002bc

SHA256
7238196a5bf79e1b83cacb9ed4a82bf40b32cd789c30ef790e4eac0bbf438885

SHA512
165b1de091bfe0dd9deff0f8a3968268113d95edc9fd7a8081b525e0910f4442cfb3b4f5ac58ecfa41991d9dcabe5aa8b69f7f1c77e202cd17dd774931662717

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000062

Filesize
22KB

MD5
72a399553c1c481c801bd0d675da2c11

SHA1
6970dfed470aab9fe88eec7ff782d51caeceff64

SHA256
c9c49c04134fc3700f2c27eb27628e9586fae5450e831234986b290132f469df

SHA512
c4198ee945864130361e2bd60fd686894169951ef0880dffb06c896fba7ed6e1dee28afc77ca54207db396408bfc27cab6a11f9e924de97672c40edffe5904fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
4db91dfe56dd9131edaa5b450d01bbde

SHA1
ce53301e9e862d2a14d29bea0beae1c14a79c159

SHA256
2e9ce6aa8ddd09d7d2026fa350340c4311220b0194e9686c56beca011f81990d

SHA512
4f488495210c90bca5c97e931352799041e5a1374dcb13f4608bb821881297f5563c1e506ff77f8fb0c8f5301ab80dbe6dd7cd26214eb966e03e9706cfa0b0ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
374a251dd56ba8264435a4eb235f2f9e

SHA1
fec69ca1cfb38634c49ff41a13e5aec7b9c1fb07

SHA256
1d99d2595a7050275b8bbef277731196d1cf4882319a490c200dbe97f75d69d4

SHA512
ce8953a4447ded1e62c8cd9dbbf0aac8cdacfc80f678975fb30b364ccbb9f93cf82eaad0b78cf1cdc0b3224036d6b1e4dd8d3fec0b1395e9a5367ac03ace6591

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
8KB

MD5
a030dfe96f20103335affddf4d899a9e

SHA1
73d356283f03419a9fccb9c684ba3fe3f3e21fd8

SHA256
2e1b1ba0d305da50ecf3f0d9b1b727bf47231a2df11a8895d46143979c9e0be7

SHA512
8f8353be2febd7ea7ce79fc42be02e764574aeba17e99f2637568ad26bcb834f117a693bb685d76e2b1461555f24298892457342f52ecbf31eea818c2e06cc6d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
5c107927ac2354f5114887c5d15ab833

SHA1
44cbad3093440e507f80388002135156c93ee099

SHA256
5164122d581076586197a80f147d8762552e530b9d7d5608100e269f0e30f1d7

SHA512
9ceba79b2885c22752ce176ce877f7cb860beda9dedf5ebb151d13cfe38be8b335608f5d1317d3a2a4190b6bd56573f0468404201e91e338d362d30a46cf5f39

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
6KB

MD5
bfc3513ba31e11f252723a5b56e4e0af

SHA1
3cb2ba80abc38ad872c5af60ca30081a509c3f81

SHA256
4d2880b5dbb298e1c0e8858f08547bc4051cc2d2840633702d3871d03b7a1c9d

SHA512
71a8a4875e65f38622c43998db0c4b5fd1fe0a99579734a0d7e723be9dffa2d2227776f37872b99e3e37320b6a06113c5aeda3bb6fc54bcf251e0b5264ed78e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
8KB

MD5
68a73b6319c6f85c96f9a7f739130155

SHA1
2fb1253c8647b413173b30d8cf1343c9562574cd

SHA256
8e0f787f5a677479874026d725c8435e771003503245ea4d696bc35582982ad2

SHA512
1e3b9c144ec2a05585404d2f4802c7bf89cb365c5abd2279b818c233bf16275fabbde7b68f8557ab746976c49d96847db6fcd0d9fa1ae7ad284fafd511637fd3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_uploadhaven.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.reddit.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
d5a7da93dfe4d29c8bcbbb7abd08e2e6

SHA1
15ca9b12c18b7808ddd4aa67ae43924f42b48dcf

SHA256
eea856fa22b5f6febd65f9e61544bb04035db240475ed3a9a5a3033041b9dd47

SHA512
c5844310229ac8ea5a9072703a3ac944f2dc4936349419a88da5afb37faa199ad9744115d69217009ac7bec843829bc06ac4af1f6c92f4061f5d0a25a298e801

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
869862de6c78b4cc1de8d17b4d96ce4c

SHA1
2498524d9eeb77bf9dca70162aba8c97856bae33

SHA256
d4e8fa2f7460634c6a9f21b396532dc89599e1db421adbd78e8dc26599c62035

SHA512
d92beb7dcb371dbf2f48db1a3754fcea88c0d1224bbec6cd049dfd99d6155777f5b7b23f33bb467d824886b4b5237f84c67445743f757a8d56c6734c891e663a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
fc1ac20365807c3d705df50e90dd9fc5

SHA1
336a9a9079026f078eb54f0938e78a658a3b6b90

SHA256
2f2156be777bd836aa0c4a7348d4a322a8d0acff4f64c4450cc8b987d0743dd5

SHA512
00dd7b63af7642640b22806348e4d2e8af9df0b90d66daa6f69237ec6d594bb8b29d6799c976031bf560959edc8c2d12c622713110bb1935225b201917dea1d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
e7c9dec37cf8b87c1aaa4310041d089d

SHA1
57be5d27829f176d32874fc6c95babf6ee737256

SHA256
f17b6e60cdfbcdfd8dce061dea06e984cd51b8e0c15c41e0fcce4f5cb05c33e2

SHA512
3daf028f4c38257884ca418039a81dc764eecb12d21c8030cb38ca21fefa7961cde1d0070c69c00c0b6c09685d6167cfdff9b5fb83fe30fa9e274ddc8cd1add6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
6927e73b3149eee23343a075c7925289

SHA1
0ad9f05c9efb39976d4e2e677bb60a68338ae76d

SHA256
d9f6f2773e0914920bdac7b552689bc8dd8e550112db494615c8a3236c8a612b

SHA512
56e681b5452969adbc5025bba3cb79e767e71bcccaefdc41a09a078e36e81ec790944be1a7b7d7af48be05ea1e40308a0185ade4289999e883dd9ce3159429d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
39a8f2acb5e8218cf0ead3859c2ff4f2

SHA1
9e078ab7a70b7f0c449126268bd23e942e5bd33c

SHA256
175a4807ccc76129a8636939915e6894a88c80bf04daa2450efe58a0c48f320b

SHA512
48ded8594146bcfe45bea58c408e724a620163da89baf6f3428c8c3ec10ea81d56b95619bdb216a73357ceba8ceecbb4dce8efc5e813c5655382f1d3792673c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
70c90c028af8f74e58a69a946bf1b985

SHA1
66083ecf9264ea7ed2c0e47a0b39f9752743ce8f

SHA256
aa58064f3387ef25d0df296f856557123a134b84934847c44f5ad5411ddb323e

SHA512
58c80923a64fa5b75fbabec0efbeb378e1d24670ef056e153204953e23dfa3617ac62fd9dad32fc51754cc2543c745105d3a4614d949dc9ae5b9f64870a2d6c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
35883c33a43b800284a5a6e316d82095

SHA1
7e99a885dbbf4709f231079b207e1c505614994f

SHA256
bda7887962669280d16a25a57760d67c5ab082c4cbecddfcddcb66cdc3aed87a

SHA512
efc6c082a017c64c991bd677c29f6ba0350274a0848caa9a4db547f4c1705fd45e01be5558d55805aae2e8ae405fcf5b5220b99490eaef3367c1613432ab2ae8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
8e19392285a8578ada0dddc5ccd3297e

SHA1
0f6c7f55c00528d1495d3adcbd6cb49f433ec93e

SHA256
02651039c9e5da156bdf9e16259ce662d4f78f6e689152de2c0fd84acb866495

SHA512
8e617d577eaf6db283c781c0a392bf10d05ec6f2f982a40d55731993d47692d74dc018d3e82b33c1add7a939af580412f8d696b8f7b1e1a44d4fc4ea123aa287

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
b3b142a32720869fc59a33d684f85fc6

SHA1
ae0fa7c17036ca90f5d9ede4c2f62657ec0595d6

SHA256
fd5bdf01c98c1200a8975b094344307083531cbbcb34ad7abe5b0ec986dc2916

SHA512
d5b60b94fccd9e8054eb5e0ed95fc8227561a16d48e0312323241058381128ded42dd9fca1ee335e1814e0a522778c6c0c4b57196e8b0d02f388f57c437e9cc3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
9d2d7e92ccb89c2ec2962547f7375e1f

SHA1
14a6208e0e0b05c62c2e7d96b2922d498bf87b61

SHA256
be3571e677a21c6bb230e06d7bf6b31a431034eb077f709444ac9bfb0df1ab23

SHA512
d105f1b01d45fa7186dd2cbe9138ed44da01d23af2a1f889a3b172e83b9f2ce8641f3cf3dce9a52ffbda36a51c48d7275c9026348257b943f5c906ff0f5bc4eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
6cadadffa584ab59a729c83073195c07

SHA1
0c4fc081e469c3064200915a63a2c7b4e43ef599

SHA256
2d0de61d29404ae2bd53d1badad5c96d113b6459d7dba6511e490c48acb33561

SHA512
234c31f2c09da75b908cd81fa6466ed2932ab41c89aa077d98e4bcc7d331615fce25e79c923f861cafd5d59c8dac8aae39eb0bdf378f74dd448c256fd75bbbec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
123584d72d8c5486163b780f18cb3fb6

SHA1
2ebfe2d12bc448c0c92a226722fbed64e212a4a4

SHA256
71b7d8b5bd9f7fe92cbac0b6eed0ea20c7778c9b3c4c2d6a2368cece855a0d6b

SHA512
db51c29bca38f26ad69970538e3808a9cdab2755810df305fe5994f119ce47555dcf66d556d6cf32611bb7ac9973bea0f4e5f4a4836c3f52cbb8433b91afcca6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
3d9559d40c7c229e26722f409a4e95f0

SHA1
caf05ae4fee01b30ff3765caf557d75918366dc2

SHA256
f32eb4284a4b61f163acbc75e91e9736f364b32caa0a626d588b8fd829debfdd

SHA512
7480d5d88265ed272821b71a7f8cc54969d299677fce69687f630ba9583a1a2226743d4dfe0fae3c53b5302879f5881669142ccd7b92d20b721d69ffebe77880

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
f58adffc1c2faf2ee9009050bb24cd21

SHA1
ed70549380638e2e62c4857197ab8504f7c72c50

SHA256
4bdf6cf00b0765639c1f9a35b58c7ce7106bc305d5a40d93600297bed5019fb3

SHA512
4426cd19131737a2ab8c8c9c464ed8d0f40b1518ff8eb7eaac31f59fd63eb696e8375ca6e5c396a667e8b560cedcd79981eb2af4dcbfaba2dc01787924a9f0ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
9e2b9bac1666bcb179a370b078f7ae21

SHA1
7252583ec23a16b7116876c8b54c6d7f16e3bb16

SHA256
383c7567580bcd7c742b2554514d994aad7c48b297cdfc35c335c1dc3707ddc2

SHA512
e3e964dca558ca3ba69e55516aabc5fccedf5ad2661c965525bee8b45dcab8aa2d4f6ed216ae8bb3a8c93ba44e261fb9166ff5f1d3a0cb9e0b176e3c3089f981

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
0c7533fd703dfce5c27c202ae5f90370

SHA1
e5ad31c98ddc4773747fbaf2687c125cb411afc7

SHA256
232d6526be51d87108a94200e47fe0236b57aa44233ebc980261c4316c0a84ee

SHA512
64b3c1f75a33065f818af6a3eeb9024140067fc2f232a75afb0d2a5797a1accfcdf1d1a3b4c2cfedadbf9d822672df92c401a1292ec4213d4fe7939941b18d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
dd6c3a207d465a77de9fdc01e0857094

SHA1
33505f0b468d7ceb67fef5ae7c52a804c3b8e920

SHA256
26553ac9e7054afc6c167348c0b539205ac087cb2dc69b2b6ec8ed2dee05ce16

SHA512
fe5cd526f46dce20e9032f514c2ffeafeaf61084817ccf3cc0940f614be6927f880c10c6a7421615f5b8b9368b8b42032b3543b781e58756ff0b7376c325d461

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
834204e0d812e277ad6470d72ca5499d

SHA1
7ea490c707d84d092c97da5e157f34b06fb61ef8

SHA256
ac53d109d488dd2910190801efaa17233fb8d6c900ac45561ab21cc25dc3565e

SHA512
6e2f37db1c74a32a3627d84c54b941d4ecf8fb70e0c54cc6c56ac4aa1ddce620adbb424507a0fc4ee786757de85039794fa8fcf0e4b891f1c2c8afbc305fafbc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
8123b8dbd7bbf1366160a6d4313a0614

SHA1
1f1b47582789222233260595edb16e4087402a8e

SHA256
4da8f62aa6d3d01cf90dd175adda8ea3993fb22a0dc0e1cca563b44f8dd21976

SHA512
eb1bfbd352f1681feab166a7f501079b274d271cff7c77f4cd55d343ed4b59065f883a9f0a640a158e47a688b55202109abb85fd72b5dd7204e8ad24fb351051

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
af982c6056288d18ce6863470de9cd2e

SHA1
101d53586131666a8f2225dee4b1de2406918e59

SHA256
d0be74fbbe3a3b7007eb98b1e1a1b0f642fa46b8b07dd420f8edcbdea530e740

SHA512
b249cb6d01d2479c8ad2158cdfd3fa12138ad3eeee35526130f24254c08e3e4463ca432d33e866f6539df416247860b09cb6b952e8fcfb44f1480c6cccfe16fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
d195bacffd6b67cc17325bec8396a828

SHA1
4f2a80c47655a9057efa71451d67378f3848c417

SHA256
67dc9577735403decd8021eaee1cd69d246e511bb0b097e82b1744b83027a5c4

SHA512
224d7e837f377a2ddde6b37ffc7d9a9a1c9827c90cc7afe8e322291bc9bf25571594be7552cb43db90c90d0caa69fabd1ff5f0a11e2eb94c2f8e2c3a0b369a04

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
fd6b7c2cc35a4abbcd416e70993ecc61

SHA1
dff30715c1e82e50d891ace6abf4d4ef9115f9dc

SHA256
f75bcf5d9c758e293ba165284aa442c1311fa2682243a62ed32fa114e8b3d917

SHA512
09d76befd8b9c9de27dd2462ff8518fdcab10209cbf7f8f7907768bf661607cefa89093b517ff527a83bf74efda927244931e0af6958882aa48e69a204482749

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
895699d185a9b4e1927c3316658be104

SHA1
5720d455fbdf757cce4966f57b70d14a46509ff9

SHA256
7fdf1d53cfe2635db61b880aeb6019e48c387dd43dc155b9b1d3d3899e4653b8

SHA512
1f23e33ee9d5512bd16a071d45635a1d4f6c8db7f2871d82703cacc6090ffe3dd08a632e197470558e0dccbdaaed5d78e38e9baf54b0e2a97a62d230baf2e2a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
1f7d03c8f2481c5b71ab4866e8dde17c

SHA1
c6ce28e7c3af03537d104af38a7434a66ab622ce

SHA256
808185033f7f7545ead4d9da910f3decce7d39e19dabd376d8cd52fc3bb7faf5

SHA512
06bbcaa0c1a6adcd83f7c1948f8541abf6407c6876a3cd794e3ef6c3aeaa8faa8fcd011a6ba0cead99ce78dca978a02580db65fa657d5ab9a6f932ab1a4e2916

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
ac54537ba190b8fc7a7974cacdb58a55

SHA1
101ea91e1e4252d98409d382b616aa2ad77535a7

SHA256
f0d9c483dcf752d0505abd1846184caf772e833122b2afacbfa8f2f8924b261a

SHA512
3aea1d453301c5aa5cbdeee94a8a75faf65fdfcb3f9a37ce620d1525dd09d674f446d519101740e4e238c2a51498af4d5c1f375e9c7a4a0f989d1511d0be4b81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe581671.TMP

Filesize
48B

MD5
7d2fc68c68eae7f38fea040b7040f09a

SHA1
6a437a40601adec0abcae16c7018dec97b079551

SHA256
ec98584ddcccd8406783215f1ad34cf454653ed20518ca6c53791b739ca1bfed

SHA512
de582f5b34a5e241930ff73d44de9e34d040444b6e29dd8e9faf62a5b691fb811596f16dc83a501659eac2e7dfb953c6fd647a2f9ec50f6914a395249040816a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
792f2c9cdc2bbec5b6401d3d8180ae2d

SHA1
7de7c020235620078d63e04c360c5e6424750474

SHA256
7d2d5c183d1bf52f65959ddfaf18702bb7f079e770774942519271843a2605b9

SHA512
f5ab00a9dbee25a56826d6c2960c7a96d0900f9a90cb712b7571fd652eb2d4b85e389b29f0b1f9ed7ce7d7a74d91d0b3b3381142b8c5cf165fe413571f5f70ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
704B

MD5
2b65551735e977ca03141c842189c6c8

SHA1
8da29e574b9f9ab5782b85742e708eed3408f21f

SHA256
7e33b7bf43936209d37cef477855dd1b16104278ec451d348553cb0ca39ca141

SHA512
a8b90fb5b99ee091776902a1f4e4763aaccf11605c91ec831d4cdb6992da0c5ac6aad5c6ebda0cab40fedd9b7663b7360f45bdcf1034df947861a544f578f899

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
704B

MD5
d7d31701f49693146ba6fd7fac5f9452

SHA1
1803a56793b69f9b3d4c6ff81fece14fe3c206c4

SHA256
c056463e050ece0404fb36f6c7a3efacf6d039dcdf7afa3bff8cd7afc486b963

SHA512
eff4337ba3c505a1c7ea7a985c15862f4d33a803da1345baaf6e4ddd7ec843492d03f47b0db82d42386284fe9574afd62f3cc12bacb2aed433f8e2375dfd435b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
704B

MD5
85074cb46e3042519beea3d4c4f38cac

SHA1
e51c2b26b7114876e9002ab9c42d1ad4fb89c5bd

SHA256
f74f7263cae094a7595e4cafa6b28540c63549139de0d8ce6eb133d86c50c306

SHA512
bf526197a839f6b6cbe480a57f186e5ba4f9471fb7f190f5ef3268aa9a68310ce7790bfaf9e88bbca702757410eef4283a29e3e454e6c4356d3330b315e9a0e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
5162ca6ee77bac10f9e2a4a41da5b9f1

SHA1
adb41063511909e95b473db98b9c26b062ae79c1

SHA256
03641cec33e5903a3acc99bff7db133dedc8c2f0cbb96f14f0320e342d9bcd2a

SHA512
fc97d874ffdb4a484f4057803e199454dd8689d2d1c9b56e2a46b9add6d8f01e230b8041cbcedf9ec9fdcbf2af4b3b43c1d196a0818f664cffb0dfcf7ff91e30

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
84280ba968ed3fe1f0f8b5265e42e066

SHA1
71b7b446b3e1feb379b1625852f96c55226fc4d7

SHA256
b526339cf7805b94c1b8c60aa2a2c374e69af5ee60233c12c7abe60206cd18e1

SHA512
3de957ec28c40f4122aea88b77d429e0a5c87a65bc6fd882c5e5d3510f56e1ed0a74466c55c0862f3f7f6fe5cd352859671d6ed997a5307cd23422b8cc2c0af8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
012a6cfaeee99b3a04be6a1d8498f77a

SHA1
0600da3af24c08cdaeef47792859c1dd9bfdbcf6

SHA256
fed2073d08f40395b57361f05123e86f63f1261f5a3b4cba901db9991316e41b

SHA512
0b9c8afd1ea868403eb6c59e3435528e5779046892da24d1717e9a5b7f78f91e85814a197438a817eb2c82aa22e750a3e99c10f2c7d18e95425233ee8fcba9e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
8221adc667d06099b299b021301361e4

SHA1
9ff5f32e370208004bb688974804320c6ecdea7a

SHA256
60cf256e8bc5d09da17a26a7b4a7da85010ef0ef8f0fb5d57f8fa79228b4c40f

SHA512
0e9dd5509484c95af09f53778757f6c31d31d4d1d9e1b4a45f0290915e4fbe3ab0c724872c7265dad2557a8cfcac065289a7be9897dda71afe0a596e98800162

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
6138058567cbf933816e980df59dbb40

SHA1
bdec1f97bab200098230af55add6661504c60fa6

SHA256
68bd482d349086781a7cc26ceee8fbe49ef66801d9adf8d01ceb1ab9b4f18851

SHA512
6589ec3b4b53c09774839558af22c3b0b2c51b73a1c763515eecddc9db9a0436bedc9cf875c1f4ab05f10df274fe5afba34ff7c849a1524596420703686ca1ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
8ecaa2857d0ff8ad0d6b7bfb21e11ac6

SHA1
a7a104094dc64523b15b11371ced3c1c556cafcf

SHA256
763c2d1011942baf42506c549687ff4c3dda7d22072c92c5cba25acee2b52005

SHA512
a4ee1313efea97634b55ab53a41fedb3ce9bcfbc8543890b7efa3939f63a42146c863de871d01ccbeffd50674ccab66c53cb21fadd21c3109a74c1e1c5a37e1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
219c16dd953034bbb9e7a486688f3344

SHA1
78c91c638b8e451340c1f1d98caf607f60888546

SHA256
5c4215eaa04a9796a74582b80bc0450c56b6e7c7dcd508136d615c0bc2cb212a

SHA512
dedfa27a9f68d7c4d01b5dcc93e753949b2897faaa8e978aec1b5811581cbb39150d8cbb3472a69c79dc767abc6a53dfc27c1c770dc30962777dc92ad5164028

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
9e141fc68444af3e863ce613ab8ce251

SHA1
7dfc99d0750414068316fc700da2fd24fa10c3cf

SHA256
0022766f92b6621f0fee2e22c9f0ddb3defabf7132d083b0d2024ba2a6d81f2c

SHA512
c39f80d6b2bcd54ad9cb3be783f0097e81e54842b18cb0085ed8be6d60cfda41a706e517df93bb0433c288dd4ee072b9152958d3e5fe53d179ca65706f166323

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
e3280144eb87ac94bca16d480b7c944a

SHA1
81547c9fb7f66fb2a73df63765494a4953d48813

SHA256
f944bfc5469b8932d2ede47b3201d5aca63984972020ef0d11db377fae50231f

SHA512
186578ad69f4a3747de02e0a42bb91bef9cb6ac200e3890c357bfb2d02dce690005c15dfce4b2b4524ac4e9e6762ee90c0edb162617f0b3a847d705294aa30c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
a93da76777d58cfb2a5d96b314cdba4e

SHA1
4eda366fac63d882f31f197d651fca08acd038fe

SHA256
4bb481527f844678a397412d042034fdeb15854a9bb386a91949778f4d3d31bf

SHA512
485ec31886bf31c410adad84656b9598fc745df1ea223e86bbc6a001c64a5daeb1b695f376d82681f5d1043688539dc225f100834af7edb7edf308acfa869bd4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
f6b7e0e576379b8850f25e71b52eaf51

SHA1
327642d38ac353d82437b64baabd4792ebd2a038

SHA256
522cd6903b03492bf29b8d17478cf8daa456d2bb08903bf44a1f702039f75326

SHA512
70a8569aabf808a474ff53a3eb508f77bb78146430fd99f1d601e4781d30e971131a6fac57d9be4eaa3a9f8f6edded37a065f3022c758c03720ba78aff2c2e7d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
048644facf22fe885a90f12e82600de2

SHA1
26eba2bf0312514613a7a88c2613775fffaafa5b

SHA256
ff3207725b53f65a43654c7deb58f7123a89ada10ae8fca01f03a7278e8318d8

SHA512
5b1c46ee4e4da7ebfd1ebe0642e3c99daf1a97c2c8805dc14d4d6dbc00a455731f91c02bb288b2761b2e99a747c65b6c2bc47e8e74a987c7225b27ae706d48b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
b448735e6a4874dea646fb822c575a9d

SHA1
e71d1a0fc6b497a2a4e334b854080c95a5fd04d1

SHA256
feede2ae6afbc2b4112dd951945a738131067ce99fe9cd2a9fd815b0eaf8c865

SHA512
3dc9435f8378c0f8f7253a138006e5c0a63381701cf56c3969235c3cece7ef37cdf04a527acddd016bb49a4fc838f691ac2e83b5e52a6abf828b93bebe3b28be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
0a85bf528ba88fc6f444bd1b032c0355

SHA1
e13c0a82c41ea2ab293c3579d3d5566cc3ce19e3

SHA256
1a6443da88f055effb59dfbdd4cfcfe4a33e34aa12632010d0177f983c4903aa

SHA512
4bc6306bb2c1b237f93d77e6048ea7430e0ef6d155f2fc281ddd6cee276b5d58ef475ef5045dd7dc264028a11f7e36b6bb174d9d1e5e5acaa8ddef033001be73

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
35ce024a4b6083e11f0c18f0f7c17ba4

SHA1
d96d6fe62869d870a197655a34b1eaaad3c4408f

SHA256
22e5951b09845bcb67e4c60ea90293b9b116031883495f9d1178f8d48387a39d

SHA512
a76c83515af241327170ceae019d484e3ceb3e9f0acf7bcb100585b5276573e306f5d8c3754f4f79eb9680b29c0cff5af6cb724b4b1f931c892dd797039cb5cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
2f9457d3930e6d5c085483492956cf68

SHA1
a68f57ec68d4195197cf04dcce6608da81bf614c

SHA256
9ddde5a74c0157b00afef5f05355a09c022e4818ed154f26fb81c4513ba24bb8

SHA512
8abf13ab41d8ea52114301d0783cb3b571b210e556e432c68b85ca2355fe728adacf14a716236c0c0014c87cbc3080fe4f08689e606e8e3d32a77a4868ca7a8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
50f4e46698c90da73288fec1a2c3b74c

SHA1
ce7b4e4dcb0c6c516e8d8e8b2ada7e8691d72ffa

SHA256
6e002c8b659c520fc69b355f108043cceb102bd93f31dd37f9f62450f9c2f23a

SHA512
e052f8942fe80be37fdd3c13b488be7eb94c00afc4662b74603f1fea5892581215bed27518abe0b4e14c4dfa76dabed1868ba7db6eeb5354e0610db16fb56bf1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
704B

MD5
bfc960b41c02e63ddcb1e323c39a1884

SHA1
f63b621a7b697c7386521a4689954440c58fa65e

SHA256
a7529b6a1ade0e2abd2932c726f0a08f0b38ea2bea4753117d874bc223c48302

SHA512
39038c7fba66439963164b0a9580d17baa7b0c7333f108c2d109d0ae51ba5e7c26105d9e2d83ee5f5a3e7729a67081b3beb52f44a715f60d10c67b4d7919b5d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
fe25e5117250177de3de25f818960693

SHA1
42847dbdfd9e13813d07428ddaae87e07b37f1d6

SHA256
476253712b4108cc6c77bfee0955f743e35b98a76c23c503d4834bbf89493f7c

SHA512
4286390f41e9603cad56953700ee422167c010d9814f1d7b238c9f3fab16be7800ef9ce8ed43836918f80a755151dbb1bba12132286ef86a415f18321cdc5823

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
1fcf672024cf7460c93f8881bf392118

SHA1
8b6d56bb09ddb7a0b657c1fc07bd200491cf889f

SHA256
c187a19407919cd390787a7b250c7a9c9e62028f37837791ee829f7e37b501b0

SHA512
7e53ed9179b7142aed14b41dd01a5dd4716e525d31de1d18e7ba162e5e3fecfea52311f0a583dcb241a917dd3e7cde83b7a2f94fb687f04d8771722fd7ea23ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
3ea4b33227186b5551a7008c653cf8c1

SHA1
790119ce0f61fc07d46b707b75802083a934e2c2

SHA256
581618ee938d4850e49da6758a30447098d8bb2b30326ccd0b03c9826cfc486f

SHA512
a99e228b7aa9c71428cfc85b988520b9079a8674a519d128d2a44bacb5e3da91254ea8310fec99c633ecf66ddfc932132ee172cd491afbfeca90b163bebca5e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
9a4bb2bbd2859050961cbdb288d886fd

SHA1
001d5b3833d1388d11097a30cc2f92b3629979b3

SHA256
30ed87d18fd759acbc352e8279945e533630cb4c8746c813d7b4fe4f433991de

SHA512
be490733ec463f7ddc54872604eba0779f8a82785d67403e76498393d6541c083352ef29184d5e5148a4cfcef2dc840aa0c596e770e31e105dc96f431bcdca9b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
02cbc1bce2c1c9e841002af9b44f44d7

SHA1
3297d965a892f13424ce04b32d56146cad7eee8e

SHA256
f86426b2153b72b18f5a834ac34c00f551a1faeedaf864deb7203a3e7e6186e9

SHA512
a98d47abb95efdd708b6b412840c7e68e75eb01673b9be23ea0524c55b9566084085b6603a9915f3f80bf589f59204ac368b0350f61c25f918474e2eb3f8df46

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5808b5.TMP

Filesize
704B

MD5
34f08d191cdd9d31d97d82c6eddb81d5

SHA1
438a36e9912c1db8f99a1e4aa4a1ecd214263dc1

SHA256
541022b11c136b576caeaa389dbee7b281f1fd416969e34f692045ce17f72a5a

SHA512
06f83bde585e1a41cd8776da9436631065d78b8c5409237112646a3501b0fc716c901e25c828420fd3556bdd5bfc215e4205d23b4bb37cad2668ab6373b12467

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
70c2f326312c26878444cba1a41f9020

SHA1
043ba00130a16e39f37baef7c06f1965abbbb330

SHA256
ab154c7fde4b045c3a6cbf9e0ad0e450f97b52a30a57a1a99daebc62a3913204

SHA512
abaff258325e91c7c9ace47efb397f316475ef69cb223932a9cfedd305b34aa551195ef8a1525a2452f828a5e202057e7d71fc5a4691b55e970bf52eb3becf7a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
c91f582e6aeaf7201a5e2d97396f7030

SHA1
cb9b50206c78ecd43cbb65032958f4ef20d13565

SHA256
4d8991d1ff3674f2df57b53588b39d96173580096a089c9e288ba4dbdccf1d41

SHA512
9d6a38ac295cfe9b55f32114e53ad3a6ea43e0618345c0aae2dc82272b43390a205e67527ce8a9dd41171c66bfdf11d66d254ebbfddde76389987b60e81d7e36

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
52515f71908bd69a1430a683509a7a8a

SHA1
d5d5d20175f5a30df05b197ecb0b6711a57ac28b

SHA256
da9f0160601757db8cf40329ea63073492820b4c8a11de439774dfb967e00eee

SHA512
f7e385b9e89d6bd676f44ee7ba8ae87d77b369a98703c0f6ca95b0b891358ac9dd3e78983ccee2cf8590a094a325996364241766b4135ae05bc9fb6f68bf2f27

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
03ec5222a387abd46c9d40e5c081141b

SHA1
346c17e123847975a810e015f59f2fee920c9d31

SHA256
7e7761bc51a8380e2ba192b80c81366bdb402e7901177be9d5d86c566b9b3ea8

SHA512
e7bc75da371dc9b9fd07cfa534b5075ca393de6d2813cb0a3e49d6712cf99152908bd87d0b9cf67a63961e3ac7997ee47f24279a4d6a39b2b6a91bf5838850d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
09bd42edbeff12b4a9a59498560ff3f4

SHA1
45651c3ed070f693656842dd470ad14746c9bf33

SHA256
9623ed8716abc6346803919d899687aa94730e06c0b1ce059649726811c3d539

SHA512
b4113d63cc093394bdce445b1cadb19cc924eaf2b8bf9588f2bb20a57af7ecb53de8899f52af36031780bd204a14b74fc241383173e8083f5261a38719c1f7c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
837dd4f6acb991ed1502965c8047c059

SHA1
a046ffb43c001f6005507bebfe92d3190229fe87

SHA256
bf15d1125b023eb3efb799489f4956c96c3f7ca0ac8b9487d385c747d0f0764b

SHA512
54bdb139cc3ba81d34ea44d786e87263f6b51f2f72e70cdec6caca41cd781b2b47f42d83f8fd8659f7d85b2968542b728dc9105abbae80eb874915c64dba492e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
55593e1a73a54279b04995bf8eacae18

SHA1
13742f5845d5b963f307616fd53b31794c3e6fea

SHA256
9d2b7d8c387f9bd75e6fa2fe94e5d412d76c7fd22f40218e43b9e7045b047724

SHA512
b42d33cb125cfd1a23389c44993245f67e080eb313e589698fe5b28f08df1e7f622f8115941f50df5fccf0dc6ae8f894a35bf898d74e05209da785439c1ec7e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
4119fbfab54fdb46bcc5ae429c549767

SHA1
818319aa1cc7cb3a04b30d3d48b8f8928434df11

SHA256
629b16fd77ea1d5d103197c1cc164e83dde0c2d8cfc2eeeb8173f6c50ade291b

SHA512
a227ffd1f314c72fe8d02ed81abd8cc3821ab651c1edfdafa7756dede9b2f355d57a3bbe487a2aceb617da976e8d177de958fb3bd6c54c0d643c5e37e93e0d19

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
7ffbb00fb747b7175fbb6a3628c29751

SHA1
a9da60acbef727fac67d17b351b796efc88b673b

SHA256
804ebf5a25b6f47bcfdb4fddeeb54aea2073b99b25962c645867fa4d5f612555

SHA512
05646e387b9e7388e924be917b05c9b198d04e0aa8facf7e01737f40b01dd67d9f5634d178e6bc342d5eda5c5af80b734690c097b4480690a972c0b7c75974ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
56fcda7cf1411dedc438db48e2fbbeb7

SHA1
0fbfc130dfacc31162ef7ab75af44257edb5c022

SHA256
29f78cb9d21dfdf0511fc0fc9859980b32c9ed43cf82705b68f94ef3719a6e81

SHA512
5b84ca0255689297b3975ba4e7a0b1a618692541d84a8111f2ffe833162829b50d22d85a3c2882a9a27e94358e9abc01efc69fc167e969726d61aeb641e1724d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
20ea0955d60ad07f497e2dc0070b2c84

SHA1
766e1a7563734f9784a372bc86ad7b965c8cd3c4

SHA256
6d1c874e0d4d84ab68c6a2e2cebe3b67579dc24c277f95b2ebc172fa284dd74b

SHA512
e70d05e59b4d4b282c2a97b35b6f678121e0179b407d7f9d1e41c7cf3cec5acd8195d2d0dc8afae4037703f99cd94cb00504be1e2a59996585c8011107081a06

Download Submit
C:\Users\Admin\AppData\Local\Temp\cb737b10-f390-43b1-900a-7a2653931a0a.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir5232_108028929\6ab8df64-3d6d-4470-ae00-336e75093de5.tmp

Filesize
132KB

MD5
da75bb05d10acc967eecaac040d3d733

SHA1
95c08e067df713af8992db113f7e9aec84f17181

SHA256
33ae9b8f06dc777bb1a65a6ba6c3f2a01b25cd1afc291426b46d1df27ea6e7e2

SHA512
56533de53872f023809a20d1ea8532cdc2260d40b05c5a7012c8e61576ff092f006a197f759c92c6b8c429eeec4bb542073b491ddcfd5b22cd4ecbe1a8a7c6ef

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir5232_108028929\CRX_INSTALL\_locales\en_CA\messages.json

Filesize
711B

MD5
558659936250e03cc14b60ebf648aa09

SHA1
32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

SHA256
2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

SHA512
1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
6bb6e2e62cd447f7e49d12c24391529f

SHA1
5123f8fdd1431a69430c66a1415f1ddcfc52e75b

SHA256
aace1796039d79c5fac6075fe33c4ea61114011141fc43be8b951f92302e68ce

SHA512
37b30b278dfc7aaad999d68abd1c62db6876870cd6a03eb765d7b8e4fc7daa73dbe31f89c5c276a63cdd7b0266471091e8e655b91abc705c523cfab61f5849f4

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
11KB

MD5
a70008c47c8140f0b02d030686aab9cc

SHA1
b01f591c26d35f2ea10f745a8647e0c8bda5ff9b

SHA256
401b7375bc49dceb1ec0a3e12278ff68418518406d07d135f9e9a887aa6a3c08

SHA512
0cb5d15c3ec9e1d62e0118774d6287c6ad96be43e1bee20d5f760b17a76c6de1ec8de30d472e0ab80a60afc1251d44b785e524effaf1b3c38aa5ed9cd3e8af2f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
11KB

MD5
3a97ee8712a8a7c193862203983f5b3f

SHA1
ac3437bd61f9fd3df040bb20c7b5e24589586903

SHA256
e90b526ff83c8fd77180968b2311f9a18d7d985eaaff2c0d48886cf3d6c5b359

SHA512
529121d2e52402e230c3db4edcd44b7a6b1b828abb48d8c4e9aa54200a667697c5d58167a35c749225c9f107fb3f37aa2328316deaabce78058d860f8829ecbd

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
5d827c0e4eb14bdba4f106018f8bf63a

SHA1
db73ce4c6ff582a6618f77db049adce27b43088a

SHA256
1483d7140de4aa659e855db88b1a6a674c90edb195e03178ac816d648f7c33a4

SHA512
986152fef3ee2a9635537666c2a5992fb20d2e1ebb210602ce304e70fb9f3c93349fc5883695fc653c24dbf808320df11d087c6155e933deb099b3531864693d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
11KB

MD5
e969ebc00e4575b6c34b8647b98d4a2a

SHA1
0ba4eaa62e29ab6dd41092f470f191ede9e22885

SHA256
1d03a1ea226087faa55fb7ee0318484d6947291e7cd8be4426869d6b8dab8d39

SHA512
c6c8cfed6dab99b341ed01daffc6dd856e216f0d0786e3c48e7910c1be91ffb1e3956d2bdcab95357b396038acdf86d2aaa5f70bb5a03622329edaa503a864eb

Download Submit
C:\Users\Admin\AppData\Roaming\US967-65XET-XTZTX-HTETX.KEY

Filesize
1KB

MD5
fc19a4a23072ddafb4f68f6b77246d18

SHA1
4245b1373eaa2d43e30977ba4991fa4f50777bcf

SHA256
0e1de2c95f92369eae509a6ea077653e4c282058d5ef99fe5ef144744dad29f5

SHA512
b213c70596d055e855af6adf6f634e61667cda05b4572965e64ccccb00e26b280682ca9e4864d05351b3ae1ee863abc55f0e82f6052d7b9bbeb65fa434b8e1a5

Download Submit
C:\Users\Admin\AppData\Roaming\US967-65XET-XTZTX-HTETX.LST

Filesize
3KB

MD5
c6ea285678a87f02ba2fa5d9c4cff90e

SHA1
bececcb11ff072933e801bcc5ae136806a827b9c

SHA256
e3eeeef4fb038e44b33a93cba5c4445f5f18404f18be29f3b5c879b4edd02ae3

SHA512
b0aca7cc6ef1ef0938b3f744dac6f6d806b60c75d92c8b0f4a1df1f3e54fa0674706acedd9156036a71e5f790cb468f23e6f70cbcceb85a3638aea4a794d11b7

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 139218.crdownload

Filesize
239KB

MD5
2f8f6e90ca211d7ef5f6cf3c995a40e7

SHA1
f8940f280c81273b11a20d4bfb43715155f6e122

SHA256
1f5a26f24a2bfdd301008f0cc51a6c3762f41b926f974c814f1ecaa4cb28e5e6

SHA512
2b38475550edee5519e33bd18fea510ad73345a27c20f6457710498d34e3d0cf05b0f96f32d018e7dc154a6f2232ea7e3145fd0ed5fb498f9e4702a4be1bb9c8

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 263328.crdownload

Filesize
24KB

MD5
4a4a6d26e6c8a7df0779b00a42240e7b

SHA1
8072bada086040e07fa46ce8c12bf7c453c0e286

SHA256
7ad9ed23a91643b517e82ad5740d24eca16bcae21cfe1c0da78ee80e0d1d3f02

SHA512
c7a7b15d8dbf8e8f8346a4dab083bb03565050281683820319906da4d23b97b39e88f841b30fc8bd690c179a8a54870238506ca60c0f533d34ac11850cdc1a95

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 393226.crdownload

Filesize
338KB

MD5
04fb36199787f2e3e2135611a38321eb

SHA1
65559245709fe98052eb284577f1fd61c01ad20d

SHA256
d765e722e295969c0a5c2d90f549db8b89ab617900bf4698db41c7cdad993bb9

SHA512
533d6603f6e2a77bd1b2c6591a135c4717753d53317c1be06e43774e896d9543bcd0ea6904a0688aa84b2d8424641d68994b1e7dc4aa46d66c36feecb6145444

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 819471.crdownload

Filesize
49KB

MD5
46bfd4f1d581d7c0121d2b19a005d3df

SHA1
5b063298bbd1670b4d39e1baef67f854b8dcba9d

SHA256
683a09da219918258c58a7f61f7dc4161a3a7a377cf82a31b840baabfb9a4a96

SHA512
b52aa090f689765d099689700be7e18922137e7a860a00113e3f72aa6553e94a870bbb741e52de9617506a236a2a59198fb224fcd128576d76642eec9d715df5

Download Submit
C:\vcredist2010_x64.log-MSI_vc_red.msi.txt

Filesize
379KB

MD5
41d88ff00f62e64f018544cb361c5d1d

SHA1
2a149306982fb7c32476ce49a630a106af4ce394

SHA256
5fa31666eeb01c798652d9b97adcc3d79002e766160acf6c1e7a27b53e14f574

SHA512
5089043995b033c2de21e4c2f53fb01f32eb8957f5eeeb278c1b75548af6d699368c4ffcdf63a09d16ba9cc38eafc20eca0d33f59f219052b457943dd6b623ff

Download Submit
C:\vcredist2010_x64.log.html

Filesize
85KB

MD5
3e35803a19d6fa299495c9f0f272ff2e

SHA1
5d3afdec064064ac5e746dcf39f5e0186afa4c09

SHA256
8b24464da6cd90de0276c351c173b45c5ef4badcfc0f36033600a1507692528b

SHA512
f8d1520449390ae85239cf2fbf23119f6585b65c0a9d562063122332d5577a43a8237f97e7c8ecdf96e769f9d93d86e6e286dc2ed9fafbe888af137fbc4d79b7

Download Submit
C:\vcredist2010_x86.log-MSI_vc_red.msi.txt

Filesize
395KB

MD5
04a00a2e8396fd497490be64a68eda71

SHA1
f37758cd0159cadb91e8217174cabeec34b1b8a0

SHA256
197141882188ba35bcc57641d92bebcad235a7bd7a7548f19f078799551d680a

SHA512
9c7993b871208b7d31f9f9e1efbd00b803cac83fceb0d09fca2f2b9a10701e25b584550e404f8050f6507bb6321d84d15f3c9094fdac35f466587b953f4f493d

Download Submit
C:\vcredist2010_x86.log.html

Filesize
81KB

MD5
1d26224030690f252ad3a50f1efb3745

SHA1
9b45f3944b0ff417d1d60d4d9316fa4a3fe1d909

SHA256
bfffe82f0999feff9dcc31765b22abbff452833d1cae7e203590acf27c3354c9

SHA512
985278b212a792af96d412bcc2d3d301fa1a5bd8fbc75f6e0a6600008a34109658c986a13e58cf59d804e9587525d75105375c4ef082ad6843323f74c038364f

Download Submit
C:\vcredist2012_x64_0_vcRuntimeMinimum_x64.log

Filesize
167KB

MD5
ab46e5013feaced9078102cd8f488002

SHA1
31452d965d5b1a38020c8e48432a8fa04b1ea272

SHA256
30b323dc0813dd6c653a3d9d6cb202d807c22762d5baf312c2da30aa086159df

SHA512
bc538b9be6cc5e3080acc6cdc2e25928a8b0f96f265e13257cb3f333899b7c7c6f22fc32cebc9cd972d924c03ef6e44341a94acbe199517e439687d9995290d7

Download Submit
C:\vcredist2012_x64_1_vcRuntimeAdditional_x64.log

Filesize
195KB

MD5
98f0d91950cfbbdd624eabecaddf7fa1

SHA1
f3c31ffd505cbf7a1923c27d052a23f2dcd0e308

SHA256
ca5ffb63f02890e0d79db5135b4d45f0b244c21cfa2baf04d86753eed89f237c

SHA512
8b0bb434741b212284ef21a6e39184fe450f828f2186b2a173c0652f19f9c3f4dc81baa9c98605e7e3a298fe76bb98457ae31978196e26c3d6f6e3299d5122f5

Download Submit
C:\vcredist2012_x86_0_vcRuntimeMinimum_x86.log

Filesize
170KB

MD5
285ecf8c7bfa50e3b0480a0f74f8c655

SHA1
21d5e452e3a9835c9de61e8177e60fe94fe0659f

SHA256
6e1b7c861d13f8ef8bf20337eb3e04a6d366d2a0634938b539a46d44ce43b7fc

SHA512
ed321c2c39af13b247fa1571569d0ec8a144be3ace9088b61879665d7720640f47d2c3cfe850e5c01f0dc9e08395a89ad02ae5a534d02a69af5f47c2d0dc1994

Download Submit
C:\vcredist2012_x86_1_vcRuntimeAdditional_x86.log

Filesize
208KB

MD5
3fc962169cf87e54c1988887e7cbd170

SHA1
aa38716515922bc8b328dc047235c54f5e92eb1a

SHA256
9f9c63562f940c93af98a45964367642afb336b5eb75b9f6a7eb6dca6f6b1069

SHA512
65b12efa8f386a066ffb1cf2a2dab6b9ee25cf985c405495c21e716bc56172e93caeabe6e47315e26d28599b5c9289831219cf588ba403af3554887399b344cd

Download Submit
C:\vcredist2013_x64_000_vcRuntimeMinimum_x64.log

Filesize
170KB

MD5
cf55d9dd8691b2569ce6aee9744ebc07

SHA1
854d21f9363e9a175443f86f44164b114ae5f794

SHA256
2b4f5e088627cf848fefd72dd797683e36f8154f617fc653a3861c468ab57096

SHA512
2ea3f4e517ca30449ff9298cabd54d97f37da77aacfd6a600ff741cbb663f11025764488698e15ecdfca8536abf62180d51d9cb788f45083c01dc77a384e871a

Download Submit
C:\vcredist2013_x64_001_vcRuntimeAdditional_x64.log

Filesize
190KB

MD5
bde7f6d7ea85d126da96f26ff904fd78

SHA1
60bdb6d86e60d898a0a3ada3d4a7cbcf36049fdd

SHA256
0d0c9badc3343ae0cb2e6672866a3a339441722945d5a6753355b3b38fbc0419

SHA512
4487304ea9d21c395c641d6883e1affed56d4155ef6ed12ef5ee94ec05bfa1f236975d389d069ed0dc1d607af72c4022e1de5ca10d1ddf20d182f4b4d44422ae

Download Submit
C:\vcredist2013_x86_000_vcRuntimeMinimum_x86.log

Filesize
170KB

MD5
6e142fac1d0ba7473937a2501db703de

SHA1
c87f08adc607e61716915c9f5a3d5b7d545cf620

SHA256
b9b13d9bc6340546488111e691e09c7f7a97d4e5d68479f051ad124fea3b78a7

SHA512
ced07848b6f57acdd1dbc8e59240a6fb87431d9574c170a1de8e221239ce27bc547507b07b084799f3060a7e95fbcf9101721805c0b7705c3054cc097177b34f

Download Submit
C:\vcredist2013_x86_001_vcRuntimeAdditional_x86.log

Filesize
198KB

MD5
3511f14fb8169dc5ca49e828c444ff63

SHA1
be678eb67cd7d65c85d7e55894d0bf33b6e54d60

SHA256
0dc7373607ecf4d6030bc0b3e48487508c931bdb27a70fc7689414a3941369d5

SHA512
4c47696d14dd9b16759b00f7845d39b8c51adb7ea17e433a478486f6dc010f2937b5aae1d2d1dbc0e70a7c613c6de08298d88ee2a74c1eecdce475c3fc1eced4

Download Submit
C:\vcredist2022_x64_000_vcRuntimeMinimum_x64.log

Filesize
123KB

MD5
04b66c733e18b93d93b7d42bbc444989

SHA1
8bf9766cacd9d3e85d98bcf9fda2881af3be5033

SHA256
60c4ce5a860c431cb6a7123f5166c7ad63d53c92410f069bf29e539169da4f2f

SHA512
076da393aea7d6368b8606338a6abe30bba574c941bc40aaa43f8f6b2433849dd8b3f045e7f3b4f08947bd4074ce6fae9ebd2e7cd0fa89d8e1e0d46166041029

Download Submit
C:\vcredist2022_x64_001_vcRuntimeAdditional_x64.log

Filesize
129KB

MD5
2cfe9c843f0ff7a14b50729577978dc6

SHA1
b95279b90d1874b9ff51fdba515ba692fe5b08ba

SHA256
bf639d10ca255cb3de25cdba9efdb1baaabb5fa15a86b109431359b5ae362fa1

SHA512
2963408711c41c46975d2863a3eeb01e94a1a43c2dbe3a336fb41cae4182372015abc12fda7d5c5e204140ffe3df03127e9d39273ac76f710b927b46c8ea6054

Download Submit
C:\vcredist2022_x86_000_vcRuntimeMinimum_x86.log

Filesize
123KB

MD5
42d69156d3514375d7c0f6000977ba03

SHA1
3f2ba4365b2ba9286d6dd4a0c69d53edbeedf53f

SHA256
58d0a9bc62fcf13cfe5435369a6a5bbc1c501a2a9920397ffdb6d98d37782001

SHA512
7fa23f550f1a06adb46c04fbef258b8daff9d1c7070f3a5f2d9c49c72189fd2b739bd01c6e314517b060d219c18868c434df67dc064af0f165ef1971a0b4d907

Download Submit
C:\vcredist2022_x86_001_vcRuntimeAdditional_x86.log

Filesize
135KB

MD5
73bf5b20a55866b888b1166c24c4fa5f

SHA1
c2b61629d4f66a1b44da5b7997fc7397473001b9

SHA256
6dbf04c517d90033538383fc54e7e4c95736be9ec69c5c607e46a5ff6f4008a3

SHA512
71c40c933961b9df158e5ae6a9d7bfdfe76cb8fab14f1ae9fe2b75cead4f76f36583c340600e9c8516a51b692390b00dfcde090f0c377eed46638ea6cc958f4c

Download Submit
memory/2452-3073-0x0000000000400000-0x0000000000407200-memory.dmp

Filesize
28KB

Download
memory/2452-2926-0x0000000000400000-0x0000000000407200-memory.dmp

Filesize
28KB

Download
memory/3772-3280-0x0000022EB91F0000-0x0000022EB91F1000-memory.dmp

Filesize
4KB

Download
memory/3772-3281-0x0000022EB91F0000-0x0000022EB91F1000-memory.dmp

Filesize
4KB

Download
memory/3772-3282-0x0000022EB91F0000-0x0000022EB91F1000-memory.dmp

Filesize
4KB

Download
memory/3772-3292-0x0000022EB91F0000-0x0000022EB91F1000-memory.dmp

Filesize
4KB

Download
memory/3772-3290-0x0000022EB91F0000-0x0000022EB91F1000-memory.dmp

Filesize
4KB

Download
memory/3772-3289-0x0000022EB91F0000-0x0000022EB91F1000-memory.dmp

Filesize
4KB

Download
memory/3772-3291-0x0000022EB91F0000-0x0000022EB91F1000-memory.dmp

Filesize
4KB

Download
memory/3772-3288-0x0000022EB91F0000-0x0000022EB91F1000-memory.dmp

Filesize
4KB

Download
memory/3772-3287-0x0000022EB91F0000-0x0000022EB91F1000-memory.dmp

Filesize
4KB

Download
memory/3772-3286-0x0000022EB91F0000-0x0000022EB91F1000-memory.dmp

Filesize
4KB

Download
memory/4728-3202-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/5292-3388-0x0000000000400000-0x0000000000441000-memory.dmp

Filesize
260KB

Download
memory/5292-3373-0x0000000000400000-0x0000000000441000-memory.dmp

Filesize
260KB

Download
memory/5292-3374-0x0000000000400000-0x0000000000441000-memory.dmp

Filesize
260KB

Download
memory/5292-3375-0x0000000000400000-0x0000000000441000-memory.dmp

Filesize
260KB

Download
memory/5292-3385-0x0000000000400000-0x0000000000441000-memory.dmp

Filesize
260KB

Download
memory/5292-3387-0x0000000000400000-0x0000000000441000-memory.dmp

Filesize
260KB

Download
memory/5528-3166-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/5528-3165-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/5528-3168-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/5528-3169-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download