hxxps://download2297[.]mediafire[.]com/aavzf5soenggHFmU1GXDkCuVOtpNr75ay2_Cw6spPGmuENVBMpTmjUKXBXC1AHmiXkCkzyWpfB4Qs04YOtvqSzvw2twZAIrhQXz0S1VuIvZWQLy0dlopyE-NLxT4Cs5ba1P19Z4Jd3RKWmmvhTFBXF3umbTgJoN78OmHoEHb8fQs3Q/2husfhf5bmoxbm8/Undertale[.]rar

Analysis

max time kernel
1043s
max time network
1044s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20241023-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20241023-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
20-11-2024 17:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://download2297.mediafire.com/aavzf5soenggHFmU1GXDkCuVOtpNr75ay2_Cw6spPGmuENVBMpTmjUKXBXC1AHmiXkCkzyWpfB4Qs04YOtvqSzvw2twZAIrhQXz0S1VuIvZWQLy0dlopyE-NLxT4Cs5ba1P19Z4Jd3RKWmmvhTFBXF3umbTgJoN78OmHoEHb8fQs3Q/2husfhf5bmoxbm8/Undertale.rar

Score

8^/10

discovery phishing

Malware Config

Signatures

Downloads MZ/PE file
A potential corporate email address has been identified in the URL: [email protected]
phishing
A potential corporate email address has been identified in the URL: [email protected]
phishing
A potential corporate email address has been identified in the URL: [email protected]
phishing
A potential corporate email address has been identified in the URL: [email protected]
phishing
A potential corporate email address has been identified in the URL: [email protected]
phishing

Checks computer location settings 2 TTPs 3 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000\Control Panel\International\Geo\Nation	winzip27-mf.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000\Control Panel\International\Geo\Nation	winzip27-mf.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000\Control Panel\International\Geo\Nation	winzip27-mf.exe

Executes dropped EXE 14 IoCs

pid	Process
1496	7z2408.exe
3760	7z2408.exe
2020	7z.exe
2352	7zG.exe
4916	winrar-x64-710b1.exe
5676	winrar-x64-710b1.exe
2968	winzip27-mf.exe
396	winzip27-mf.exe
3644	winzip27-mf.exe
2804	winzip27-mf.exe
1996	winzip27-mf.exe
2064	winzip27-mf.exe
5160	winzip76-mf.exe
2248	winzip76-mf.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\7-Zip\Lang\lt.txt	7z2408.exe
File opened for modification	C:\Program Files (x86)\7-Zip\Lang\af.txt	7z2408.exe
File created	C:\Program Files (x86)\7-Zip\Lang\cs.txt	7z2408.exe
File created	C:\Program Files (x86)\7-Zip\Lang\gu.txt	7z2408.exe
File created	C:\Program Files (x86)\7-Zip\Lang\hu.txt	7z2408.exe
File created	C:\Program Files (x86)\7-Zip\Lang\lv.txt	7z2408.exe
File created	C:\Program Files (x86)\7-Zip\Lang\tk.txt	7z2408.exe
File created	C:\Program Files (x86)\7-Zip\History.txt	7z2408.exe
File opened for modification	C:\Program Files (x86)\7-Zip\Lang\cs.txt	7z2408.exe
File created	C:\Program Files (x86)\7-Zip\Lang\fy.txt	7z2408.exe
File opened for modification	C:\Program Files (x86)\7-Zip\Lang\da.txt	7z2408.exe
File created	C:\Program Files (x86)\7-Zip\Lang\hy.txt	7z2408.exe
File created	C:\Program Files (x86)\7-Zip\Lang\pa-in.txt	7z2408.exe
File opened for modification	C:\Program Files (x86)\7-Zip\Lang\eo.txt	7z2408.exe
File opened for modification	C:\Program Files (x86)\7-Zip\Lang\lij.txt	7z2408.exe
File opened for modification	C:\Program Files (x86)\7-Zip\Lang\sr-spc.txt	7z2408.exe
File opened for modification	C:\Program Files (x86)\7-Zip\Lang\yo.txt	7z2408.exe
File created	C:\Program Files (x86)\7-Zip\7zCon.sfx	7z2408.exe
File opened for modification	C:\Program Files (x86)\7-Zip\Lang\mng.txt	7z2408.exe
File created	C:\Program Files (x86)\7-Zip\Lang\ne.txt	7z2408.exe
File created	C:\Program Files (x86)\7-Zip\Lang\yo.txt	7z2408.exe
File opened for modification	C:\Program Files (x86)\7-Zip\Lang\an.txt	7z2408.exe
File opened for modification	C:\Program Files (x86)\7-Zip\Lang\ast.txt	7z2408.exe
File created	C:\Program Files (x86)\7-Zip\Lang\be.txt	7z2408.exe
File opened for modification	C:\Program Files (x86)\7-Zip\7zG.exe	7z2408.exe
File created	C:\Program Files (x86)\7-Zip\Lang\eo.txt	7z2408.exe
File created	C:\Program Files (x86)\7-Zip\Lang\mr.txt	7z2408.exe
File created	C:\Program Files (x86)\7-Zip\Uninstall.exe	7z2408.exe
File opened for modification	C:\Program Files (x86)\7-Zip\Lang\ko.txt	7z2408.exe
File opened for modification	C:\Program Files (x86)\7-Zip\Lang\sq.txt	7z2408.exe
File created	C:\Program Files (x86)\7-Zip\Lang\af.txt	7z2408.exe
File opened for modification	C:\Program Files (x86)\7-Zip\Lang\ba.txt	7z2408.exe
File opened for modification	C:\Program Files (x86)\7-Zip\Lang\ca.txt	7z2408.exe
File created	C:\Program Files (x86)\7-Zip\Lang\gl.txt	7z2408.exe
File opened for modification	C:\Program Files (x86)\7-Zip\Lang\is.txt	7z2408.exe
File opened for modification	C:\Program Files (x86)\7-Zip\Lang\mn.txt	7z2408.exe
File created	C:\Program Files (x86)\7-Zip\Lang\bn.txt	7z2408.exe
File created	C:\Program Files (x86)\7-Zip\Lang\mng2.txt	7z2408.exe
File created	C:\Program Files (x86)\7-Zip\Lang\sk.txt	7z2408.exe
File opened for modification	C:\Program Files (x86)\7-Zip\Lang\vi.txt	7z2408.exe
File opened for modification	C:\Program Files (x86)\7-Zip\Lang\mng2.txt	7z2408.exe
File created	C:\Program Files (x86)\7-Zip\Lang\tr.txt	7z2408.exe
File created	C:\Program Files (x86)\7-Zip\Lang\ga.txt	7z2408.exe
File created	C:\Program Files (x86)\7-Zip\Lang\it.txt	7z2408.exe
File opened for modification	C:\Program Files (x86)\7-Zip\Lang\ne.txt	7z2408.exe
File opened for modification	C:\Program Files (x86)\7-Zip\Lang\pt-br.txt	7z2408.exe
File opened for modification	C:\Program Files (x86)\7-Zip\Lang\zh-cn.txt	7z2408.exe
File opened for modification	C:\Program Files (x86)\7-Zip\Lang\it.txt	7z2408.exe
File opened for modification	C:\Program Files (x86)\7-Zip\Lang\sa.txt	7z2408.exe
File created	C:\Program Files (x86)\7-Zip\Lang\uk.txt	7z2408.exe
File opened for modification	C:\Program Files (x86)\7-Zip\7zFM.exe	7z2408.exe
File created	C:\Program Files (x86)\7-Zip\Lang\el.txt	7z2408.exe
File created	C:\Program Files (x86)\7-Zip\Lang\fi.txt	7z2408.exe
File opened for modification	C:\Program Files (x86)\7-Zip\Lang\fr.txt	7z2408.exe
File opened for modification	C:\Program Files (x86)\7-Zip\Lang\fy.txt	7z2408.exe
File created	C:\Program Files (x86)\7-Zip\Lang\ku.txt	7z2408.exe
File created	C:\Program Files (x86)\7-Zip\Lang\fr.txt	7z2408.exe
File opened for modification	C:\Program Files (x86)\7-Zip\Lang\he.txt	7z2408.exe
File opened for modification	C:\Program Files (x86)\7-Zip\Lang\nb.txt	7z2408.exe
File opened for modification	C:\Program Files (x86)\7-Zip\Lang\uz-cyrl.txt	7z2408.exe
File created	C:\Program Files (x86)\7-Zip\Lang\an.txt	7z2408.exe
File created	C:\Program Files (x86)\7-Zip\Lang\et.txt	7z2408.exe
File opened for modification	C:\Program Files (x86)\7-Zip\Lang\nl.txt	7z2408.exe
File created	C:\Program Files (x86)\7-Zip\Lang\sv.txt	7z2408.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 1 IoCs

pid	pid_target	Process	procid_target
5580	396	WerFault.exe	208

System Location Discovery: System Language Discovery 1 TTPs 12 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	winzip27-mf.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	winzip27-mf.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	winzip27-mf.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7z2408.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7z.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7zG.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	winzip27-mf.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	winzip27-mf.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7z2408.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	winzip27-mf.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	winzip76-mf.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	winzip76-mf.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\0	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\3 = 3a001f44471a0359723fa74489c55595fe6b30ee260001002600efbe10000000d21ca43f5625db01582b8e9d5f25db01797fbe18773bdb0114000000	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\Local Settings	OpenWith.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2408.exe
Key created	\REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	msedge.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ = "C:\\Users\\Admin\\Desktop\\7-Zip\\7-zip.dll"	7z2408.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Mode = "1"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1092616193"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a000000a000000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\SniffedFolderType = "Downloads"	msedge.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ = "C:\\Program Files (x86)\\7-Zip\\7-zip.dll"	7z2408.exe
Key created	\REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\3	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	msedge.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2408.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2408.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 020000000100000000000000ffffffff	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Version = "1"	msedge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip	7z2408.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ThreadingModel = "Apartment"	7z2408.exe
Key created	\REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\0	msedge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32	7z2408.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip	7z2408.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2408.exe
Key created	\REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 03000000020000000100000000000000ffffffff	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\3\NodeSlot = "4"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\Local Settings	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 02000000030000000100000000000000ffffffff	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\SniffedFolderType = "Downloads"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616193"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14"	msedge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\7-Zip	7z2408.exe
Key created	\REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\Local Settings	OpenWith.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2408.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202	msedge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\7-Zip	7z2408.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\Local Settings	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4"	msedge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\7-Zip	7z2408.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2319007114-3335580451-2147236418-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1"	msedge.exe

NTFS ADS 8 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 831357.crdownload:SmartScreen	msedge.exe
File created	C:\Users\Admin\AppData\Local\Temp\e6634b3\winzip27-mf.exe\:SmartScreen:$DATA	winzip27-mf.exe
File created	C:\Users\Admin\AppData\Local\Temp\e66b945\winzip27-mf.exe\:SmartScreen:$DATA	winzip27-mf.exe
File created	C:\Users\Admin\AppData\Local\Temp\e6732e9\winzip76-mf.exe\:SmartScreen:$DATA	winzip76-mf.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 109573.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 946221.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 530760.crdownload:SmartScreen	msedge.exe
File created	C:\Users\Admin\AppData\Local\Temp\e660cd8\winzip27-mf.exe\:SmartScreen:$DATA	winzip27-mf.exe

Suspicious behavior: EnumeratesProcesses 28 IoCs

pid	Process
1872	msedge.exe
1872	msedge.exe
2852	msedge.exe
2852	msedge.exe
1180	identity_helper.exe
1180	identity_helper.exe
5696	msedge.exe
5696	msedge.exe
5696	msedge.exe
5696	msedge.exe
1992	msedge.exe
1992	msedge.exe
2192	msedge.exe
2192	msedge.exe
5960	msedge.exe
5960	msedge.exe
2172	msedge.exe
2172	msedge.exe
1912	msedge.exe
1912	msedge.exe
3808	msedge.exe
3808	msedge.exe
4616	msedge.exe
4616	msedge.exe
2856	msedge.exe
2856	msedge.exe
3124	msedge.exe
3124	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 3 IoCs

pid	Process
5288	OpenWith.exe
2700	OpenWith.exe
2172	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 62 IoCs

pid	Process
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe

Suspicious use of SetWindowsHookEx 53 IoCs

pid	Process
5288	OpenWith.exe
1496	7z2408.exe
4484	OpenWith.exe
2700	OpenWith.exe
2700	OpenWith.exe
2700	OpenWith.exe
2700	OpenWith.exe
2700	OpenWith.exe
2700	OpenWith.exe
2700	OpenWith.exe
2700	OpenWith.exe
2700	OpenWith.exe
2700	OpenWith.exe
2700	OpenWith.exe
2700	OpenWith.exe
2700	OpenWith.exe
2700	OpenWith.exe
2700	OpenWith.exe
2700	OpenWith.exe
2700	OpenWith.exe
2700	OpenWith.exe
2700	OpenWith.exe
2700	OpenWith.exe
2700	OpenWith.exe
2700	OpenWith.exe
2700	OpenWith.exe
3760	7z2408.exe
5556	OpenWith.exe
5556	OpenWith.exe
5556	OpenWith.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
3808	msedge.exe
3808	msedge.exe
3808	msedge.exe
3808	msedge.exe
3808	msedge.exe
4916	winrar-x64-710b1.exe
4916	winrar-x64-710b1.exe
4916	winrar-x64-710b1.exe
5676	winrar-x64-710b1.exe
5676	winrar-x64-710b1.exe
5676	winrar-x64-710b1.exe
2768	OpenWith.exe
2968	winzip27-mf.exe
396	winzip27-mf.exe
3644	winzip27-mf.exe
2804	winzip27-mf.exe
1996	winzip27-mf.exe
2064	winzip27-mf.exe
5160	winzip76-mf.exe
2248	winzip76-mf.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2852 wrote to memory of 1424	2852	msedge.exe	81
PID 2852 wrote to memory of 1424	2852	msedge.exe	81
PID 2852 wrote to memory of 1852	2852	msedge.exe	83
PID 2852 wrote to memory of 1852	2852	msedge.exe	83
PID 2852 wrote to memory of 1852	2852	msedge.exe	83
PID 2852 wrote to memory of 1852	2852	msedge.exe	83
PID 2852 wrote to memory of 1852	2852	msedge.exe	83
PID 2852 wrote to memory of 1852	2852	msedge.exe	83
PID 2852 wrote to memory of 1852	2852	msedge.exe	83
PID 2852 wrote to memory of 1852	2852	msedge.exe	83
PID 2852 wrote to memory of 1852	2852	msedge.exe	83
PID 2852 wrote to memory of 1852	2852	msedge.exe	83
PID 2852 wrote to memory of 1852	2852	msedge.exe	83
PID 2852 wrote to memory of 1852	2852	msedge.exe	83
PID 2852 wrote to memory of 1852	2852	msedge.exe	83
PID 2852 wrote to memory of 1852	2852	msedge.exe	83
PID 2852 wrote to memory of 1852	2852	msedge.exe	83
PID 2852 wrote to memory of 1852	2852	msedge.exe	83
PID 2852 wrote to memory of 1852	2852	msedge.exe	83
PID 2852 wrote to memory of 1852	2852	msedge.exe	83
PID 2852 wrote to memory of 1852	2852	msedge.exe	83
PID 2852 wrote to memory of 1852	2852	msedge.exe	83
PID 2852 wrote to memory of 1852	2852	msedge.exe	83
PID 2852 wrote to memory of 1852	2852	msedge.exe	83
PID 2852 wrote to memory of 1852	2852	msedge.exe	83
PID 2852 wrote to memory of 1852	2852	msedge.exe	83
PID 2852 wrote to memory of 1852	2852	msedge.exe	83
PID 2852 wrote to memory of 1852	2852	msedge.exe	83
PID 2852 wrote to memory of 1852	2852	msedge.exe	83
PID 2852 wrote to memory of 1852	2852	msedge.exe	83
PID 2852 wrote to memory of 1852	2852	msedge.exe	83
PID 2852 wrote to memory of 1852	2852	msedge.exe	83
PID 2852 wrote to memory of 1852	2852	msedge.exe	83
PID 2852 wrote to memory of 1852	2852	msedge.exe	83
PID 2852 wrote to memory of 1852	2852	msedge.exe	83
PID 2852 wrote to memory of 1852	2852	msedge.exe	83
PID 2852 wrote to memory of 1852	2852	msedge.exe	83
PID 2852 wrote to memory of 1852	2852	msedge.exe	83
PID 2852 wrote to memory of 1852	2852	msedge.exe	83
PID 2852 wrote to memory of 1852	2852	msedge.exe	83
PID 2852 wrote to memory of 1852	2852	msedge.exe	83
PID 2852 wrote to memory of 1852	2852	msedge.exe	83
PID 2852 wrote to memory of 1872	2852	msedge.exe	84
PID 2852 wrote to memory of 1872	2852	msedge.exe	84
PID 2852 wrote to memory of 4212	2852	msedge.exe	85
PID 2852 wrote to memory of 4212	2852	msedge.exe	85
PID 2852 wrote to memory of 4212	2852	msedge.exe	85
PID 2852 wrote to memory of 4212	2852	msedge.exe	85
PID 2852 wrote to memory of 4212	2852	msedge.exe	85
PID 2852 wrote to memory of 4212	2852	msedge.exe	85
PID 2852 wrote to memory of 4212	2852	msedge.exe	85
PID 2852 wrote to memory of 4212	2852	msedge.exe	85
PID 2852 wrote to memory of 4212	2852	msedge.exe	85
PID 2852 wrote to memory of 4212	2852	msedge.exe	85
PID 2852 wrote to memory of 4212	2852	msedge.exe	85
PID 2852 wrote to memory of 4212	2852	msedge.exe	85
PID 2852 wrote to memory of 4212	2852	msedge.exe	85
PID 2852 wrote to memory of 4212	2852	msedge.exe	85
PID 2852 wrote to memory of 4212	2852	msedge.exe	85
PID 2852 wrote to memory of 4212	2852	msedge.exe	85
PID 2852 wrote to memory of 4212	2852	msedge.exe	85
PID 2852 wrote to memory of 4212	2852	msedge.exe	85
PID 2852 wrote to memory of 4212	2852	msedge.exe	85
PID 2852 wrote to memory of 4212	2852	msedge.exe	85

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://download2297.mediafire.com/aavzf5soenggHFmU1GXDkCuVOtpNr75ay2_Cw6spPGmuENVBMpTmjUKXBXC1AHmiXkCkzyWpfB4Qs04YOtvqSzvw2twZAIrhQXz0S1VuIvZWQLy0dlopyE-NLxT4Cs5ba1P19Z4Jd3RKWmmvhTFBXF3umbTgJoN78OmHoEHb8fQs3Q/2husfhf5bmoxbm8/Undertale.rar
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ff99a5146f8,0x7ff99a514708,0x7ff99a514718
  2⤵
  PID:1424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,3377761001231695283,13570538809633015062,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2
  2⤵
  PID:1852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,3377761001231695283,13570538809633015062,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,3377761001231695283,13570538809633015062,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2788 /prefetch:8
  2⤵
  PID:4212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3377761001231695283,13570538809633015062,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
  2⤵
  PID:4908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3377761001231695283,13570538809633015062,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3604 /prefetch:1
  2⤵
  PID:3396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3377761001231695283,13570538809633015062,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5024 /prefetch:1
  2⤵
  PID:4488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3377761001231695283,13570538809633015062,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5964 /prefetch:1
  2⤵
  PID:4496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3377761001231695283,13570538809633015062,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6236 /prefetch:1
  2⤵
  PID:2796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2108,3377761001231695283,13570538809633015062,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6304 /prefetch:8
  2⤵
  PID:1548
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,3377761001231695283,13570538809633015062,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3492 /prefetch:8
  2⤵
  PID:1328
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
  2⤵
  PID:224
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x248,0x24c,0x250,0x224,0x254,0x7ff620865460,0x7ff620865470,0x7ff620865480
    3⤵
    PID:4856
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,3377761001231695283,13570538809633015062,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3492 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3377761001231695283,13570538809633015062,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3588 /prefetch:1
  2⤵
  PID:4576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3377761001231695283,13570538809633015062,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
  2⤵
  PID:4656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,3377761001231695283,13570538809633015062,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6468 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2108,3377761001231695283,13570538809633015062,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7156 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3377761001231695283,13570538809633015062,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7128 /prefetch:1
  2⤵
  PID:5292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3377761001231695283,13570538809633015062,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5268 /prefetch:1
  2⤵
  PID:5284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3377761001231695283,13570538809633015062,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4244 /prefetch:1
  2⤵
  PID:3484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3377761001231695283,13570538809633015062,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6024 /prefetch:1
  2⤵
  PID:5628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3377761001231695283,13570538809633015062,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6432 /prefetch:1
  2⤵
  PID:4468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3377761001231695283,13570538809633015062,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6488 /prefetch:1
  2⤵
  PID:4308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3377761001231695283,13570538809633015062,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3024 /prefetch:1
  2⤵
  PID:3008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3377761001231695283,13570538809633015062,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:1
  2⤵
  PID:5652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3377761001231695283,13570538809633015062,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6060 /prefetch:1
  2⤵
  PID:5420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3377761001231695283,13570538809633015062,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2772 /prefetch:1
  2⤵
  PID:2132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2108,3377761001231695283,13570538809633015062,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5604 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3377761001231695283,13570538809633015062,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4984 /prefetch:1
  2⤵
  PID:1620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2108,3377761001231695283,13570538809633015062,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3256 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2108,3377761001231695283,13570538809633015062,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6840 /prefetch:8
  2⤵
  PID:2016
- C:\Users\Admin\Downloads\7z2408.exe
  "C:\Users\Admin\Downloads\7z2408.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:1496
- C:\Users\Admin\Downloads\7z2408.exe
  "C:\Users\Admin\Downloads\7z2408.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:3760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3377761001231695283,13570538809633015062,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1720 /prefetch:1
  2⤵
  PID:1848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3377761001231695283,13570538809633015062,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6116 /prefetch:1
  2⤵
  PID:2720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3377761001231695283,13570538809633015062,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7092 /prefetch:1
  2⤵
  PID:2832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3377761001231695283,13570538809633015062,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3024 /prefetch:1
  2⤵
  PID:3584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3377761001231695283,13570538809633015062,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7592 /prefetch:1
  2⤵
  PID:5264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3377761001231695283,13570538809633015062,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7596 /prefetch:1
  2⤵
  PID:1200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3377761001231695283,13570538809633015062,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7324 /prefetch:1
  2⤵
  PID:4420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3377761001231695283,13570538809633015062,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7960 /prefetch:1
  2⤵
  PID:2700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3377761001231695283,13570538809633015062,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7004 /prefetch:1
  2⤵
  PID:5388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3377761001231695283,13570538809633015062,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7652 /prefetch:1
  2⤵
  PID:5752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3377761001231695283,13570538809633015062,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7324 /prefetch:1
  2⤵
  PID:4504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3377761001231695283,13570538809633015062,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7568 /prefetch:1
  2⤵
  PID:5532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3377761001231695283,13570538809633015062,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7896 /prefetch:1
  2⤵
  PID:2004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3377761001231695283,13570538809633015062,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7752 /prefetch:1
  2⤵
  PID:5276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3377761001231695283,13570538809633015062,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6484 /prefetch:1
  2⤵
  PID:4404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3377761001231695283,13570538809633015062,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7844 /prefetch:1
  2⤵
  PID:5124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3377761001231695283,13570538809633015062,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2008 /prefetch:1
  2⤵
  PID:1992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3377761001231695283,13570538809633015062,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3592 /prefetch:1
  2⤵
  PID:1072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2108,3377761001231695283,13570538809633015062,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7668 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:2172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3377761001231695283,13570538809633015062,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3580 /prefetch:1
  2⤵
  PID:2712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3377761001231695283,13570538809633015062,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7944 /prefetch:1
  2⤵
  PID:3020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3377761001231695283,13570538809633015062,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5928 /prefetch:1
  2⤵
  PID:1864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3377761001231695283,13570538809633015062,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5440 /prefetch:1
  2⤵
  PID:2608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3377761001231695283,13570538809633015062,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7696 /prefetch:1
  2⤵
  PID:4596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2108,3377761001231695283,13570538809633015062,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6400 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2108,3377761001231695283,13570538809633015062,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8112 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:3808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3377761001231695283,13570538809633015062,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8396 /prefetch:1
  2⤵
  PID:5924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3377761001231695283,13570538809633015062,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7640 /prefetch:1
  2⤵
  PID:5136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3377761001231695283,13570538809633015062,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8020 /prefetch:1
  2⤵
  PID:5844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3377761001231695283,13570538809633015062,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8424 /prefetch:1
  2⤵
  PID:5692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3377761001231695283,13570538809633015062,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7344 /prefetch:1
  2⤵
  PID:4932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3377761001231695283,13570538809633015062,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6828 /prefetch:1
  2⤵
  PID:4236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3377761001231695283,13570538809633015062,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4104 /prefetch:1
  2⤵
  PID:4404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3377761001231695283,13570538809633015062,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1232 /prefetch:1
  2⤵
  PID:1912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3377761001231695283,13570538809633015062,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8460 /prefetch:1
  2⤵
  PID:748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3377761001231695283,13570538809633015062,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6908 /prefetch:1
  2⤵
  PID:2552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2108,3377761001231695283,13570538809633015062,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=8316 /prefetch:8
  2⤵
  PID:524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2108,3377761001231695283,13570538809633015062,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7980 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4616
- C:\Users\Admin\Downloads\winrar-x64-710b1.exe
  "C:\Users\Admin\Downloads\winrar-x64-710b1.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:4916
- C:\Users\Admin\Downloads\winrar-x64-710b1.exe
  "C:\Users\Admin\Downloads\winrar-x64-710b1.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:5676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3377761001231695283,13570538809633015062,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7788 /prefetch:1
  2⤵
  PID:1824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2108,3377761001231695283,13570538809633015062,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5780 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2108,3377761001231695283,13570538809633015062,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=1480 /prefetch:8
  2⤵
  PID:2360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3377761001231695283,13570538809633015062,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8484 /prefetch:1
  2⤵
  PID:6064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3377761001231695283,13570538809633015062,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6888 /prefetch:1
  2⤵
  PID:2712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3377761001231695283,13570538809633015062,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=82 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7020 /prefetch:1
  2⤵
  PID:4752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2108,3377761001231695283,13570538809633015062,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7668 /prefetch:8
  2⤵
  PID:2808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3377761001231695283,13570538809633015062,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=85 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6936 /prefetch:1
  2⤵
  PID:4524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3377761001231695283,13570538809633015062,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=86 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5440 /prefetch:1
  2⤵
  PID:2556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2108,3377761001231695283,13570538809633015062,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=8440 /prefetch:8
  2⤵
  PID:1416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2108,3377761001231695283,13570538809633015062,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8744 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3377761001231695283,13570538809633015062,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=89 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8672 /prefetch:1
  2⤵
  PID:3400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3377761001231695283,13570538809633015062,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=90 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8036 /prefetch:1
  2⤵
  PID:5748
- C:\Users\Admin\Downloads\winzip27-mf.exe
  "C:\Users\Admin\Downloads\winzip27-mf.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - NTFS ADS
  - Suspicious use of SetWindowsHookEx
  PID:2968
- - C:\Users\Admin\AppData\Local\Temp\e660cd8\winzip27-mf.exe
    run=1 shortcut="C:\Users\Admin\Downloads\winzip27-mf.exe"
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:396
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 396 -s 2164
      4⤵
      Program crash
      PID:5580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2108,3377761001231695283,13570538809633015062,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8848 /prefetch:8
  2⤵
  PID:2464
- C:\Users\Admin\Downloads\winzip27-mf.exe
  "C:\Users\Admin\Downloads\winzip27-mf.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - NTFS ADS
  - Suspicious use of SetWindowsHookEx
  PID:3644
- - C:\Users\Admin\AppData\Local\Temp\e6634b3\winzip27-mf.exe
    run=1 shortcut="C:\Users\Admin\Downloads\winzip27-mf.exe"
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3377761001231695283,13570538809633015062,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=93 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5184 /prefetch:1
  2⤵
  PID:1548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3377761001231695283,13570538809633015062,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=94 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7024 /prefetch:1
  2⤵
  PID:3292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3377761001231695283,13570538809633015062,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=95 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=900 /prefetch:1
  2⤵
  PID:3404

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1544

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1296

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:5288

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4484

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2700

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3720

C:\Users\Admin\Desktop\7-Zip\7z.exe
"C:\Users\Admin\Desktop\7-Zip\7z.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:2020

C:\Users\Admin\Desktop\7-Zip\7zG.exe
"C:\Users\Admin\Desktop\7-Zip\7zG.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:2352

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:5556

C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\7f0437c30b534253b4897a477eca364c /t 5148 /p 4916
1⤵
PID:3316

C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\0610511881cf46318e62dd2451d17ee3 /t 4996 /p 5676
1⤵
PID:6000

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2768

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x16c 0x4b8
1⤵
PID:5984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 396 -ip 396
1⤵
PID:5188

C:\Windows\SysWOW64\werfault.exe
werfault.exe /h /shared Global\6003418c049e42b1a13649c0589520c0 /t 2412 /p 2804
1⤵
PID:6032

C:\Users\Admin\Downloads\winzip27-mf.exe
"C:\Users\Admin\Downloads\winzip27-mf.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- NTFS ADS
- Suspicious use of SetWindowsHookEx
PID:1996
- C:\Users\Admin\AppData\Local\Temp\e66b945\winzip27-mf.exe
  run=1 shortcut="C:\Users\Admin\Downloads\winzip27-mf.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:2064

C:\Windows\SysWOW64\werfault.exe
werfault.exe /h /shared Global\10f540f800b14debb4efc2a47bd10b42 /t 1088 /p 2064
1⤵
PID:3460

C:\Users\Admin\Downloads\winzip76-mf.exe
"C:\Users\Admin\Downloads\winzip76-mf.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- NTFS ADS
- Suspicious use of SetWindowsHookEx
PID:5160
- C:\Users\Admin\AppData\Local\Temp\e6732e9\winzip76-mf.exe
  run=1 shortcut="C:\Users\Admin\Downloads\winzip76-mf.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:2248

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip\7-Zip File Manager.lnk

Filesize
694B

MD5
0ff3aa2d4d06521746052d40510a85cf

SHA1
b449bdf90767241015bff37c87681bb130031e20

SHA256
760b5ca3d7c87ddb0356a25a94f5ea9f53a717c1e95f664a35d844d7d71ce7f7

SHA512
7b3f85414024a523d03c83a3d57cdbb1aba4dcd484abb1771bcb5abd107060fab8939e56a32825999cb8326f5c47651563685cf42e7a2370ffd8c8446539204a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
295f18102d24c5deb473f2dc2a50d750

SHA1
394c96ddb0a8cdc2bbcfa08a36a5d4d0737b6563

SHA256
f87c6c50b4c42cc063df5e1044f6ea93dcd47ce2ae11cce1af9f6e3df7997dfd

SHA512
81628f7fdee04de81323b29cf38c587d4735c6323afdab63ce6be8c87ef026d7f0edde21f602e80289bf13fe41d1f0599fb0634973fdccca345439ed321f7915

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b5fffb9ed7c2c7454da60348607ac641

SHA1
8d1e01517d1f0532f0871025a38d78f4520b8ebc

SHA256
c8dddfb100f2783ecbb92cec7f878b30d6015c2844296142e710fb9e10cc7c73

SHA512
9182a7b31363398393df0e9db6c9e16a14209630cb256e16ccbe41a908b80aa362fc1a736bdfa94d3b74c3db636dc51b717fc31d33a9fa26c3889dec6c0076a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
32d05d01d96358f7d334df6dab8b12ed

SHA1
7b371e4797603b195a34721bb21f0e7f1e2929da

SHA256
287349738fb9020d95f6468fa4a98684685d0195ee5e63e717e4b09aa99b402e

SHA512
e7f73b1af7c7512899728708b890acd25d4c68e971f84d2d5bc24305f972778d8bced6a3c7e3d9f977cf2fc82e0d9e3746a6ccb0f9668a709ac8a4db290c551c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
47KB

MD5
0d89f546ebdd5c3eaa275ff1f898174a

SHA1
339ab928a1a5699b3b0c74087baa3ea08ecd59f5

SHA256
939eb90252495d3af66d9ec34c799a5f1b0fc10422a150cf57fc0cd302865a3e

SHA512
26edc1659325b1c5cf6e3f3cd9a38cd696f67c4a7c2d91a5839e8dcbb64c4f8e9ce3222e0f69d860d088c4be01b69da676bdc4517de141f8b551774909c30690

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
62KB

MD5
c813a1b87f1651d642cdcad5fca7a7d8

SHA1
0e6628997674a7dfbeb321b59a6e829d0c2f4478

SHA256
df670e09f278fea1d0684afdcd0392a83d7041585ba5996f7b527974d7d98ec3

SHA512
af0d024ba1faafbd6f950c67977ed126827180a47cea9758ee51a95d13436f753eb5a7aa12a9090048a70328f6e779634c612aebde89b06740ffd770751e1c5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
67KB

MD5
b275fa8d2d2d768231289d114f48e35f

SHA1
bb96003ff86bd9dedbd2976b1916d87ac6402073

SHA256
1b36ed5c122ad5b79b8cc8455e434ce481e2c0faab6a82726910e60807f178a1

SHA512
d28918346e3fda06cd1e1c5c43d81805b66188a83e8ffcab7c8b19fe695c9ca5e05c7b9808599966df3c4cd81e73728189a131789c94df93c5b2500ce8ec8811

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
25KB

MD5
c1aaa844ffb3bba0eb544c4daa05015a

SHA1
a872551fc69ca97d251149092d88627a64f29832

SHA256
df3beb136a1eaa18382386627dde5b26fa79a41275de8613d1bce328a4eb67d0

SHA512
c5d986496bd20464916659f2db492acabfdf888213553d14ad842913f1431551f6d997fe0129a3cd2743172a72e394dfd502c5bd31fb5cba90f2a758e3c954f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
53KB

MD5
68f0a51fa86985999964ee43de12cdd5

SHA1
bbfc7666be00c560b7394fa0b82b864237a99d8c

SHA256
f230c691e1525fac0191e2f4a1db36046306eb7d19808b7bf8227b7ed75e5a0f

SHA512
3049b9bd4160bfa702f2e2b6c1714c960d2c422e3481d3b6dd7006e65aa5075eed1dc9b8a2337e0501e9a7780a38718d298b2415cf30ec9e115a9360df5fa2a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
40KB

MD5
3051c1e179d84292d3f84a1a0a112c80

SHA1
c11a63236373abfe574f2935a0e7024688b71ccb

SHA256
992cbdc768319cbd64c1ec740134deccbb990d29d7dccd5ecd5c49672fa98ea3

SHA512
df64e0f8c59b50bcffb523b6eab8fabf5f0c5c3d1abbfc6aa4831b4f6ce008320c66121dcedd124533867a9d5de83c424c5e9390bf0a95c8e641af6de74dabff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
1.3MB

MD5
d646419d462f0206a3341aef0aa5e3c7

SHA1
eb4b809bbf91804e9bb17be36e9469818601ed91

SHA256
faa87251336d864b877a5e6c3e9c9a5e250318be2fdfc8a42ceadb3a956e0405

SHA512
7f6c46c780fcb5fc10cc5405221179ddecbbb871c578ca3d9e3a74141271b383bd83e8f9d75c98d7e9d406e9b935d52a6b04913d654169e0b30f0719225e7dd9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
47KB

MD5
015c126a3520c9a8f6a27979d0266e96

SHA1
2acf956561d44434a6d84204670cf849d3215d5f

SHA256
3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa

SHA512
02a20f2788bb1c3b2c7d3142c664cdec306b6ba5366e57e33c008edb3eb78638b98dc03cdf932a9dc440ded7827956f99117e7a3a4d55acadd29b006032d9c5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002d

Filesize
62KB

MD5
6b04ab52540bdc8a646d6e42255a6c4b

SHA1
4cdfc59b5b62dafa3b20d23a165716b5218aa646

SHA256
33353d2328ea91f6abf5fb5c5f3899853dcc724a993b9086cab92d880da99f4d

SHA512
4f3b417c77c65936486388b618a7c047c84fb2e2dd8a470f7fe4ffec1ad6699d02fa9c1bbd551414eef0f2e6747a9ee59ca87198b20f9f4a9a01394ae69fa730

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002e

Filesize
31KB

MD5
c03ff64e7985603de96e7f84ec7dd438

SHA1
dfc067c6cb07b81281561fdfe995aca09c18d0e9

SHA256
0db8e9f0a185bd5dd2ec4259db0a0e89363afa953069f5238a0537671de6f526

SHA512
bb0fd94c5a8944a99f792f336bb8a840f23f6f0f1cb9661b156511a9984f0bb6c96baf05b7c1cf0efb83f43a224ecea52740432e3cfc85e0799428765eefb692

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004b

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000052

Filesize
20KB

MD5
78b7e2bc0c3de7eac1c75d6a1eeb4c84

SHA1
b2fb8ccd4efb0195343f86b47d695b880ee204a4

SHA256
99af8df48b04e1f8036d2d85158afdc222d00bf53cd7245b0bc82583b3c83d5e

SHA512
26c78eb2b6b08205db7abe4c5a7c61a1aff33c0a49da9bdd600d299bb3e863dbba34fbc9a38f1cc879b3040d4f89c23a84046d830d5d928a97415c8bfc64d80d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00007a

Filesize
2.8MB

MD5
7f88c3ac069bd6f6a7134af19b2fa271

SHA1
4e834a0aed18e65e3b201ec60972d23dcd37193a

SHA256
b3996a0ae78cca5781ae2842d571afa51d79e04ed07e633973978d38e5b05b4a

SHA512
5300967dbea792920e65bd86a0bdab6aab7320dc934a76dce6b1276ffb26e68c53ddb1f43d1ee64cd8a527e1ac3f847a3917b460898bee978b2f88aae31b1871

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\481963cd074f1a48_0

Filesize
268B

MD5
2e24edaf5658c1a77837fba6e667d4a1

SHA1
02600751a0b46c3c16a3d7ca708509ccb1131274

SHA256
ecb998cae733e5e2b4fa17f79420ff9cafbadd06ad6edb79ffd8abd1324ec11e

SHA512
4225381e7c8221e544385d556e67857cbe2fbea37fced01f21f8976016efa2b13c888ad894e6ece1e5794d673bca22008bd4044fa60e89df93187a2ab796ec9d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\56d6f409590db490_0

Filesize
54KB

MD5
761993500aef1a4bf3cf71733da55680

SHA1
aae289ab9b6fcb6107576db836923eac78a82e1d

SHA256
74bbf60aed361def77b8c7d48becad372ec76829601a07e9b21f3819983483f1

SHA512
bbef126d87baa030c74b16acb8d3a19bd700f662fed1f7d4338b0eaaa22b4322727bd76ff0786b1b453c7f99897a02639f2def61b0baa73b414beac25a1e5004

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5b05b5788789c781_0

Filesize
338KB

MD5
bea9c1929a9a9600866f7a092053952f

SHA1
e8a06886a646df51bb23d536774425e85a07c67c

SHA256
2e8d3d97a3e730f5fa072c3a4e8cf17b781ee86589f9f3f3823f4c360377fb13

SHA512
963dda7598cc32a0dd960ab809b9330df794601242037214b0a41a166f73d34371dfe33e4f9d05d1f6ae875f0a8ba86acfbd461fcd5d926a902c38977c13e690

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7a8694aaa036738a_0

Filesize
21KB

MD5
5d00efc3f8a73f655f84a21f8ac0ce73

SHA1
24ca4b5e7cef217f391627086ba6c00b4c34fa95

SHA256
e4d0158befaded50a3df360cafe072137e747749173cb8dea95ffb93fafff989

SHA512
df331a2f4dca10a536fd06c34d61ace1801987482e8348aa85ece37f3ed500ee696e45cc143228d0eac1aacc1a663a6f19d28adc3f04bd4fa88336f4fa508b71

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b13d9848aa9ac2f2_0

Filesize
278B

MD5
dbbe87851d6b098eaa29776b1b1b9480

SHA1
b4cb2defb19194b84308cc1c2eeafea9c64eb5ea

SHA256
850b4146ebb3ce82f0963f0305136dcb57c42fa0d410925aa9eb4de702f5263c

SHA512
7d007d3f5519224488440c4ef666a2779abc373c02429e12f749a1f90f7398716dafa92f78471644356b71fead12c9bc5f1ae3759cc6a4ce50ef1afd5bce840c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c472784dec098560_0

Filesize
14KB

MD5
25daa6b40b58785ebd478eed419aac62

SHA1
30e1c8bd44d82dd6a27aadef128501e1701a94bd

SHA256
51091d283a9c08489b7458c2a48d7c06ddf5aadba96b5f2eba51c457f8f735b3

SHA512
78d96809e814d1032b7900eb6b520278823caef13b61219cbe963b8369a99a8869ee3a5988bbd86e6a11e875970aab8eab70c631ecaf9e4bb8bd2c0eadcae57d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\efc9b370ff44cd84_0

Filesize
156KB

MD5
24fbd40a549d8d257071d157d47df819

SHA1
e3e6e8d78da664dcdcccf256ca34a264d24d3afd

SHA256
3a78fcd3fd679499182644075a51087ef31c0cb7bd22d40e46ff65ce373dbbf7

SHA512
a4c0878161d0576c2c4f672f6ffea1111fb2bb2267b93fa0ee5fc07b51431c27bb1e08881e5d09622be7ee13bf882c75d0bab3d4b58d9397038838d4d8d78a58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
e24dc0526d61846faad0523acb6e690b

SHA1
a1ca75d930b27962a21a6310995f630fac6ea8ee

SHA256
6a945bc247b04be91d910e4e4b1891413ca4b0b02f1152271910c1fcec663403

SHA512
57a87c15cd882464eb5caf3f09bdb141391585a26a8808193855b6e9380b3986848b0ac972147a275b4f4f7dba1d2b5e1b9ed8bf4ba87fc981c847edce05a327

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
ed3ac0eef01b70c7455ffea873d93ac5

SHA1
b52570e17133fedfe793d3875f30e714d64103ff

SHA256
ef16c57a0f9b3e7f46b78e5ab34846629e44c0a8327e315b9e617df449034736

SHA512
a36bf2e6666ba4e94c91d13fa2526c0419f95e9d258fc22100046693cbe449f2f25e2596f2e0a283d1ab0492f9004b37e7bba3693e12f7082e89cfa534c0fd15

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
15d8f2a39a60c6caf20fdba73e37a0a2

SHA1
3902eaea83b46f1ff8f3ee2eb7599d8caca06bcf

SHA256
2837b5b8b262f9126a20d6ec79bb7b92fb59f05fdec88dadc7910fce2e6da8d3

SHA512
abb2810c7a4483a11f699890f2a30a0e8e53114cbb66fad131ed6eb1f48ceeaa4d6027b60f74052285fb516dfc30d891077404663badb95088434da3b95e5fb9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
a6f12a25fbe986bc5ad124b65bbe88ab

SHA1
83d7fde53ff7c9cc8fede42d82f495674b01179f

SHA256
352e0114509dd1f0d710ea22bcb8d82787742eafeb71f4419559de88626f3cd7

SHA512
ea409e87c075fe9ee69bb10db01b5c7724ca5e781a51b7bafc87fd250e7dbe3d5ded314c2543f1dc8f01f90bee67b08c7c8a6b0ac72d5ff23359f80499fba4ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
6KB

MD5
9e45fce74334b689bca6d52989de0a22

SHA1
06ecc95a54f75a31755d8a19a54719e14f36f665

SHA256
fc20327682b33e2fb23b4fec2dc9eaaecd8009e0ea28dbdf0237c2eb15743b4b

SHA512
583441a3c0c1353209ef9a36dcd866545b2d194fa657a15b6ab6fc21c9c8d4f31ce0e239e32baa5fd3b4b598a773c2ad658197d13e7f1c5fb2fce6408e4314f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
0366d251c0a45163f1d20afeaa750452

SHA1
0a3ad9cc29ff753ea94394a7d6f23aa070b28eb5

SHA256
54acdafa96ba9ff8315605f153d5a9c11bd1bcc8f3c8aae17aeb4a3beefe1052

SHA512
b3693c23db0a2a6b29879fee348e48bc40c5f037b4112a9248a3aab9bf0da484d9a7744e3f4c234846085741eff3bc834c460bdb4cc42d11e9d124eaa8291c30

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
16b70ab032541af8956430139648115d

SHA1
bd7a5ed30d502a534aef613989ce3669419bda17

SHA256
56e7992cce78bdffe858b9595e6785e66ec18c307eab2eb8cbe21defa6b058ad

SHA512
d012e93fc9a6200537de04b1dcd64afadbfdd8b5ce059caec48d23c4844624f0169aeadd45d63e6d13c6df28b36ba75fc3a9b2fd68f511356522bbd8d3becf88

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
6KB

MD5
5756179e5afd36e290eb811af9d34989

SHA1
5522b6099cbba51473b5363b93439270128b7e30

SHA256
81c41ae0979288b1afe1fc1d0024f0dd0336ab7f60c7cfdcba997e3c317e279f

SHA512
e9588ac84460b1c7ab4a3ccbea67b61bdc58a33a6502e2a9e0a5a676be9034fc23b1dc31e9375ac80e351113080db1ef9f4d18d2f712adf05807288d2440ea01

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
9c73ebac574604969de572f9dc8fe8a7

SHA1
ec7ab529bd28ea607c03cd85a3e696e827814db2

SHA256
3dd2f8d5d9da237704e07355ff85beff23a779862648403da30c622c945f1d52

SHA512
27219214b19de7a244c0d17f51b6761222fa56bccf4d69ce6a4e5908a7b57e3a1f8d419648138daf1591fe4898e237db88773d793540021146d58457f744c404

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
557B

MD5
d7aed603128d9c5e224da65ba46d9a54

SHA1
f29c6cacab4e45183cf7024db276ef53991f978c

SHA256
c51b4c36f16375f8a1b0966486ea641fd55c9277e4f082964485c354977313f6

SHA512
d5b819553c565205b04aaade27883e7d027ee6081f8608d4915f50a6661841b64a94a275fffc9f715df34c1c8eed3dbbc1eff8c8775e696a7bee0b43bb05b4c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
12KB

MD5
16ca253f12a5f55c4a3799a91b210ef8

SHA1
d2b9f870001611e64c313fe5730494595b9ed69c

SHA256
096a5b0fabbcd353596d9f18c042e90cc380b3d39c2eb970cce19f208f60412f

SHA512
1da005fd7313525ac6e88235b90bd39c6cffb20cd7deb0df2bfbe5805b66947dee26cc54f6207fd536203216ecb68de013371cdeea7d74e6df865ce108a39e80

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
11KB

MD5
ba81ade5013b517051e230b062349572

SHA1
c67c91eaa33d1939effccd770614984816cf034f

SHA256
5564815bf91218182a386b7ce87691664287fd7a6b63daa29af93c41e2cbbdaa

SHA512
d21df882039b08e73dea2ee81ff0ecaa3488792a09d0485ab875dcd65c74e4e110efeff9a3a0dd3a0cbb9c1bdc1ec320fe57fa3850743c6df9856301b279e0dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
12KB

MD5
1a5c6adac6f309b9c22c85e68fa1a0b0

SHA1
1468e343c82047b0e7fedf35a8b2269ebb00ae5b

SHA256
7a82e8e1238442be5217eb5b7e34efa9a4768b05aff4b050fb52df31d7b20502

SHA512
d4f4a629e08f14eee8cca12f0f8a7010aa58c11cc0b038a779e34974f2628d3765a78410682de25f53303574b86aeabd09fb33a66850b78535c1050e2000dc39

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
10KB

MD5
c5b8659ed746d66e1abbf3a68af7cfb1

SHA1
17481d5d0fe1481c007edeaa7ce96892cf4dc5ba

SHA256
e7ff1ff69c38b7a4a596a9c924d0080c5d227c2c5b5e0f9d8f4dcd8f08b642f3

SHA512
112498cd2dceb07475f87b42b7363276fd2084ea6a968d12cc09ea67acaadb1d2c3fa67dfb3422e71db4b3599fc7244485d33d7cecef0f1130bc3ac5768b9ab9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State~RFe5c63e2.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
b01de14d1b43668dc84763c50c3440df

SHA1
158f2ee7451ead79289a8c86bfc5470d1618d6f4

SHA256
130a2798b44519010d7b92069da1196194f0457d043d500b951fd4ea70a08345

SHA512
7e00bcee2350238e6e7688838d53e7352ed259bd00dc8cc132d898f91a7b971c20fa8397af1d917d5fae76df5d6bb7a64c018f15496ad3f2796d3f14830b3b60

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
37379e192f2fab6e74f766ba3b60af2a

SHA1
50ccfe4cc075971f6ed1839e3bcddc38625a271d

SHA256
3a9543643a75a5002bed94641c527d4adae79942fe963fd82b576b2a2415d938

SHA512
68fd79c6f5ad3d53fd0548312e966d24e336ee8958999480c8aa15fbc89d329564d547249f9af1d45fac81ad7a04f98b19154adb84ba3bd76ca5549a29017ec9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
1e1cee0cb211db875954d149b1af355b

SHA1
4e249ab66cde71051e5067156578162f8e57edd4

SHA256
51ec4580b2d429b10c63eaa25e6060333803f1df468e78f07b7f9c5bf950d672

SHA512
5dda4c81d63814f7ccafdfeade88cb9010c584e79852ab0dca506b704fa6c1b2a48f5633bd14bdf92f50c950ad9ce6f6b67750dab5c0bda4ddd4f61f5fc21b4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f63b36f0557d0e3f4163a28934a35b13

SHA1
0e87d235aca922ded1cac4d1243eb654146a5e3c

SHA256
281ef9129d3e71e146716df8c9fc09d8bf9561eaa4cde9e53e287211fd09532e

SHA512
9f45bd811d9dbcfb519910c2f43459df410e864c931b27ecac9215c84d270bb2ee0b887f9d2b367a88658c1c7f435ef6da10621e6ffdc766835f568fb3de55b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c8b8ac789fdc7d80c86c5e69f878c72a

SHA1
da6c80a9a1e2e840601fc6fa936bf8a90cee01f2

SHA256
b8fa1139e8af7c19091c73febc7ae3d726e1035b65f60c196f8040f2332e380e

SHA512
56e2b0c56e257a66fc99b4922d0a77e340ea5063906e3576cd9e3f4612c565691fae180d61340f593115426ae68a26e70f0f44a2bb2da337c5ac82bb10281c79

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
b47c0a8ddc9412da0b68a64ccff2e7f4

SHA1
83dd15259506a3572e1bc56bdb24215a94af8b28

SHA256
c181ecdffed2157e5e5ef05d7af122df15790560fd097cf4655057cdd4102cb4

SHA512
d353df8c5a76c50ab727d15ba6c718ed044501c7f165a3aa12a6e2d3397fa3fad917e41536b972e16d98cfe8a9046e7f0c9ad3cdb37c530740803ce1d9ff660f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
6d86ccd3616e1e0a91cb82691c59acb1

SHA1
3876009872d45f7ea57e77586d410c6ea3e73bf3

SHA256
7e3bcf8c0f587f56af875a416d9434de683507ed8862ac3e8774ac304cfb5a24

SHA512
bbe7a045320159a437ca71955efa318e2e224d51989a79a51cd9947344f044b5a16d0dca5f0823b08c7a63b571dc3e1daad22518b19b547274f77d5ec87cf06b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
c45dd5e3a0b0c201e99e606e65001606

SHA1
5902c1047d735d01219e0ee0ab326f26a399349f

SHA256
e4fede2bfe35258d049abcb73b7eb43165c38d272f1027e9c765ed9a4529ce81

SHA512
133228f657ba023605f949cb373028f1da1c2bb012cdd0e94b415a4d3ca7416474c7dbbd24d72b472818722525066b741e3fd246d46f0e2a57b6960928e215ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
19a0197d2906c0146810c3fdca7853f1

SHA1
5324f8952496385725314b5dfdaf41a368216883

SHA256
ab35aebe3d620bdec9f8a3d98f36726fff945b426b8bbdf184db9a4ebc238e7d

SHA512
d910875911356d5fc486fc1a9e27b209f345677132b0b01ec0fb0f134351e542edf8ea40cefc6068f5de15c62f11fff5a8429803e0b6762b329a21def502ed77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
5ac64aa5d8ffd09bd1dd0f97d786cfe4

SHA1
83a940f305b9c2bcd3307c395667bd68ffb8fa00

SHA256
0b3fc86dbe925ea3ac9c0270d00b8c45a03425a41c00786d54e28209fa995ad0

SHA512
119c985e20d859e5d088f7483c52edc9974b3bd921b8f6a0f5b82a47895b177d69abeab0892c019f476bf59d62b808a09bfee150a6a8049b91bb3a68ae01476d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
58370fb821a060bb9763b21b09757d4a

SHA1
78888cbbc08bb2cd005f622070169f77249d902b

SHA256
cbde4f97677bbc8d32c3812d952e96e26dfe52635cdd026266e1b19ed387b00a

SHA512
66b27f43d8399efbf0e800ebf17f48d6f5f86d83b60d551d90054dd05d68493680cc53e285506e7e25f01a55153451055419922ccabb9c46fd6a52e0b0eb0dc6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1bbdfe065773f4943112c26a38fbb88b

SHA1
75116df8c0f0bc36b584b5932cd52caf9e5597f9

SHA256
3cca17d7f2b88b0fe2500f25f37fe9c25ffecc3dc639fb27fd477e707f24b710

SHA512
bbcb915500156148a99c2a00fc987a298d8cd11c95865680ce9dd9db0d73720f650349714e2b471036818900a1755849c8e33c578c9ef6062d3dc951f96092dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
e7bfa0dbf15b37bf3b6d7177e8c68c4d

SHA1
5db724dbf418dc26f21a3bc0d294c18b10ab7cc6

SHA256
3892fc21634e1c9fd6021d997969bd9d01ba881c4146d5785f2cba1871ca258c

SHA512
278debf5e7cd3ba521c47a3fcba33299bb4bc9e66a65aca0604a321070ad911ce9fe40500a65d0efda44b21fca56f3376d5f75ef0a9aeee6eb0a9b4f727fe59b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
7497333ae8ebe7de24559ee101973474

SHA1
4e957cbc1a8ffec331d6c83e6d62122078df6f5b

SHA256
c31dcdd7be24ca4856ec3c7c357f54f606b9e2405e7b6a1219faf6745c7f539d

SHA512
ce7d07c5d958e6e85476e649c823ff38512de1dce6d5c7cc6480600916a2ae6db7d7b3edd597fabab7f7da621adca43d857ff6220129b8df3f042edcbff4a50d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
14KB

MD5
719bf8d17c2fdc08eb38eb0448189603

SHA1
488e5f94ee3b22a4a9ddb0935740f54bb3ed97c2

SHA256
5f765b24acb55e5a5839c1596f0a498014ed3be4cde52d0a2c53916d844c52c2

SHA512
dc193a2f7a185559187dd693ed1712ed8aba6548808682e918ee17837fad3d08e4eaa6231dd2b7a33cd8990123b78cbdc11799deca5950c79dc463969cf5b693

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
ac2b76299740efc6ea9da792f8863779

SHA1
06ad901d98134e52218f6714075d5d76418aa7f5

SHA256
cc35a810ed39033fa4f586141116e74e066e9c0c3a8c8a862e8949e3309f9199

SHA512
eec3c24ce665f00cd28a2b60eb496a685ca0042c484c1becee89c33c6b0c93d901686dc0142d3c490d349d8b967ecbbd2f45d26c64052fb41aad349100bd8f77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
6e466bd18b7f6077ca9f1d3c125ac5c2

SHA1
32a4a64e853f294d98170b86bbace9669b58dfb8

SHA256
74fc4f126c0a55211be97a17dc55a73113008a6f27d0fc78b2b47234c0389ddc

SHA512
9bd77ee253ce4d2971a4b07ed892526ed20ff18a501c6ba2a180c92be62e4a56d4bbf20ba3fc4fbf9cf6ce68b3817cb67013ad5f30211c5af44c1e98608cb9e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
4517250878f160784ddbd3897c94d50b

SHA1
726eb165370b1954e4a1a7a8db4f6f33fb9f544b

SHA256
115cf50096cc9db9c67352401adb53a2a30338e2e1f576bbcd04cba8d63bb639

SHA512
9a2908055cb73f2d53eb16b97d938191f3129f25a547a56e3008ad9db65dec8e85232ef31d66cb0c6642616c10f7209966da0c9b84440a13befc7f05e5c146ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
ae6662dd7d90259fd68ac65048413f9f

SHA1
36733958f81b49a4d01741d9b75e1229138d3730

SHA256
f9809b299ca3ac56df275f91f7dc057e239e4ec7b71f8b75b5a500f8a7cf3a6b

SHA512
971607147976c874250f7290a5a06f058030524fa26d313142eff5e9edc9a0995b4fb4a9e414d6daccbb9d0b341ed6876b3257e88108e255ca62a1523a7cf0ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5d8475.TMP

Filesize
48B

MD5
bb596afe9300970b6b6534530740eaf8

SHA1
342070cdafbb88e1c98711506b66a26c58162d35

SHA256
c56ffe3779ae2905b16b72d1e411a53f8d624b389bae95a29c43428ae810f4d7

SHA512
de804fabd5a552f5053df0989a1b239eddf0bd7bfa6cf1c5e80ee0ccf861684d0da2057a9115f35b3b1ef1fae970ffbc01d5bfdf3da7e8a47c48bf8dec56a031

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
690f7d02e5ed2927a6121e810bfb1749

SHA1
7c3b1e04c1004833c34d002356c54d8985aa3e18

SHA256
d2a882ebefc448202b16a50a7f3b7b9ffa1c1ff179f8744150b9fef79358a33c

SHA512
6ef681be9dcc319e3d6243ae4ffb4b67555ffa684811325ac5f784ecd7fa6969a9fb2fbe794f29062ea81c5e5243e7dc6c702d86fc1330687f8d98d473df6aaf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
df589c90a06e75fe9727acf47952ce4b

SHA1
dd9ad8398d4ffea5cb5f791c551557842a59eb68

SHA256
8043698816590761b405357151241384b53dd969716c1427fa6530d81efc0eaf

SHA512
ba7209850ef19a744930df943c8850fe4ce3a8fabd971e6f12cf41b6c6808ac51089e85eaba69a563ac331086e451e71e13231f95696a47e021eb19fccdff7e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
968f65681cc28fd66b23baf21d5c98f3

SHA1
3d61cee4a20f32a3200613b7af70c5fd217ec02b

SHA256
ce4538b4a3e9aff0338aed889d9d60c76a6bbac5f623540c9e97f82cedcb2669

SHA512
41565079097d31c671eb6a4f4978d9fd25ff8886f487d9d8f9305ca1afebc65828b423eee0a7b332ee2c568fee76e2d0b74c8701405f7433c91fda422d722d09

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
74d76ddf3d70dc3f217e3d60870c48d4

SHA1
b2afb1564a76feee9e36ee584075b9261ceed7db

SHA256
67cb74d3679fca5230cfc3ca19e4bb649afa83f862c3cfd4a1945dbbc305b9de

SHA512
688e679eec82c217acceb0f384a45c6b6cc935a3f55daabd34cea708cac67ba567dbeab7718ee371471150fb98a324b735764c853133474701133d6192b088d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
8d60e92ef1ce61491817c870873e59e0

SHA1
a20ce33a69e142651862b1465d73e2027acb1653

SHA256
009a1f29741fdeee2afc96b1ceebde6fd1c84f5f72e937d64b4943d148993ee2

SHA512
6d0d9ccd1ccf7344c3490a3b194688d582a0d832c1a95b59453fea0b1846a3cd79ee30bdba5c2008c16492fd68896c652973874a2c13f18fd60df043902ef439

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
88496b6739076fd81f76bb42240e9eb0

SHA1
32042777a1909396d9a1580b6b765c91d34aa4f1

SHA256
8c4ba87291016f068ae6623e62cc8482d9acd3d3e0c1b8403e8c193a0b3d675d

SHA512
8c314d76d00026ba293d720fd960a1230ae5767022ded77d6ad077342ffac5b398bfe16202c02e521f9a5f981ce5de1197f20ee33227fe4021300d4146ce85f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
705B

MD5
7c5162b633041d85e21e290bf79ce72e

SHA1
503cbc9e7b7e7e2b28b2173e8a8e012e633dbfff

SHA256
d0a85b0bc339437ef3a14e903bf2e278233cf8b6a397fe0d00e65655d78775f1

SHA512
9b13dff04b891f45748f3e486d736890008b4d269f072c801287ee335c93636f66a3e45e81824529a61cd97f8f314e4f3058e320b4ee150fe52b4791a524b866

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
338b2863a868ca4ec8f88e782f7fc75a

SHA1
dcac3cc0740a2babef13fc4dc86c2006a5640d1d

SHA256
63af11b8830da2f04ec07c628ba85f905bd54c6aee8a34a64a3bb5a508f0d082

SHA512
ed161db67e0a4b8e1a08d67d36da671ae8e799c6e2c9aeba7ef5b087c2535f2911c16341d9fc0564f32b7cc3948a3a7df3fa67fea8ae4a03c3019a69e9527e45

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
bf2b7ff3c3eafaab52ebf6388867bf15

SHA1
af4932d4b398dde981875721ad2327e0b72e451e

SHA256
1978f4fe13cdac6cc7fe4244e4e7c28dc193bebde249b873a16466015f2bfa46

SHA512
57fbb0f7996267f3a3245db634e5ace243767d7cf70efe5bde848c588a1b20080b4697fedf5e1fce60a167fb155374a3f007e3232a7c3b48f420ecda537039d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
4cdaaa2ee1071a322434ce963c2d359f

SHA1
de8fa0e8ae5c8d3b8877ed149923348ce241f03d

SHA256
3c4bb720e221a12dee0ba44e17e5c506c55bd161afcd4befc105f1f402100946

SHA512
54ebcea55448de5dd53e0eac7c457c0999829cb4736718eb320762de37d6632c206feb6e42053ccd3d8b78fcdad3048158298b3a19a81d8c63aef5fe83d4af39

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
53c028026d785ed0025be16d4bbb4f0c

SHA1
c4ecdaaa668b547c9193f8ebf7094c37a33db978

SHA256
98eff8d474e16f6ec49a7393b76f817237bc1647a5261f1236f5c7e7cc10689b

SHA512
78d884ecd3fd29372e6cdca04e1ed033c19dfcaa0243fd95e14a058f29fb655548d1208821fe41c887d66067fdea64898471a606cd41f8baf72a52bd6d0e29d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
892fabd8aeb852584a095193357a06d2

SHA1
b5123bbb5c3613503a268a9f0bff23d6db530b7b

SHA256
4118435a1d3c267d7fc2274041f8e1b6a48d536d192e46b29f3eb39a2a43c93e

SHA512
7ff8e1aa6a6842e95fa6d4d79caa65f94dc54b2b691cbd18660446de739528704bdad887131e6afc234ed404a9dfc1b606d8203e7e2526a35c60dda6930d8ff3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
9c1b1ade46ee361a27ffdbd5b32f5b10

SHA1
85dbe747df8cf5d8f284993ce88a1c8f2fc11ffd

SHA256
bb0906b82aab78ff32e8412e6b08cbdb1017434e21cddc80d024d5eb91ea5abc

SHA512
5e4fbfdb01f6467ef12547d27d33546cdfa6377d324e56c7a455b3c7c45c6d77613296a5f5eda975ef7c51c9894dfab2b540ac5d6a931f6441acc46e99e3f270

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
3bded09cfcb7ade67e48954c9bea24ea

SHA1
75888b79c7a090449fcb848446689a37eafdfd60

SHA256
36ac7b0436b62b2085b4c6bc95d74e9855ca81bafbe00c4af7d9d7eaa6013360

SHA512
d82f84f62def09fb44b9a1f4f03a47a1fe181a340112d9e0509ec37e843e4962caedeedafbe6617da2beee152cced1e7e8b74ebb2230c9956908c6bd39f3b979

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
0f947622aef1b6ffac4f0d13a8dff231

SHA1
87e2857818a042152b554df9683724ba64984cc3

SHA256
8a26380b80c105ebe6245b078c2187c8975d317966ea20cf08f38cf7998894c5

SHA512
d4aa400f89240489cf02ed10f3742dc6c6de9cc234601ce7df1daea72e2b5fc4d9d9b8439d8b33264ee47929cc45e6f10de068b4f44d812889dde487347e61f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
59f57a50771cb84f1e1b6f160007ebc0

SHA1
4c3b6b3f74f11ba931ddf304204e29a46d568c5e

SHA256
b9455171e048272f06c82fe65d775d3822d62d9082235535c5001965931ddd34

SHA512
9d46ed35cfb4d884cbf9a3f92d06a63f9a44e29fb5317e424994638307c9e4937102bbc4c95158086afe45d13d8eb5f58238cb5f3387b97cc4139dd5316d785e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
92173b50dc41ddd5e3d70390a0b287e0

SHA1
75aa3f8d7694f7c24523439d688a177437459ae5

SHA256
5f62c77acb9666581244d131a29c4b21fd12f3cf067702ffb5174f2d6b60c346

SHA512
bf00e82ead114cb564418a6e206ab9af84b46629ca6b32e7caf09e9d5652d78622af99ab2c08b11102fc110887e6c69338c460a6e49d10dcfaa6b0dcc6ce9fb3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
ae035d34519b44639bfc72d06bdeb758

SHA1
3431606e8d26378eada16d2d9abdec5f14f7c052

SHA256
b5a355e3ddbb28469c03aed5b62bbe4a7bcef46378058f99162ca29ad5c3b878

SHA512
ef31617a247fed8cc3b135782aae31149b4d047c44e81ebc7b7db07be7f1941b15a495def7933db9d1a2753c8090450cd00412ed3a7b4435958d986dd8c19d7a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5bf44f.TMP

Filesize
538B

MD5
82116c8cc12e801043f9d61bf88c077e

SHA1
3cf1859df4ab4456561336266df49d45aaa43468

SHA256
627e9aa473163a500d9184fbdc4e22730de4671613c0e0652588ad902b034b60

SHA512
b086b98cac08a4d3e2e607aea80ac410b5f27b8dfee79a2b74ef1fb61c5af2cdc4dd1ebde89ba7f0fa1297b312de00441192c3635ae4d5d81b66e581ecf870d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
4c23229201f78911f7fa02e66fc46634

SHA1
84bc60dae0700a3aeeba50262d5feb9bb71dec9c

SHA256
0266d374bdbf86bf1c228c6e6a85cb247f5f1e39bad5495eec1a959694bf7778

SHA512
bfd0fb4988e181f25609c35c7647411174dc439ab8150b4fc2e1bf24a6e36b7c0451792a248f7db11333b70b5a73415cec79fb316347082dcb0275a9b5cfc0b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
b1d815e3ae5d60f86170f64afdac0c98

SHA1
373606b0f764722da9e2a725fe9562f9d8dd0889

SHA256
d5416720537cc1b5bf0cceceb0dc333812dab219d5657e987aab4bab2c3d4503

SHA512
542fcaa7e086703a10dcdb92f09eb14653eed65604f63f8846577e442e12cdd692e43f351fd35991f13ec8f059486988d12061cb35bbc3aae6c7b12965ee937c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
5cfc0aa7500dcc20b4f066c6f825dbbf

SHA1
7387b04cf0e3f4bd3a7ff953fd15cf07bdf89e92

SHA256
d135280165f6466b7cc20eca0f47c563a0865a9a1b2235cbdf43d6d5d8791844

SHA512
babe0b7b419390640cbb225046086454c8ebd09ccfc45bedf09d22d18e9eeac06e310ea99348f41dddbe5e0f9e75b6cd7efb8ca1aa9c79506bed00ff44be1633

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
62d58462b06230b883955b8e6b391e1c

SHA1
fa9091226a015f221d1ba04367d3f4ba11b3aa51

SHA256
2dd663f62a2ad93bc8bae8b6aaf14e7f6652e2214e8c486ec23b39b41bb42fba

SHA512
7df606bfa44bf028aa1236a5ba247e8ecea0957c57e853b9dacc8ba4a8590e80775247a2ac81021386f7acda1199145b553b9f492d82aaa5368cafce382b7a6d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
57b5cbddad4af718eccdffe5f3612ebe

SHA1
c5ebd593d302e07f275afb1d0e98b58883f67c69

SHA256
fdfb6efa6ab8d4c5a5ff65818a5dc41a1fc7028888d5f0f9a9fa81a7593dcf36

SHA512
5e62c35226cdda1bb8adbf7250deaea47497a8b43563c93a8683742aa10132452da4ebe77e59db4df9e9df30cd192a49c19e25403d3b742752f78a721a5ab0dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
76d2cb0984d33ca7b8114abe3f3bacea

SHA1
82709339ec366efa079a982a06c69de38c49ccd8

SHA256
4df93fe1664e5f95b57aef3ea25ed4769d3d0f0a0288e18949c60d20a756d440

SHA512
e63465ee473d0364397cd70061afdf258cec2b9272dd264137ef7511d163dae9c548dfecfb1d518b0bf91ca9fbf1d797c66a90d5f9c2be6a63258047e481a645

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
00878b9de6aa5148f8d307138e688211

SHA1
dd36970dbc970bb6cc25dcedabc7340481d8838b

SHA256
66418f0205a7aeadf75ac9d73571d5b9a16a8cef786c856ef7250203c9cf3fdc

SHA512
5ab55472989ebb83c7ed5a439ac6092d49eee7b5d11c80a6929c10f73710f06170bdf9727df36cbc8f20b8b1dc0e3f3897af44dc935126e19a5032ed1ce96837

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
c9923c3621120c6bb009c2da1d60e619

SHA1
5000c4117fc1b9478495af893e80f68eef321a39

SHA256
2d795a71e6a4fd59b7102352d32bcd6da924c29bb386a7406bb5cdc6b2aa1efd

SHA512
1a5735218ed54f3fef5f8f870f881f9154a966ec75e42972db772f8cafa42ea4bba3bf23ae2a4f41acf3caa4b79183f9dbb82b0fd3ad28d3b15bac77ec8499b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
d6e921297177315ede4d5c92eff42599

SHA1
96cd8917a5592beae2d51299b8422c26659f17f1

SHA256
256093a3080418f7bfa94a175307bfa03f371eddfff168b02c2c5f54a3f0e00d

SHA512
2e5157adebf22159400668334445002f35faef68789ae66f173222938ce79dd1724dcd2b137d35ccadfb85fbf8300c7bd0d5678a6aa9b14d298ddfe691c6e186

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
9ad35795bf0ddef0484d492857d7c2a7

SHA1
fe1c05c6cdfe8214d7f22aef296b2648413faaeb

SHA256
ec1b2a3f15cefd62f31ba2f1e6f8d2ea4a9354e7172a37eb26bfaba54c7a2df4

SHA512
5b30a8b58454d230fedff536748877e64b74ca8e9e9e7b81caf95c21c53505808796073ba90113c0a1829976732db8125c742eb951cf8c1a593c389e90710df1

Download Submit
C:\Users\Admin\AppData\Local\Temp\e660e8d\Load.html

Filesize
2KB

MD5
1757c2d0841f85052f85d8d3cd03a827

SHA1
801b085330505bad85e7a5af69e6d15d962a7c3a

SHA256
3cf5674efaaf74beccd16d1b9bcf3ffb35c174d6d93375bc532b46d9b4b4ed35

SHA512
4a12a55aac846f137c18849302e74d34df70ea5aaff78d57fce05b4776bedcde9e1b1032734e29650bcbac3e6932dfef75d97931443446a23e21cf5b3072dd9a

Download Submit
C:\Users\Admin\AppData\Local\Temp\e660e8d\common\css\common.css

Filesize
2KB

MD5
33b1c68fff898cbf19c44e486c856282

SHA1
4bcae82469404701498583903ccad307c64e2aa5

SHA256
265d280bad44060c22a6caef0140bb8085b994cdd8d76789f3a43a6e7f2a16ea

SHA512
e8ee2691c3b5c6542873e804f6ba7b13b9230de0bd28944a18bc25c529afe1a11d452988387aa3edddfd2bf65b02e293e549415b0a6a961285d50b3cd2d46a7f

Download Submit
C:\Users\Admin\AppData\Local\Temp\e660e8d\common\img\close-normal.png

Filesize
16KB

MD5
c9f970b77486b6c60f583de55b82ebb2

SHA1
ac80263df2a6706ceef401b55b0e3f35d14985a7

SHA256
dd727b90f3c6b053fa5b4c8401440e5d120dac6b93305573caaefecedc5f0c5e

SHA512
b33b7cabbce1469c41a2f5ddaea7c3ced9d4d0239edabbd37931d53ddfe7c50d5a9bba101b702d8367ecdfa4df6bdd6bb614d8cf6c639e3239cef69a8d434942

Download Submit
C:\Users\Admin\AppData\Local\Temp\e660e8d\common\img\headerImg.png

Filesize
205KB

MD5
79f3461a48f669ef914eefbd83925820

SHA1
ef791b21f2de9a9b80f4bd9523b037b6432f41dc

SHA256
a9b420a106adb6b09e5dd39a864dd00519aade91ce6f500c179e9e6652b0fc51

SHA512
20cdb62ae15343f82081629df3e92f0fbb9dd61d793a1d1f73d9a37fd1c0c6265d574372d25de2857c279b5097858598cc6494ca272106fa67664479152b17f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\e660e8d\common\js\common.js

Filesize
45KB

MD5
8327a3e34961e36c0e7d5834add0a104

SHA1
762c9d75863e9432803a6f9871357d279a3cc1bf

SHA256
9d1483d12009e62d2e7259cfc4e2674d1a16a47fac1b819017d1d2d2abd9ee6c

SHA512
dfddafcf86ae1e537a995ea29d3ff1ff99975c6426c8fd5dd747bd7411865f14adeeeb61fa0b75e1ef63050b513368110b9c9891eed0afe3510d00c8ed76fca4

Download Submit
C:\Users\Admin\AppData\Local\Temp\e660e8d\common\js\external.js

Filesize
36B

MD5
140918feded87fe0a5563a4080071258

SHA1
9a45488c130eba3a9279393d27d4a81080d9b96a

SHA256
25df7ab9509d4e8760f1fdc99684e0e72aac6e885cbdd3396febc405ea77e7f6

SHA512
56f5771db6f0f750ae60a1bb04e187a75fbee1210e1381831dcc2d9d0d4669ef4e58858945c1d5935e1f2d2f2e02fe4d2f08dd2ab27a14be10280b2dd4d8a7c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\e660e8d\common\js\jquery-1.11.2.min.js

Filesize
93KB

MD5
5790ead7ad3ba27397aedfa3d263b867

SHA1
8130544c215fe5d1ec081d83461bf4a711e74882

SHA256
2ecd295d295bec062cedebe177e54b9d6b19fc0a841dc5c178c654c9ccff09c0

SHA512
781acedc99de4ce8d53d9b43a158c645eab1b23dfdfd6b57b3c442b11acc4a344e0d5b0067d4b78bb173abbded75fb91c410f2b5a58f71d438aa6266d048d98a

Download Submit
C:\Users\Admin\AppData\Local\Temp\e660e8d\config\config.js

Filesize
5KB

MD5
34f8eb4ea7d667d961dccfa7cfd8d194

SHA1
80ca002efed52a92daeed1477f40c437a6541a07

SHA256
30c3d0e8bb3620fe243a75a10f23d83436ff4b15acb65f4f016258314581b73d

SHA512
b773b49c0bbd904f9f87b0b488ed38c23fc64b0bdd51ab78375a444ea656d929b3976808e715a62962503b0d579d791f9a21c45a53038ed7ae8263bd63bc0d50

Download Submit
C:\Users\Admin\AppData\Local\Temp\e660e8d\config\installerlist.js

Filesize
2KB

MD5
f90f74ad5b513b0c863f2a5d1c381c0b

SHA1
7ef91f2c0a7383bd4e76fd38c8dd2467abb41db7

SHA256
df2f68a1db705dc49b25faf1c04d69e84e214142389898110f6abb821a980dcc

SHA512
4e95032c4d3dbd5c5531d96a0e4c4688c4205255566a775679c5187422762a17cbca3e4b0068918dbf5e9bf148fc8594f8b747930e0634d10cc710bea9e6ff5d

Download Submit
C:\Users\Admin\AppData\Local\Temp\e660e8d\config\installparams.js

Filesize
563B

MD5
a01db7bfc1950b3de6842a838a61645b

SHA1
77a076d8b8bff4592c73f28f2a96101ffcfec70f

SHA256
f70b01bf454aef8b04e01416a8a544a270d245295f9214605ab449a444aebc09

SHA512
45154134d4b2d89b0c25e2a60471988f7d2cf16b08c5831a77c95d81954268a0cbca2792a1ccd9834fd4950c24ae0855575cfa2eebde7602f244f872b926892a

Download Submit
C:\Users\Admin\AppData\Local\Temp\e660e8d\config\stubparams.js

Filesize
34KB

MD5
d450a4f8c85c8bc04329c1290f7d040c

SHA1
850b598bc3ac3ff47629fbb2d0bd2c793edcacba

SHA256
05ceacef18474cb3a939efb608e14483f386f97a8178f9ebfcf49850e61370d7

SHA512
8e2aff86412a4eda4d4b95fc338e4c6ad0142ca95ca8d55f3fb7b91ab31feecaeb2f6301be1301bbcbe9edf239e400470601467ad8c7c23cc2db0e0a11b5fb2c

Download Submit
C:\Users\Admin\AppData\Local\Temp\e660e8d\pages\Initialization\features.js

Filesize
506B

MD5
7e20d80564b5d02568a8c9f00868b863

SHA1
15391f96e1b003f3c790a460965ebce9fce40b8a

SHA256
cba5152c525188a27394b48761362a9e119ef3d79761358a1e42c879c2fe08cc

SHA512
74d333f518cabb97a84aab98fbc72da9ce07dd74d8aab877e749815c17c1b836db63061b7ac5928dc0bb3ffd54f9a1d14b8be7ed3a1ba7b86ee1776f82ba78e7

Download Submit
C:\Users\Admin\AppData\Local\Temp\e660e8d\pages\Initialization\page.css

Filesize
66B

MD5
ec8deaebe3216ee6e101d73981db11f7

SHA1
217c2e5e81447b70388883d8c1c77e3dfc00e6fa

SHA256
cd804f5b34e9f8d0a7b085a0d9337b864e83d286b1408210343997f029fcc628

SHA512
370d6ab807b175973165f1de8b682c7c111d38c25cba5abf11aad73eea4312f0b1f33304b276edde5e290553900e0b701e41097bc96a07d8dfd3e6164dec4042

Download Submit
C:\Users\Admin\AppData\Local\Temp\e660e8d\pages\Initialization\page.html

Filesize
2KB

MD5
b23411777957312ec2a28cf8da6bcb4a

SHA1
6dd3bdf8be0abb5cb8bf63a35de95c8304f5e7c7

SHA256
4d0bdf44125e8be91eecaba44c9b965be9b0d2cb8897f3f35e94f2a74912f074

SHA512
e520b4096949a6d7648c197a57f8ce5462adb2cc260ccac712e5b939e7d259f1eee0dfc782959f3ea689befce99cddf38b56a2cc140566870b045114e9b240dc

Download Submit
C:\Users\Admin\AppData\Local\Temp\e660e8d\pages\Initialization\page.js

Filesize
2KB

MD5
50c3c85a9b0a5a57c534c48763f9d17e

SHA1
0455f60e056146082fd36d4aafe24fdbb61e2611

SHA256
0135163476d0eb025e0b26e9d6b673730b76b61d3fd7c8ffcd064fc2c0c0682a

SHA512
01fb800963516fd5b9f59a73e397f80daba1065c3d7186891523162b08559e93abf936f154fc84191bbadec0fa947d54b5b74c6981cebc987c8e90f83ddf22c4

Download Submit
C:\Users\Admin\AppData\Local\Temp\e66ba00\common\css\jquery-ui.css

Filesize
20KB

MD5
1ce4eb3e5153f4c9b93a3cfdf3ef2e77

SHA1
03b04e1e31c9c355e7caf71ba0ecb12e741d9aea

SHA256
95f4c300d84eedd0c43a30a1b6f0dfbbf7b8c47725511981e4cfe12dfaeb0e93

SHA512
75b272ef0d474be75aa19226a60a9c6d0370cfbd40276a274460391dbbe0350c17849aa21f375e46bacb7cf7cb3052be5862569f5a196e15b8ca49baa82436a8

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
f0a942713d92f02e8df55e7f9d46814d

SHA1
57ef6367a990f916f9f7e2afd9d8b92e396edb0b

SHA256
6495d546c18ae2a2c87da8049656a368de78fb652d3bd72e54b4dc6039f2527a

SHA512
35218528a76c708db9094d6df8a57cbc35164fff9daf39b3f59eca04f7f53de3f1c8fb3b176ef7b4eded14185918c811dc25521db8fbae0e80e0dbd89501a229

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
9e5c74152010d414ae0c46bec0786264

SHA1
f11103d0eca002291255cb1ee0636e97927d9c1b

SHA256
29a0d9f936f3bb5cad880aeeee251fc75219c5060467564d6b6d2821ca5520ff

SHA512
65033c7f1178280883efbecd7635c819cc39b3f11d85a3dc550969e2c6316c75c2224263aacf544f2af3006acad2dcf1fff7ad139aa4c6e7b611c8e38398f211

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
c9036a220816a070e167f4274f92b4b1

SHA1
289afa26a0a713dbbc9bc58feb9cbeea953fa93d

SHA256
edfcec6558900e8c5764da1bf7a0373c71078a897a4468e5812b9347ad001f28

SHA512
3d0ec00d365bf0640882adaec327c1e9efa3643c94fac61c8d734069476b2975374e0831867a6a52ed792eabcbb325786c90f121ee69e9beaf23381a8e8b257d

Download Submit
C:\Users\Admin\Desktop\7-Zip\7-zip.chm

Filesize
117KB

MD5
99b88f4d6d13713053db06b449ed6a9f

SHA1
f718e09a42e9ec49db060589d24135ca6929e8e0

SHA256
f830ddc5280d00e1cb160f9e5dd114292d5efef66c23c3c03c224894250bac2f

SHA512
9f1cb9ad8023b340c82e987bab33cddd817e3ece892aca7350650343396d4dc5d00cfd99c0718a862280c81d7d525c5e870390e1cdfdb4987b6663b1394cf1fc

Download Submit
C:\Users\Admin\Desktop\7-Zip\7z.exe

Filesize
339KB

MD5
96b85d45cfe551f87e5f141ee18bf82e

SHA1
3b21a8ec46a782bf407174fe6f328ec4649fb779

SHA256
8b9f09e2bcaac9166a0f87525864f29c868f2cb8b779ca6d3d63b93b388d5c89

SHA512
24e9de5502929d9104411e7f465327998a8b997de46670db6a8f009755576b93d93e90f6bc08fd7406c9e37859e24b54227dac610ddddde152073aca0e5924ca

Download Submit
C:\Users\Admin\Desktop\7-Zip\7zFM.exe

Filesize
597KB

MD5
f4378a6d33895e7193c02d30fdfc555a

SHA1
3021cd88b70a371e1e688d0dc448d33d05f799e8

SHA256
8aec21c22111e1bbd955a73e9423a11c2d70b8d6d75f5fde9a89a0e8304c3d81

SHA512
2168caaed04ed4a3e4f360a3eafa3519a91f31fda95140b37e44fd1759b3f5a07e09c3c8ba70e366784e700970843afd69083238e9aecac9a6106c4fcb19f809

Download Submit
C:\Users\Admin\Desktop\7-Zip\7zG.exe

Filesize
437KB

MD5
4808c9f21e23be9c17925e491c260995

SHA1
005b7d1c04b165062464b8e3fe7c6622fc91d5f7

SHA256
8f8797efbdeb6cb05aef7a09b190e9538b516a0cf7c4c3711ad17f4ba4096f6a

SHA512
508ac4e4b8487662f9525abf330b522f83cd6d8fcf7adf5bc732eae3e60f49b18489707169dcde54fbd65441a840e17d098c0d190794cc123f60df3b427dbd02

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 109634.crdownload

Filesize
1.4MB

MD5
361bd0014b4603658849b75bb4b5bdcb

SHA1
d3070baa8dcca7477f0081f20cc5498c9fae3e6a

SHA256
4df7a62e5ce503892f500b1f96f0a954931c5266900c439102040957b25a90c6

SHA512
118e6b82f9f9cb4b19a19fceb0372ea9c797879cfb121afa5269b603365c39d1fe6cf81adab27ef31388453b1ad7f2e8e984717fb6543a7ec48ea50ed54586c8

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 831357.crdownload

Filesize
2.8MB

MD5
6bd2bb0812c3d8fd1145edcb858f2a61

SHA1
2db8b507aa366ea6cf5b0d4935a19514d8b9b1a7

SHA256
e0a55a8a3c8734d832e04640fa55fc41fca7e6511b7a69262cbb13273594652c

SHA512
5fbffb6feecc0a2393c3cd09d240fb6e8bf2a860155e9271dfa19ef6bee27cd1639bb0adef04a8e2a462d4c23f5b245bd98a874c90c20f9cf35766245e55c3e4

Download Submit
C:\Users\Admin\Downloads\winrar-x64-710b1.exe

Filesize
3.6MB

MD5
1c250be05d4404f63f5e1915979b1ef8

SHA1
cdfd358b6efc7d6710a686966eaa36ee62190210

SHA256
f810d133eb8dcc890af2f966a1f6aeb4ccdd72ffdc7908bb9c2f3e84f22de248

SHA512
e71564820233553a09e85ab858fe9dabb7b339384a9bb705376ce57b5a1bc764708b22f83d49a9d8b66df9f82bd5ccbbb44a19ce9b44ea6239b49ae07ff87d75

Download Submit